Fix warnings with talloc_asprintf.
[ira/wip.git] / source3 / printing / nt_printing.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-2000,
5  *  Copyright (C) Jean François Micouleau      1998-2000.
6  *  Copyright (C) Gerald Carter                2002-2005.
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 3 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
20  */
21
22 #include "includes.h"
23
24 static TDB_CONTEXT *tdb_forms; /* used for forms files */
25 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
26 static TDB_CONTEXT *tdb_printers; /* used for printers files */
27
28 #define FORMS_PREFIX "FORMS/"
29 #define DRIVERS_PREFIX "DRIVERS/"
30 #define DRIVER_INIT_PREFIX "DRIVER_INIT/"
31 #define PRINTERS_PREFIX "PRINTERS/"
32 #define SECDESC_PREFIX "SECDESC/"
33 #define GLOBAL_C_SETPRINTER "GLOBALS/c_setprinter"
34
35 #define NTDRIVERS_DATABASE_VERSION_1 1
36 #define NTDRIVERS_DATABASE_VERSION_2 2
37 #define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
38 #define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
39 #define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
40
41 /* Map generic permissions to printer object specific permissions */
42
43 const struct generic_mapping printer_generic_mapping = {
44         PRINTER_READ,
45         PRINTER_WRITE,
46         PRINTER_EXECUTE,
47         PRINTER_ALL_ACCESS
48 };
49
50 const struct standard_mapping printer_std_mapping = {
51         PRINTER_READ,
52         PRINTER_WRITE,
53         PRINTER_EXECUTE,
54         PRINTER_ALL_ACCESS
55 };
56
57 /* Map generic permissions to print server object specific permissions */
58
59 const struct generic_mapping printserver_generic_mapping = {
60         SERVER_READ,
61         SERVER_WRITE,
62         SERVER_EXECUTE,
63         SERVER_ALL_ACCESS
64 };
65
66 const struct generic_mapping printserver_std_mapping = {
67         SERVER_READ,
68         SERVER_WRITE,
69         SERVER_EXECUTE,
70         SERVER_ALL_ACCESS
71 };
72
73 /* Map generic permissions to job object specific permissions */
74
75 const struct generic_mapping job_generic_mapping = {
76         JOB_READ,
77         JOB_WRITE,
78         JOB_EXECUTE,
79         JOB_ALL_ACCESS
80 };
81
82 /* We need one default form to support our default printer. Msoft adds the
83 forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an
84 array index). Letter is always first, so (for the current code) additions
85 always put things in the correct order. */
86 static const nt_forms_struct default_forms[] = {
87         {"Letter",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
88         {"Letter Small",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
89         {"Tabloid",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
90         {"Ledger",0x1,0x696b8,0x44368,0x0,0x0,0x696b8,0x44368},
91         {"Legal",0x1,0x34b5c,0x56d10,0x0,0x0,0x34b5c,0x56d10},
92         {"Statement",0x1,0x221b4,0x34b5c,0x0,0x0,0x221b4,0x34b5c},
93         {"Executive",0x1,0x2cf56,0x411cc,0x0,0x0,0x2cf56,0x411cc},
94         {"A3",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
95         {"A4",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
96         {"A4 Small",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
97         {"A5",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
98         {"B4 (JIS)",0x1,0x3ebe8,0x58de0,0x0,0x0,0x3ebe8,0x58de0},
99         {"B5 (JIS)",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
100         {"Folio",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
101         {"Quarto",0x1,0x347d8,0x43238,0x0,0x0,0x347d8,0x43238},
102         {"10x14",0x1,0x3e030,0x56d10,0x0,0x0,0x3e030,0x56d10},
103         {"11x17",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
104         {"Note",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
105         {"Envelope #9",0x1,0x18079,0x37091,0x0,0x0,0x18079,0x37091},
106         {"Envelope #10",0x1,0x19947,0x3ae94,0x0,0x0,0x19947,0x3ae94},
107         {"Envelope #11",0x1,0x1be7c,0x40565,0x0,0x0,0x1be7c,0x40565},
108         {"Envelope #12",0x1,0x1d74a,0x44368,0x0,0x0,0x1d74a,0x44368},
109         {"Envelope #14",0x1,0x1f018,0x47504,0x0,0x0,0x1f018,0x47504},
110         {"C size sheet",0x1,0x696b8,0x886d0,0x0,0x0,0x696b8,0x886d0},
111         {"D size sheet",0x1,0x886d0,0xd2d70,0x0,0x0,0x886d0,0xd2d70},
112         {"E size sheet",0x1,0xd2d70,0x110da0,0x0,0x0,0xd2d70,0x110da0},
113         {"Envelope DL",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
114         {"Envelope C5",0x1,0x278d0,0x37e88,0x0,0x0,0x278d0,0x37e88},
115         {"Envelope C3",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
116         {"Envelope C4",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
117         {"Envelope C6",0x1,0x1bd50,0x278d0,0x0,0x0,0x1bd50,0x278d0},
118         {"Envelope C65",0x1,0x1bd50,0x37e88,0x0,0x0,0x1bd50,0x37e88},
119         {"Envelope B4",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
120         {"Envelope B5",0x1,0x2af80,0x3d090,0x0,0x0,0x2af80,0x3d090},
121         {"Envelope B6",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
122         {"Envelope",0x1,0x1adb0,0x38270,0x0,0x0,0x1adb0,0x38270},
123         {"Envelope Monarch",0x1,0x18079,0x2e824,0x0,0x0,0x18079,0x2e824},
124         {"6 3/4 Envelope",0x1,0x167ab,0x284ec,0x0,0x0,0x167ab,0x284ec},
125         {"US Std Fanfold",0x1,0x5c3e1,0x44368,0x0,0x0,0x5c3e1,0x44368},
126         {"German Std Fanfold",0x1,0x34b5c,0x4a6a0,0x0,0x0,0x34b5c,0x4a6a0},
127         {"German Legal Fanfold",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
128         {"B4 (ISO)",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
129         {"Japanese Postcard",0x1,0x186a0,0x24220,0x0,0x0,0x186a0,0x24220},
130         {"9x11",0x1,0x37cf8,0x44368,0x0,0x0,0x37cf8,0x44368},
131         {"10x11",0x1,0x3e030,0x44368,0x0,0x0,0x3e030,0x44368},
132         {"15x11",0x1,0x5d048,0x44368,0x0,0x0,0x5d048,0x44368},
133         {"Envelope Invite",0x1,0x35b60,0x35b60,0x0,0x0,0x35b60,0x35b60},
134         {"Reserved48",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
135         {"Reserved49",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
136         {"Letter Extra",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
137         {"Legal Extra",0x1,0x3ae94,0x5d048,0x0,0x0,0x3ae94,0x5d048},
138         {"Tabloid Extra",0x1,0x4a6a0,0x6f9f0,0x0,0x0,0x4a6a0,0x6f9f0},
139         {"A4 Extra",0x1,0x397c2,0x4eb16,0x0,0x0,0x397c2,0x4eb16},
140         {"Letter Transverse",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
141         {"A4 Transverse",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
142         {"Letter Extra Transverse",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
143         {"Super A",0x1,0x376b8,0x56ea0,0x0,0x0,0x376b8,0x56ea0},
144         {"Super B",0x1,0x4a768,0x76e58,0x0,0x0,0x4a768,0x76e58},
145         {"Letter Plus",0x1,0x34b5c,0x4eb16,0x0,0x0,0x34b5c,0x4eb16},
146         {"A4 Plus",0x1,0x33450,0x50910,0x0,0x0,0x33450,0x50910},
147         {"A5 Transverse",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
148         {"B5 (JIS) Transverse",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
149         {"A3 Extra",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
150         {"A5 Extra",0x1,0x2a7b0,0x395f8,0x0,0x0,0x2a7b0,0x395f8},
151         {"B5 (ISO) Extra",0x1,0x31128,0x43620,0x0,0x0,0x31128,0x43620},
152         {"A2",0x1,0x668a0,0x91050,0x0,0x0,0x668a0,0x91050},
153         {"A3 Transverse",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
154         {"A3 Extra Transverse",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
155         {"Japanese Double Postcard",0x1,0x30d40,0x24220,0x0,0x0,0x30d40,0x24220},
156         {"A6",0x1,0x19a28,0x24220,0x0,0x0,0x19a28,0x24220},
157         {"Japanese Envelope Kaku #2",0x1,0x3a980,0x510e0,0x0,0x0,0x3a980,0x510e0},
158         {"Japanese Envelope Kaku #3",0x1,0x34bc0,0x43a08,0x0,0x0,0x34bc0,0x43a08},
159         {"Japanese Envelope Chou #3",0x1,0x1d4c0,0x395f8,0x0,0x0,0x1d4c0,0x395f8},
160         {"Japanese Envelope Chou #4",0x1,0x15f90,0x320c8,0x0,0x0,0x15f90,0x320c8},
161         {"Letter Rotated",0x1,0x44368,0x34b5c,0x0,0x0,0x44368,0x34b5c},
162         {"A3 Rotated",0x1,0x668a0,0x48828,0x0,0x0,0x668a0,0x48828},
163         {"A4 Rotated",0x1,0x48828,0x33450,0x0,0x0,0x48828,0x33450},
164         {"A5 Rotated",0x1,0x33450,0x24220,0x0,0x0,0x33450,0x24220},
165         {"B4 (JIS) Rotated",0x1,0x58de0,0x3ebe8,0x0,0x0,0x58de0,0x3ebe8},
166         {"B5 (JIS) Rotated",0x1,0x3ebe8,0x2c6f0,0x0,0x0,0x3ebe8,0x2c6f0},
167         {"Japanese Postcard Rotated",0x1,0x24220,0x186a0,0x0,0x0,0x24220,0x186a0},
168         {"Double Japan Postcard Rotated",0x1,0x24220,0x30d40,0x0,0x0,0x24220,0x30d40},
169         {"A6 Rotated",0x1,0x24220,0x19a28,0x0,0x0,0x24220,0x19a28},
170         {"Japan Envelope Kaku #2 Rotated",0x1,0x510e0,0x3a980,0x0,0x0,0x510e0,0x3a980},
171         {"Japan Envelope Kaku #3 Rotated",0x1,0x43a08,0x34bc0,0x0,0x0,0x43a08, 0x34bc0},
172         {"Japan Envelope Chou #3 Rotated",0x1,0x395f8,0x1d4c0,0x0,0x0,0x395f8,0x1d4c0},
173         {"Japan Envelope Chou #4 Rotated",0x1,0x320c8,0x15f90,0x0,0x0,0x320c8,0x15f90},
174         {"B6 (JIS)",0x1,0x1f400,0x2c6f0,0x0,0x0,0x1f400,0x2c6f0},
175         {"B6 (JIS) Rotated",0x1,0x2c6f0,0x1f400,0x0,0x0,0x2c6f0,0x1f400},
176         {"12x11",0x1,0x4a724,0x443e1,0x0,0x0,0x4a724,0x443e1},
177         {"Japan Envelope You #4",0x1,0x19a28,0x395f8,0x0,0x0,0x19a28,0x395f8},
178         {"Japan Envelope You #4 Rotated",0x1,0x395f8,0x19a28,0x0,0x0,0x395f8,0x19a28},
179         {"PRC 16K",0x1,0x2de60,0x3f7a0,0x0,0x0,0x2de60,0x3f7a0},
180         {"PRC 32K",0x1,0x1fbd0,0x2cec0,0x0,0x0,0x1fbd0,0x2cec0},
181         {"PRC 32K(Big)",0x1,0x222e0,0x318f8,0x0,0x0,0x222e0,0x318f8},
182         {"PRC Envelope #1",0x1,0x18e70,0x28488,0x0,0x0,0x18e70,0x28488},
183         {"PRC Envelope #2",0x1,0x18e70,0x2af80,0x0,0x0,0x18e70,0x2af80},
184         {"PRC Envelope #3",0x1,0x1e848,0x2af80,0x0,0x0,0x1e848,0x2af80},
185         {"PRC Envelope #4",0x1,0x1adb0,0x32c80,0x0,0x0,0x1adb0,0x32c80},
186         {"PRC Envelope #5",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
187         {"PRC Envelope #6",0x1,0x1d4c0,0x38270,0x0,0x0,0x1d4c0,0x38270},
188         {"PRC Envelope #7",0x1,0x27100,0x38270,0x0,0x0,0x27100,0x38270},
189         {"PRC Envelope #8",0x1,0x1d4c0,0x4b708,0x0,0x0,0x1d4c0,0x4b708},
190         {"PRC Envelope #9",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
191         {"PRC Envelope #10",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
192         {"PRC 16K Rotated",0x1,0x3f7a0,0x2de60,0x0,0x0,0x3f7a0,0x2de60},
193         {"PRC 32K Rotated",0x1,0x2cec0,0x1fbd0,0x0,0x0,0x2cec0,0x1fbd0},
194         {"PRC 32K(Big) Rotated",0x1,0x318f8,0x222e0,0x0,0x0,0x318f8,0x222e0},
195         {"PRC Envelope #1 Rotated",0x1,0x28488,0x18e70,0x0,0x0,0x28488,0x18e70},
196         {"PRC Envelope #2 Rotated",0x1,0x2af80,0x18e70,0x0,0x0,0x2af80,0x18e70},
197         {"PRC Envelope #3 Rotated",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
198         {"PRC Envelope #4 Rotated",0x1,0x32c80,0x1adb0,0x0,0x0,0x32c80,0x1adb0},
199         {"PRC Envelope #5 Rotated",0x1,0x35b60,0x1adb0,0x0,0x0,0x35b60,0x1adb0},
200         {"PRC Envelope #6 Rotated",0x1,0x38270,0x1d4c0,0x0,0x0,0x38270,0x1d4c0},
201         {"PRC Envelope #7 Rotated",0x1,0x38270,0x27100,0x0,0x0,0x38270,0x27100},
202         {"PRC Envelope #8 Rotated",0x1,0x4b708,0x1d4c0,0x0,0x0,0x4b708,0x1d4c0},
203         {"PRC Envelope #9 Rotated",0x1,0x4f1a0,0x37e88,0x0,0x0,0x4f1a0,0x37e88},
204         {"PRC Envelope #10 Rotated",0x1,0x6fd10,0x4f1a0,0x0,0x0,0x6fd10,0x4f1a0}
205 };
206
207 static const struct print_architecture_table_node archi_table[]= {
208
209         {"Windows 4.0",          SPL_ARCH_WIN40,        0 },
210         {"Windows NT x86",       SPL_ARCH_W32X86,       2 },
211         {"Windows NT R4000",     SPL_ARCH_W32MIPS,      2 },
212         {"Windows NT Alpha_AXP", SPL_ARCH_W32ALPHA,     2 },
213         {"Windows NT PowerPC",   SPL_ARCH_W32PPC,       2 },
214         {"Windows IA64",         SPL_ARCH_IA64,         3 },
215         {"Windows x64",          SPL_ARCH_X64,          3 },
216         {NULL,                   "",            -1 }
217 };
218
219
220 /****************************************************************************
221  generate a new TDB_DATA key for storing a printer
222 ****************************************************************************/
223
224 static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
225 {
226         fstring share;
227         char *keystr = NULL;
228         TDB_DATA key;
229
230         fstrcpy(share, sharename);
231         strlower_m(share);
232
233         keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
234         key = string_term_tdb_data(keystr ? keystr : "");
235
236         return key;
237 }
238
239 /****************************************************************************
240  generate a new TDB_DATA key for storing a printer security descriptor
241 ****************************************************************************/
242
243 static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
244                                         const char* sharename  )
245 {
246         fstring share;
247         char *keystr = NULL;
248         TDB_DATA key;
249
250         fstrcpy(share, sharename );
251         strlower_m(share);
252
253         keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
254         key = string_term_tdb_data(keystr ? keystr : "");
255
256         return key;
257 }
258
259 /****************************************************************************
260 ****************************************************************************/
261
262 static bool upgrade_to_version_3(void)
263 {
264         TDB_DATA kbuf, newkey, dbuf;
265
266         DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
267
268         for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
269                         newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
270
271                 dbuf = tdb_fetch(tdb_drivers, kbuf);
272
273                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
274                         DEBUG(0,("upgrade_to_version_3:moving form\n"));
275                         if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
276                                 SAFE_FREE(dbuf.dptr);
277                                 DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
278                                 return False;
279                         }
280                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
281                                 SAFE_FREE(dbuf.dptr);
282                                 DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
283                                 return False;
284                         }
285                 }
286
287                 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
288                         DEBUG(0,("upgrade_to_version_3:moving printer\n"));
289                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
290                                 SAFE_FREE(dbuf.dptr);
291                                 DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
292                                 return False;
293                         }
294                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
295                                 SAFE_FREE(dbuf.dptr);
296                                 DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
297                                 return False;
298                         }
299                 }
300
301                 if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
302                         DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
303                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
304                                 SAFE_FREE(dbuf.dptr);
305                                 DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
306                                 return False;
307                         }
308                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
309                                 SAFE_FREE(dbuf.dptr);
310                                 DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
311                                 return False;
312                         }
313                 }
314
315                 SAFE_FREE(dbuf.dptr);
316         }
317
318         return True;
319 }
320
321 /*******************************************************************
322  Fix an issue with security descriptors.  Printer sec_desc must
323  use more than the generic bits that were previously used
324  in <= 3.0.14a.  They must also have a owner and group SID assigned.
325  Otherwise, any printers than have been migrated to a Windows
326  host using printmig.exe will not be accessible.
327 *******************************************************************/
328
329 static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
330                             TDB_DATA data, void *state )
331 {
332         NTSTATUS status;
333         SEC_DESC_BUF *sd_orig = NULL;
334         SEC_DESC_BUF *sd_new, *sd_store;
335         SEC_DESC *sec, *new_sec;
336         TALLOC_CTX *ctx = state;
337         int result, i;
338         uint32 sd_size;
339         size_t size_new_sec;
340
341         if (!data.dptr || data.dsize == 0) {
342                 return 0;
343         }
344
345         if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
346                 return 0;
347         }
348
349         /* upgrade the security descriptor */
350
351         status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
352         if (!NT_STATUS_IS_OK(status)) {
353                 /* delete bad entries */
354                 DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si.  Deleting....\n",
355                         (const char *)key.dptr ));
356                 tdb_delete( tdb_printers, key );
357                 return 0;
358         }
359
360         if (!sd_orig) {
361                 return 0;
362         }
363         sec = sd_orig->sd;
364
365         /* is this even valid? */
366
367         if ( !sec->dacl ) {
368                 return 0;
369         }
370
371         /* update access masks */
372
373         for ( i=0; i<sec->dacl->num_aces; i++ ) {
374                 switch ( sec->dacl->aces[i].access_mask ) {
375                         case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
376                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
377                                 break;
378
379                         case GENERIC_ALL_ACCESS:
380                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
381                                 break;
382
383                         case READ_CONTROL_ACCESS:
384                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
385
386                         default:        /* no change */
387                                 break;
388                 }
389         }
390
391         /* create a new SEC_DESC with the appropriate owner and group SIDs */
392
393         new_sec = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
394                                  &global_sid_Builtin_Administrators,
395                                  &global_sid_Builtin_Administrators,
396                                  NULL, NULL, &size_new_sec );
397         if (!new_sec) {
398                 return 0;
399         }
400         sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
401         if (!sd_new) {
402                 return 0;
403         }
404
405         if ( !(sd_store = sec_desc_merge( ctx, sd_new, sd_orig )) ) {
406                 DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
407                 return 0;
408         }
409
410         /* store it back */
411
412         sd_size = ndr_size_security_descriptor(sd_store->sd, NULL, 0)
413                 + sizeof(SEC_DESC_BUF);
414
415         status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
416         if (!NT_STATUS_IS_OK(status)) {
417                 DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
418                 return 0;
419         }
420
421         result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
422
423         /* 0 to continue and non-zero to stop traversal */
424
425         return (result == -1);
426 }
427
428 /*******************************************************************
429 *******************************************************************/
430
431 static bool upgrade_to_version_4(void)
432 {
433         TALLOC_CTX *ctx;
434         int result;
435
436         DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
437
438         if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
439                 return False;
440
441         result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
442
443         talloc_destroy( ctx );
444
445         return ( result != -1 );
446 }
447
448 /*******************************************************************
449  Fix an issue with security descriptors.  Printer sec_desc must
450  use more than the generic bits that were previously used
451  in <= 3.0.14a.  They must also have a owner and group SID assigned.
452  Otherwise, any printers than have been migrated to a Windows
453  host using printmig.exe will not be accessible.
454 *******************************************************************/
455
456 static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
457                                   TDB_DATA data, void *state )
458 {
459         TALLOC_CTX *ctx = talloc_tos();
460         TDB_DATA new_key;
461
462         if (!data.dptr || data.dsize == 0)
463                 return 0;
464
465         /* upgrade printer records and security descriptors */
466
467         if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
468                 new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
469         }
470         else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
471                 new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
472         }
473         else {
474                 /* ignore this record */
475                 return 0;
476         }
477
478         /* delete the original record and store under the normalized key */
479
480         if ( tdb_delete( the_tdb, key ) != 0 ) {
481                 DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
482                         key.dptr));
483                 return 1;
484         }
485
486         if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
487                 DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
488                         key.dptr));
489                 return 1;
490         }
491
492         return 0;
493 }
494
495 /*******************************************************************
496 *******************************************************************/
497
498 static bool upgrade_to_version_5(void)
499 {
500         TALLOC_CTX *ctx;
501         int result;
502
503         DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
504
505         if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
506                 return False;
507
508         result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
509
510         talloc_destroy( ctx );
511
512         return ( result != -1 );
513 }
514
515 /****************************************************************************
516  Open the NT printing tdbs. Done once before fork().
517 ****************************************************************************/
518
519 bool nt_printing_init(struct messaging_context *msg_ctx)
520 {
521         const char *vstring = "INFO/version";
522         WERROR win_rc;
523         int32 vers_id;
524
525         if ( tdb_drivers && tdb_printers && tdb_forms )
526                 return True;
527
528         if (tdb_drivers)
529                 tdb_close(tdb_drivers);
530         tdb_drivers = tdb_open_log(state_path("ntdrivers.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
531         if (!tdb_drivers) {
532                 DEBUG(0,("nt_printing_init: Failed to open nt drivers database %s (%s)\n",
533                         state_path("ntdrivers.tdb"), strerror(errno) ));
534                 return False;
535         }
536
537         if (tdb_printers)
538                 tdb_close(tdb_printers);
539         tdb_printers = tdb_open_log(state_path("ntprinters.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
540         if (!tdb_printers) {
541                 DEBUG(0,("nt_printing_init: Failed to open nt printers database %s (%s)\n",
542                         state_path("ntprinters.tdb"), strerror(errno) ));
543                 return False;
544         }
545
546         if (tdb_forms)
547                 tdb_close(tdb_forms);
548         tdb_forms = tdb_open_log(state_path("ntforms.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
549         if (!tdb_forms) {
550                 DEBUG(0,("nt_printing_init: Failed to open nt forms database %s (%s)\n",
551                         state_path("ntforms.tdb"), strerror(errno) ));
552                 return False;
553         }
554
555         /* handle a Samba upgrade */
556
557         vers_id = tdb_fetch_int32(tdb_drivers, vstring);
558         if (vers_id == -1) {
559                 DEBUG(10, ("Fresh database\n"));
560                 tdb_store_int32( tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5 );
561                 vers_id = NTDRIVERS_DATABASE_VERSION_5;
562         }
563
564         if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
565
566                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
567                         if (!upgrade_to_version_3())
568                                 return False;
569                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
570                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
571                 }
572
573                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
574                         /* Written on a bigendian machine with old fetch_int code. Save as le. */
575                         /* The only upgrade between V2 and V3 is to save the version in little-endian. */
576                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
577                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
578                 }
579
580                 if (vers_id == NTDRIVERS_DATABASE_VERSION_3 ) {
581                         if ( !upgrade_to_version_4() )
582                                 return False;
583                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
584                         vers_id = NTDRIVERS_DATABASE_VERSION_4;
585                 }
586
587                 if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
588                         if ( !upgrade_to_version_5() )
589                                 return False;
590                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
591                         vers_id = NTDRIVERS_DATABASE_VERSION_5;
592                 }
593
594
595                 if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
596                         DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
597                         return False;
598                 }
599         }
600
601         update_c_setprinter(True);
602
603         /*
604          * register callback to handle updating printers as new
605          * drivers are installed
606          */
607
608         messaging_register(msg_ctx, NULL, MSG_PRINTER_DRVUPGRADE,
609                            do_drv_upgrade_printer);
610
611         /*
612          * register callback to handle updating printer data
613          * when a driver is initialized
614          */
615
616         messaging_register(msg_ctx, NULL, MSG_PRINTERDATA_INIT_RESET,
617                            reset_all_printerdata);
618
619         /* of course, none of the message callbacks matter if you don't
620            tell messages.c that you interested in receiving PRINT_GENERAL
621            msgs.  This is done in claim_connection() */
622
623
624         if ( lp_security() == SEC_ADS ) {
625                 win_rc = check_published_printers();
626                 if (!W_ERROR_IS_OK(win_rc))
627                         DEBUG(0, ("nt_printing_init: error checking published printers: %s\n", win_errstr(win_rc)));
628         }
629
630         return True;
631 }
632
633 /*******************************************************************
634  Function to allow filename parsing "the old way".
635 ********************************************************************/
636
637 static NTSTATUS driver_unix_convert(connection_struct *conn,
638                                     const char *old_name,
639                                     struct smb_filename **smb_fname)
640 {
641         NTSTATUS status;
642         TALLOC_CTX *ctx = talloc_tos();
643         char *name = talloc_strdup(ctx, old_name);
644
645         if (!name) {
646                 return NT_STATUS_NO_MEMORY;
647         }
648         unix_format(name);
649         name = unix_clean_name(ctx, name);
650         if (!name) {
651                 return NT_STATUS_NO_MEMORY;
652         }
653         trim_string(name,"/","/");
654
655         status = unix_convert(ctx, conn, name, smb_fname, 0);
656         if (!NT_STATUS_IS_OK(status)) {
657                 return NT_STATUS_NO_MEMORY;
658         }
659
660         return NT_STATUS_OK;
661 }
662
663 /*******************************************************************
664  tdb traversal function for counting printers.
665 ********************************************************************/
666
667 static int traverse_counting_printers(TDB_CONTEXT *t, TDB_DATA key,
668                                       TDB_DATA data, void *context)
669 {
670         int *printer_count = (int*)context;
671
672         if (memcmp(PRINTERS_PREFIX, key.dptr, sizeof(PRINTERS_PREFIX)-1) == 0) {
673                 (*printer_count)++;
674                 DEBUG(10,("traverse_counting_printers: printer = [%s]  printer_count = %d\n", key.dptr, *printer_count));
675         }
676
677         return 0;
678 }
679
680 /*******************************************************************
681  Update the spooler global c_setprinter. This variable is initialized
682  when the parent smbd starts with the number of existing printers. It
683  is monotonically increased by the current number of printers *after*
684  each add or delete printer RPC. Only Microsoft knows why... JRR020119
685 ********************************************************************/
686
687 uint32 update_c_setprinter(bool initialize)
688 {
689         int32 c_setprinter;
690         int32 printer_count = 0;
691
692         tdb_lock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
693
694         /* Traverse the tdb, counting the printers */
695         tdb_traverse(tdb_printers, traverse_counting_printers, (void *)&printer_count);
696
697         /* If initializing, set c_setprinter to current printers count
698          * otherwise, bump it by the current printer count
699          */
700         if (!initialize)
701                 c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER) + printer_count;
702         else
703                 c_setprinter = printer_count;
704
705         DEBUG(10,("update_c_setprinter: c_setprinter = %u\n", (unsigned int)c_setprinter));
706         tdb_store_int32(tdb_printers, GLOBAL_C_SETPRINTER, c_setprinter);
707
708         tdb_unlock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
709
710         return (uint32)c_setprinter;
711 }
712
713 /*******************************************************************
714  Get the spooler global c_setprinter, accounting for initialization.
715 ********************************************************************/
716
717 uint32 get_c_setprinter(void)
718 {
719         int32 c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER);
720
721         if (c_setprinter == (int32)-1)
722                 c_setprinter = update_c_setprinter(True);
723
724         DEBUG(10,("get_c_setprinter: c_setprinter = %d\n", c_setprinter));
725
726         return (uint32)c_setprinter;
727 }
728
729 /****************************************************************************
730  Get builtin form struct list.
731 ****************************************************************************/
732
733 int get_builtin_ntforms(nt_forms_struct **list)
734 {
735         *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
736         if (!*list) {
737                 return 0;
738         }
739         return ARRAY_SIZE(default_forms);
740 }
741
742 /****************************************************************************
743  get a builtin form struct
744 ****************************************************************************/
745
746 bool get_a_builtin_ntform_by_string(const char *form_name, nt_forms_struct *form)
747 {
748         int i;
749         DEBUGADD(6,("Looking for builtin form %s \n", form_name));
750         for (i=0; i<ARRAY_SIZE(default_forms); i++) {
751                 if (strequal(form_name,default_forms[i].name)) {
752                         DEBUGADD(6,("Found builtin form %s \n", form_name));
753                         memcpy(form,&default_forms[i],sizeof(*form));
754                         return true;
755                 }
756         }
757
758         return false;
759 }
760
761 /****************************************************************************
762  get a form struct list.
763 ****************************************************************************/
764
765 int get_ntforms(nt_forms_struct **list)
766 {
767         TDB_DATA kbuf, newkey, dbuf;
768         nt_forms_struct form;
769         int ret;
770         int i;
771         int n = 0;
772
773         *list = NULL;
774
775         for (kbuf = tdb_firstkey(tdb_forms);
776              kbuf.dptr;
777              newkey = tdb_nextkey(tdb_forms, kbuf), free(kbuf.dptr), kbuf=newkey)
778         {
779                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) != 0)
780                         continue;
781
782                 dbuf = tdb_fetch(tdb_forms, kbuf);
783                 if (!dbuf.dptr)
784                         continue;
785
786                 fstrcpy(form.name, (const char *)kbuf.dptr+strlen(FORMS_PREFIX));
787                 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddd",
788                                  &i, &form.flag, &form.width, &form.length, &form.left,
789                                  &form.top, &form.right, &form.bottom);
790                 SAFE_FREE(dbuf.dptr);
791                 if (ret != dbuf.dsize)
792                         continue;
793
794                 *list = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1);
795                 if (!*list) {
796                         DEBUG(0,("get_ntforms: Realloc fail.\n"));
797                         return 0;
798                 }
799                 (*list)[n] = form;
800                 n++;
801         }
802
803
804         return n;
805 }
806
807 /****************************************************************************
808 write a form struct list
809 ****************************************************************************/
810
811 int write_ntforms(nt_forms_struct **list, int number)
812 {
813         TALLOC_CTX *ctx = talloc_tos();
814         char *buf = NULL;
815         char *key = NULL;
816         int len;
817         TDB_DATA dbuf;
818         int i;
819
820         for (i=0;i<number;i++) {
821                 /* save index, so list is rebuilt in correct order */
822                 len = tdb_pack(NULL, 0, "dddddddd",
823                                i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
824                                (*list)[i].left, (*list)[i].top, (*list)[i].right,
825                                (*list)[i].bottom);
826                 if (!len) {
827                         continue;
828                 }
829                 buf = TALLOC_ARRAY(ctx, char, len);
830                 if (!buf) {
831                         return 0;
832                 }
833                 len = tdb_pack((uint8 *)buf, len, "dddddddd",
834                                i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
835                                (*list)[i].left, (*list)[i].top, (*list)[i].right,
836                                (*list)[i].bottom);
837                 key = talloc_asprintf(ctx, "%s%s", FORMS_PREFIX, (*list)[i].name);
838                 if (!key) {
839                         return 0;
840                 }
841                 dbuf.dsize = len;
842                 dbuf.dptr = (uint8 *)buf;
843                 if (tdb_store_bystring(tdb_forms, key, dbuf, TDB_REPLACE) != 0) {
844                         TALLOC_FREE(key);
845                         TALLOC_FREE(buf);
846                         break;
847                 }
848                 TALLOC_FREE(key);
849                 TALLOC_FREE(buf);
850        }
851
852        return i;
853 }
854
855 /****************************************************************************
856 add a form struct at the end of the list
857 ****************************************************************************/
858 bool add_a_form(nt_forms_struct **list, struct spoolss_AddFormInfo1 *form, int *count)
859 {
860         int n=0;
861         bool update;
862
863         /*
864          * NT tries to add forms even when
865          * they are already in the base
866          * only update the values if already present
867          */
868
869         update=False;
870
871         for (n=0; n<*count; n++) {
872                 if ( strequal((*list)[n].name, form->form_name) ) {
873                         update=True;
874                         break;
875                 }
876         }
877
878         if (update==False) {
879                 if((*list=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) {
880                         DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
881                         return False;
882                 }
883                 fstrcpy((*list)[n].name, form->form_name);
884                 (*count)++;
885         }
886
887         (*list)[n].flag         = form->flags;
888         (*list)[n].width        = form->size.width;
889         (*list)[n].length       = form->size.height;
890         (*list)[n].left         = form->area.left;
891         (*list)[n].top          = form->area.top;
892         (*list)[n].right        = form->area.right;
893         (*list)[n].bottom       = form->area.bottom;
894
895         DEBUG(6,("add_a_form: Successfully %s form [%s]\n",
896                 update ? "updated" : "added", form->form_name));
897
898         return True;
899 }
900
901 /****************************************************************************
902  Delete a named form struct.
903 ****************************************************************************/
904
905 bool delete_a_form(nt_forms_struct **list, const char *del_name, int *count, WERROR *ret)
906 {
907         char *key = NULL;
908         int n=0;
909
910         *ret = WERR_OK;
911
912         for (n=0; n<*count; n++) {
913                 if (!strncmp((*list)[n].name, del_name, strlen(del_name))) {
914                         DEBUG(103, ("delete_a_form, [%s] in list\n", del_name));
915                         break;
916                 }
917         }
918
919         if (n == *count) {
920                 DEBUG(10,("delete_a_form, [%s] not found\n", del_name));
921                 *ret = WERR_INVALID_PARAM;
922                 return False;
923         }
924
925         if (asprintf(&key, "%s%s", FORMS_PREFIX, (*list)[n].name) < 0) {
926                 *ret = WERR_NOMEM;
927                 return false;
928         }
929         if (tdb_delete_bystring(tdb_forms, key) != 0) {
930                 SAFE_FREE(key);
931                 *ret = WERR_NOMEM;
932                 return False;
933         }
934         SAFE_FREE(key);
935         return true;
936 }
937
938 /****************************************************************************
939  Update a form struct.
940 ****************************************************************************/
941
942 void update_a_form(nt_forms_struct **list, struct spoolss_AddFormInfo1 *form, int count)
943 {
944         int n=0;
945
946         DEBUG(106, ("[%s]\n", form->form_name));
947         for (n=0; n<count; n++) {
948                 DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name));
949                 if (!strncmp((*list)[n].name, form->form_name, strlen(form->form_name)))
950                         break;
951         }
952
953         if (n==count) return;
954
955         (*list)[n].flag         = form->flags;
956         (*list)[n].width        = form->size.width;
957         (*list)[n].length       = form->size.height;
958         (*list)[n].left         = form->area.left;
959         (*list)[n].top          = form->area.top;
960         (*list)[n].right        = form->area.right;
961         (*list)[n].bottom       = form->area.bottom;
962 }
963
964 /****************************************************************************
965  Get the nt drivers list.
966  Traverse the database and look-up the matching names.
967 ****************************************************************************/
968 int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
969 {
970         int total=0;
971         const char *short_archi;
972         char *key = NULL;
973         TDB_DATA kbuf, newkey;
974
975         short_archi = get_short_archi(architecture);
976         if (!short_archi) {
977                 return 0;
978         }
979
980         if (asprintf(&key, "%s%s/%d/", DRIVERS_PREFIX,
981                                 short_archi, version) < 0) {
982                 return 0;
983         }
984
985         for (kbuf = tdb_firstkey(tdb_drivers);
986              kbuf.dptr;
987              newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
988
989                 if (strncmp((const char *)kbuf.dptr, key, strlen(key)) != 0)
990                         continue;
991
992                 if((*list = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) {
993                         DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
994                         SAFE_FREE(key);
995                         return -1;
996                 }
997
998                 fstrcpy((*list)[total], (const char *)kbuf.dptr+strlen(key));
999                 total++;
1000         }
1001
1002         SAFE_FREE(key);
1003         return(total);
1004 }
1005
1006 /****************************************************************************
1007  Function to do the mapping between the long architecture name and
1008  the short one.
1009 ****************************************************************************/
1010
1011 const char *get_short_archi(const char *long_archi)
1012 {
1013         int i=-1;
1014
1015         DEBUG(107,("Getting architecture dependant directory\n"));
1016         do {
1017                 i++;
1018         } while ( (archi_table[i].long_archi!=NULL ) &&
1019                   StrCaseCmp(long_archi, archi_table[i].long_archi) );
1020
1021         if (archi_table[i].long_archi==NULL) {
1022                 DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
1023                 return NULL;
1024         }
1025
1026         /* this might be client code - but shouldn't this be an fstrcpy etc? */
1027
1028         DEBUGADD(108,("index: [%d]\n", i));
1029         DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi));
1030         DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi));
1031
1032         return archi_table[i].short_archi;
1033 }
1034
1035 /****************************************************************************
1036  Version information in Microsoft files is held in a VS_VERSION_INFO structure.
1037  There are two case to be covered here: PE (Portable Executable) and NE (New
1038  Executable) files. Both files support the same INFO structure, but PE files
1039  store the signature in unicode, and NE files store it as !unicode.
1040  returns -1 on error, 1 on version info found, and 0 on no version info found.
1041 ****************************************************************************/
1042
1043 static int get_file_version(files_struct *fsp, char *fname,uint32 *major, uint32 *minor)
1044 {
1045         int     i;
1046         char    *buf = NULL;
1047         ssize_t byte_count;
1048
1049         if ((buf=(char *)SMB_MALLOC(DOS_HEADER_SIZE)) == NULL) {
1050                 DEBUG(0,("get_file_version: PE file [%s] DOS Header malloc failed bytes = %d\n",
1051                                 fname, DOS_HEADER_SIZE));
1052                 goto error_exit;
1053         }
1054
1055         if ((byte_count = vfs_read_data(fsp, buf, DOS_HEADER_SIZE)) < DOS_HEADER_SIZE) {
1056                 DEBUG(3,("get_file_version: File [%s] DOS header too short, bytes read = %lu\n",
1057                          fname, (unsigned long)byte_count));
1058                 goto no_version_info;
1059         }
1060
1061         /* Is this really a DOS header? */
1062         if (SVAL(buf,DOS_HEADER_MAGIC_OFFSET) != DOS_HEADER_MAGIC) {
1063                 DEBUG(6,("get_file_version: File [%s] bad DOS magic = 0x%x\n",
1064                                 fname, SVAL(buf,DOS_HEADER_MAGIC_OFFSET)));
1065                 goto no_version_info;
1066         }
1067
1068         /* Skip OEM header (if any) and the DOS stub to start of Windows header */
1069         if (SMB_VFS_LSEEK(fsp, SVAL(buf,DOS_HEADER_LFANEW_OFFSET), SEEK_SET) == (SMB_OFF_T)-1) {
1070                 DEBUG(3,("get_file_version: File [%s] too short, errno = %d\n",
1071                                 fname, errno));
1072                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1073                 goto no_version_info;
1074         }
1075
1076         /* Note: DOS_HEADER_SIZE and NE_HEADER_SIZE are incidentally same */
1077         if ((byte_count = vfs_read_data(fsp, buf, NE_HEADER_SIZE)) < NE_HEADER_SIZE) {
1078                 DEBUG(3,("get_file_version: File [%s] Windows header too short, bytes read = %lu\n",
1079                          fname, (unsigned long)byte_count));
1080                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1081                 goto no_version_info;
1082         }
1083
1084         /* The header may be a PE (Portable Executable) or an NE (New Executable) */
1085         if (IVAL(buf,PE_HEADER_SIGNATURE_OFFSET) == PE_HEADER_SIGNATURE) {
1086                 unsigned int num_sections;
1087                 unsigned int section_table_bytes;
1088
1089                 /* Just skip over optional header to get to section table */
1090                 if (SMB_VFS_LSEEK(fsp,
1091                                 SVAL(buf,PE_HEADER_OPTIONAL_HEADER_SIZE)-(NE_HEADER_SIZE-PE_HEADER_SIZE),
1092                                 SEEK_CUR) == (SMB_OFF_T)-1) {
1093                         DEBUG(3,("get_file_version: File [%s] Windows optional header too short, errno = %d\n",
1094                                 fname, errno));
1095                         goto error_exit;
1096                 }
1097
1098                 /* get the section table */
1099                 num_sections        = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS);
1100                 section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE;
1101                 if (section_table_bytes == 0)
1102                         goto error_exit;
1103
1104                 SAFE_FREE(buf);
1105                 if ((buf=(char *)SMB_MALLOC(section_table_bytes)) == NULL) {
1106                         DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
1107                                         fname, section_table_bytes));
1108                         goto error_exit;
1109                 }
1110
1111                 if ((byte_count = vfs_read_data(fsp, buf, section_table_bytes)) < section_table_bytes) {
1112                         DEBUG(3,("get_file_version: PE file [%s] Section header too short, bytes read = %lu\n",
1113                                  fname, (unsigned long)byte_count));
1114                         goto error_exit;
1115                 }
1116
1117                 /* Iterate the section table looking for the resource section ".rsrc" */
1118                 for (i = 0; i < num_sections; i++) {
1119                         int sec_offset = i * PE_HEADER_SECT_HEADER_SIZE;
1120
1121                         if (strcmp(".rsrc", &buf[sec_offset+PE_HEADER_SECT_NAME_OFFSET]) == 0) {
1122                                 unsigned int section_pos   = IVAL(buf,sec_offset+PE_HEADER_SECT_PTR_DATA_OFFSET);
1123                                 unsigned int section_bytes = IVAL(buf,sec_offset+PE_HEADER_SECT_SIZE_DATA_OFFSET);
1124
1125                                 if (section_bytes == 0)
1126                                         goto error_exit;
1127
1128                                 SAFE_FREE(buf);
1129                                 if ((buf=(char *)SMB_MALLOC(section_bytes)) == NULL) {
1130                                         DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
1131                                                         fname, section_bytes));
1132                                         goto error_exit;
1133                                 }
1134
1135                                 /* Seek to the start of the .rsrc section info */
1136                                 if (SMB_VFS_LSEEK(fsp, section_pos, SEEK_SET) == (SMB_OFF_T)-1) {
1137                                         DEBUG(3,("get_file_version: PE file [%s] too short for section info, errno = %d\n",
1138                                                         fname, errno));
1139                                         goto error_exit;
1140                                 }
1141
1142                                 if ((byte_count = vfs_read_data(fsp, buf, section_bytes)) < section_bytes) {
1143                                         DEBUG(3,("get_file_version: PE file [%s] .rsrc section too short, bytes read = %lu\n",
1144                                                  fname, (unsigned long)byte_count));
1145                                         goto error_exit;
1146                                 }
1147
1148                                 if (section_bytes < VS_VERSION_INFO_UNICODE_SIZE)
1149                                         goto error_exit;
1150
1151                                 for (i=0; i<section_bytes-VS_VERSION_INFO_UNICODE_SIZE; i++) {
1152                                         /* Scan for 1st 3 unicoded bytes followed by word aligned magic value */
1153                                         if (buf[i] == 'V' && buf[i+1] == '\0' && buf[i+2] == 'S') {
1154                                                 /* Align to next long address */
1155                                                 int pos = (i + sizeof(VS_SIGNATURE)*2 + 3) & 0xfffffffc;
1156
1157                                                 if (IVAL(buf,pos) == VS_MAGIC_VALUE) {
1158                                                         *major = IVAL(buf,pos+VS_MAJOR_OFFSET);
1159                                                         *minor = IVAL(buf,pos+VS_MINOR_OFFSET);
1160
1161                                                         DEBUG(6,("get_file_version: PE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
1162                                                                           fname, *major, *minor,
1163                                                                           (*major>>16)&0xffff, *major&0xffff,
1164                                                                           (*minor>>16)&0xffff, *minor&0xffff));
1165                                                         SAFE_FREE(buf);
1166                                                         return 1;
1167                                                 }
1168                                         }
1169                                 }
1170                         }
1171                 }
1172
1173                 /* Version info not found, fall back to origin date/time */
1174                 DEBUG(10,("get_file_version: PE file [%s] has no version info\n", fname));
1175                 SAFE_FREE(buf);
1176                 return 0;
1177
1178         } else if (SVAL(buf,NE_HEADER_SIGNATURE_OFFSET) == NE_HEADER_SIGNATURE) {
1179                 if (CVAL(buf,NE_HEADER_TARGET_OS_OFFSET) != NE_HEADER_TARGOS_WIN ) {
1180                         DEBUG(3,("get_file_version: NE file [%s] wrong target OS = 0x%x\n",
1181                                         fname, CVAL(buf,NE_HEADER_TARGET_OS_OFFSET)));
1182                         /* At this point, we assume the file is in error. It still could be somthing
1183                          * else besides a NE file, but it unlikely at this point. */
1184                         goto error_exit;
1185                 }
1186
1187                 /* Allocate a bit more space to speed up things */
1188                 SAFE_FREE(buf);
1189                 if ((buf=(char *)SMB_MALLOC(VS_NE_BUF_SIZE)) == NULL) {
1190                         DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
1191                                         fname, PE_HEADER_SIZE));
1192                         goto error_exit;
1193                 }
1194
1195                 /* This is a HACK! I got tired of trying to sort through the messy
1196                  * 'NE' file format. If anyone wants to clean this up please have at
1197                  * it, but this works. 'NE' files will eventually fade away. JRR */
1198                 while((byte_count = vfs_read_data(fsp, buf, VS_NE_BUF_SIZE)) > 0) {
1199                         /* Cover case that should not occur in a well formed 'NE' .dll file */
1200                         if (byte_count-VS_VERSION_INFO_SIZE <= 0) break;
1201
1202                         for(i=0; i<byte_count; i++) {
1203                                 /* Fast skip past data that can't possibly match */
1204                                 if (buf[i] != 'V') continue;
1205
1206                                 /* Potential match data crosses buf boundry, move it to beginning
1207                                  * of buf, and fill the buf with as much as it will hold. */
1208                                 if (i>byte_count-VS_VERSION_INFO_SIZE) {
1209                                         int bc;
1210
1211                                         memcpy(buf, &buf[i], byte_count-i);
1212                                         if ((bc = vfs_read_data(fsp, &buf[byte_count-i], VS_NE_BUF_SIZE-
1213                                                                    (byte_count-i))) < 0) {
1214
1215                                                 DEBUG(0,("get_file_version: NE file [%s] Read error, errno=%d\n",
1216                                                                  fname, errno));
1217                                                 goto error_exit;
1218                                         }
1219
1220                                         byte_count = bc + (byte_count - i);
1221                                         if (byte_count<VS_VERSION_INFO_SIZE) break;
1222
1223                                         i = 0;
1224                                 }
1225
1226                                 /* Check that the full signature string and the magic number that
1227                                  * follows exist (not a perfect solution, but the chances that this
1228                                  * occurs in code is, well, remote. Yes I know I'm comparing the 'V'
1229                                  * twice, as it is simpler to read the code. */
1230                                 if (strcmp(&buf[i], VS_SIGNATURE) == 0) {
1231                                         /* Compute skip alignment to next long address */
1232                                         int skip = -(SMB_VFS_LSEEK(fsp, 0, SEEK_CUR) - (byte_count - i) +
1233                                                                  sizeof(VS_SIGNATURE)) & 3;
1234                                         if (IVAL(buf,i+sizeof(VS_SIGNATURE)+skip) != 0xfeef04bd) continue;
1235
1236                                         *major = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MAJOR_OFFSET);
1237                                         *minor = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MINOR_OFFSET);
1238                                         DEBUG(6,("get_file_version: NE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
1239                                                           fname, *major, *minor,
1240                                                           (*major>>16)&0xffff, *major&0xffff,
1241                                                           (*minor>>16)&0xffff, *minor&0xffff));
1242                                         SAFE_FREE(buf);
1243                                         return 1;
1244                                 }
1245                         }
1246                 }
1247
1248                 /* Version info not found, fall back to origin date/time */
1249                 DEBUG(0,("get_file_version: NE file [%s] Version info not found\n", fname));
1250                 SAFE_FREE(buf);
1251                 return 0;
1252
1253         } else
1254                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1255                 DEBUG(3,("get_file_version: File [%s] unknown file format, signature = 0x%x\n",
1256                                 fname, IVAL(buf,PE_HEADER_SIGNATURE_OFFSET)));
1257
1258         no_version_info:
1259                 SAFE_FREE(buf);
1260                 return 0;
1261
1262         error_exit:
1263                 SAFE_FREE(buf);
1264                 return -1;
1265 }
1266
1267 /****************************************************************************
1268 Drivers for Microsoft systems contain multiple files. Often, multiple drivers
1269 share one or more files. During the MS installation process files are checked
1270 to insure that only a newer version of a shared file is installed over an
1271 older version. There are several possibilities for this comparison. If there
1272 is no previous version, the new one is newer (obviously). If either file is
1273 missing the version info structure, compare the creation date (on Unix use
1274 the modification date). Otherwise chose the numerically larger version number.
1275 ****************************************************************************/
1276
1277 static int file_version_is_newer(connection_struct *conn, fstring new_file, fstring old_file)
1278 {
1279         bool use_version = true;
1280
1281         uint32 new_major;
1282         uint32 new_minor;
1283         time_t new_create_time;
1284
1285         uint32 old_major;
1286         uint32 old_minor;
1287         time_t old_create_time;
1288
1289         struct smb_filename *smb_fname = NULL;
1290         files_struct    *fsp = NULL;
1291         SMB_STRUCT_STAT st;
1292
1293         NTSTATUS status;
1294         int ret;
1295
1296         SET_STAT_INVALID(st);
1297         new_create_time = (time_t)0;
1298         old_create_time = (time_t)0;
1299
1300         /* Get file version info (if available) for previous file (if it exists) */
1301         status = driver_unix_convert(conn, old_file, &smb_fname);
1302         if (!NT_STATUS_IS_OK(status)) {
1303                 goto error_exit;
1304         }
1305
1306         status = SMB_VFS_CREATE_FILE(
1307                 conn,                                   /* conn */
1308                 NULL,                                   /* req */
1309                 0,                                      /* root_dir_fid */
1310                 smb_fname,                              /* fname */
1311                 FILE_GENERIC_READ,                      /* access_mask */
1312                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1313                 FILE_OPEN,                              /* create_disposition*/
1314                 0,                                      /* create_options */
1315                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1316                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1317                 0,                                      /* allocation_size */
1318                 NULL,                                   /* sd */
1319                 NULL,                                   /* ea_list */
1320                 &fsp,                                   /* result */
1321                 NULL);                                  /* pinfo */
1322
1323         if (!NT_STATUS_IS_OK(status)) {
1324                 /* Old file not found, so by definition new file is in fact newer */
1325                 DEBUG(10,("file_version_is_newer: Can't open old file [%s], "
1326                           "errno = %d\n", smb_fname_str_dbg(smb_fname),
1327                           errno));
1328                 ret = 1;
1329                 goto done;
1330
1331         } else {
1332                 ret = get_file_version(fsp, old_file, &old_major, &old_minor);
1333                 if (ret == -1) {
1334                         goto error_exit;
1335                 }
1336
1337                 if (!ret) {
1338                         DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
1339                                          old_file));
1340                         use_version = false;
1341                         if (SMB_VFS_FSTAT(fsp, &st) == -1) {
1342                                  goto error_exit;
1343                         }
1344                         old_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
1345                         DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
1346                                 (long)old_create_time));
1347                 }
1348         }
1349         close_file(NULL, fsp, NORMAL_CLOSE);
1350         fsp = NULL;
1351
1352         /* Get file version info (if available) for new file */
1353         status = driver_unix_convert(conn, new_file, &smb_fname);
1354         if (!NT_STATUS_IS_OK(status)) {
1355                 goto error_exit;
1356         }
1357
1358         status = SMB_VFS_CREATE_FILE(
1359                 conn,                                   /* conn */
1360                 NULL,                                   /* req */
1361                 0,                                      /* root_dir_fid */
1362                 smb_fname,                              /* fname */
1363                 FILE_GENERIC_READ,                      /* access_mask */
1364                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1365                 FILE_OPEN,                              /* create_disposition*/
1366                 0,                                      /* create_options */
1367                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1368                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1369                 0,                                      /* allocation_size */
1370                 NULL,                                   /* sd */
1371                 NULL,                                   /* ea_list */
1372                 &fsp,                                   /* result */
1373                 NULL);                                  /* pinfo */
1374
1375         if (!NT_STATUS_IS_OK(status)) {
1376                 /* New file not found, this shouldn't occur if the caller did its job */
1377                 DEBUG(3,("file_version_is_newer: Can't open new file [%s], "
1378                          "errno = %d\n", smb_fname_str_dbg(smb_fname), errno));
1379                 goto error_exit;
1380
1381         } else {
1382                 ret = get_file_version(fsp, new_file, &new_major, &new_minor);
1383                 if (ret == -1) {
1384                         goto error_exit;
1385                 }
1386
1387                 if (!ret) {
1388                         DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
1389                                          new_file));
1390                         use_version = false;
1391                         if (SMB_VFS_FSTAT(fsp, &st) == -1) {
1392                                 goto error_exit;
1393                         }
1394                         new_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
1395                         DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
1396                                 (long)new_create_time));
1397                 }
1398         }
1399         close_file(NULL, fsp, NORMAL_CLOSE);
1400         fsp = NULL;
1401
1402         if (use_version && (new_major != old_major || new_minor != old_minor)) {
1403                 /* Compare versions and choose the larger version number */
1404                 if (new_major > old_major ||
1405                         (new_major == old_major && new_minor > old_minor)) {
1406
1407                         DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
1408                         ret = 1;
1409                         goto done;
1410                 }
1411                 else {
1412                         DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
1413                         ret = 0;
1414                         goto done;
1415                 }
1416
1417         } else {
1418                 /* Compare modification time/dates and choose the newest time/date */
1419                 if (new_create_time > old_create_time) {
1420                         DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
1421                         ret = 1;
1422                         goto done;
1423                 }
1424                 else {
1425                         DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
1426                         ret = 0;
1427                         goto done;
1428                 }
1429         }
1430
1431  error_exit:
1432         if(fsp)
1433                 close_file(NULL, fsp, NORMAL_CLOSE);
1434         ret = -1;
1435  done:
1436         TALLOC_FREE(smb_fname);
1437         return ret;
1438 }
1439
1440 /****************************************************************************
1441 Determine the correct cVersion associated with an architecture and driver
1442 ****************************************************************************/
1443 static uint32 get_correct_cversion(struct pipes_struct *p,
1444                                    const char *architecture,
1445                                    const char *driverpath_in,
1446                                    WERROR *perr)
1447 {
1448         int               cversion;
1449         NTSTATUS          nt_status;
1450         struct smb_filename *smb_fname = NULL;
1451         char *driverpath = NULL;
1452         files_struct      *fsp = NULL;
1453         connection_struct *conn = NULL;
1454         NTSTATUS status;
1455         char *oldcwd;
1456         fstring printdollar;
1457         int printdollar_snum;
1458
1459         *perr = WERR_INVALID_PARAM;
1460
1461         /* If architecture is Windows 95/98/ME, the version is always 0. */
1462         if (strcmp(architecture, SPL_ARCH_WIN40) == 0) {
1463                 DEBUG(10,("get_correct_cversion: Driver is Win9x, cversion = 0\n"));
1464                 *perr = WERR_OK;
1465                 return 0;
1466         }
1467
1468         /* If architecture is Windows x64, the version is always 3. */
1469         if (strcmp(architecture, SPL_ARCH_X64) == 0) {
1470                 DEBUG(10,("get_correct_cversion: Driver is x64, cversion = 3\n"));
1471                 *perr = WERR_OK;
1472                 return 3;
1473         }
1474
1475         fstrcpy(printdollar, "print$");
1476
1477         printdollar_snum = find_service(printdollar);
1478         if (printdollar_snum == -1) {
1479                 *perr = WERR_NO_SUCH_SHARE;
1480                 return -1;
1481         }
1482
1483         nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum,
1484                                        lp_pathname(printdollar_snum),
1485                                        p->server_info, &oldcwd);
1486         if (!NT_STATUS_IS_OK(nt_status)) {
1487                 DEBUG(0,("get_correct_cversion: create_conn_struct "
1488                          "returned %s\n", nt_errstr(nt_status)));
1489                 *perr = ntstatus_to_werror(nt_status);
1490                 return -1;
1491         }
1492
1493         /* Open the driver file (Portable Executable format) and determine the
1494          * deriver the cversion. */
1495         driverpath = talloc_asprintf(talloc_tos(),
1496                                         "%s/%s",
1497                                         architecture,
1498                                         driverpath_in);
1499         if (!driverpath) {
1500                 *perr = WERR_NOMEM;
1501                 goto error_exit;
1502         }
1503
1504         nt_status = driver_unix_convert(conn, driverpath, &smb_fname);
1505         if (!NT_STATUS_IS_OK(nt_status)) {
1506                 *perr = ntstatus_to_werror(nt_status);
1507                 goto error_exit;
1508         }
1509
1510         nt_status = vfs_file_exist(conn, smb_fname);
1511         if (!NT_STATUS_IS_OK(nt_status)) {
1512                 *perr = WERR_BADFILE;
1513                 goto error_exit;
1514         }
1515
1516         status = SMB_VFS_CREATE_FILE(
1517                 conn,                                   /* conn */
1518                 NULL,                                   /* req */
1519                 0,                                      /* root_dir_fid */
1520                 smb_fname,                              /* fname */
1521                 FILE_GENERIC_READ,                      /* access_mask */
1522                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1523                 FILE_OPEN,                              /* create_disposition*/
1524                 0,                                      /* create_options */
1525                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1526                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1527                 0,                                      /* allocation_size */
1528                 NULL,                                   /* sd */
1529                 NULL,                                   /* ea_list */
1530                 &fsp,                                   /* result */
1531                 NULL);                                  /* pinfo */
1532
1533         if (!NT_STATUS_IS_OK(status)) {
1534                 DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = "
1535                          "%d\n", smb_fname_str_dbg(smb_fname), errno));
1536                 *perr = WERR_ACCESS_DENIED;
1537                 goto error_exit;
1538         } else {
1539                 uint32 major;
1540                 uint32 minor;
1541                 int    ret;
1542
1543                 ret = get_file_version(fsp, smb_fname->base_name, &major, &minor);
1544                 if (ret == -1) goto error_exit;
1545
1546                 if (!ret) {
1547                         DEBUG(6,("get_correct_cversion: Version info not "
1548                                  "found [%s]\n",
1549                                  smb_fname_str_dbg(smb_fname)));
1550                         goto error_exit;
1551                 }
1552
1553                 /*
1554                  * This is a Microsoft'ism. See references in MSDN to VER_FILEVERSION
1555                  * for more details. Version in this case is not just the version of the
1556                  * file, but the version in the sense of kernal mode (2) vs. user mode
1557                  * (3) drivers. Other bits of the version fields are the version info.
1558                  * JRR 010716
1559                 */
1560                 cversion = major & 0x0000ffff;
1561                 switch (cversion) {
1562                         case 2: /* WinNT drivers */
1563                         case 3: /* Win2K drivers */
1564                                 break;
1565
1566                         default:
1567                                 DEBUG(6,("get_correct_cversion: cversion "
1568                                          "invalid [%s]  cversion = %d\n",
1569                                          smb_fname_str_dbg(smb_fname),
1570                                          cversion));
1571                                 goto error_exit;
1572                 }
1573
1574                 DEBUG(10,("get_correct_cversion: Version info found [%s] major"
1575                           " = 0x%x  minor = 0x%x\n",
1576                           smb_fname_str_dbg(smb_fname), major, minor));
1577         }
1578
1579         DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n",
1580                   smb_fname_str_dbg(smb_fname), cversion));
1581
1582         goto done;
1583
1584  error_exit:
1585         cversion = -1;
1586  done:
1587         TALLOC_FREE(smb_fname);
1588         if (fsp != NULL) {
1589                 close_file(NULL, fsp, NORMAL_CLOSE);
1590         }
1591         if (conn != NULL) {
1592                 vfs_ChDir(conn, oldcwd);
1593                 conn_free(conn);
1594         }
1595         if (cversion != -1) {
1596                 *perr = WERR_OK;
1597         }
1598         return cversion;
1599 }
1600
1601 /****************************************************************************
1602 ****************************************************************************/
1603
1604 #define strip_driver_path(_mem_ctx, _element) do { \
1605         if ((_p = strrchr((_element), '\\')) != NULL) { \
1606                 (_element) = talloc_asprintf((_mem_ctx), "%s", _p+1); \
1607                 W_ERROR_HAVE_NO_MEMORY((_element)); \
1608         } \
1609 } while (0);
1610
1611 static WERROR clean_up_driver_struct_level(TALLOC_CTX *mem_ctx,
1612                                            struct pipes_struct *rpc_pipe,
1613                                            const char *architecture,
1614                                            const char **driver_path,
1615                                            const char **data_file,
1616                                            const char **config_file,
1617                                            const char **help_file,
1618                                            struct spoolss_StringArray *dependent_files,
1619                                            uint32_t *version)
1620 {
1621         const char *short_architecture;
1622         int i;
1623         WERROR err;
1624         char *_p;
1625
1626         /* clean up the driver name.
1627          * we can get .\driver.dll
1628          * or worse c:\windows\system\driver.dll !
1629          */
1630         /* using an intermediate string to not have overlaping memcpy()'s */
1631
1632         strip_driver_path(mem_ctx, *driver_path);
1633         strip_driver_path(mem_ctx, *data_file);
1634         strip_driver_path(mem_ctx, *config_file);
1635         strip_driver_path(mem_ctx, *help_file);
1636
1637         if (dependent_files && dependent_files->string) {
1638                 for (i=0; dependent_files->string[i]; i++) {
1639                         strip_driver_path(mem_ctx, dependent_files->string[i]);
1640                 }
1641         }
1642
1643         short_architecture = get_short_archi(architecture);
1644         if (!short_architecture) {
1645                 return WERR_UNKNOWN_PRINTER_DRIVER;
1646         }
1647
1648         /* jfm:7/16/2000 the client always sends the cversion=0.
1649          * The server should check which version the driver is by reading
1650          * the PE header of driver->driverpath.
1651          *
1652          * For Windows 95/98 the version is 0 (so the value sent is correct)
1653          * For Windows NT (the architecture doesn't matter)
1654          *      NT 3.1: cversion=0
1655          *      NT 3.5/3.51: cversion=1
1656          *      NT 4: cversion=2
1657          *      NT2K: cversion=3
1658          */
1659
1660         *version = get_correct_cversion(rpc_pipe, short_architecture,
1661                                         *driver_path, &err);
1662         if (*version == -1) {
1663                 return err;
1664         }
1665
1666         return WERR_OK;
1667 }
1668
1669 /****************************************************************************
1670 ****************************************************************************/
1671
1672 WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe,
1673                               struct spoolss_AddDriverInfoCtr *r)
1674 {
1675         switch (r->level) {
1676         case 3:
1677                 return clean_up_driver_struct_level(r, rpc_pipe,
1678                                                     r->info.info3->architecture,
1679                                                     &r->info.info3->driver_path,
1680                                                     &r->info.info3->data_file,
1681                                                     &r->info.info3->config_file,
1682                                                     &r->info.info3->help_file,
1683                                                     r->info.info3->dependent_files,
1684                                                     &r->info.info3->version);
1685         case 6:
1686                 return clean_up_driver_struct_level(r, rpc_pipe,
1687                                                     r->info.info6->architecture,
1688                                                     &r->info.info6->driver_path,
1689                                                     &r->info.info6->data_file,
1690                                                     &r->info.info6->config_file,
1691                                                     &r->info.info6->help_file,
1692                                                     r->info.info6->dependent_files,
1693                                                     &r->info.info6->version);
1694         default:
1695                 return WERR_NOT_SUPPORTED;
1696         }
1697 }
1698
1699 /****************************************************************************
1700  This function sucks and should be replaced. JRA.
1701 ****************************************************************************/
1702
1703 static void convert_level_6_to_level3(struct spoolss_AddDriverInfo3 *dst,
1704                                       const struct spoolss_AddDriverInfo6 *src)
1705 {
1706         dst->version            = src->version;
1707
1708         dst->driver_name        = src->driver_name;
1709         dst->architecture       = src->architecture;
1710         dst->driver_path        = src->driver_path;
1711         dst->data_file          = src->data_file;
1712         dst->config_file        = src->config_file;
1713         dst->help_file          = src->help_file;
1714         dst->monitor_name       = src->monitor_name;
1715         dst->default_datatype   = src->default_datatype;
1716         dst->_ndr_size_dependent_files = src->_ndr_size_dependent_files;
1717         dst->dependent_files    = src->dependent_files;
1718 }
1719
1720 /****************************************************************************
1721 ****************************************************************************/
1722
1723 static WERROR move_driver_file_to_download_area(TALLOC_CTX *mem_ctx,
1724                                                 connection_struct *conn,
1725                                                 const char *driver_file,
1726                                                 const char *short_architecture,
1727                                                 uint32_t driver_version,
1728                                                 uint32_t version)
1729 {
1730         struct smb_filename *smb_fname_old = NULL;
1731         struct smb_filename *smb_fname_new = NULL;
1732         char *old_name = NULL;
1733         char *new_name = NULL;
1734         NTSTATUS status;
1735         WERROR ret;
1736
1737         old_name = talloc_asprintf(mem_ctx, "%s/%s",
1738                                    short_architecture, driver_file);
1739         W_ERROR_HAVE_NO_MEMORY(old_name);
1740
1741         new_name = talloc_asprintf(mem_ctx, "%s/%d/%s",
1742                                    short_architecture, driver_version, driver_file);
1743         if (new_name == NULL) {
1744                 TALLOC_FREE(old_name);
1745                 return WERR_NOMEM;
1746         }
1747
1748         if (version != -1 && (version = file_version_is_newer(conn, old_name, new_name)) > 0) {
1749
1750                 status = driver_unix_convert(conn, old_name, &smb_fname_old);
1751                 if (!NT_STATUS_IS_OK(status)) {
1752                         ret = WERR_NOMEM;
1753                         goto out;
1754                 }
1755
1756                 /* Setup a synthetic smb_filename struct */
1757                 smb_fname_new = TALLOC_ZERO_P(mem_ctx, struct smb_filename);
1758                 if (!smb_fname_new) {
1759                         ret = WERR_NOMEM;
1760                         goto out;
1761                 }
1762
1763                 smb_fname_new->base_name = new_name;
1764
1765                 DEBUG(10,("move_driver_file_to_download_area: copying '%s' to "
1766                           "'%s'\n", smb_fname_old->base_name,
1767                           smb_fname_new->base_name));
1768
1769                 status = copy_file(mem_ctx, conn, smb_fname_old, smb_fname_new,
1770                                    OPENX_FILE_EXISTS_TRUNCATE |
1771                                    OPENX_FILE_CREATE_IF_NOT_EXIST,
1772                                    0, false);
1773
1774                 if (!NT_STATUS_IS_OK(status)) {
1775                         DEBUG(0,("move_driver_file_to_download_area: Unable "
1776                                  "to rename [%s] to [%s]: %s\n",
1777                                  smb_fname_old->base_name, new_name,
1778                                  nt_errstr(status)));
1779                         ret = WERR_ACCESS_DENIED;
1780                         goto out;
1781                 }
1782         }
1783
1784         ret = WERR_OK;
1785  out:
1786         TALLOC_FREE(smb_fname_old);
1787         TALLOC_FREE(smb_fname_new);
1788         return ret;
1789 }
1790
1791 WERROR move_driver_to_download_area(struct pipes_struct *p,
1792                                     struct spoolss_AddDriverInfoCtr *r,
1793                                     WERROR *perr)
1794 {
1795         struct spoolss_AddDriverInfo3 *driver;
1796         struct spoolss_AddDriverInfo3 converted_driver;
1797         const char *short_architecture;
1798         struct smb_filename *smb_dname = NULL;
1799         char *new_dir = NULL;
1800         connection_struct *conn = NULL;
1801         NTSTATUS nt_status;
1802         int i;
1803         TALLOC_CTX *ctx = talloc_tos();
1804         int ver = 0;
1805         char *oldcwd;
1806         fstring printdollar;
1807         int printdollar_snum;
1808
1809         *perr = WERR_OK;
1810
1811         switch (r->level) {
1812         case 3:
1813                 driver = r->info.info3;
1814                 break;
1815         case 6:
1816                 convert_level_6_to_level3(&converted_driver, r->info.info6);
1817                 driver = &converted_driver;
1818                 break;
1819         default:
1820                 DEBUG(0,("move_driver_to_download_area: Unknown info level (%u)\n", (unsigned int)r->level));
1821                 return WERR_UNKNOWN_LEVEL;
1822         }
1823
1824         short_architecture = get_short_archi(driver->architecture);
1825         if (!short_architecture) {
1826                 return WERR_UNKNOWN_PRINTER_DRIVER;
1827         }
1828
1829         fstrcpy(printdollar, "print$");
1830
1831         printdollar_snum = find_service(printdollar);
1832         if (printdollar_snum == -1) {
1833                 *perr = WERR_NO_SUCH_SHARE;
1834                 return WERR_NO_SUCH_SHARE;
1835         }
1836
1837         nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum,
1838                                        lp_pathname(printdollar_snum),
1839                                        p->server_info, &oldcwd);
1840         if (!NT_STATUS_IS_OK(nt_status)) {
1841                 DEBUG(0,("move_driver_to_download_area: create_conn_struct "
1842                          "returned %s\n", nt_errstr(nt_status)));
1843                 *perr = ntstatus_to_werror(nt_status);
1844                 return *perr;
1845         }
1846
1847         new_dir = talloc_asprintf(ctx,
1848                                 "%s/%d",
1849                                 short_architecture,
1850                                 driver->version);
1851         if (!new_dir) {
1852                 *perr = WERR_NOMEM;
1853                 goto err_exit;
1854         }
1855         nt_status = driver_unix_convert(conn, new_dir, &smb_dname);
1856         if (!NT_STATUS_IS_OK(nt_status)) {
1857                 *perr = WERR_NOMEM;
1858                 goto err_exit;
1859         }
1860
1861         DEBUG(5,("Creating first directory: %s\n", smb_dname->base_name));
1862
1863         create_directory(conn, NULL, smb_dname);
1864
1865         /* For each driver file, archi\filexxx.yyy, if there is a duplicate file
1866          * listed for this driver which has already been moved, skip it (note:
1867          * drivers may list the same file name several times. Then check if the
1868          * file already exists in archi\version\, if so, check that the version
1869          * info (or time stamps if version info is unavailable) is newer (or the
1870          * date is later). If it is, move it to archi\version\filexxx.yyy.
1871          * Otherwise, delete the file.
1872          *
1873          * If a file is not moved to archi\version\ because of an error, all the
1874          * rest of the 'unmoved' driver files are removed from archi\. If one or
1875          * more of the driver's files was already moved to archi\version\, it
1876          * potentially leaves the driver in a partially updated state. Version
1877          * trauma will most likely occur if an client attempts to use any printer
1878          * bound to the driver. Perhaps a rewrite to make sure the moves can be
1879          * done is appropriate... later JRR
1880          */
1881
1882         DEBUG(5,("Moving files now !\n"));
1883
1884         if (driver->driver_path && strlen(driver->driver_path)) {
1885
1886                 *perr = move_driver_file_to_download_area(ctx,
1887                                                           conn,
1888                                                           driver->driver_path,
1889                                                           short_architecture,
1890                                                           driver->version,
1891                                                           ver);
1892                 if (!W_ERROR_IS_OK(*perr)) {
1893                         if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1894                                 ver = -1;
1895                         }
1896                         goto err_exit;
1897                 }
1898         }
1899
1900         if (driver->data_file && strlen(driver->data_file)) {
1901                 if (!strequal(driver->data_file, driver->driver_path)) {
1902
1903                         *perr = move_driver_file_to_download_area(ctx,
1904                                                                   conn,
1905                                                                   driver->data_file,
1906                                                                   short_architecture,
1907                                                                   driver->version,
1908                                                                   ver);
1909                         if (!W_ERROR_IS_OK(*perr)) {
1910                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1911                                         ver = -1;
1912                                 }
1913                                 goto err_exit;
1914                         }
1915                 }
1916         }
1917
1918         if (driver->config_file && strlen(driver->config_file)) {
1919                 if (!strequal(driver->config_file, driver->driver_path) &&
1920                     !strequal(driver->config_file, driver->data_file)) {
1921
1922                         *perr = move_driver_file_to_download_area(ctx,
1923                                                                   conn,
1924                                                                   driver->config_file,
1925                                                                   short_architecture,
1926                                                                   driver->version,
1927                                                                   ver);
1928                         if (!W_ERROR_IS_OK(*perr)) {
1929                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1930                                         ver = -1;
1931                                 }
1932                                 goto err_exit;
1933                         }
1934                 }
1935         }
1936
1937         if (driver->help_file && strlen(driver->help_file)) {
1938                 if (!strequal(driver->help_file, driver->driver_path) &&
1939                     !strequal(driver->help_file, driver->data_file) &&
1940                     !strequal(driver->help_file, driver->config_file)) {
1941
1942                         *perr = move_driver_file_to_download_area(ctx,
1943                                                                   conn,
1944                                                                   driver->help_file,
1945                                                                   short_architecture,
1946                                                                   driver->version,
1947                                                                   ver);
1948                         if (!W_ERROR_IS_OK(*perr)) {
1949                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1950                                         ver = -1;
1951                                 }
1952                                 goto err_exit;
1953                         }
1954                 }
1955         }
1956
1957         if (driver->dependent_files && driver->dependent_files->string) {
1958                 for (i=0; driver->dependent_files->string[i]; i++) {
1959                         if (!strequal(driver->dependent_files->string[i], driver->driver_path) &&
1960                             !strequal(driver->dependent_files->string[i], driver->data_file) &&
1961                             !strequal(driver->dependent_files->string[i], driver->config_file) &&
1962                             !strequal(driver->dependent_files->string[i], driver->help_file)) {
1963                                 int j;
1964                                 for (j=0; j < i; j++) {
1965                                         if (strequal(driver->dependent_files->string[i], driver->dependent_files->string[j])) {
1966                                                 goto NextDriver;
1967                                         }
1968                                 }
1969
1970                                 *perr = move_driver_file_to_download_area(ctx,
1971                                                                           conn,
1972                                                                           driver->dependent_files->string[i],
1973                                                                           short_architecture,
1974                                                                           driver->version,
1975                                                                           ver);
1976                                 if (!W_ERROR_IS_OK(*perr)) {
1977                                         if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1978                                                 ver = -1;
1979                                         }
1980                                         goto err_exit;
1981                                 }
1982                         }
1983                 NextDriver: ;
1984                 }
1985         }
1986
1987   err_exit:
1988         TALLOC_FREE(smb_dname);
1989
1990         if (conn != NULL) {
1991                 vfs_ChDir(conn, oldcwd);
1992                 conn_free(conn);
1993         }
1994
1995         if (W_ERROR_EQUAL(*perr, WERR_OK)) {
1996                 return WERR_OK;
1997         }
1998         if (ver == -1) {
1999                 return WERR_UNKNOWN_PRINTER_DRIVER;
2000         }
2001         return (*perr);
2002 }
2003
2004 /****************************************************************************
2005 ****************************************************************************/
2006
2007 static uint32 add_a_printer_driver_3(struct spoolss_AddDriverInfo3 *driver)
2008 {
2009         TALLOC_CTX *ctx = talloc_tos();
2010         int len, buflen;
2011         const char *architecture;
2012         char *directory = NULL;
2013         char *key = NULL;
2014         uint8 *buf;
2015         int i, ret;
2016         TDB_DATA dbuf;
2017
2018         architecture = get_short_archi(driver->architecture);
2019         if (!architecture) {
2020                 return (uint32)-1;
2021         }
2022
2023         /* The names are relative. We store them in the form: \print$\arch\version\driver.xxx
2024          * \\server is added in the rpc server layer.
2025          * It does make sense to NOT store the server's name in the printer TDB.
2026          */
2027
2028         directory = talloc_asprintf(ctx, "\\print$\\%s\\%d\\",
2029                         architecture, driver->version);
2030         if (!directory) {
2031                 return (uint32)-1;
2032         }
2033
2034 #define gen_full_driver_unc_path(ctx, directory, file) \
2035         do { \
2036                 if (file && strlen(file)) { \
2037                         file = talloc_asprintf(ctx, "%s%s", directory, file); \
2038                 } else { \
2039                         file = talloc_strdup(ctx, ""); \
2040                 } \
2041                 if (!file) { \
2042                         return (uint32_t)-1; \
2043                 } \
2044         } while (0);
2045
2046         /* .inf files do not always list a file for each of the four standard files.
2047          * Don't prepend a path to a null filename, or client claims:
2048          *   "The server on which the printer resides does not have a suitable
2049          *   <printer driver name> printer driver installed. Click OK if you
2050          *   wish to install the driver on your local machine."
2051          */
2052
2053         gen_full_driver_unc_path(ctx, directory, driver->driver_path);
2054         gen_full_driver_unc_path(ctx, directory, driver->data_file);
2055         gen_full_driver_unc_path(ctx, directory, driver->config_file);
2056         gen_full_driver_unc_path(ctx, directory, driver->help_file);
2057
2058         if (driver->dependent_files && driver->dependent_files->string) {
2059                 for (i=0; driver->dependent_files->string[i]; i++) {
2060                         gen_full_driver_unc_path(ctx, directory,
2061                                 driver->dependent_files->string[i]);
2062                 }
2063         }
2064
2065         key = talloc_asprintf(ctx, "%s%s/%d/%s", DRIVERS_PREFIX,
2066                         architecture, driver->version, driver->driver_name);
2067         if (!key) {
2068                 return (uint32)-1;
2069         }
2070
2071         DEBUG(5,("add_a_printer_driver_3: Adding driver with key %s\n", key ));
2072
2073         buf = NULL;
2074         len = buflen = 0;
2075
2076  again:
2077         len = 0;
2078         len += tdb_pack(buf+len, buflen-len, "dffffffff",
2079                         driver->version,
2080                         driver->driver_name,
2081                         driver->architecture,
2082                         driver->driver_path,
2083                         driver->data_file,
2084                         driver->config_file,
2085                         driver->help_file,
2086                         driver->monitor_name ? driver->monitor_name : "",
2087                         driver->default_datatype ? driver->default_datatype : "");
2088
2089         if (driver->dependent_files && driver->dependent_files->string) {
2090                 for (i=0; driver->dependent_files->string[i]; i++) {
2091                         len += tdb_pack(buf+len, buflen-len, "f",
2092                                         driver->dependent_files->string[i]);
2093                 }
2094         }
2095
2096         if (len != buflen) {
2097                 buf = (uint8 *)SMB_REALLOC(buf, len);
2098                 if (!buf) {
2099                         DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
2100                         ret = -1;
2101                         goto done;
2102                 }
2103                 buflen = len;
2104                 goto again;
2105         }
2106
2107         dbuf.dptr = buf;
2108         dbuf.dsize = len;
2109
2110         ret = tdb_store_bystring(tdb_drivers, key, dbuf, TDB_REPLACE);
2111
2112 done:
2113         if (ret)
2114                 DEBUG(0,("add_a_printer_driver_3: Adding driver with key %s failed.\n", key ));
2115
2116         SAFE_FREE(buf);
2117         return ret;
2118 }
2119
2120 /****************************************************************************
2121 ****************************************************************************/
2122
2123 static uint32 add_a_printer_driver_6(struct spoolss_AddDriverInfo6 *driver)
2124 {
2125         struct spoolss_AddDriverInfo3 info3;
2126
2127         convert_level_6_to_level3(&info3, driver);
2128
2129         return add_a_printer_driver_3(&info3);
2130 }
2131
2132
2133 /****************************************************************************
2134 ****************************************************************************/
2135
2136 static WERROR get_a_printer_driver_3_default(TALLOC_CTX *mem_ctx,
2137                                              struct spoolss_DriverInfo3 *info,
2138                                              const char *driver, const char *arch)
2139 {
2140         info->driver_name = talloc_strdup(mem_ctx, driver);
2141         if (!info->driver_name) {
2142                 return WERR_NOMEM;
2143         }
2144
2145         info->default_datatype = talloc_strdup(mem_ctx, "RAW");
2146         if (!info->default_datatype) {
2147                 return WERR_NOMEM;
2148         }
2149
2150         info->driver_path = talloc_strdup(mem_ctx, "");
2151         info->data_file = talloc_strdup(mem_ctx, "");
2152         info->config_file = talloc_strdup(mem_ctx, "");
2153         info->help_file = talloc_strdup(mem_ctx, "");
2154         if (!info->driver_path || !info->data_file || !info->config_file || !info->help_file) {
2155                 return WERR_NOMEM;
2156         }
2157
2158         return WERR_OK;
2159 }
2160
2161 /****************************************************************************
2162 ****************************************************************************/
2163
2164 static WERROR get_a_printer_driver_3(TALLOC_CTX *mem_ctx,
2165                                      struct spoolss_DriverInfo3 *driver,
2166                                      const char *drivername, const char *arch,
2167                                      uint32_t version)
2168 {
2169         TDB_DATA dbuf;
2170         const char *architecture;
2171         int len = 0;
2172         int i;
2173         char *key = NULL;
2174         fstring name, driverpath, environment, datafile, configfile, helpfile, monitorname, defaultdatatype;
2175
2176         architecture = get_short_archi(arch);
2177         if ( !architecture ) {
2178                 return WERR_UNKNOWN_PRINTER_DRIVER;
2179         }
2180
2181         /* Windows 4.0 (i.e. win9x) should always use a version of 0 */
2182
2183         if ( strcmp( architecture, SPL_ARCH_WIN40 ) == 0 )
2184                 version = 0;
2185
2186         DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, drivername));
2187
2188         if (asprintf(&key, "%s%s/%d/%s", DRIVERS_PREFIX,
2189                                 architecture, version, drivername) < 0) {
2190                 return WERR_NOMEM;
2191         }
2192
2193         dbuf = tdb_fetch_bystring(tdb_drivers, key);
2194         if (!dbuf.dptr) {
2195                 SAFE_FREE(key);
2196                 return WERR_UNKNOWN_PRINTER_DRIVER;
2197         }
2198
2199         len += tdb_unpack(dbuf.dptr, dbuf.dsize, "dffffffff",
2200                           &driver->version,
2201                           name,
2202                           environment,
2203                           driverpath,
2204                           datafile,
2205                           configfile,
2206                           helpfile,
2207                           monitorname,
2208                           defaultdatatype);
2209
2210         driver->driver_name     = talloc_strdup(mem_ctx, name);
2211         driver->architecture    = talloc_strdup(mem_ctx, environment);
2212         driver->driver_path     = talloc_strdup(mem_ctx, driverpath);
2213         driver->data_file       = talloc_strdup(mem_ctx, datafile);
2214         driver->config_file     = talloc_strdup(mem_ctx, configfile);
2215         driver->help_file       = talloc_strdup(mem_ctx, helpfile);
2216         driver->monitor_name    = talloc_strdup(mem_ctx, monitorname);
2217         driver->default_datatype        = talloc_strdup(mem_ctx, defaultdatatype);
2218
2219         i=0;
2220
2221         while (len < dbuf.dsize) {
2222
2223                 fstring file;
2224
2225                 driver->dependent_files = talloc_realloc(mem_ctx, driver->dependent_files, const char *, i+2);
2226                 if (!driver->dependent_files ) {
2227                         DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
2228                         break;
2229                 }
2230
2231                 len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f",
2232                                   &file);
2233
2234                 driver->dependent_files[i] = talloc_strdup(mem_ctx, file);
2235
2236                 i++;
2237         }
2238
2239         if (driver->dependent_files)
2240                 driver->dependent_files[i] = NULL;
2241
2242         SAFE_FREE(dbuf.dptr);
2243         SAFE_FREE(key);
2244
2245         if (len != dbuf.dsize) {
2246                 return get_a_printer_driver_3_default(mem_ctx, driver, drivername, arch);
2247         }
2248
2249         return WERR_OK;
2250 }
2251
2252 /****************************************************************************
2253 ****************************************************************************/
2254 int pack_devicemode(NT_DEVICEMODE *nt_devmode, uint8 *buf, int buflen)
2255 {
2256         int len = 0;
2257
2258         len += tdb_pack(buf+len, buflen-len, "p", nt_devmode);
2259
2260         if (!nt_devmode)
2261                 return len;
2262
2263         len += tdb_pack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
2264                         nt_devmode->devicename,
2265                         nt_devmode->formname,
2266
2267                         nt_devmode->specversion,
2268                         nt_devmode->driverversion,
2269                         nt_devmode->size,
2270                         nt_devmode->driverextra,
2271                         nt_devmode->orientation,
2272                         nt_devmode->papersize,
2273                         nt_devmode->paperlength,
2274                         nt_devmode->paperwidth,
2275                         nt_devmode->scale,
2276                         nt_devmode->copies,
2277                         nt_devmode->defaultsource,
2278                         nt_devmode->printquality,
2279                         nt_devmode->color,
2280                         nt_devmode->duplex,
2281                         nt_devmode->yresolution,
2282                         nt_devmode->ttoption,
2283                         nt_devmode->collate,
2284                         nt_devmode->logpixels,
2285
2286                         nt_devmode->fields,
2287                         nt_devmode->bitsperpel,
2288                         nt_devmode->pelswidth,
2289                         nt_devmode->pelsheight,
2290                         nt_devmode->displayflags,
2291                         nt_devmode->displayfrequency,
2292                         nt_devmode->icmmethod,
2293                         nt_devmode->icmintent,
2294                         nt_devmode->mediatype,
2295                         nt_devmode->dithertype,
2296                         nt_devmode->reserved1,
2297                         nt_devmode->reserved2,
2298                         nt_devmode->panningwidth,
2299                         nt_devmode->panningheight,
2300                         nt_devmode->nt_dev_private);
2301
2302         if (nt_devmode->nt_dev_private) {
2303                 len += tdb_pack(buf+len, buflen-len, "B",
2304                                 nt_devmode->driverextra,
2305                                 nt_devmode->nt_dev_private);
2306         }
2307
2308         DEBUG(8,("Packed devicemode [%s]\n", nt_devmode->formname));
2309
2310         return len;
2311 }
2312
2313 /****************************************************************************
2314  Pack all values in all printer keys
2315  ***************************************************************************/
2316
2317 static int pack_values(NT_PRINTER_DATA *data, uint8 *buf, int buflen)
2318 {
2319         int             len = 0;
2320         int             i, j;
2321         struct regval_blob      *val;
2322         struct regval_ctr       *val_ctr;
2323         char *path = NULL;
2324         int             num_values;
2325
2326         if ( !data )
2327                 return 0;
2328
2329         /* loop over all keys */
2330
2331         for ( i=0; i<data->num_keys; i++ ) {
2332                 val_ctr = data->keys[i].values;
2333                 num_values = regval_ctr_numvals( val_ctr );
2334
2335                 /* pack the keyname followed by a empty value */
2336
2337                 len += tdb_pack(buf+len, buflen-len, "pPdB",
2338                                 &data->keys[i].name,
2339                                 data->keys[i].name,
2340                                 REG_NONE,
2341                                 0,
2342                                 NULL);
2343
2344                 /* now loop over all values */
2345
2346                 for ( j=0; j<num_values; j++ ) {
2347                         /* pathname should be stored as <key>\<value> */
2348
2349                         val = regval_ctr_specific_value( val_ctr, j );
2350                         if (asprintf(&path, "%s\\%s",
2351                                         data->keys[i].name,
2352                                         regval_name(val)) < 0) {
2353                                 return -1;
2354                         }
2355
2356                         len += tdb_pack(buf+len, buflen-len, "pPdB",
2357                                         val,
2358                                         path,
2359                                         regval_type(val),
2360                                         regval_size(val),
2361                                         regval_data_p(val) );
2362
2363                         DEBUG(8,("specific: [%s], len: %d\n", regval_name(val), regval_size(val)));
2364                         SAFE_FREE(path);
2365                 }
2366
2367         }
2368
2369         /* terminator */
2370
2371         len += tdb_pack(buf+len, buflen-len, "p", NULL);
2372
2373         return len;
2374 }
2375
2376
2377 /****************************************************************************
2378  Delete a printer - this just deletes the printer info file, any open
2379  handles are not affected.
2380 ****************************************************************************/
2381
2382 uint32 del_a_printer(const char *sharename)
2383 {
2384         TDB_DATA kbuf;
2385         char *printdb_path = NULL;
2386         TALLOC_CTX *ctx = talloc_tos();
2387
2388         kbuf = make_printer_tdbkey(ctx, sharename);
2389         tdb_delete(tdb_printers, kbuf);
2390
2391         kbuf= make_printers_secdesc_tdbkey(ctx, sharename);
2392         tdb_delete(tdb_printers, kbuf);
2393
2394         close_all_print_db();
2395
2396         if (geteuid() == sec_initial_uid()) {
2397                 if (asprintf(&printdb_path, "%s%s.tdb",
2398                                 cache_path("printing/"),
2399                                 sharename) < 0) {
2400                         return (uint32)-1;
2401                 }
2402                 unlink(printdb_path);
2403                 SAFE_FREE(printdb_path);
2404         }
2405
2406         return 0;
2407 }
2408
2409 /****************************************************************************
2410 ****************************************************************************/
2411 static WERROR update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
2412 {
2413         uint8 *buf;
2414         int buflen, len;
2415         int retlen;
2416         WERROR ret;
2417         TDB_DATA kbuf, dbuf;
2418
2419         /*
2420          * in addprinter: no servername and the printer is the name
2421          * in setprinter: servername is \\server
2422          *                and printer is \\server\\printer
2423          *
2424          * Samba manages only local printers.
2425          * we currently don't support things like i
2426          * path=\\other_server\printer
2427          *
2428          * We only store the printername, not \\server\printername
2429          */
2430
2431         if ( info->servername[0] != '\0' ) {
2432                 trim_string(info->printername, info->servername, NULL);
2433                 trim_char(info->printername, '\\', '\0');
2434                 info->servername[0]='\0';
2435         }
2436
2437         /*
2438          * JFM: one day I'll forget.
2439          * below that's info->portname because that's the SAMBA sharename
2440          * and I made NT 'thinks' it's the portname
2441          * the info->sharename is the thing you can name when you add a printer
2442          * that's the short-name when you create shared printer for 95/98
2443          * So I've made a limitation in SAMBA: you can only have 1 printer model
2444          * behind a SAMBA share.
2445          */
2446
2447         buf = NULL;
2448         buflen = 0;
2449
2450  again:
2451         len = 0;
2452         len += tdb_pack(buf+len, buflen-len, "dddddddddddfffffPfffff",
2453                         info->attributes,
2454                         info->priority,
2455                         info->default_priority,
2456                         info->starttime,
2457                         info->untiltime,
2458                         info->status,
2459                         info->cjobs,
2460                         info->averageppm,
2461                         info->changeid,
2462                         info->c_setprinter,
2463                         info->setuptime,
2464                         info->servername,
2465                         info->printername,
2466                         info->sharename,
2467                         info->portname,
2468                         info->drivername,
2469                         info->comment,
2470                         info->location,
2471                         info->sepfile,
2472                         info->printprocessor,
2473                         info->datatype,
2474                         info->parameters);
2475
2476         len += pack_devicemode(info->devmode, buf+len, buflen-len);
2477         retlen = pack_values( info->data, buf+len, buflen-len );
2478         if (retlen == -1) {
2479                 ret = WERR_NOMEM;
2480                 goto done;
2481         }
2482         len += retlen;
2483
2484         if (buflen != len) {
2485                 buf = (uint8 *)SMB_REALLOC(buf, len);
2486                 if (!buf) {
2487                         DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
2488                         ret = WERR_NOMEM;
2489                         goto done;
2490                 }
2491                 buflen = len;
2492                 goto again;
2493         }
2494
2495         kbuf = make_printer_tdbkey(talloc_tos(), info->sharename );
2496
2497         dbuf.dptr = buf;
2498         dbuf.dsize = len;
2499
2500         ret = (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) == 0? WERR_OK : WERR_NOMEM);
2501
2502 done:
2503         if (!W_ERROR_IS_OK(ret))
2504                 DEBUG(8, ("error updating printer to tdb on disk\n"));
2505
2506         SAFE_FREE(buf);
2507
2508         DEBUG(8,("packed printer [%s] with driver [%s] portname=[%s] len=%d\n",
2509                  info->sharename, info->drivername, info->portname, len));
2510
2511         return ret;
2512 }
2513
2514
2515 /****************************************************************************
2516  Malloc and return an NT devicemode.
2517 ****************************************************************************/
2518
2519 NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
2520 {
2521
2522         char adevice[MAXDEVICENAME];
2523         NT_DEVICEMODE *nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE);
2524
2525         if (nt_devmode == NULL) {
2526                 DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));
2527                 return NULL;
2528         }
2529
2530         ZERO_STRUCTP(nt_devmode);
2531
2532         slprintf(adevice, sizeof(adevice), "%s", default_devicename);
2533         fstrcpy(nt_devmode->devicename, adevice);
2534
2535         fstrcpy(nt_devmode->formname, "Letter");
2536
2537         nt_devmode->specversion      = DMSPEC_NT4_AND_ABOVE;
2538         nt_devmode->driverversion    = 0x0400;
2539         nt_devmode->size             = 0x00DC;
2540         nt_devmode->driverextra      = 0x0000;
2541         nt_devmode->fields           = DEVMODE_FORMNAME |
2542                                        DEVMODE_TTOPTION |
2543                                        DEVMODE_PRINTQUALITY |
2544                                        DEVMODE_DEFAULTSOURCE |
2545                                        DEVMODE_COPIES |
2546                                        DEVMODE_SCALE |
2547                                        DEVMODE_PAPERSIZE |
2548                                        DEVMODE_ORIENTATION;
2549         nt_devmode->orientation      = DMORIENT_PORTRAIT;
2550         nt_devmode->papersize        = DMPAPER_LETTER;
2551         nt_devmode->paperlength      = 0;
2552         nt_devmode->paperwidth       = 0;
2553         nt_devmode->scale            = 0x64;
2554         nt_devmode->copies           = 1;
2555         nt_devmode->defaultsource    = DMBIN_FORMSOURCE;
2556         nt_devmode->printquality     = DMRES_HIGH;           /* 0x0258 */
2557         nt_devmode->color            = DMRES_MONOCHROME;
2558         nt_devmode->duplex           = DMDUP_SIMPLEX;
2559         nt_devmode->yresolution      = 0;
2560         nt_devmode->ttoption         = DMTT_SUBDEV;
2561         nt_devmode->collate          = DMCOLLATE_FALSE;
2562         nt_devmode->icmmethod        = 0;
2563         nt_devmode->icmintent        = 0;
2564         nt_devmode->mediatype        = 0;
2565         nt_devmode->dithertype       = 0;
2566
2567         /* non utilisés par un driver d'imprimante */
2568         nt_devmode->logpixels        = 0;
2569         nt_devmode->bitsperpel       = 0;
2570         nt_devmode->pelswidth        = 0;
2571         nt_devmode->pelsheight       = 0;
2572         nt_devmode->displayflags     = 0;
2573         nt_devmode->displayfrequency = 0;
2574         nt_devmode->reserved1        = 0;
2575         nt_devmode->reserved2        = 0;
2576         nt_devmode->panningwidth     = 0;
2577         nt_devmode->panningheight    = 0;
2578
2579         nt_devmode->nt_dev_private = NULL;
2580         return nt_devmode;
2581 }
2582
2583 /****************************************************************************
2584  Clean up and deallocate a (maybe partially) allocated NT_DEVICEMODE.
2585 ****************************************************************************/
2586
2587 void free_nt_devicemode(NT_DEVICEMODE **devmode_ptr)
2588 {
2589         NT_DEVICEMODE *nt_devmode = *devmode_ptr;
2590
2591         if(nt_devmode == NULL)
2592                 return;
2593
2594         DEBUG(106,("free_nt_devicemode: deleting DEVMODE\n"));
2595
2596         SAFE_FREE(nt_devmode->nt_dev_private);
2597         SAFE_FREE(*devmode_ptr);
2598 }
2599
2600 /****************************************************************************
2601  Clean up and deallocate a (maybe partially) allocated NT_PRINTER_INFO_LEVEL_2.
2602 ****************************************************************************/
2603
2604 static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr)
2605 {
2606         NT_PRINTER_INFO_LEVEL_2 *info = *info_ptr;
2607
2608         if ( !info )
2609                 return;
2610
2611         free_nt_devicemode(&info->devmode);
2612
2613         TALLOC_FREE( *info_ptr );
2614 }
2615
2616
2617 /****************************************************************************
2618 ****************************************************************************/
2619 int unpack_devicemode(NT_DEVICEMODE **nt_devmode, const uint8 *buf, int buflen)
2620 {
2621         int len = 0;
2622         int extra_len = 0;
2623         NT_DEVICEMODE devmode;
2624
2625         ZERO_STRUCT(devmode);
2626
2627         len += tdb_unpack(buf+len, buflen-len, "p", nt_devmode);
2628
2629         if (!*nt_devmode) return len;
2630
2631         len += tdb_unpack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
2632                           devmode.devicename,
2633                           devmode.formname,
2634
2635                           &devmode.specversion,
2636                           &devmode.driverversion,
2637                           &devmode.size,
2638                           &devmode.driverextra,
2639                           &devmode.orientation,
2640                           &devmode.papersize,
2641                           &devmode.paperlength,
2642                           &devmode.paperwidth,
2643                           &devmode.scale,
2644                           &devmode.copies,
2645                           &devmode.defaultsource,
2646                           &devmode.printquality,
2647                           &devmode.color,
2648                           &devmode.duplex,
2649                           &devmode.yresolution,
2650                           &devmode.ttoption,
2651                           &devmode.collate,
2652                           &devmode.logpixels,
2653
2654                           &devmode.fields,
2655                           &devmode.bitsperpel,
2656                           &devmode.pelswidth,
2657                           &devmode.pelsheight,
2658                           &devmode.displayflags,
2659                           &devmode.displayfrequency,
2660                           &devmode.icmmethod,
2661                           &devmode.icmintent,
2662                           &devmode.mediatype,
2663                           &devmode.dithertype,
2664                           &devmode.reserved1,
2665                           &devmode.reserved2,
2666                           &devmode.panningwidth,
2667                           &devmode.panningheight,
2668                           &devmode.nt_dev_private);
2669
2670         if (devmode.nt_dev_private) {
2671                 /* the len in tdb_unpack is an int value and
2672                  * devmode.driverextra is only a short
2673                  */
2674                 len += tdb_unpack(buf+len, buflen-len, "B", &extra_len, &devmode.nt_dev_private);
2675                 devmode.driverextra=(uint16)extra_len;
2676
2677                 /* check to catch an invalid TDB entry so we don't segfault */
2678                 if (devmode.driverextra == 0) {
2679                         devmode.nt_dev_private = NULL;
2680                 }
2681         }
2682
2683         *nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
2684         if (!*nt_devmode) {
2685                 SAFE_FREE(devmode.nt_dev_private);
2686                 return -1;
2687         }
2688
2689         DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
2690         if (devmode.nt_dev_private)
2691                 DEBUG(8,("with a private section of %d bytes\n", devmode.driverextra));
2692
2693         return len;
2694 }
2695
2696 /****************************************************************************
2697  Allocate and initialize a new slot.
2698 ***************************************************************************/
2699
2700 int add_new_printer_key( NT_PRINTER_DATA *data, const char *name )
2701 {
2702         NT_PRINTER_KEY  *d;
2703         int             key_index;
2704
2705         if ( !name || !data )
2706                 return -1;
2707
2708         /* allocate another slot in the NT_PRINTER_KEY array */
2709
2710         if ( !(d = TALLOC_REALLOC_ARRAY( data, data->keys, NT_PRINTER_KEY, data->num_keys+1)) ) {
2711                 DEBUG(0,("add_new_printer_key: Realloc() failed!\n"));
2712                 return -1;
2713         }
2714
2715         data->keys = d;
2716
2717         key_index = data->num_keys;
2718
2719         /* initialze new key */
2720
2721         data->keys[key_index].name = talloc_strdup( data, name );
2722
2723         if ( !(data->keys[key_index].values = TALLOC_ZERO_P( data, struct regval_ctr )) )
2724                 return -1;
2725
2726         data->num_keys++;
2727
2728         DEBUG(10,("add_new_printer_key: Inserted new data key [%s]\n", name ));
2729
2730         return key_index;
2731 }
2732
2733 /****************************************************************************
2734  search for a registry key name in the existing printer data
2735  ***************************************************************************/
2736
2737 int delete_printer_key( NT_PRINTER_DATA *data, const char *name )
2738 {
2739         int i;
2740
2741         for ( i=0; i<data->num_keys; i++ ) {
2742                 if ( strequal( data->keys[i].name, name ) ) {
2743
2744                         /* cleanup memory */
2745
2746                         TALLOC_FREE( data->keys[i].name );
2747                         TALLOC_FREE( data->keys[i].values );
2748
2749                         /* if not the end of the array, move remaining elements down one slot */
2750
2751                         data->num_keys--;
2752                         if ( data->num_keys && (i < data->num_keys) )
2753                                 memmove( &data->keys[i], &data->keys[i+1], sizeof(NT_PRINTER_KEY)*(data->num_keys-i) );
2754
2755                         break;
2756                 }
2757         }
2758
2759
2760         return data->num_keys;
2761 }
2762
2763 /****************************************************************************
2764  search for a registry key name in the existing printer data
2765  ***************************************************************************/
2766
2767 int lookup_printerkey( NT_PRINTER_DATA *data, const char *name )
2768 {
2769         int             key_index = -1;
2770         int             i;
2771
2772         if ( !data || !name )
2773                 return -1;
2774
2775         DEBUG(12,("lookup_printerkey: Looking for [%s]\n", name));
2776
2777         /* loop over all existing keys */
2778
2779         for ( i=0; i<data->num_keys; i++ ) {
2780                 if ( strequal(data->keys[i].name, name) ) {
2781                         DEBUG(12,("lookup_printerkey: Found [%s]!\n", name));
2782                         key_index = i;
2783                         break;
2784
2785                 }
2786         }
2787
2788         return key_index;
2789 }
2790
2791 /****************************************************************************
2792  ***************************************************************************/
2793
2794 int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subkeys )
2795 {
2796         int     i, j;
2797         int     key_len;
2798         int     num_subkeys = 0;
2799         char    *p;
2800         fstring *subkeys_ptr = NULL;
2801         fstring subkeyname;
2802
2803         *subkeys = NULL;
2804
2805         if ( !data )
2806                 return 0;
2807
2808         if ( !key )
2809                 return -1;
2810
2811         /* special case of asking for the top level printer data registry key names */
2812
2813         if ( strlen(key) == 0 ) {
2814                 for ( i=0; i<data->num_keys; i++ ) {
2815
2816                         /* found a match, so allocate space and copy the name */
2817
2818                         if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
2819                                 DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
2820                                         num_subkeys+1));
2821                                 return -1;
2822                         }
2823
2824                         fstrcpy( subkeys_ptr[num_subkeys], data->keys[i].name );
2825                         num_subkeys++;
2826                 }
2827
2828                 goto done;
2829         }
2830
2831         /* asking for the subkeys of some key */
2832         /* subkey paths are stored in the key name using '\' as the delimiter */
2833
2834         for ( i=0; i<data->num_keys; i++ ) {
2835                 if ( StrnCaseCmp(data->keys[i].name, key, strlen(key)) == 0 ) {
2836
2837                         /* if we found the exact key, then break */
2838                         key_len = strlen( key );
2839                         if ( strlen(data->keys[i].name) == key_len )
2840                                 break;
2841
2842                         /* get subkey path */
2843
2844                         p = data->keys[i].name + key_len;
2845                         if ( *p == '\\' )
2846                                 p++;
2847                         fstrcpy( subkeyname, p );
2848                         if ( (p = strchr( subkeyname, '\\' )) )
2849                                 *p = '\0';
2850
2851                         /* don't add a key more than once */
2852
2853                         for ( j=0; j<num_subkeys; j++ ) {
2854                                 if ( strequal( subkeys_ptr[j], subkeyname ) )
2855                                         break;
2856                         }
2857
2858                         if ( j != num_subkeys )
2859                                 continue;
2860
2861                         /* found a match, so allocate space and copy the name */
2862
2863                         if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
2864                                 DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
2865                                         num_subkeys+1));
2866                                 return 0;
2867                         }
2868
2869                         fstrcpy( subkeys_ptr[num_subkeys], subkeyname );
2870                         num_subkeys++;
2871                 }
2872
2873         }
2874
2875         /* return error if the key was not found */
2876
2877         if ( i == data->num_keys ) {
2878                 SAFE_FREE(subkeys_ptr);
2879                 return -1;
2880         }
2881
2882 done:
2883         /* tag off the end */
2884
2885         if (num_subkeys)
2886                 fstrcpy(subkeys_ptr[num_subkeys], "" );
2887
2888         *subkeys = subkeys_ptr;
2889
2890         return num_subkeys;
2891 }
2892
2893 #ifdef HAVE_ADS
2894 static void map_sz_into_ctr(struct regval_ctr *ctr, const char *val_name,
2895                             const char *sz)
2896 {
2897         regval_ctr_delvalue(ctr, val_name);
2898         regval_ctr_addvalue_sz(ctr, val_name, sz);
2899 }
2900
2901 static void map_dword_into_ctr(struct regval_ctr *ctr, const char *val_name,
2902                                uint32 dword)
2903 {
2904         regval_ctr_delvalue(ctr, val_name);
2905         regval_ctr_addvalue(ctr, val_name, REG_DWORD,
2906                             (char *) &dword, sizeof(dword));
2907 }
2908
2909 static void map_bool_into_ctr(struct regval_ctr *ctr, const char *val_name,
2910                               bool b)
2911 {
2912         uint8 bin_bool = (b ? 1 : 0);
2913         regval_ctr_delvalue(ctr, val_name);
2914         regval_ctr_addvalue(ctr, val_name, REG_BINARY,
2915                             (char *) &bin_bool, sizeof(bin_bool));
2916 }
2917
2918 static void map_single_multi_sz_into_ctr(struct regval_ctr *ctr, const char *val_name,
2919                                          const char *multi_sz)
2920 {
2921         const char *a[2];
2922
2923         a[0] = multi_sz;
2924         a[1] = NULL;
2925
2926         regval_ctr_delvalue(ctr, val_name);
2927         regval_ctr_addvalue_multi_sz(ctr, val_name, a);
2928 }
2929
2930 /****************************************************************************
2931  * Map the NT_PRINTER_INFO_LEVEL_2 data into DsSpooler keys for publishing.
2932  *
2933  * @param info2 NT_PRINTER_INFO_LEVEL_2 describing printer - gets modified
2934  * @return bool indicating success or failure
2935  ***************************************************************************/
2936
2937 static bool map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2)
2938 {
2939         struct regval_ctr *ctr = NULL;
2940         fstring longname;
2941         const char *dnssuffix;
2942         char *allocated_string = NULL;
2943         const char *ascii_str;
2944         int i;
2945
2946         if ((i = lookup_printerkey(info2->data, SPOOL_DSSPOOLER_KEY)) < 0)
2947                 i = add_new_printer_key(info2->data, SPOOL_DSSPOOLER_KEY);
2948         ctr = info2->data->keys[i].values;
2949
2950         map_sz_into_ctr(ctr, SPOOL_REG_PRINTERNAME, info2->sharename);
2951         map_sz_into_ctr(ctr, SPOOL_REG_SHORTSERVERNAME, global_myname());
2952
2953         /* we make the assumption that the netbios name is the same
2954            as the DNS name sinc ethe former will be what we used to
2955            join the domain */
2956
2957         dnssuffix = get_mydnsdomname(talloc_tos());
2958         if (dnssuffix && *dnssuffix) {
2959                 fstr_sprintf( longname, "%s.%s", global_myname(), dnssuffix );
2960         } else {
2961                 fstrcpy( longname, global_myname() );
2962         }
2963
2964         map_sz_into_ctr(ctr, SPOOL_REG_SERVERNAME, longname);
2965
2966         if (asprintf(&allocated_string, "\\\\%s\\%s", longname, info2->sharename) == -1) {
2967                 return false;
2968         }
2969         map_sz_into_ctr(ctr, SPOOL_REG_UNCNAME, allocated_string);
2970         SAFE_FREE(allocated_string);
2971
2972         map_dword_into_ctr(ctr, SPOOL_REG_VERSIONNUMBER, 4);
2973         map_sz_into_ctr(ctr, SPOOL_REG_DRIVERNAME, info2->drivername);
2974         map_sz_into_ctr(ctr, SPOOL_REG_LOCATION, info2->location);
2975         map_sz_into_ctr(ctr, SPOOL_REG_DESCRIPTION, info2->comment);
2976         map_single_multi_sz_into_ctr(ctr, SPOOL_REG_PORTNAME, info2->portname);
2977         map_sz_into_ctr(ctr, SPOOL_REG_PRINTSEPARATORFILE, info2->sepfile);
2978         map_dword_into_ctr(ctr, SPOOL_REG_PRINTSTARTTIME, info2->starttime);
2979         map_dword_into_ctr(ctr, SPOOL_REG_PRINTENDTIME, info2->untiltime);
2980         map_dword_into_ctr(ctr, SPOOL_REG_PRIORITY, info2->priority);
2981
2982         map_bool_into_ctr(ctr, SPOOL_REG_PRINTKEEPPRINTEDJOBS,
2983                           (info2->attributes &
2984                            PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS));
2985
2986         switch (info2->attributes & 0x3) {
2987         case 0:
2988                 ascii_str = SPOOL_REGVAL_PRINTWHILESPOOLING;
2989                 break;
2990         case 1:
2991                 ascii_str = SPOOL_REGVAL_PRINTAFTERSPOOLED;
2992                 break;
2993         case 2:
2994                 ascii_str = SPOOL_REGVAL_PRINTDIRECT;
2995                 break;
2996         default:
2997                 ascii_str = "unknown";
2998         }
2999         map_sz_into_ctr(ctr, SPOOL_REG_PRINTSPOOLING, ascii_str);
3000
3001         return True;
3002 }
3003
3004 /*****************************************************************
3005  ****************************************************************/
3006
3007 static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2,
3008                                struct GUID guid)
3009 {
3010         int i;
3011         struct regval_ctr *ctr=NULL;
3012
3013         /* find the DsSpooler key */
3014         if ((i = lookup_printerkey(info2->data, SPOOL_DSSPOOLER_KEY)) < 0)
3015                 i = add_new_printer_key(info2->data, SPOOL_DSSPOOLER_KEY);
3016         ctr = info2->data->keys[i].values;
3017
3018         regval_ctr_delvalue(ctr, "objectGUID");
3019
3020         /* We used to store this as a REG_BINARY but that causes
3021            Vista to whine */
3022
3023         regval_ctr_addvalue_sz(ctr, "objectGUID",
3024                                GUID_string(talloc_tos(), &guid));
3025 }
3026
3027 static WERROR nt_printer_publish_ads(ADS_STRUCT *ads,
3028                                      NT_PRINTER_INFO_LEVEL *printer)
3029 {
3030         ADS_STATUS ads_rc;
3031         LDAPMessage *res;
3032         char *prt_dn = NULL, *srv_dn, *srv_cn_0, *srv_cn_escaped, *sharename_escaped;
3033         char *srv_dn_utf8, **srv_cn_utf8;
3034         TALLOC_CTX *ctx;
3035         ADS_MODLIST mods;
3036         const char *attrs[] = {"objectGUID", NULL};
3037         struct GUID guid;
3038         WERROR win_rc = WERR_OK;
3039         size_t converted_size;
3040
3041         /* build the ads mods */
3042         ctx = talloc_init("nt_printer_publish_ads");
3043         if (ctx == NULL) {
3044                 return WERR_NOMEM;
3045         }
3046
3047         DEBUG(5, ("publishing printer %s\n", printer->info_2->printername));
3048
3049         /* figure out where to publish */