2 Unix SMB/CIFS implementation.
3 SMB backend for the Common UNIX Printing System ("CUPS")
4 Copyright 1999 by Easy Software Products
5 Copyright Andrew Tridgell 1994-1998
6 Copyright Andrew Bartlett 2002
7 Copyright Rodrigo Fernandez-Vizarra 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 Starting with CUPS 1.3, Kerberos support is provided by cupsd including
27 the forwarding of user credentials via the authenticated session between
28 user and server and the KRB5CCNAME environment variable which will point
29 to a temporary file or an in-memory representation depending on the version
30 of Kerberos you use. As a result, all of the ticket code that used to
31 live here has been removed, and we depend on the user session (if you
32 run smbspool by hand) or cupsd to provide the necessary Kerberos info.
34 Also, the AUTH_USERNAME and AUTH_PASSWORD environment variables provide
35 for per-job authentication for non-Kerberized printing. We use those
36 if there is no username and password specified in the device URI.
38 Finally, if we have an authentication failure we return exit code 2
39 which tells CUPS to hold the job for authentication and bug the user
40 to get the necessary credentials.
43 #define MAX_RETRY_CONNECT 3
56 static void list_devices(void);
57 static struct cli_state *smb_complete_connection(const char *, const char *,int , const char *, const char *, const char *, const char *, int, int *need_auth);
58 static struct cli_state *smb_connect(const char *, const char *, int, const char *, const char *, const char *, const char *, int *need_auth);
59 static int smb_print(struct cli_state *, char *, FILE *);
60 static char * uri_unescape_alloc(const char *);
62 static bool smb_encrypt;
66 * 'main()' - Main entry for SMB backend.
69 int /* O - Exit status */
70 main(int argc, /* I - Number of command-line arguments */
71 char *argv[]) /* I - Command-line arguments */
73 int i; /* Looping var */
74 int copies; /* Number of copies */
75 int port; /* Port number */
76 char uri[1024], /* URI */
77 *sep, /* Pointer to separator */
78 *tmp, *tmp2, /* Temp pointers to do escaping */
79 *password; /* Password */
80 char *username, /* Username */
81 *server, /* Server name */
82 *printer; /* Printer name */
83 const char *workgroup; /* Workgroup */
84 FILE *fp; /* File to print */
85 int status=1; /* Status of LPD job */
86 struct cli_state *cli; /* SMB interface */
90 TALLOC_CTX *frame = talloc_stackframe();
94 /* we expect the URI in argv[0]. Detect the case where it is in argv[1] and cope */
95 if (argc > 2 && strncmp(argv[0],"smb://", 6) && !strncmp(argv[1],"smb://", 6)) {
103 * NEW! In CUPS 1.1 the backends are run with no arguments to list the
104 * available devices. These can be devices served by this backend
105 * or any other backends (i.e. you can have an SNMP backend that
106 * is only used to enumerate the available network printers... :)
114 if (argc < 6 || argc > 7)
116 fprintf(stderr, "Usage: %s [DEVICE_URI] job-id user title copies options [file]\n",
118 fputs(" The DEVICE_URI environment variable can also contain the\n", stderr);
119 fputs(" destination printer:\n", stderr);
121 fputs(" smb://[username:password@][workgroup/]server[:port]/printer\n", stderr);
126 * If we have 7 arguments, print the file named on the command-line.
127 * Otherwise, print data from stdin...
134 * Print from Copy stdin to a temporary file...
140 else if ((fp = fopen(argv[6], "rb")) == NULL)
142 perror("ERROR: Unable to open print file");
146 copies = atoi(argv[4]);
152 dev_uri = getenv("DEVICE_URI");
154 strncpy(uri, dev_uri, sizeof(uri) - 1);
155 else if (strncmp(argv[0], "smb://", 6) == 0)
156 strncpy(uri, argv[0], sizeof(uri) - 1);
159 fputs("ERROR: No device URI found in DEVICE_URI environment variable or argv[0] !\n", stderr);
163 uri[sizeof(uri) - 1] = '\0';
166 * Extract the destination from the URI...
169 if ((sep = strrchr_m(uri, '@')) != NULL)
174 /* username is in tmp */
179 * Extract password as needed...
182 if ((tmp2 = strchr_m(tmp, ':')) != NULL) {
184 password = uri_unescape_alloc(tmp2);
188 username = uri_unescape_alloc(tmp);
192 if ((username = getenv("AUTH_USERNAME")) == NULL)
195 if ((password = getenv("AUTH_PASSWORD")) == NULL)
203 if ((sep = strchr_m(tmp, '/')) == NULL)
205 fputs("ERROR: Bad URI - need printer name!\n", stderr);
212 if ((sep = strchr_m(tmp2, '/')) != NULL)
215 * Convert to smb://[username:password@]workgroup/server/printer...
220 workgroup = uri_unescape_alloc(tmp);
221 server = uri_unescape_alloc(tmp2);
222 printer = uri_unescape_alloc(sep);
226 server = uri_unescape_alloc(tmp);
227 printer = uri_unescape_alloc(tmp2);
230 if ((sep = strrchr_m(server, ':')) != NULL)
241 * Setup the SAMBA server state...
244 setup_logging("smbspool", True);
246 lp_set_in_client(True); /* Make sure that we tell lp_load we are */
250 if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True))
252 fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", get_dyn_CONFIGFILE());
256 if (workgroup == NULL)
257 workgroup = lp_workgroup();
263 if ((cli = smb_connect(workgroup, server, port, printer, username, password, argv[2], &need_auth)) == NULL)
267 fputs("ATTR: auth-info-required=username,password\n", stderr);
270 else if (getenv("CLASS") == NULL)
272 fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n");
278 fprintf(stderr, "ERROR: Unable to connect to CIFS host, trying next printer...\n");
283 while ((cli == NULL) && (tries < MAX_RETRY_CONNECT));
286 fprintf(stderr, "ERROR: Unable to connect to CIFS host after (tried %d times)\n", tries);
291 * Now that we are connected to the server, ignore SIGTERM so that we
292 * can finish out any page data the driver sends (e.g. to eject the
293 * current page... Only ignore SIGTERM if we are printing data from
294 * stdin (otherwise you can't cancel raw jobs...)
298 CatchSignal(SIGTERM, SIG_IGN);
304 for (i = 0; i < copies; i ++)
305 if ((status = smb_print(cli, argv[3] /* title */, fp)) != 0)
311 * Return the queue status...
322 * 'list_devices()' - List the available printers seen on the network...
329 * Eventually, search the local workgroup for available hosts and printers.
332 puts("network smb \"Unknown\" \"Windows Printer via SAMBA\"");
336 static struct cli_state
337 *smb_complete_connection(const char *myname,
340 const char *username,
341 const char *password,
342 const char *workgroup,
347 struct cli_state *cli; /* New connection */
350 static const NTSTATUS auth_errors[] =
351 { /* List of NTSTATUS errors that are considered authentication errors */
352 NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
353 NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
354 NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
355 NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
356 NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
357 NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
360 /* Start the SMB connection */
362 nt_status = cli_start_connection( &cli, myname, server, NULL, port,
363 Undefined, flags, NULL);
364 if (!NT_STATUS_IS_OK(nt_status))
366 fprintf(stderr,"ERROR: Connection failed: %s\n", nt_errstr(nt_status));
370 /* We pretty much guarentee password must be valid or a pointer
377 nt_status = cli_session_setup(cli, username,
378 password, strlen(password)+1,
379 password, strlen(password)+1,
381 if (!NT_STATUS_IS_OK(nt_status))
383 fprintf(stderr,"ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
385 for (i = 0; i < (int)(sizeof(auth_errors) / sizeof(auth_errors[0])); i ++)
386 if (NT_STATUS_V(nt_status) == NT_STATUS_V(auth_errors[i]))
397 if (!cli_send_tconX(cli, share, "?????", password, strlen(password)+1))
399 fprintf(stderr, "ERROR: Tree connect failed (%s)\n", cli_errstr(cli));
400 nt_status = cli_nt_error(cli);
402 for (i = 0; i < (int)(sizeof(auth_errors) / sizeof(auth_errors[0])); i ++)
403 if (NT_STATUS_V(nt_status) == NT_STATUS_V(auth_errors[i]))
415 /* Need to work out how to specify this on the URL. */
418 if (!cli_cm_force_encryption(cli,
424 fprintf(stderr, "ERROR: encryption setup failed\n");
435 * 'smb_connect()' - Return a connection to a server.
438 static struct cli_state * /* O - SMB connection */
439 smb_connect(const char *workgroup, /* I - Workgroup */
440 const char *server, /* I - Server */
441 const int port, /* I - Port */
442 const char *share, /* I - Printer */
443 const char *username, /* I - Username */
444 const char *password, /* I - Password */
445 const char *jobusername, /* I - User who issued the print job */
446 int *need_auth) /* O - Need authentication? */
448 struct cli_state *cli; /* New connection */
449 char *myname = NULL; /* Client name */
453 * Get the names and addresses of the client and server...
456 myname = get_myname(talloc_tos());
461 /* See if we have a username first. This is for backwards compatible
462 behavior with 3.0.14a */
464 if (username && *username && !getenv("KRB5CCNAME"))
466 cli = smb_complete_connection(myname, server, port, username,
467 password, workgroup, share, 0, need_auth);
473 * Try to use the user kerberos credentials (if any) to authenticate
475 cli = smb_complete_connection(myname, server, port, jobusername, "",
477 CLI_FULL_CONNECTION_USE_KERBEROS, need_auth);
479 if (cli ) { return cli; }
481 /* give a chance for a passwordless NTLMSSP session setup */
483 pwd = getpwuid(geteuid());
488 cli = smb_complete_connection(myname, server, port, pwd->pw_name, "",
489 workgroup, share, 0, need_auth);
491 if (cli) { return cli; }
494 * last try. Use anonymous authentication
497 cli = smb_complete_connection(myname, server, port, "", "",
498 workgroup, share, 0, need_auth);
500 * Return the new connection...
508 * 'smb_print()' - Queue a job for printing using the SMB protocol.
511 static int /* O - 0 = success, non-0 = failure */
512 smb_print(struct cli_state *cli, /* I - SMB connection */
513 char *title, /* I - Title/job name */
514 FILE *fp) /* I - File to print */
516 int fnum; /* File number */
517 int nbytes, /* Number of bytes read */
518 tbytes; /* Total bytes read */
519 char buffer[8192], /* Buffer for copy */
520 *ptr; /* Pointer into tile */
524 * Sanitize the title...
527 for (ptr = title; *ptr; ptr ++)
528 if (!isalnum((int)*ptr) && !isspace((int)*ptr))
532 * Open the printer device...
535 if ((fnum = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE)) == -1)
537 fprintf(stderr, "ERROR: %s opening remote spool %s\n",
538 cli_errstr(cli), title);
543 * Copy the file to the printer...
551 while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0)
553 if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes)
555 fprintf(stderr, "ERROR: Error writing spool: %s\n", cli_errstr(cli));
562 if (!cli_close(cli, fnum))
564 fprintf(stderr, "ERROR: %s closing remote spool %s\n",
565 cli_errstr(cli), title);
572 static char *uri_unescape_alloc(const char *uritok)
576 ret = (char *)SMB_STRDUP(uritok);
577 if (!ret) return NULL;
579 rfc1738_unescape(ret);