#define DATABASE_VERSION 1
+/* Map generic permissions to printer object specific permissions */
+
+struct generic_mapping printer_generic_mapping = {
+ PRINTER_READ,
+ PRINTER_WRITE,
+ PRINTER_EXECUTE,
+ PRINTER_ALL_ACCESS
+};
+
/* We need one default form to support our default printer. Msoft adds the
forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an
array index). Letter is always first, so (for the current code) additions
(*list)[i].bottom);
if (len > sizeof(buf)) break;
slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dsize = strlen(key)+1;
kbuf.dptr = key;
dbuf.dsize = len;
}
slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[n].name);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dsize = strlen(key)+1;
kbuf.dptr = key;
if (tdb_delete(tdb, kbuf) != 0) {
NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver;
driver=driver_abstract.info_3;
return clean_up_driver_struct_level_3(driver, user);
- break;
}
case 6:
{
NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver;
driver=driver_abstract.info_6;
return clean_up_driver_struct_level_6(driver, user);
- break;
}
default:
return ERROR_INVALID_PARAMETER;
Executable) files. Both files support the same INFO structure, but PE files
store the signature in unicode, and NE files store it as !unicode.
****************************************************************************/
-//static BOOL get_file_version(connection_struct *conn, int fd, char *fname,
static BOOL get_file_version(files_struct *fsp, char *fname,uint32 *major,
uint32 *minor)
{
slprintf(directory, sizeof(directory), "\\print$\\%s\\%d\\", architecture, driver->cversion);
-
- fstrcpy(temp_name, driver->driverpath);
- slprintf(driver->driverpath, sizeof(driver->driverpath), "%s%s", directory, temp_name);
+ /* .inf files do not always list a file for each of the four standard files.
+ * Don't prepend a path to a null filename, or client claims:
+ * "The server on which the printer resides does not have a suitable
+ * <printer driver name> printer driver installed. Click OK if you
+ * wish to install the driver on your local machine."
+ */
+ if (strlen(driver->driverpath)) {
+ fstrcpy(temp_name, driver->driverpath);
+ slprintf(driver->driverpath, sizeof(driver->driverpath), "%s%s", directory, temp_name);
+ }
- fstrcpy(temp_name, driver->datafile);
- slprintf(driver->datafile, sizeof(driver->datafile), "%s%s", directory, temp_name);
+ if (strlen(driver->datafile)) {
+ fstrcpy(temp_name, driver->datafile);
+ slprintf(driver->datafile, sizeof(driver->datafile), "%s%s", directory, temp_name);
+ }
- fstrcpy(temp_name, driver->configfile);
- slprintf(driver->configfile, sizeof(driver->configfile), "%s%s", directory, temp_name);
+ if (strlen(driver->configfile)) {
+ fstrcpy(temp_name, driver->configfile);
+ slprintf(driver->configfile, sizeof(driver->configfile), "%s%s", directory, temp_name);
+ }
- fstrcpy(temp_name, driver->helpfile);
- slprintf(driver->helpfile, sizeof(driver->helpfile), "%s%s", directory, temp_name);
+ if (strlen(driver->helpfile)) {
+ fstrcpy(temp_name, driver->helpfile);
+ slprintf(driver->helpfile, sizeof(driver->helpfile), "%s%s", directory, temp_name);
+ }
if (driver->dependentfiles) {
for (i=0; *driver->dependentfiles[i]; i++) {
- fstrcpy(temp_name, driver->dependentfiles[i]);
- slprintf(driver->dependentfiles[i], sizeof(driver->dependentfiles[i]), "%s%s", directory, temp_name);
+ fstrcpy(temp_name, driver->dependentfiles[i]);
+ slprintf(driver->dependentfiles[i], sizeof(driver->dependentfiles[i]), "%s%s", directory, temp_name);
}
}
slprintf(key, sizeof(key), "%s%s/%d/%s", DRIVERS_PREFIX, architecture, driver->cversion, driver->name);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
DEBUG(5,("add_a_printer_driver_3: Adding driver with key %s\n", key ));
****************************************************************************/
static uint32 dump_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
{
- uint32 success;
+ uint32 result;
NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3;
int i;
case 3:
{
if (driver.info_3 == NULL)
- success=5;
+ result=5;
else {
info3=driver.info_3;
DEBUGADD(106,("dependentfile:[%s]\n",
info3->dependentfiles[i]));
}
- success=0;
+ result=0;
}
break;
}
default:
DEBUGADD(1,("Level not implemented\n"));
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
pstring key;
TDB_DATA kbuf;
- slprintf(key, sizeof(key), "%s%s",
- PRINTERS_PREFIX, sharename);
+ slprintf(key, sizeof(key), "%s%s", PRINTERS_PREFIX, sharename);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dptr=key;
kbuf.dsize=strlen(key)+1;
}
- slprintf(key, sizeof(key), "%s%s",
- PRINTERS_PREFIX, info->sharename);
+ slprintf(key, sizeof(key), "%s%s", PRINTERS_PREFIX, info->sharename);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dptr = key;
kbuf.dsize = strlen(key)+1;
*/
len += tdb_unpack(buf+len, buflen-len, "B", &extra_len, &devmode.private);
devmode.driverextra=(uint16)extra_len;
+
+ /* check to catch an invalid TDB entry so we don't segfault */
+ if (devmode.driverextra == 0) {
+ devmode.private = NULL;
+ }
}
*nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
ZERO_STRUCT(info);
slprintf(key, sizeof(key), "%s%s", PRINTERS_PREFIX, sharename);
+ dos_to_unix(key, True); /* Convert key to unix-codepage */
kbuf.dptr = key;
kbuf.dsize = strlen(key)+1;
****************************************************************************/
static uint32 dump_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
{
- uint32 success;
+ uint32 result;
NT_PRINTER_INFO_LEVEL_2 *info2;
DEBUG(106,("Dumping printer at level [%d]\n", level));
case 2:
{
if (printer.info_2 == NULL)
- success=5;
+ result=5;
else
{
info2=printer.info_2;
DEBUGADD(106,("printprocessor:[%s]\n", info2->printprocessor));
DEBUGADD(106,("datatype:[%s]\n", info2->datatype));
DEBUGADD(106,("parameters:[%s]\n", info2->parameters));
- success=0;
+ result=0;
}
break;
}
default:
DEBUGADD(1,("Level not implemented\n"));
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
uint32 mod_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
{
- uint32 success;
+ uint32 result;
dump_a_printer(printer, level);
case 2:
{
printer.info_2->c_setprinter++;
- success=update_a_printer_2(printer.info_2);
+ result=update_a_printer_2(printer.info_2);
break;
}
default:
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
uint32 add_a_printer(NT_PRINTER_INFO_LEVEL printer, uint32 level)
{
- uint32 success;
+ uint32 result;
dump_a_printer(printer, level);
printer.info_2->changeid=time_nt.low;
printer.info_2->c_setprinter++;
- success=update_a_printer_2(printer.info_2);
+ result=update_a_printer_2(printer.info_2);
break;
}
default:
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
uint32 get_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level, fstring sharename)
{
- uint32 success;
+ uint32 result;
NT_PRINTER_INFO_LEVEL *printer = NULL;
*pp_printer = NULL;
return 1;
}
ZERO_STRUCTP(printer);
- success=get_a_printer_2(&printer->info_2, sharename);
- if (success == 0) {
+ result=get_a_printer_2(&printer->info_2, sharename);
+ if (result == 0) {
dump_a_printer(*printer, level);
*pp_printer = printer;
} else {
break;
}
default:
- success=1;
+ result=1;
break;
}
- DEBUG(10,("get_a_printer: [%s] level %u returning %u\n", sharename, (unsigned int)level, (unsigned int)success));
+ DEBUG(10,("get_a_printer: [%s] level %u returning %u\n", sharename, (unsigned int)level, (unsigned int)result));
- return (success);
+ return result;
}
/****************************************************************************
uint32 free_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level)
{
- uint32 success;
+ uint32 result;
NT_PRINTER_INFO_LEVEL *printer = *pp_printer;
DEBUG(104,("freeing a printer at level [%d]\n", level));
if (printer->info_2 != NULL)
{
free_nt_printer_info_level_2(&printer->info_2);
- success=0;
+ result=0;
}
else
{
- success=4;
+ result=4;
}
break;
}
default:
- success=1;
+ result=1;
break;
}
safe_free(printer);
*pp_printer = NULL;
- return (success);
+ return result;
}
/****************************************************************************
****************************************************************************/
uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
{
- uint32 success;
+ uint32 result;
DEBUG(104,("adding a printer at level [%d]\n", level));
dump_a_printer_driver(driver, level);
{
case 3:
{
- success=add_a_printer_driver_3(driver.info_3);
+ result=add_a_printer_driver_3(driver.info_3);
break;
}
case 6:
{
- success=add_a_printer_driver_6(driver.info_6);
+ result=add_a_printer_driver_6(driver.info_6);
break;
}
default:
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
****************************************************************************/
uint32 get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
fstring printername, fstring architecture, uint32 version)
{
- uint32 success;
+ uint32 result;
switch (level)
{
case 3:
{
- success=get_a_printer_driver_3(&driver->info_3, printername, architecture, version);
+ result=get_a_printer_driver_3(&driver->info_3, printername, architecture, version);
break;
}
default:
- success=1;
+ result=1;
break;
}
- if (success == 0)
+ if (result == 0)
dump_a_printer_driver(*driver, level);
- return (success);
+ return result;
}
/****************************************************************************
****************************************************************************/
uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
{
- uint32 success;
+ uint32 result;
switch (level)
{
safe_free(info3->dependentfiles);
ZERO_STRUCTP(info3);
safe_free(info3);
- success=0;
+ result=0;
}
else
{
- success=4;
+ result=4;
}
break;
}
safe_free(info6->previousnames);
ZERO_STRUCTP(info6);
safe_free(info6);
- success=0;
+ result=0;
}
else
{
- success=4;
+ result=4;
}
break;
}
default:
- success=1;
+ result=1;
break;
}
- return (success);
+ return result;
}
/****************************************************************************
static SEC_DESC_BUF *construct_default_printer_sdb(void)
{
- SEC_ACE ace[2];
+ SEC_ACE ace[3];
SEC_ACCESS sa;
SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
-
/* Make the security descriptor owned by the Administrators group
on the PDC of the domain. */
}
}
- init_sec_access(&sa, PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT);
+ init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_OBJECT_INHERIT |
+ SEC_ACE_FLAG_INHERIT_ONLY);
+
+ init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ init_sec_ace(&ace[2], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
/* The ACL revision number in rpc_secdesc.h differs from the one
#define NT4_ACL_REVISION 0x2
- if ((psa = make_sec_acl(NT4_ACL_REVISION, 2, ace)) != NULL) {
+ if ((psa = make_sec_acl(NT4_ACL_REVISION, 3, ace)) != NULL) {
psd = make_sec_desc(SEC_DESC_REVISION,
&owner_sid, NULL,
NULL, psa, &sd_size);
prs_struct ps;
TALLOC_CTX *mem_ctx = NULL;
fstring key;
+ char *temp;
mem_ctx = talloc_init();
if (mem_ctx == NULL)
return False;
+ if ((temp = strchr(printername + 2, '\\'))) {
+ printername = temp + 1;
+ }
+
/* Fetch security descriptor from tdb */
slprintf(key, sizeof(key), "SECDESC/%s", printername);
}
}
+ if (DEBUGLEVEL >= 10) {
+ SEC_ACL *acl = (*secdesc_ctr)->sec->dacl;
+ int i;
+
+ DEBUG(10, ("secdesc_ctr for %s has %d aces:\n",
+ printername, acl->num_aces));
+
+ for (i = 0; i < acl->num_aces; i++) {
+ fstring sid_str;
+
+ sid_to_string(sid_str, &acl->ace[i].sid);
+
+ DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
+ acl->ace[i].type, acl->ace[i].flags,
+ acl->ace[i].info.mask));
+ }
+ }
+
prs_mem_free(&ps);
talloc_destroy(mem_ctx);
return True;
*/
+/* Convert generic access rights to printer object specific access rights.
+ It turns out that NT4 security descriptors use generic access rights and
+ NT5 the object specific ones. */
+
+void map_printer_permissions(SEC_DESC *sd)
+{
+ int i;
+
+ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+ se_map_generic(&sd->dacl->ace[i].info.mask,
+ &printer_generic_mapping);
+ }
+}
+
/****************************************************************************
Check a user has permissions to perform the given operation. We use some
constants defined in include/rpc_spoolss.h that look relevant to check
PRINTER_ACCESS_USE:
print_job_start
- JOB_ACCESS_ADMINISTER:
+ PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER):
print_job_delete, print_job_pause, print_job_resume,
print_queue_purge
BOOL print_access_check(struct current_user *user, int snum, int access_type)
{
SEC_DESC_BUF *secdesc = NULL;
- uint32 access_granted, status, required_access = 0;
+ uint32 access_granted, status;
BOOL result;
char *pname;
- int i;
extern struct current_user current_user;
/* If user is NULL then use the current_user structure */
/* Get printer security descriptor */
nt_printing_getsec(pname, &secdesc);
+
+ map_printer_permissions(secdesc->sec);
- /* Check against NT4 ACE mask values. From observation these
- values are:
-
- Access Type ACE Mask Constant
- -------------------------------------
- Full Control 0x10000000 PRINTER_ACE_FULL_CONTROL
- Print 0xe0000000 PRINTER_ACE_PRINT
- Manage Documents 0x00020000 PRINTER_ACE_MANAGE_DOCUMENTS
- */
-
- switch (access_type) {
- case PRINTER_ACCESS_USE:
- required_access = PRINTER_ACE_PRINT;
- break;
- case PRINTER_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_MANAGE_DOCUMENTS |
- PRINTER_ACE_PRINT;
- break;
- case JOB_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_MANAGE_DOCUMENTS;
- break;
- default:
- DEBUG(0, ("invalid value passed to print_access_check()\n"));
- result = False;
- goto done;
- }
-
- /* The ACE for Full Control in a printer security descriptor
- doesn't seem to map properly to the access checking model. For
- it to work properly it should be the logical OR of all the other
- values, i.e PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT.
- This would cause the access check to simply fall out when we
- check against any subset of these bits. To get things to work,
- change every ACE mask of PRINTER_ACE_FULL_CONTROL to
- PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT before
- performing the access check. I'm sure there is a better way to
- do this! */
-
- if (secdesc && secdesc->sec && secdesc->sec->dacl &&
- secdesc->sec->dacl->ace) {
- for(i = 0; i < secdesc->sec->dacl->num_aces; i++) {
- if (secdesc->sec->dacl->ace[i].info.mask ==
- PRINTER_ACE_FULL_CONTROL) {
- secdesc->sec->dacl->ace[i].info.mask =
- PRINTER_ACE_MANAGE_DOCUMENTS |
- PRINTER_ACE_PRINT;
- }
- }
- }
-
- if ((result = se_access_check(secdesc->sec, user, required_access,
- &access_granted, &status))) {
- goto done;
- }
-
- /* Check against NT5 ACE mask values. From observation these
- values are:
-
- Access Type ACE Mask Constant
- -------------------------------------
- Full Control 0x000f000c PRINTER_ACE_NT5_FULL_CONTROL
- Print 0x00020008 PRINTER_ACE_NT5_PRINT
- Manage Documents 0x00020000 PRINTER_ACE_NT5_MANAGE_DOCUMENTS
-
- NT5 likes to rewrite the security descriptor and change the ACE
- masks from NT4 format to NT5 format making them unreadable by
- NT4 clients. */
-
- switch (access_type) {
- case PRINTER_ACCESS_USE:
- required_access = PRINTER_ACE_NT5_PRINT;
- break;
- case PRINTER_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_NT5_FULL_CONTROL;
- break;
- case JOB_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_NT5_MANAGE_DOCUMENTS;
- break;
- }
-
- result = se_access_check(secdesc->sec, user, required_access,
+ result = se_access_check(secdesc->sec, user, access_type,
&access_granted, &status);
/* Check access */
- done:
DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
/* Free mallocated memory */
git.samba.org / ira / wip.git / blobdiff