source3/printing/nt_printing_tdb.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Copyright (c) Andrew Tridgell              1992-2000,
   5  *  Copyright (c) Jean François Micouleau      1998-2000.
   6  *  Copyright (c) Gerald Carter                2002-2005.
   7  *  Copyright (c) Andreas Schneider            2010.
   8  *
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 3 of the License, or
  12  *  (at your option) any later version.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  21  */
  22
  23 #include "includes.h"
  24 #include "printing/nt_printing_tdb.h"
  25 #include "librpc/gen_ndr/spoolss.h"
  26 #include "librpc/gen_ndr/ndr_security.h"
  27 #include "libcli/security/security.h"
  28
  29 #define FORMS_PREFIX "FORMS/"
  30 #define DRIVERS_PREFIX "DRIVERS/"
  31 #define PRINTERS_PREFIX "PRINTERS/"
  32 #define SECDESC_PREFIX "SECDESC/"
  33
  34 #define NTDRIVERS_DATABASE_VERSION_1 1
  35 #define NTDRIVERS_DATABASE_VERSION_2 2
  36 #define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
  37 #define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
  38 #define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
  39
  40 static TDB_CONTEXT *tdb_forms; /* used for forms files */
  41 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
  42 static TDB_CONTEXT *tdb_printers; /* used for printers files */
  43
  44 /****************************************************************************
  45  generate a new TDB_DATA key for storing a printer
  46 ****************************************************************************/
  47
  48 static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
  49 {
  50         fstring share;
  51         char *keystr = NULL;
  52         TDB_DATA key;
  53
  54         fstrcpy(share, sharename);
  55         strlower_m(share);
  56
  57         keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
  58         key = string_term_tdb_data(keystr ? keystr : "");
  59
  60         return key;
  61 }
  62
  63 /****************************************************************************
  64  generate a new TDB_DATA key for storing a printer security descriptor
  65 ****************************************************************************/
  66
  67 static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
  68                                         const char* sharename  )
  69 {
  70         fstring share;
  71         char *keystr = NULL;
  72         TDB_DATA key;
  73
  74         fstrcpy(share, sharename );
  75         strlower_m(share);
  76
  77         keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
  78         key = string_term_tdb_data(keystr ? keystr : "");
  79
  80         return key;
  81 }
  82
  83 /****************************************************************************
  84  Upgrade the tdb files to version 3
  85 ****************************************************************************/
  86
  87 static bool upgrade_to_version_3(void)
  88 {
  89         TDB_DATA kbuf, newkey, dbuf;
  90
  91         DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
  92
  93         for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
  94                         newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
  95
  96                 dbuf = tdb_fetch(tdb_drivers, kbuf);
  97
  98                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
  99                         DEBUG(0,("upgrade_to_version_3:moving form\n"));
 100                         if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
 101                                 SAFE_FREE(dbuf.dptr);
 102                                 DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
 103                                 return False;
 104                         }
 105                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 106                                 SAFE_FREE(dbuf.dptr);
 107                                 DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 108                                 return False;
 109                         }
 110                 }
 111
 112                 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
 113                         DEBUG(0,("upgrade_to_version_3:moving printer\n"));
 114                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
 115                                 SAFE_FREE(dbuf.dptr);
 116                                 DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
 117                                 return False;
 118                         }
 119                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 120                                 SAFE_FREE(dbuf.dptr);
 121                                 DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 122                                 return False;
 123                         }
 124                 }
 125
 126                 if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
 127                         DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
 128                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
 129                                 SAFE_FREE(dbuf.dptr);
 130                                 DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
 131                                 return False;
 132                         }
 133                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 134                                 SAFE_FREE(dbuf.dptr);
 135                                 DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 136                                 return False;
 137                         }
 138                 }
 139
 140                 SAFE_FREE(dbuf.dptr);
 141         }
 142
 143         return True;
 144 }
 145
 146 /*******************************************************************
 147  Fix an issue with security descriptors.  Printer sec_desc must
 148  use more than the generic bits that were previously used
 149  in <= 3.0.14a.  They must also have a owner and group SID assigned.
 150  Otherwise, any printers than have been migrated to a Windows
 151  host using printmig.exe will not be accessible.
 152 *******************************************************************/
 153
 154 static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
 155                             TDB_DATA data, void *state )
 156 {
 157         NTSTATUS status;
 158         struct sec_desc_buf *sd_orig = NULL;
 159         struct sec_desc_buf *sd_new, *sd_store;
 160         struct security_descriptor *sec, *new_sec;
 161         TALLOC_CTX *ctx = state;
 162         int result, i;
 163         uint32 sd_size;
 164         size_t size_new_sec;
 165
 166         if (!data.dptr || data.dsize == 0) {
 167                 return 0;
 168         }
 169
 170         if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
 171                 return 0;
 172         }
 173
 174         /* upgrade the security descriptor */
 175
 176         status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
 177         if (!NT_STATUS_IS_OK(status)) {
 178                 /* delete bad entries */
 179                 DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si.  Deleting....\n",
 180                         (const char *)key.dptr ));
 181                 tdb_delete( tdb_printers, key );
 182                 return 0;
 183         }
 184
 185         if (!sd_orig) {
 186                 return 0;
 187         }
 188         sec = sd_orig->sd;
 189
 190         /* is this even valid? */
 191
 192         if ( !sec->dacl ) {
 193                 return 0;
 194         }
 195
 196         /* update access masks */
 197
 198         for ( i=0; i<sec->dacl->num_aces; i++ ) {
 199                 switch ( sec->dacl->aces[i].access_mask ) {
 200                         case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
 201                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
 202                                 break;
 203
 204                         case GENERIC_ALL_ACCESS:
 205                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
 206                                 break;
 207
 208                         case READ_CONTROL_ACCESS:
 209                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
 210
 211                         default:        /* no change */
 212                                 break;
 213                 }
 214         }
 215
 216         /* create a new struct security_descriptor with the appropriate owner and group SIDs */
 217
 218         new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
 219                                  &global_sid_Builtin_Administrators,
 220                                  &global_sid_Builtin_Administrators,
 221                                  NULL, NULL, &size_new_sec );
 222         if (!new_sec) {
 223                 return 0;
 224         }
 225         sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
 226         if (!sd_new) {
 227                 return 0;
 228         }
 229
 230         if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
 231                 DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
 232                 return 0;
 233         }
 234
 235         /* store it back */
 236
 237         sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
 238                 + sizeof(struct sec_desc_buf);
 239
 240         status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
 241         if (!NT_STATUS_IS_OK(status)) {
 242                 DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
 243                 return 0;
 244         }
 245
 246         result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
 247
 248         /* 0 to continue and non-zero to stop traversal */
 249
 250         return (result == -1);
 251 }
 252
 253 /*******************************************************************
 254  Upgrade the tdb files to version 4
 255 *******************************************************************/
 256
 257 static bool upgrade_to_version_4(void)
 258 {
 259         TALLOC_CTX *ctx;
 260         int result;
 261
 262         DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
 263
 264         if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
 265                 return False;
 266
 267         result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
 268
 269         talloc_destroy( ctx );
 270
 271         return ( result != -1 );
 272 }
 273
 274 /*******************************************************************
 275  Fix an issue with security descriptors.  Printer sec_desc must
 276  use more than the generic bits that were previously used
 277  in <= 3.0.14a.  They must also have a owner and group SID assigned.
 278  Otherwise, any printers than have been migrated to a Windows
 279  host using printmig.exe will not be accessible.
 280 *******************************************************************/
 281
 282 static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
 283                                   TDB_DATA data, void *state )
 284 {
 285         TALLOC_CTX *ctx = talloc_tos();
 286         TDB_DATA new_key;
 287
 288         if (!data.dptr || data.dsize == 0)
 289                 return 0;
 290
 291         /* upgrade printer records and security descriptors */
 292
 293         if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
 294                 new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
 295         }
 296         else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
 297                 new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
 298         }
 299         else {
 300                 /* ignore this record */
 301                 return 0;
 302         }
 303
 304         /* delete the original record and store under the normalized key */
 305
 306         if ( tdb_delete( the_tdb, key ) != 0 ) {
 307                 DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
 308                         key.dptr));
 309                 return 1;
 310         }
 311
 312         if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
 313                 DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
 314                         key.dptr));
 315                 return 1;
 316         }
 317
 318         return 0;
 319 }
 320
 321 /*******************************************************************
 322  Upgrade the tdb files to version 5
 323 *******************************************************************/
 324
 325 static bool upgrade_to_version_5(void)
 326 {
 327         TALLOC_CTX *ctx;
 328         int result;
 329
 330         DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
 331
 332         if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
 333                 return False;
 334
 335         result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
 336
 337         talloc_destroy( ctx );
 338
 339         return ( result != -1 );
 340 }
 341
 342 bool nt_printing_tdb_upgrade(void)
 343 {
 344         const char *drivers_path = state_path("ntdrivers.tdb");
 345         const char *printers_path = state_path("ntprinters.tdb");
 346         const char *forms_path = state_path("ntforms.tdb");
 347         bool drivers_exists = file_exist(drivers_path);
 348         bool printers_exists = file_exist(printers_path);
 349         bool forms_exists = file_exist(forms_path);
 350         const char *vstring = "INFO/version";
 351         int32_t vers_id;
 352
 353         if (!drivers_exists && !printers_exists && !forms_exists) {
 354                 return true;
 355         }
 356
 357         tdb_drivers = tdb_open_log(drivers_path,
 358                                    0,
 359                                    TDB_DEFAULT,
 360                                    O_RDWR|O_CREAT,
 361                                    0600);
 362         if (tdb_drivers == NULL) {
 363                 DEBUG(0,("nt_printing_init: Failed to open nt drivers "
 364                          "database %s (%s)\n",
 365                          drivers_path, strerror(errno)));
 366                 return false;
 367         }
 368
 369         tdb_printers = tdb_open_log(printers_path,
 370                                     0,
 371                                     TDB_DEFAULT,
 372                                     O_RDWR|O_CREAT,
 373                                     0600);
 374         if (tdb_printers == NULL) {
 375                 DEBUG(0,("nt_printing_init: Failed to open nt printers "
 376                          "database %s (%s)\n",
 377                          printers_path, strerror(errno)));
 378                 return false;
 379         }
 380
 381         tdb_forms = tdb_open_log(forms_path,
 382                                  0,
 383                                  TDB_DEFAULT,
 384                                  O_RDWR|O_CREAT,
 385                                  0600);
 386         if (tdb_forms == NULL) {
 387                 DEBUG(0,("nt_printing_init: Failed to open nt forms "
 388                          "database %s (%s)\n",
 389                          forms_path, strerror(errno)));
 390                 return false;
 391         }
 392
 393         /* Samba upgrade */
 394         vers_id = tdb_fetch_int32(tdb_drivers, vstring);
 395         if (vers_id == -1) {
 396                 DEBUG(10, ("Fresh database\n"));
 397                 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
 398                 vers_id = NTDRIVERS_DATABASE_VERSION_5;
 399         }
 400
 401         if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
 402                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) ||
 403                     (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
 404                         if (!upgrade_to_version_3()) {
 405                                 return false;
 406                         }
 407
 408                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
 409                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
 410                 }
 411
 412                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) ||
 413                     (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
 414                         /*
 415                          * Written on a bigendian machine with old fetch_int
 416                          * code. Save as le. The only upgrade between V2 and V3
 417                          * is to save the version in little-endian.
 418                          */
 419                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
 420                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
 421                 }
 422
 423                 if (vers_id == NTDRIVERS_DATABASE_VERSION_3) {
 424                         if (!upgrade_to_version_4()) {
 425                                 return false;
 426                         }
 427                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
 428                         vers_id = NTDRIVERS_DATABASE_VERSION_4;
 429                 }
 430
 431                 if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
 432                         if (!upgrade_to_version_5()) {
 433                                 return false;
 434                         }
 435                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
 436                         vers_id = NTDRIVERS_DATABASE_VERSION_5;
 437                 }
 438
 439                 if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
 440                         DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
 441                         return false;
 442                 }
 443         }
 444
 445         if (tdb_drivers) {
 446                 tdb_close(tdb_drivers);
 447                 tdb_drivers = NULL;
 448         }
 449
 450         if (tdb_printers) {
 451                 tdb_close(tdb_printers);
 452                 tdb_printers = NULL;
 453         }
 454
 455         if (tdb_forms) {
 456                 tdb_close(tdb_forms);
 457                 tdb_forms = NULL;
 458         }
 459
 460         return true;
 461 }