2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-2000,
5 * Copyright (C) Jean François Micouleau 1998-2000.
6 * Copyright (C) Gerald Carter 2002-2005.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "printing/nt_printing_tdb.h"
24 #include "../librpc/gen_ndr/ndr_spoolss.h"
25 #include "rpc_server/spoolss/srv_spoolss_util.h"
26 #include "nt_printing.h"
28 #include "../librpc/gen_ndr/netlogon.h"
29 #include "../libcli/security/security.h"
30 #include "passdb/machine_sid.h"
31 #include "smbd/smbd.h"
32 #include "smbd/globals.h"
35 #include "rpc_server/spoolss/srv_spoolss_nt.h"
36 #include "rpc_client/cli_winreg_spoolss.h"
38 /* Map generic permissions to printer object specific permissions */
40 const struct generic_mapping printer_generic_mapping = {
47 /* Map generic permissions to print server object specific permissions */
49 const struct generic_mapping printserver_generic_mapping = {
56 /* Map generic permissions to job object specific permissions */
58 const struct generic_mapping job_generic_mapping = {
65 static const struct print_architecture_table_node archi_table[]= {
67 {"Windows 4.0", SPL_ARCH_WIN40, 0 },
68 {"Windows NT x86", SPL_ARCH_W32X86, 2 },
69 {"Windows NT R4000", SPL_ARCH_W32MIPS, 2 },
70 {"Windows NT Alpha_AXP", SPL_ARCH_W32ALPHA, 2 },
71 {"Windows NT PowerPC", SPL_ARCH_W32PPC, 2 },
72 {"Windows IA64", SPL_ARCH_IA64, 3 },
73 {"Windows x64", SPL_ARCH_X64, 3 },
77 /****************************************************************************
78 Open the NT printing tdbs. Done once before fork().
79 ****************************************************************************/
81 bool nt_printing_init(struct messaging_context *msg_ctx)
85 if (!nt_printing_tdb_upgrade()) {
90 * register callback to handle updating printers as new
91 * drivers are installed
93 messaging_register(msg_ctx, NULL, MSG_PRINTER_DRVUPGRADE,
94 do_drv_upgrade_printer);
96 /* of course, none of the message callbacks matter if you don't
97 tell messages.c that you interested in receiving PRINT_GENERAL
98 msgs. This is done in serverid_register() */
100 if ( lp_security() == SEC_ADS ) {
101 win_rc = check_published_printers(msg_ctx);
102 if (!W_ERROR_IS_OK(win_rc))
103 DEBUG(0, ("nt_printing_init: error checking published printers: %s\n", win_errstr(win_rc)));
109 /*******************************************************************
110 Function to allow filename parsing "the old way".
111 ********************************************************************/
113 static NTSTATUS driver_unix_convert(connection_struct *conn,
114 const char *old_name,
115 struct smb_filename **smb_fname)
118 TALLOC_CTX *ctx = talloc_tos();
119 char *name = talloc_strdup(ctx, old_name);
122 return NT_STATUS_NO_MEMORY;
125 name = unix_clean_name(ctx, name);
127 return NT_STATUS_NO_MEMORY;
129 trim_string(name,"/","/");
131 status = unix_convert(ctx, conn, name, smb_fname, 0);
132 if (!NT_STATUS_IS_OK(status)) {
133 return NT_STATUS_NO_MEMORY;
139 /****************************************************************************
140 Function to do the mapping between the long architecture name and
142 ****************************************************************************/
144 const char *get_short_archi(const char *long_archi)
148 DEBUG(107,("Getting architecture dependent directory\n"));
151 } while ( (archi_table[i].long_archi!=NULL ) &&
152 strcasecmp_m(long_archi, archi_table[i].long_archi) );
154 if (archi_table[i].long_archi==NULL) {
155 DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
159 /* this might be client code - but shouldn't this be an fstrcpy etc? */
161 DEBUGADD(108,("index: [%d]\n", i));
162 DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi));
163 DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi));
165 return archi_table[i].short_archi;
168 /****************************************************************************
169 Version information in Microsoft files is held in a VS_VERSION_INFO structure.
170 There are two case to be covered here: PE (Portable Executable) and NE (New
171 Executable) files. Both files support the same INFO structure, but PE files
172 store the signature in unicode, and NE files store it as !unicode.
173 returns -1 on error, 1 on version info found, and 0 on no version info found.
174 ****************************************************************************/
176 static int get_file_version(files_struct *fsp, char *fname,uint32 *major, uint32 *minor)
182 if ((buf=(char *)SMB_MALLOC(DOS_HEADER_SIZE)) == NULL) {
183 DEBUG(0,("get_file_version: PE file [%s] DOS Header malloc failed bytes = %d\n",
184 fname, DOS_HEADER_SIZE));
188 if ((byte_count = vfs_read_data(fsp, buf, DOS_HEADER_SIZE)) < DOS_HEADER_SIZE) {
189 DEBUG(3,("get_file_version: File [%s] DOS header too short, bytes read = %lu\n",
190 fname, (unsigned long)byte_count));
191 goto no_version_info;
194 /* Is this really a DOS header? */
195 if (SVAL(buf,DOS_HEADER_MAGIC_OFFSET) != DOS_HEADER_MAGIC) {
196 DEBUG(6,("get_file_version: File [%s] bad DOS magic = 0x%x\n",
197 fname, SVAL(buf,DOS_HEADER_MAGIC_OFFSET)));
198 goto no_version_info;
201 /* Skip OEM header (if any) and the DOS stub to start of Windows header */
202 if (SMB_VFS_LSEEK(fsp, SVAL(buf,DOS_HEADER_LFANEW_OFFSET), SEEK_SET) == (off_t)-1) {
203 DEBUG(3,("get_file_version: File [%s] too short, errno = %d\n",
205 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
206 goto no_version_info;
209 /* Note: DOS_HEADER_SIZE and NE_HEADER_SIZE are incidentally same */
210 if ((byte_count = vfs_read_data(fsp, buf, NE_HEADER_SIZE)) < NE_HEADER_SIZE) {
211 DEBUG(3,("get_file_version: File [%s] Windows header too short, bytes read = %lu\n",
212 fname, (unsigned long)byte_count));
213 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
214 goto no_version_info;
217 /* The header may be a PE (Portable Executable) or an NE (New Executable) */
218 if (IVAL(buf,PE_HEADER_SIGNATURE_OFFSET) == PE_HEADER_SIGNATURE) {
219 unsigned int num_sections;
220 unsigned int section_table_bytes;
222 /* Just skip over optional header to get to section table */
223 if (SMB_VFS_LSEEK(fsp,
224 SVAL(buf,PE_HEADER_OPTIONAL_HEADER_SIZE)-(NE_HEADER_SIZE-PE_HEADER_SIZE),
225 SEEK_CUR) == (off_t)-1) {
226 DEBUG(3,("get_file_version: File [%s] Windows optional header too short, errno = %d\n",
231 /* get the section table */
232 num_sections = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS);
233 section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE;
234 if (section_table_bytes == 0)
238 if ((buf=(char *)SMB_MALLOC(section_table_bytes)) == NULL) {
239 DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
240 fname, section_table_bytes));
244 if ((byte_count = vfs_read_data(fsp, buf, section_table_bytes)) < section_table_bytes) {
245 DEBUG(3,("get_file_version: PE file [%s] Section header too short, bytes read = %lu\n",
246 fname, (unsigned long)byte_count));
250 /* Iterate the section table looking for the resource section ".rsrc" */
251 for (i = 0; i < num_sections; i++) {
252 int sec_offset = i * PE_HEADER_SECT_HEADER_SIZE;
254 if (strcmp(".rsrc", &buf[sec_offset+PE_HEADER_SECT_NAME_OFFSET]) == 0) {
255 unsigned int section_pos = IVAL(buf,sec_offset+PE_HEADER_SECT_PTR_DATA_OFFSET);
256 unsigned int section_bytes = IVAL(buf,sec_offset+PE_HEADER_SECT_SIZE_DATA_OFFSET);
258 if (section_bytes == 0)
262 if ((buf=(char *)SMB_MALLOC(section_bytes)) == NULL) {
263 DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
264 fname, section_bytes));
268 /* Seek to the start of the .rsrc section info */
269 if (SMB_VFS_LSEEK(fsp, section_pos, SEEK_SET) == (off_t)-1) {
270 DEBUG(3,("get_file_version: PE file [%s] too short for section info, errno = %d\n",
275 if ((byte_count = vfs_read_data(fsp, buf, section_bytes)) < section_bytes) {
276 DEBUG(3,("get_file_version: PE file [%s] .rsrc section too short, bytes read = %lu\n",
277 fname, (unsigned long)byte_count));
281 if (section_bytes < VS_VERSION_INFO_UNICODE_SIZE)
284 for (i=0; i<section_bytes-VS_VERSION_INFO_UNICODE_SIZE; i++) {
285 /* Scan for 1st 3 unicoded bytes followed by word aligned magic value */
286 if (buf[i] == 'V' && buf[i+1] == '\0' && buf[i+2] == 'S') {
287 /* Align to next long address */
288 int pos = (i + sizeof(VS_SIGNATURE)*2 + 3) & 0xfffffffc;
290 if (IVAL(buf,pos) == VS_MAGIC_VALUE) {
291 *major = IVAL(buf,pos+VS_MAJOR_OFFSET);
292 *minor = IVAL(buf,pos+VS_MINOR_OFFSET);
294 DEBUG(6,("get_file_version: PE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
295 fname, *major, *minor,
296 (*major>>16)&0xffff, *major&0xffff,
297 (*minor>>16)&0xffff, *minor&0xffff));
306 /* Version info not found, fall back to origin date/time */
307 DEBUG(10,("get_file_version: PE file [%s] has no version info\n", fname));
311 } else if (SVAL(buf,NE_HEADER_SIGNATURE_OFFSET) == NE_HEADER_SIGNATURE) {
312 if (CVAL(buf,NE_HEADER_TARGET_OS_OFFSET) != NE_HEADER_TARGOS_WIN ) {
313 DEBUG(3,("get_file_version: NE file [%s] wrong target OS = 0x%x\n",
314 fname, CVAL(buf,NE_HEADER_TARGET_OS_OFFSET)));
315 /* At this point, we assume the file is in error. It still could be somthing
316 * else besides a NE file, but it unlikely at this point. */
320 /* Allocate a bit more space to speed up things */
322 if ((buf=(char *)SMB_MALLOC(VS_NE_BUF_SIZE)) == NULL) {
323 DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes = %d\n",
324 fname, PE_HEADER_SIZE));
328 /* This is a HACK! I got tired of trying to sort through the messy
329 * 'NE' file format. If anyone wants to clean this up please have at
330 * it, but this works. 'NE' files will eventually fade away. JRR */
331 while((byte_count = vfs_read_data(fsp, buf, VS_NE_BUF_SIZE)) > 0) {
332 /* Cover case that should not occur in a well formed 'NE' .dll file */
333 if (byte_count-VS_VERSION_INFO_SIZE <= 0) break;
335 for(i=0; i<byte_count; i++) {
336 /* Fast skip past data that can't possibly match */
337 if (buf[i] != 'V') continue;
339 /* Potential match data crosses buf boundry, move it to beginning
340 * of buf, and fill the buf with as much as it will hold. */
341 if (i>byte_count-VS_VERSION_INFO_SIZE) {
344 memcpy(buf, &buf[i], byte_count-i);
345 if ((bc = vfs_read_data(fsp, &buf[byte_count-i], VS_NE_BUF_SIZE-
346 (byte_count-i))) < 0) {
348 DEBUG(0,("get_file_version: NE file [%s] Read error, errno=%d\n",
353 byte_count = bc + (byte_count - i);
354 if (byte_count<VS_VERSION_INFO_SIZE) break;
359 /* Check that the full signature string and the magic number that
360 * follows exist (not a perfect solution, but the chances that this
361 * occurs in code is, well, remote. Yes I know I'm comparing the 'V'
362 * twice, as it is simpler to read the code. */
363 if (strcmp(&buf[i], VS_SIGNATURE) == 0) {
364 /* Compute skip alignment to next long address */
365 int skip = -(SMB_VFS_LSEEK(fsp, 0, SEEK_CUR) - (byte_count - i) +
366 sizeof(VS_SIGNATURE)) & 3;
367 if (IVAL(buf,i+sizeof(VS_SIGNATURE)+skip) != 0xfeef04bd) continue;
369 *major = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MAJOR_OFFSET);
370 *minor = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MINOR_OFFSET);
371 DEBUG(6,("get_file_version: NE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
372 fname, *major, *minor,
373 (*major>>16)&0xffff, *major&0xffff,
374 (*minor>>16)&0xffff, *minor&0xffff));
381 /* Version info not found, fall back to origin date/time */
382 DEBUG(0,("get_file_version: NE file [%s] Version info not found\n", fname));
387 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
388 DEBUG(3,("get_file_version: File [%s] unknown file format, signature = 0x%x\n",
389 fname, IVAL(buf,PE_HEADER_SIGNATURE_OFFSET)));
400 /****************************************************************************
401 Drivers for Microsoft systems contain multiple files. Often, multiple drivers
402 share one or more files. During the MS installation process files are checked
403 to insure that only a newer version of a shared file is installed over an
404 older version. There are several possibilities for this comparison. If there
405 is no previous version, the new one is newer (obviously). If either file is
406 missing the version info structure, compare the creation date (on Unix use
407 the modification date). Otherwise chose the numerically larger version number.
408 ****************************************************************************/
410 static int file_version_is_newer(connection_struct *conn, fstring new_file, fstring old_file)
412 bool use_version = true;
416 time_t new_create_time;
420 time_t old_create_time;
422 struct smb_filename *smb_fname = NULL;
423 files_struct *fsp = NULL;
429 SET_STAT_INVALID(st);
430 new_create_time = (time_t)0;
431 old_create_time = (time_t)0;
433 /* Get file version info (if available) for previous file (if it exists) */
434 status = driver_unix_convert(conn, old_file, &smb_fname);
435 if (!NT_STATUS_IS_OK(status)) {
439 status = SMB_VFS_CREATE_FILE(
442 0, /* root_dir_fid */
443 smb_fname, /* fname */
444 FILE_GENERIC_READ, /* access_mask */
445 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
446 FILE_OPEN, /* create_disposition*/
447 0, /* create_options */
448 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
449 INTERNAL_OPEN_ONLY, /* oplock_request */
450 0, /* allocation_size */
451 0, /* private_flags */
457 if (!NT_STATUS_IS_OK(status)) {
458 /* Old file not found, so by definition new file is in fact newer */
459 DEBUG(10,("file_version_is_newer: Can't open old file [%s], "
460 "errno = %d\n", smb_fname_str_dbg(smb_fname),
466 ret = get_file_version(fsp, old_file, &old_major, &old_minor);
472 DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
475 if (SMB_VFS_FSTAT(fsp, &st) == -1) {
478 old_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
479 DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
480 (long)old_create_time));
483 close_file(NULL, fsp, NORMAL_CLOSE);
486 /* Get file version info (if available) for new file */
487 status = driver_unix_convert(conn, new_file, &smb_fname);
488 if (!NT_STATUS_IS_OK(status)) {
492 status = SMB_VFS_CREATE_FILE(
495 0, /* root_dir_fid */
496 smb_fname, /* fname */
497 FILE_GENERIC_READ, /* access_mask */
498 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
499 FILE_OPEN, /* create_disposition*/
500 0, /* create_options */
501 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
502 INTERNAL_OPEN_ONLY, /* oplock_request */
503 0, /* allocation_size */
504 0, /* private_flags */
510 if (!NT_STATUS_IS_OK(status)) {
511 /* New file not found, this shouldn't occur if the caller did its job */
512 DEBUG(3,("file_version_is_newer: Can't open new file [%s], "
513 "errno = %d\n", smb_fname_str_dbg(smb_fname), errno));
517 ret = get_file_version(fsp, new_file, &new_major, &new_minor);
523 DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
526 if (SMB_VFS_FSTAT(fsp, &st) == -1) {
529 new_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
530 DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
531 (long)new_create_time));
534 close_file(NULL, fsp, NORMAL_CLOSE);
537 if (use_version && (new_major != old_major || new_minor != old_minor)) {
538 /* Compare versions and choose the larger version number */
539 if (new_major > old_major ||
540 (new_major == old_major && new_minor > old_minor)) {
542 DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
547 DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
553 /* Compare modification time/dates and choose the newest time/date */
554 if (new_create_time > old_create_time) {
555 DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
560 DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
568 close_file(NULL, fsp, NORMAL_CLOSE);
571 TALLOC_FREE(smb_fname);
575 /****************************************************************************
576 Determine the correct cVersion associated with an architecture and driver
577 ****************************************************************************/
578 static uint32 get_correct_cversion(struct auth_session_info *session_info,
579 const char *architecture,
580 const char *driverpath_in,
585 struct smb_filename *smb_fname = NULL;
586 char *driverpath = NULL;
587 files_struct *fsp = NULL;
588 connection_struct *conn = NULL;
590 char *printdollar = NULL;
591 int printdollar_snum;
593 *perr = WERR_INVALID_PARAM;
595 /* If architecture is Windows 95/98/ME, the version is always 0. */
596 if (strcmp(architecture, SPL_ARCH_WIN40) == 0) {
597 DEBUG(10,("get_correct_cversion: Driver is Win9x, cversion = 0\n"));
602 /* If architecture is Windows x64, the version is always 3. */
603 if (strcmp(architecture, SPL_ARCH_X64) == 0) {
604 DEBUG(10,("get_correct_cversion: Driver is x64, cversion = 3\n"));
609 printdollar_snum = find_service(talloc_tos(), "print$", &printdollar);
614 if (printdollar_snum == -1) {
615 *perr = WERR_NO_SUCH_SHARE;
619 nt_status = create_conn_struct_cwd(talloc_tos(),
620 server_event_context(),
621 server_messaging_context(),
624 lp_pathname(talloc_tos(), printdollar_snum),
625 session_info, &oldcwd);
626 if (!NT_STATUS_IS_OK(nt_status)) {
627 DEBUG(0,("get_correct_cversion: create_conn_struct "
628 "returned %s\n", nt_errstr(nt_status)));
629 *perr = ntstatus_to_werror(nt_status);
633 nt_status = set_conn_force_user_group(conn, printdollar_snum);
634 if (!NT_STATUS_IS_OK(nt_status)) {
635 DEBUG(0, ("failed set force user / group\n"));
636 *perr = ntstatus_to_werror(nt_status);
637 goto error_free_conn;
640 if (!become_user_by_session(conn, session_info)) {
641 DEBUG(0, ("failed to become user\n"));
642 *perr = WERR_ACCESS_DENIED;
643 goto error_free_conn;
646 /* Open the driver file (Portable Executable format) and determine the
647 * deriver the cversion. */
648 driverpath = talloc_asprintf(talloc_tos(),
657 nt_status = driver_unix_convert(conn, driverpath, &smb_fname);
658 if (!NT_STATUS_IS_OK(nt_status)) {
659 *perr = ntstatus_to_werror(nt_status);
663 nt_status = vfs_file_exist(conn, smb_fname);
664 if (!NT_STATUS_IS_OK(nt_status)) {
665 DEBUG(3,("get_correct_cversion: vfs_file_exist failed\n"));
666 *perr = WERR_BADFILE;
670 nt_status = SMB_VFS_CREATE_FILE(
673 0, /* root_dir_fid */
674 smb_fname, /* fname */
675 FILE_GENERIC_READ, /* access_mask */
676 FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
677 FILE_OPEN, /* create_disposition*/
678 0, /* create_options */
679 FILE_ATTRIBUTE_NORMAL, /* file_attributes */
680 INTERNAL_OPEN_ONLY, /* oplock_request */
681 0, /* private_flags */
682 0, /* allocation_size */
688 if (!NT_STATUS_IS_OK(nt_status)) {
689 DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = "
690 "%d\n", smb_fname_str_dbg(smb_fname), errno));
691 *perr = WERR_ACCESS_DENIED;
698 ret = get_file_version(fsp, smb_fname->base_name, &major, &minor);
700 *perr = WERR_INVALID_PARAM;
703 DEBUG(6,("get_correct_cversion: Version info not "
705 smb_fname_str_dbg(smb_fname)));
706 *perr = WERR_INVALID_PARAM;
711 * This is a Microsoft'ism. See references in MSDN to VER_FILEVERSION
712 * for more details. Version in this case is not just the version of the
713 * file, but the version in the sense of kernal mode (2) vs. user mode
714 * (3) drivers. Other bits of the version fields are the version info.
717 cversion = major & 0x0000ffff;
719 case 2: /* WinNT drivers */
720 case 3: /* Win2K drivers */
724 DEBUG(6,("get_correct_cversion: cversion "
725 "invalid [%s] cversion = %d\n",
726 smb_fname_str_dbg(smb_fname),
731 DEBUG(10,("get_correct_cversion: Version info found [%s] major"
732 " = 0x%x minor = 0x%x\n",
733 smb_fname_str_dbg(smb_fname), major, minor));
736 DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n",
737 smb_fname_str_dbg(smb_fname), cversion));
743 TALLOC_FREE(smb_fname);
745 close_file(NULL, fsp, NORMAL_CLOSE);
748 vfs_ChDir(conn, oldcwd);
749 SMB_VFS_DISCONNECT(conn);
752 if (!W_ERROR_IS_OK(*perr)) {
759 /****************************************************************************
760 ****************************************************************************/
762 #define strip_driver_path(_mem_ctx, _element) do { \
763 if (_element && ((_p = strrchr((_element), '\\')) != NULL)) { \
764 (_element) = talloc_asprintf((_mem_ctx), "%s", _p+1); \
765 W_ERROR_HAVE_NO_MEMORY((_element)); \
769 static WERROR clean_up_driver_struct_level(TALLOC_CTX *mem_ctx,
770 struct auth_session_info *session_info,
771 const char *architecture,
772 const char **driver_path,
773 const char **data_file,
774 const char **config_file,
775 const char **help_file,
776 struct spoolss_StringArray *dependent_files,
777 enum spoolss_DriverOSVersion *version)
779 const char *short_architecture;
784 if (!*driver_path || !*data_file) {
785 return WERR_INVALID_PARAM;
788 if (!strequal(architecture, SPOOLSS_ARCHITECTURE_4_0) && !*config_file) {
789 return WERR_INVALID_PARAM;
792 /* clean up the driver name.
793 * we can get .\driver.dll
794 * or worse c:\windows\system\driver.dll !
796 /* using an intermediate string to not have overlaping memcpy()'s */
798 strip_driver_path(mem_ctx, *driver_path);
799 strip_driver_path(mem_ctx, *data_file);
801 strip_driver_path(mem_ctx, *config_file);
804 strip_driver_path(mem_ctx, *help_file);
807 if (dependent_files && dependent_files->string) {
808 for (i=0; dependent_files->string[i]; i++) {
809 strip_driver_path(mem_ctx, dependent_files->string[i]);
813 short_architecture = get_short_archi(architecture);
814 if (!short_architecture) {
815 return WERR_UNKNOWN_PRINTER_DRIVER;
818 /* jfm:7/16/2000 the client always sends the cversion=0.
819 * The server should check which version the driver is by reading
820 * the PE header of driver->driverpath.
822 * For Windows 95/98 the version is 0 (so the value sent is correct)
823 * For Windows NT (the architecture doesn't matter)
825 * NT 3.5/3.51: cversion=1
830 *version = get_correct_cversion(session_info, short_architecture,
832 if (*version == -1) {
839 /****************************************************************************
840 ****************************************************************************/
842 WERROR clean_up_driver_struct(TALLOC_CTX *mem_ctx,
843 struct auth_session_info *session_info,
844 struct spoolss_AddDriverInfoCtr *r)
848 return clean_up_driver_struct_level(mem_ctx, session_info,
849 r->info.info3->architecture,
850 &r->info.info3->driver_path,
851 &r->info.info3->data_file,
852 &r->info.info3->config_file,
853 &r->info.info3->help_file,
854 r->info.info3->dependent_files,
855 &r->info.info3->version);
857 return clean_up_driver_struct_level(mem_ctx, session_info,
858 r->info.info6->architecture,
859 &r->info.info6->driver_path,
860 &r->info.info6->data_file,
861 &r->info.info6->config_file,
862 &r->info.info6->help_file,
863 r->info.info6->dependent_files,
864 &r->info.info6->version);
866 return WERR_NOT_SUPPORTED;
870 /****************************************************************************
871 This function sucks and should be replaced. JRA.
872 ****************************************************************************/
874 static void convert_level_6_to_level3(struct spoolss_AddDriverInfo3 *dst,
875 const struct spoolss_AddDriverInfo6 *src)
877 dst->version = src->version;
879 dst->driver_name = src->driver_name;
880 dst->architecture = src->architecture;
881 dst->driver_path = src->driver_path;
882 dst->data_file = src->data_file;
883 dst->config_file = src->config_file;
884 dst->help_file = src->help_file;
885 dst->monitor_name = src->monitor_name;
886 dst->default_datatype = src->default_datatype;
887 dst->_ndr_size_dependent_files = src->_ndr_size_dependent_files;
888 dst->dependent_files = src->dependent_files;
891 /****************************************************************************
892 ****************************************************************************/
894 static WERROR move_driver_file_to_download_area(TALLOC_CTX *mem_ctx,
895 connection_struct *conn,
896 const char *driver_file,
897 const char *short_architecture,
898 uint32_t driver_version,
901 struct smb_filename *smb_fname_old = NULL;
902 struct smb_filename *smb_fname_new = NULL;
903 char *old_name = NULL;
904 char *new_name = NULL;
908 old_name = talloc_asprintf(mem_ctx, "%s/%s",
909 short_architecture, driver_file);
910 W_ERROR_HAVE_NO_MEMORY(old_name);
912 new_name = talloc_asprintf(mem_ctx, "%s/%d/%s",
913 short_architecture, driver_version, driver_file);
914 if (new_name == NULL) {
915 TALLOC_FREE(old_name);
919 if (version != -1 && (version = file_version_is_newer(conn, old_name, new_name)) > 0) {
921 status = driver_unix_convert(conn, old_name, &smb_fname_old);
922 if (!NT_STATUS_IS_OK(status)) {
927 /* Setup a synthetic smb_filename struct */
928 smb_fname_new = talloc_zero(mem_ctx, struct smb_filename);
929 if (!smb_fname_new) {
934 smb_fname_new->base_name = new_name;
936 DEBUG(10,("move_driver_file_to_download_area: copying '%s' to "
937 "'%s'\n", smb_fname_old->base_name,
938 smb_fname_new->base_name));
940 status = copy_file(mem_ctx, conn, smb_fname_old, smb_fname_new,
941 OPENX_FILE_EXISTS_TRUNCATE |
942 OPENX_FILE_CREATE_IF_NOT_EXIST,
945 if (!NT_STATUS_IS_OK(status)) {
946 DEBUG(0,("move_driver_file_to_download_area: Unable "
947 "to rename [%s] to [%s]: %s\n",
948 smb_fname_old->base_name, new_name,
950 ret = WERR_ACCESS_DENIED;
957 TALLOC_FREE(smb_fname_old);
958 TALLOC_FREE(smb_fname_new);
962 WERROR move_driver_to_download_area(struct auth_session_info *session_info,
963 struct spoolss_AddDriverInfoCtr *r)
965 struct spoolss_AddDriverInfo3 *driver;
966 struct spoolss_AddDriverInfo3 converted_driver;
967 const char *short_architecture;
968 struct smb_filename *smb_dname = NULL;
969 char *new_dir = NULL;
970 connection_struct *conn = NULL;
973 TALLOC_CTX *ctx = talloc_tos();
976 char *printdollar = NULL;
977 int printdollar_snum;
978 WERROR err = WERR_OK;
982 driver = r->info.info3;
985 convert_level_6_to_level3(&converted_driver, r->info.info6);
986 driver = &converted_driver;
989 DEBUG(0,("move_driver_to_download_area: Unknown info level (%u)\n", (unsigned int)r->level));
990 return WERR_UNKNOWN_LEVEL;
993 short_architecture = get_short_archi(driver->architecture);
994 if (!short_architecture) {
995 return WERR_UNKNOWN_PRINTER_DRIVER;
998 printdollar_snum = find_service(ctx, "print$", &printdollar);
1002 if (printdollar_snum == -1) {
1003 return WERR_NO_SUCH_SHARE;
1006 nt_status = create_conn_struct_cwd(talloc_tos(),
1007 server_event_context(),
1008 server_messaging_context(),
1011 lp_pathname(talloc_tos(), printdollar_snum),
1012 session_info, &oldcwd);
1013 if (!NT_STATUS_IS_OK(nt_status)) {
1014 DEBUG(0,("move_driver_to_download_area: create_conn_struct "
1015 "returned %s\n", nt_errstr(nt_status)));
1016 err = ntstatus_to_werror(nt_status);
1020 nt_status = set_conn_force_user_group(conn, printdollar_snum);
1021 if (!NT_STATUS_IS_OK(nt_status)) {
1022 DEBUG(0, ("failed set force user / group\n"));
1023 err = ntstatus_to_werror(nt_status);
1027 if (!become_user_by_session(conn, session_info)) {
1028 DEBUG(0, ("failed to become user\n"));
1029 err = WERR_ACCESS_DENIED;
1033 new_dir = talloc_asprintf(ctx,
1041 nt_status = driver_unix_convert(conn, new_dir, &smb_dname);
1042 if (!NT_STATUS_IS_OK(nt_status)) {
1047 DEBUG(5,("Creating first directory: %s\n", smb_dname->base_name));
1049 nt_status = create_directory(conn, NULL, smb_dname);
1050 if (!NT_STATUS_IS_OK(nt_status)
1051 && !NT_STATUS_EQUAL(nt_status, NT_STATUS_OBJECT_NAME_COLLISION)) {
1052 DEBUG(0, ("failed to create driver destination directory: %s\n",
1053 nt_errstr(nt_status)));
1054 err = ntstatus_to_werror(nt_status);
1058 /* For each driver file, archi\filexxx.yyy, if there is a duplicate file
1059 * listed for this driver which has already been moved, skip it (note:
1060 * drivers may list the same file name several times. Then check if the
1061 * file already exists in archi\version\, if so, check that the version
1062 * info (or time stamps if version info is unavailable) is newer (or the
1063 * date is later). If it is, move it to archi\version\filexxx.yyy.
1064 * Otherwise, delete the file.
1066 * If a file is not moved to archi\version\ because of an error, all the
1067 * rest of the 'unmoved' driver files are removed from archi\. If one or
1068 * more of the driver's files was already moved to archi\version\, it
1069 * potentially leaves the driver in a partially updated state. Version
1070 * trauma will most likely occur if an client attempts to use any printer
1071 * bound to the driver. Perhaps a rewrite to make sure the moves can be
1072 * done is appropriate... later JRR
1075 DEBUG(5,("Moving files now !\n"));
1077 if (driver->driver_path && strlen(driver->driver_path)) {
1079 err = move_driver_file_to_download_area(ctx,
1081 driver->driver_path,
1085 if (!W_ERROR_IS_OK(err)) {
1090 if (driver->data_file && strlen(driver->data_file)) {
1091 if (!strequal(driver->data_file, driver->driver_path)) {
1093 err = move_driver_file_to_download_area(ctx,
1099 if (!W_ERROR_IS_OK(err)) {
1105 if (driver->config_file && strlen(driver->config_file)) {
1106 if (!strequal(driver->config_file, driver->driver_path) &&
1107 !strequal(driver->config_file, driver->data_file)) {
1109 err = move_driver_file_to_download_area(ctx,
1111 driver->config_file,
1115 if (!W_ERROR_IS_OK(err)) {
1121 if (driver->help_file && strlen(driver->help_file)) {
1122 if (!strequal(driver->help_file, driver->driver_path) &&
1123 !strequal(driver->help_file, driver->data_file) &&
1124 !strequal(driver->help_file, driver->config_file)) {
1126 err = move_driver_file_to_download_area(ctx,
1132 if (!W_ERROR_IS_OK(err)) {
1138 if (driver->dependent_files && driver->dependent_files->string) {
1139 for (i=0; driver->dependent_files->string[i]; i++) {
1140 if (!strequal(driver->dependent_files->string[i], driver->driver_path) &&
1141 !strequal(driver->dependent_files->string[i], driver->data_file) &&
1142 !strequal(driver->dependent_files->string[i], driver->config_file) &&
1143 !strequal(driver->dependent_files->string[i], driver->help_file)) {
1145 for (j=0; j < i; j++) {
1146 if (strequal(driver->dependent_files->string[i], driver->dependent_files->string[j])) {
1151 err = move_driver_file_to_download_area(ctx,
1153 driver->dependent_files->string[i],
1157 if (!W_ERROR_IS_OK(err)) {
1169 TALLOC_FREE(smb_dname);
1172 vfs_ChDir(conn, oldcwd);
1173 SMB_VFS_DISCONNECT(conn);
1180 /****************************************************************************
1181 Determine whether or not a particular driver is currently assigned
1183 ****************************************************************************/
1185 bool printer_driver_in_use(TALLOC_CTX *mem_ctx,
1186 struct dcerpc_binding_handle *b,
1187 const struct spoolss_DriverInfo8 *r)
1190 int n_services = lp_numservices();
1191 bool in_use = False;
1192 struct spoolss_PrinterInfo2 *pinfo2 = NULL;
1199 DEBUG(10,("printer_driver_in_use: Beginning search through ntprinters.tdb...\n"));
1201 /* loop through the printers.tdb and check for the drivername */
1203 for (snum=0; snum<n_services && !in_use; snum++) {
1204 if (!lp_snum_ok(snum) || !lp_print_ok(snum)) {
1208 result = winreg_get_printer(mem_ctx, b,
1209 lp_servicename(talloc_tos(), snum),
1211 if (!W_ERROR_IS_OK(result)) {
1212 continue; /* skip */
1215 if (strequal(r->driver_name, pinfo2->drivername)) {
1219 TALLOC_FREE(pinfo2);
1222 DEBUG(10,("printer_driver_in_use: Completed search through ntprinters.tdb...\n"));
1225 struct spoolss_DriverInfo8 *driver = NULL;
1228 DEBUG(5,("printer_driver_in_use: driver \"%s\" is currently in use\n", r->driver_name));
1230 /* we can still remove the driver if there is one of
1231 "Windows NT x86" version 2 or 3 left */
1233 if (!strequal("Windows NT x86", r->architecture)) {
1234 werr = winreg_get_driver(mem_ctx, b,
1239 } else if (r->version == 2) {
1240 werr = winreg_get_driver(mem_ctx, b,
1244 } else if (r->version == 3) {
1245 werr = winreg_get_driver(mem_ctx, b,
1250 DEBUG(0, ("printer_driver_in_use: ERROR!"
1251 " unknown driver version (%d)\n",
1253 werr = WERR_UNKNOWN_PRINTER_DRIVER;
1256 /* now check the error code */
1258 if ( W_ERROR_IS_OK(werr) ) {
1259 /* it's ok to remove the driver, we have other architctures left */
1261 talloc_free(driver);
1265 /* report that the driver is not in use by default */
1271 /**********************************************************************
1272 Check to see if a ogiven file is in use by *info
1273 *********************************************************************/
1275 static bool drv_file_in_use(const char *file, const struct spoolss_DriverInfo8 *info)
1282 /* mz: skip files that are in the list but already deleted */
1283 if (!file || !file[0]) {
1287 if (strequal(file, info->driver_path))
1290 if (strequal(file, info->data_file))
1293 if (strequal(file, info->config_file))
1296 if (strequal(file, info->help_file))
1299 /* see of there are any dependent files to examine */
1301 if (!info->dependent_files)
1304 while (info->dependent_files[i] && *info->dependent_files[i]) {
1305 if (strequal(file, info->dependent_files[i]))
1314 /**********************************************************************
1315 Utility function to remove the dependent file pointed to by the
1316 input parameter from the list
1317 *********************************************************************/
1319 static void trim_dependent_file(TALLOC_CTX *mem_ctx, const char **files, int idx)
1322 /* bump everything down a slot */
1324 while (files && files[idx+1]) {
1325 files[idx] = talloc_strdup(mem_ctx, files[idx+1]);
1334 /**********************************************************************
1335 Check if any of the files used by src are also used by drv
1336 *********************************************************************/
1338 static bool trim_overlap_drv_files(TALLOC_CTX *mem_ctx,
1339 struct spoolss_DriverInfo8 *src,
1340 const struct spoolss_DriverInfo8 *drv)
1342 bool in_use = False;
1348 /* check each file. Remove it from the src structure if it overlaps */
1350 if (drv_file_in_use(src->driver_path, drv)) {
1352 DEBUG(10,("Removing driverfile [%s] from list\n", src->driver_path));
1353 src->driver_path = talloc_strdup(mem_ctx, "");
1354 if (!src->driver_path) { return false; }
1357 if (drv_file_in_use(src->data_file, drv)) {
1359 DEBUG(10,("Removing datafile [%s] from list\n", src->data_file));
1360 src->data_file = talloc_strdup(mem_ctx, "");
1361 if (!src->data_file) { return false; }
1364 if (drv_file_in_use(src->config_file, drv)) {
1366 DEBUG(10,("Removing configfile [%s] from list\n", src->config_file));
1367 src->config_file = talloc_strdup(mem_ctx, "");
1368 if (!src->config_file) { return false; }
1371 if (drv_file_in_use(src->help_file, drv)) {
1373 DEBUG(10,("Removing helpfile [%s] from list\n", src->help_file));
1374 src->help_file = talloc_strdup(mem_ctx, "");
1375 if (!src->help_file) { return false; }
1378 /* are there any dependentfiles to examine? */
1380 if (!src->dependent_files)
1383 while (src->dependent_files[i] && *src->dependent_files[i]) {
1384 if (drv_file_in_use(src->dependent_files[i], drv)) {
1386 DEBUG(10,("Removing [%s] from dependent file list\n", src->dependent_files[i]));
1387 trim_dependent_file(mem_ctx, src->dependent_files, i);
1395 /****************************************************************************
1396 Determine whether or not a particular driver files are currently being
1397 used by any other driver.
1399 Return value is True if any files were in use by other drivers
1400 and False otherwise.
1402 Upon return, *info has been modified to only contain the driver files
1403 which are not in use
1407 This needs to check all drivers to ensure that all files in use
1408 have been removed from *info, not just the ones in the first
1410 ****************************************************************************/
1412 bool printer_driver_files_in_use(TALLOC_CTX *mem_ctx,
1413 struct dcerpc_binding_handle *b,
1414 struct spoolss_DriverInfo8 *info)
1418 struct spoolss_DriverInfo8 *driver;
1419 bool in_use = false;
1420 uint32_t num_drivers;
1421 const char **drivers;
1427 version = info->version;
1429 /* loop over all driver versions */
1431 DEBUG(5,("printer_driver_files_in_use: Beginning search of drivers...\n"));
1433 /* get the list of drivers */
1435 result = winreg_get_driver_list(mem_ctx, b,
1436 info->architecture, version,
1437 &num_drivers, &drivers);
1438 if (!W_ERROR_IS_OK(result)) {
1442 DEBUGADD(4, ("we have:[%d] drivers in environment [%s] and version [%d]\n",
1443 num_drivers, info->architecture, version));
1445 /* check each driver for overlap in files */
1447 for (i = 0; i < num_drivers; i++) {
1448 DEBUGADD(5,("\tdriver: [%s]\n", drivers[i]));
1452 result = winreg_get_driver(mem_ctx, b,
1453 info->architecture, drivers[i],
1455 if (!W_ERROR_IS_OK(result)) {
1456 talloc_free(drivers);
1460 /* check if d2 uses any files from d1 */
1461 /* only if this is a different driver than the one being deleted */
1463 if (!strequal(info->driver_name, driver->driver_name)) {
1464 if (trim_overlap_drv_files(mem_ctx, info, driver)) {
1465 /* mz: Do not instantly return -
1466 * we need to ensure this file isn't
1467 * also in use by other drivers. */
1472 talloc_free(driver);
1475 talloc_free(drivers);
1477 DEBUG(5,("printer_driver_files_in_use: Completed search of drivers...\n"));
1482 static NTSTATUS driver_unlink_internals(connection_struct *conn,
1483 const char *short_arch,
1487 TALLOC_CTX *tmp_ctx = talloc_new(conn);
1488 struct smb_filename *smb_fname = NULL;
1489 char *print_dlr_path;
1490 NTSTATUS status = NT_STATUS_NO_MEMORY;
1492 print_dlr_path = talloc_asprintf(tmp_ctx, "%s/%d/%s",
1493 short_arch, vers, fname);
1494 if (print_dlr_path == NULL) {
1498 status = create_synthetic_smb_fname(tmp_ctx, print_dlr_path,
1499 NULL, NULL, &smb_fname);
1500 if (!NT_STATUS_IS_OK(status)) {
1504 status = unlink_internals(conn, NULL, 0, smb_fname, false);
1506 talloc_free(tmp_ctx);
1510 /****************************************************************************
1511 Actually delete the driver files. Make sure that
1512 printer_driver_files_in_use() return False before calling
1514 ****************************************************************************/
1516 bool delete_driver_files(const struct auth_session_info *session_info,
1517 const struct spoolss_DriverInfo8 *r)
1519 const char *short_arch;
1520 connection_struct *conn;
1523 char *printdollar = NULL;
1524 int printdollar_snum;
1531 DEBUG(6,("delete_driver_files: deleting driver [%s] - version [%d]\n",
1532 r->driver_name, r->version));
1534 printdollar_snum = find_service(talloc_tos(), "print$", &printdollar);
1538 if (printdollar_snum == -1) {
1542 nt_status = create_conn_struct_cwd(talloc_tos(),
1543 server_event_context(),
1544 server_messaging_context(),
1547 lp_pathname(talloc_tos(), printdollar_snum),
1548 session_info, &oldcwd);
1549 if (!NT_STATUS_IS_OK(nt_status)) {
1550 DEBUG(0,("delete_driver_files: create_conn_struct "
1551 "returned %s\n", nt_errstr(nt_status)));
1555 nt_status = set_conn_force_user_group(conn, printdollar_snum);
1556 if (!NT_STATUS_IS_OK(nt_status)) {
1557 DEBUG(0, ("failed set force user / group\n"));
1562 if (!become_user_by_session(conn, session_info)) {
1563 DEBUG(0, ("failed to become user\n"));
1568 if ( !CAN_WRITE(conn) ) {
1569 DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n"));
1574 short_arch = get_short_archi(r->architecture);
1575 if (short_arch == NULL) {
1576 DEBUG(0, ("bad architecture %s\n", r->architecture));
1581 /* now delete the files */
1583 if (r->driver_path && r->driver_path[0]) {
1584 DEBUG(10,("deleting driverfile [%s]\n", r->driver_path));
1585 driver_unlink_internals(conn, short_arch, r->version, r->driver_path);
1588 if (r->config_file && r->config_file[0]) {
1589 DEBUG(10,("deleting configfile [%s]\n", r->config_file));
1590 driver_unlink_internals(conn, short_arch, r->version, r->config_file);
1593 if (r->data_file && r->data_file[0]) {
1594 DEBUG(10,("deleting datafile [%s]\n", r->data_file));
1595 driver_unlink_internals(conn, short_arch, r->version, r->data_file);
1598 if (r->help_file && r->help_file[0]) {
1599 DEBUG(10,("deleting helpfile [%s]\n", r->help_file));
1600 driver_unlink_internals(conn, short_arch, r->version, r->help_file);
1603 if (r->dependent_files) {
1605 while (r->dependent_files[i] && r->dependent_files[i][0]) {
1606 DEBUG(10,("deleting dependent file [%s]\n", r->dependent_files[i]));
1607 driver_unlink_internals(conn, short_arch, r->version, r->dependent_files[i]);
1617 vfs_ChDir(conn, oldcwd);
1618 SMB_VFS_DISCONNECT(conn);
1626 1: level not implemented
1627 2: file doesn't exist
1628 3: can't allocate memory
1629 4: can't free memory
1630 5: non existent struct
1634 A printer and a printer driver are 2 different things.
1635 NT manages them separatelly, Samba does the same.
1636 Why ? Simply because it's easier and it makes sense !
1638 Now explanation: You have 3 printers behind your samba server,
1639 2 of them are the same make and model (laser A and B). But laser B
1640 has an 3000 sheet feeder and laser A doesn't such an option.
1641 Your third printer is an old dot-matrix model for the accounting :-).
1643 If the /usr/local/samba/lib directory (default dir), you will have
1644 5 files to describe all of this.
1646 3 files for the printers (1 by printer):
1649 NTprinter_accounting
1650 2 files for the drivers (1 for the laser and 1 for the dot matrix)
1651 NTdriver_printer model X
1652 NTdriver_printer model Y
1654 jfm: I should use this comment for the text file to explain
1655 same thing for the forms BTW.
1656 Je devrais mettre mes commentaires en francais, ca serait mieux :-)
1660 /* Convert generic access rights to printer object specific access rights.
1661 It turns out that NT4 security descriptors use generic access rights and
1662 NT5 the object specific ones. */
1664 void map_printer_permissions(struct security_descriptor *sd)
1668 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1669 se_map_generic(&sd->dacl->aces[i].access_mask,
1670 &printer_generic_mapping);
1674 void map_job_permissions(struct security_descriptor *sd)
1678 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1679 se_map_generic(&sd->dacl->aces[i].access_mask,
1680 &job_generic_mapping);
1685 /****************************************************************************
1686 Check a user has permissions to perform the given operation. We use the
1687 permission constants defined in include/rpc_spoolss.h to check the various
1688 actions we perform when checking printer access.
1690 PRINTER_ACCESS_ADMINISTER:
1691 print_queue_pause, print_queue_resume, update_printer_sec,
1692 update_printer, spoolss_addprinterex_level_2,
1693 _spoolss_setprinterdata
1698 JOB_ACCESS_ADMINISTER:
1699 print_job_delete, print_job_pause, print_job_resume,
1702 Try access control in the following order (for performance reasons):
1703 1) root and SE_PRINT_OPERATOR can do anything (easy check)
1704 2) check security descriptor (bit comparisons in memory)
1705 3) "printer admins" (may result in numerous calls to winbind)
1707 ****************************************************************************/
1708 bool print_access_check(const struct auth_session_info *session_info,
1709 struct messaging_context *msg_ctx, int snum,
1712 struct spoolss_security_descriptor *secdesc = NULL;
1713 uint32 access_granted;
1718 TALLOC_CTX *mem_ctx = NULL;
1720 /* If user is NULL then use the current_user structure */
1722 /* Always allow root or SE_PRINT_OPERATROR to do anything */
1724 if (session_info->unix_token->uid == sec_initial_uid()
1725 || security_token_has_privilege(session_info->security_token, SEC_PRIV_PRINT_OPERATOR)) {
1729 /* Get printer name */
1731 pname = lp_printername(talloc_tos(), snum);
1733 if (!pname || !*pname) {
1738 /* Get printer security descriptor */
1740 if(!(mem_ctx = talloc_init("print_access_check"))) {
1745 result = winreg_get_printer_secdesc_internal(mem_ctx,
1746 get_session_info_system(),
1750 if (!W_ERROR_IS_OK(result)) {
1751 talloc_destroy(mem_ctx);
1756 if (access_type == JOB_ACCESS_ADMINISTER) {
1757 struct spoolss_security_descriptor *parent_secdesc = secdesc;
1759 /* Create a child security descriptor to check permissions
1760 against. This is because print jobs are child objects
1761 objects of a printer. */
1762 status = se_create_child_secdesc(mem_ctx,
1766 parent_secdesc->owner_sid,
1767 parent_secdesc->group_sid,
1769 if (!NT_STATUS_IS_OK(status)) {
1770 talloc_destroy(mem_ctx);
1771 errno = map_errno_from_nt_status(status);
1775 map_job_permissions(secdesc);
1777 map_printer_permissions(secdesc);
1781 status = se_access_check(secdesc, session_info->security_token, access_type,
1784 DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE"));
1786 talloc_destroy(mem_ctx);
1788 if (!NT_STATUS_IS_OK(status)) {
1792 return NT_STATUS_IS_OK(status);
1795 /****************************************************************************
1796 Check the time parameters allow a print operation.
1797 *****************************************************************************/
1799 bool print_time_access_check(const struct auth_session_info *session_info,
1800 struct messaging_context *msg_ctx,
1801 const char *servicename)
1803 struct spoolss_PrinterInfo2 *pinfo2 = NULL;
1806 time_t now = time(NULL);
1810 result = winreg_get_printer_internal(NULL, session_info, msg_ctx,
1811 servicename, &pinfo2);
1812 if (!W_ERROR_IS_OK(result)) {
1816 if (pinfo2->starttime == 0 && pinfo2->untiltime == 0) {
1821 mins = (uint32)t->tm_hour*60 + (uint32)t->tm_min;
1823 if (mins >= pinfo2->starttime && mins <= pinfo2->untiltime) {
1827 TALLOC_FREE(pinfo2);
1836 void nt_printer_remove(TALLOC_CTX *mem_ctx,
1837 const struct auth_session_info *session_info,
1838 struct messaging_context *msg_ctx,
1839 const char *printer)
1843 result = winreg_delete_printer_key_internal(mem_ctx, session_info, msg_ctx,
1845 if (!W_ERROR_IS_OK(result)) {
1846 DEBUG(0, ("nt_printer_remove: failed to remove printer %s: "
1847 "%s\n", printer, win_errstr(result)));
1851 void nt_printer_add(TALLOC_CTX *mem_ctx,
1852 const struct auth_session_info *session_info,
1853 struct messaging_context *msg_ctx,
1854 const char *printer)
1858 result = winreg_create_printer_internal(mem_ctx, session_info, msg_ctx,
1860 if (!W_ERROR_IS_OK(result)) {
1861 DEBUG(0, ("nt_printer_add: failed to add printer %s: %s\n",
1862 printer, win_errstr(result)));
git.samba.org / samba.git / blob