d7fe272ea7c831b2b819b7f18eaa0b855fe477f1
[sfrench/samba-autobuild/.git] / source3 / printing / nt_printing.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-2000,
5  *  Copyright (C) Jean François Micouleau      1998-2000.
6  *  Copyright (C) Gerald Carter                2002-2005.
7  *
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 3 of the License, or
11  *  (at your option) any later version.
12  *
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
20  */
21
22 #include "includes.h"
23
24 static TDB_CONTEXT *tdb_forms; /* used for forms files */
25 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
26 static TDB_CONTEXT *tdb_printers; /* used for printers files */
27
28 #define FORMS_PREFIX "FORMS/"
29 #define DRIVERS_PREFIX "DRIVERS/"
30 #define DRIVER_INIT_PREFIX "DRIVER_INIT/"
31 #define PRINTERS_PREFIX "PRINTERS/"
32 #define SECDESC_PREFIX "SECDESC/"
33 #define GLOBAL_C_SETPRINTER "GLOBALS/c_setprinter"
34
35 #define NTDRIVERS_DATABASE_VERSION_1 1
36 #define NTDRIVERS_DATABASE_VERSION_2 2
37 #define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
38 #define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
39 #define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
40
41 /* Map generic permissions to printer object specific permissions */
42
43 const struct generic_mapping printer_generic_mapping = {
44         PRINTER_READ,
45         PRINTER_WRITE,
46         PRINTER_EXECUTE,
47         PRINTER_ALL_ACCESS
48 };
49
50 const struct standard_mapping printer_std_mapping = {
51         PRINTER_READ,
52         PRINTER_WRITE,
53         PRINTER_EXECUTE,
54         PRINTER_ALL_ACCESS
55 };
56
57 /* Map generic permissions to print server object specific permissions */
58
59 const struct generic_mapping printserver_generic_mapping = {
60         SERVER_READ,
61         SERVER_WRITE,
62         SERVER_EXECUTE,
63         SERVER_ALL_ACCESS
64 };
65
66 const struct generic_mapping printserver_std_mapping = {
67         SERVER_READ,
68         SERVER_WRITE,
69         SERVER_EXECUTE,
70         SERVER_ALL_ACCESS
71 };
72
73 /* Map generic permissions to job object specific permissions */
74
75 const struct generic_mapping job_generic_mapping = {
76         JOB_READ,
77         JOB_WRITE,
78         JOB_EXECUTE,
79         JOB_ALL_ACCESS
80 };
81
82 /* We need one default form to support our default printer. Msoft adds the
83 forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an
84 array index). Letter is always first, so (for the current code) additions
85 always put things in the correct order. */
86 static const nt_forms_struct default_forms[] = {
87         {"Letter",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
88         {"Letter Small",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
89         {"Tabloid",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
90         {"Ledger",0x1,0x696b8,0x44368,0x0,0x0,0x696b8,0x44368},
91         {"Legal",0x1,0x34b5c,0x56d10,0x0,0x0,0x34b5c,0x56d10},
92         {"Statement",0x1,0x221b4,0x34b5c,0x0,0x0,0x221b4,0x34b5c},
93         {"Executive",0x1,0x2cf56,0x411cc,0x0,0x0,0x2cf56,0x411cc},
94         {"A3",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
95         {"A4",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
96         {"A4 Small",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
97         {"A5",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
98         {"B4 (JIS)",0x1,0x3ebe8,0x58de0,0x0,0x0,0x3ebe8,0x58de0},
99         {"B5 (JIS)",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
100         {"Folio",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
101         {"Quarto",0x1,0x347d8,0x43238,0x0,0x0,0x347d8,0x43238},
102         {"10x14",0x1,0x3e030,0x56d10,0x0,0x0,0x3e030,0x56d10},
103         {"11x17",0x1,0x44368,0x696b8,0x0,0x0,0x44368,0x696b8},
104         {"Note",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
105         {"Envelope #9",0x1,0x18079,0x37091,0x0,0x0,0x18079,0x37091},
106         {"Envelope #10",0x1,0x19947,0x3ae94,0x0,0x0,0x19947,0x3ae94},
107         {"Envelope #11",0x1,0x1be7c,0x40565,0x0,0x0,0x1be7c,0x40565},
108         {"Envelope #12",0x1,0x1d74a,0x44368,0x0,0x0,0x1d74a,0x44368},
109         {"Envelope #14",0x1,0x1f018,0x47504,0x0,0x0,0x1f018,0x47504},
110         {"C size sheet",0x1,0x696b8,0x886d0,0x0,0x0,0x696b8,0x886d0},
111         {"D size sheet",0x1,0x886d0,0xd2d70,0x0,0x0,0x886d0,0xd2d70},
112         {"E size sheet",0x1,0xd2d70,0x110da0,0x0,0x0,0xd2d70,0x110da0},
113         {"Envelope DL",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
114         {"Envelope C5",0x1,0x278d0,0x37e88,0x0,0x0,0x278d0,0x37e88},
115         {"Envelope C3",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
116         {"Envelope C4",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
117         {"Envelope C6",0x1,0x1bd50,0x278d0,0x0,0x0,0x1bd50,0x278d0},
118         {"Envelope C65",0x1,0x1bd50,0x37e88,0x0,0x0,0x1bd50,0x37e88},
119         {"Envelope B4",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
120         {"Envelope B5",0x1,0x2af80,0x3d090,0x0,0x0,0x2af80,0x3d090},
121         {"Envelope B6",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
122         {"Envelope",0x1,0x1adb0,0x38270,0x0,0x0,0x1adb0,0x38270},
123         {"Envelope Monarch",0x1,0x18079,0x2e824,0x0,0x0,0x18079,0x2e824},
124         {"6 3/4 Envelope",0x1,0x167ab,0x284ec,0x0,0x0,0x167ab,0x284ec},
125         {"US Std Fanfold",0x1,0x5c3e1,0x44368,0x0,0x0,0x5c3e1,0x44368},
126         {"German Std Fanfold",0x1,0x34b5c,0x4a6a0,0x0,0x0,0x34b5c,0x4a6a0},
127         {"German Legal Fanfold",0x1,0x34b5c,0x509d8,0x0,0x0,0x34b5c,0x509d8},
128         {"B4 (ISO)",0x1,0x3d090,0x562e8,0x0,0x0,0x3d090,0x562e8},
129         {"Japanese Postcard",0x1,0x186a0,0x24220,0x0,0x0,0x186a0,0x24220},
130         {"9x11",0x1,0x37cf8,0x44368,0x0,0x0,0x37cf8,0x44368},
131         {"10x11",0x1,0x3e030,0x44368,0x0,0x0,0x3e030,0x44368},
132         {"15x11",0x1,0x5d048,0x44368,0x0,0x0,0x5d048,0x44368},
133         {"Envelope Invite",0x1,0x35b60,0x35b60,0x0,0x0,0x35b60,0x35b60},
134         {"Reserved48",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
135         {"Reserved49",0x1,0x1,0x1,0x0,0x0,0x1,0x1},
136         {"Letter Extra",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
137         {"Legal Extra",0x1,0x3ae94,0x5d048,0x0,0x0,0x3ae94,0x5d048},
138         {"Tabloid Extra",0x1,0x4a6a0,0x6f9f0,0x0,0x0,0x4a6a0,0x6f9f0},
139         {"A4 Extra",0x1,0x397c2,0x4eb16,0x0,0x0,0x397c2,0x4eb16},
140         {"Letter Transverse",0x1,0x34b5c,0x44368,0x0,0x0,0x34b5c,0x44368},
141         {"A4 Transverse",0x1,0x33450,0x48828,0x0,0x0,0x33450,0x48828},
142         {"Letter Extra Transverse",0x1,0x3ae94,0x4a6a0,0x0,0x0,0x3ae94,0x4a6a0},
143         {"Super A",0x1,0x376b8,0x56ea0,0x0,0x0,0x376b8,0x56ea0},
144         {"Super B",0x1,0x4a768,0x76e58,0x0,0x0,0x4a768,0x76e58},
145         {"Letter Plus",0x1,0x34b5c,0x4eb16,0x0,0x0,0x34b5c,0x4eb16},
146         {"A4 Plus",0x1,0x33450,0x50910,0x0,0x0,0x33450,0x50910},
147         {"A5 Transverse",0x1,0x24220,0x33450,0x0,0x0,0x24220,0x33450},
148         {"B5 (JIS) Transverse",0x1,0x2c6f0,0x3ebe8,0x0,0x0,0x2c6f0,0x3ebe8},
149         {"A3 Extra",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
150         {"A5 Extra",0x1,0x2a7b0,0x395f8,0x0,0x0,0x2a7b0,0x395f8},
151         {"B5 (ISO) Extra",0x1,0x31128,0x43620,0x0,0x0,0x31128,0x43620},
152         {"A2",0x1,0x668a0,0x91050,0x0,0x0,0x668a0,0x91050},
153         {"A3 Transverse",0x1,0x48828,0x668a0,0x0,0x0,0x48828,0x668a0},
154         {"A3 Extra Transverse",0x1,0x4e9d0,0x6ca48,0x0,0x0,0x4e9d0,0x6ca48},
155         {"Japanese Double Postcard",0x1,0x30d40,0x24220,0x0,0x0,0x30d40,0x24220},
156         {"A6",0x1,0x19a28,0x24220,0x0,0x0,0x19a28,0x24220},
157         {"Japanese Envelope Kaku #2",0x1,0x3a980,0x510e0,0x0,0x0,0x3a980,0x510e0},
158         {"Japanese Envelope Kaku #3",0x1,0x34bc0,0x43a08,0x0,0x0,0x34bc0,0x43a08},
159         {"Japanese Envelope Chou #3",0x1,0x1d4c0,0x395f8,0x0,0x0,0x1d4c0,0x395f8},
160         {"Japanese Envelope Chou #4",0x1,0x15f90,0x320c8,0x0,0x0,0x15f90,0x320c8},
161         {"Letter Rotated",0x1,0x44368,0x34b5c,0x0,0x0,0x44368,0x34b5c},
162         {"A3 Rotated",0x1,0x668a0,0x48828,0x0,0x0,0x668a0,0x48828},
163         {"A4 Rotated",0x1,0x48828,0x33450,0x0,0x0,0x48828,0x33450},
164         {"A5 Rotated",0x1,0x33450,0x24220,0x0,0x0,0x33450,0x24220},
165         {"B4 (JIS) Rotated",0x1,0x58de0,0x3ebe8,0x0,0x0,0x58de0,0x3ebe8},
166         {"B5 (JIS) Rotated",0x1,0x3ebe8,0x2c6f0,0x0,0x0,0x3ebe8,0x2c6f0},
167         {"Japanese Postcard Rotated",0x1,0x24220,0x186a0,0x0,0x0,0x24220,0x186a0},
168         {"Double Japan Postcard Rotated",0x1,0x24220,0x30d40,0x0,0x0,0x24220,0x30d40},
169         {"A6 Rotated",0x1,0x24220,0x19a28,0x0,0x0,0x24220,0x19a28},
170         {"Japan Envelope Kaku #2 Rotated",0x1,0x510e0,0x3a980,0x0,0x0,0x510e0,0x3a980},
171         {"Japan Envelope Kaku #3 Rotated",0x1,0x43a08,0x34bc0,0x0,0x0,0x43a08, 0x34bc0},
172         {"Japan Envelope Chou #3 Rotated",0x1,0x395f8,0x1d4c0,0x0,0x0,0x395f8,0x1d4c0},
173         {"Japan Envelope Chou #4 Rotated",0x1,0x320c8,0x15f90,0x0,0x0,0x320c8,0x15f90},
174         {"B6 (JIS)",0x1,0x1f400,0x2c6f0,0x0,0x0,0x1f400,0x2c6f0},
175         {"B6 (JIS) Rotated",0x1,0x2c6f0,0x1f400,0x0,0x0,0x2c6f0,0x1f400},
176         {"12x11",0x1,0x4a724,0x443e1,0x0,0x0,0x4a724,0x443e1},
177         {"Japan Envelope You #4",0x1,0x19a28,0x395f8,0x0,0x0,0x19a28,0x395f8},
178         {"Japan Envelope You #4 Rotated",0x1,0x395f8,0x19a28,0x0,0x0,0x395f8,0x19a28},
179         {"PRC 16K",0x1,0x2de60,0x3f7a0,0x0,0x0,0x2de60,0x3f7a0},
180         {"PRC 32K",0x1,0x1fbd0,0x2cec0,0x0,0x0,0x1fbd0,0x2cec0},
181         {"PRC 32K(Big)",0x1,0x222e0,0x318f8,0x0,0x0,0x222e0,0x318f8},
182         {"PRC Envelope #1",0x1,0x18e70,0x28488,0x0,0x0,0x18e70,0x28488},
183         {"PRC Envelope #2",0x1,0x18e70,0x2af80,0x0,0x0,0x18e70,0x2af80},
184         {"PRC Envelope #3",0x1,0x1e848,0x2af80,0x0,0x0,0x1e848,0x2af80},
185         {"PRC Envelope #4",0x1,0x1adb0,0x32c80,0x0,0x0,0x1adb0,0x32c80},
186         {"PRC Envelope #5",0x1,0x1adb0,0x35b60,0x0,0x0,0x1adb0,0x35b60},
187         {"PRC Envelope #6",0x1,0x1d4c0,0x38270,0x0,0x0,0x1d4c0,0x38270},
188         {"PRC Envelope #7",0x1,0x27100,0x38270,0x0,0x0,0x27100,0x38270},
189         {"PRC Envelope #8",0x1,0x1d4c0,0x4b708,0x0,0x0,0x1d4c0,0x4b708},
190         {"PRC Envelope #9",0x1,0x37e88,0x4f1a0,0x0,0x0,0x37e88,0x4f1a0},
191         {"PRC Envelope #10",0x1,0x4f1a0,0x6fd10,0x0,0x0,0x4f1a0,0x6fd10},
192         {"PRC 16K Rotated",0x1,0x3f7a0,0x2de60,0x0,0x0,0x3f7a0,0x2de60},
193         {"PRC 32K Rotated",0x1,0x2cec0,0x1fbd0,0x0,0x0,0x2cec0,0x1fbd0},
194         {"PRC 32K(Big) Rotated",0x1,0x318f8,0x222e0,0x0,0x0,0x318f8,0x222e0},
195         {"PRC Envelope #1 Rotated",0x1,0x28488,0x18e70,0x0,0x0,0x28488,0x18e70},
196         {"PRC Envelope #2 Rotated",0x1,0x2af80,0x18e70,0x0,0x0,0x2af80,0x18e70},
197         {"PRC Envelope #3 Rotated",0x1,0x2af80,0x1e848,0x0,0x0,0x2af80,0x1e848},
198         {"PRC Envelope #4 Rotated",0x1,0x32c80,0x1adb0,0x0,0x0,0x32c80,0x1adb0},
199         {"PRC Envelope #5 Rotated",0x1,0x35b60,0x1adb0,0x0,0x0,0x35b60,0x1adb0},
200         {"PRC Envelope #6 Rotated",0x1,0x38270,0x1d4c0,0x0,0x0,0x38270,0x1d4c0},
201         {"PRC Envelope #7 Rotated",0x1,0x38270,0x27100,0x0,0x0,0x38270,0x27100},
202         {"PRC Envelope #8 Rotated",0x1,0x4b708,0x1d4c0,0x0,0x0,0x4b708,0x1d4c0},
203         {"PRC Envelope #9 Rotated",0x1,0x4f1a0,0x37e88,0x0,0x0,0x4f1a0,0x37e88},
204         {"PRC Envelope #10 Rotated",0x1,0x6fd10,0x4f1a0,0x0,0x0,0x6fd10,0x4f1a0}
205 };
206
207 static const struct print_architecture_table_node archi_table[]= {
208
209         {"Windows 4.0",          SPL_ARCH_WIN40,        0 },
210         {"Windows NT x86",       SPL_ARCH_W32X86,       2 },
211         {"Windows NT R4000",     SPL_ARCH_W32MIPS,      2 },
212         {"Windows NT Alpha_AXP", SPL_ARCH_W32ALPHA,     2 },
213         {"Windows NT PowerPC",   SPL_ARCH_W32PPC,       2 },
214         {"Windows IA64",         SPL_ARCH_IA64,         3 },
215         {"Windows x64",          SPL_ARCH_X64,          3 },
216         {NULL,                   "",            -1 }
217 };
218
219
220 /****************************************************************************
221  generate a new TDB_DATA key for storing a printer
222 ****************************************************************************/
223
224 static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
225 {
226         fstring share;
227         char *keystr = NULL;
228         TDB_DATA key;
229
230         fstrcpy(share, sharename);
231         strlower_m(share);
232
233         keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
234         key = string_term_tdb_data(keystr ? keystr : "");
235
236         return key;
237 }
238
239 /****************************************************************************
240  generate a new TDB_DATA key for storing a printer security descriptor
241 ****************************************************************************/
242
243 static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
244                                         const char* sharename  )
245 {
246         fstring share;
247         char *keystr = NULL;
248         TDB_DATA key;
249
250         fstrcpy(share, sharename );
251         strlower_m(share);
252
253         keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
254         key = string_term_tdb_data(keystr ? keystr : "");
255
256         return key;
257 }
258
259 /****************************************************************************
260 ****************************************************************************/
261
262 static bool upgrade_to_version_3(void)
263 {
264         TDB_DATA kbuf, newkey, dbuf;
265
266         DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
267
268         for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
269                         newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
270
271                 dbuf = tdb_fetch(tdb_drivers, kbuf);
272
273                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
274                         DEBUG(0,("upgrade_to_version_3:moving form\n"));
275                         if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
276                                 SAFE_FREE(dbuf.dptr);
277                                 DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
278                                 return False;
279                         }
280                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
281                                 SAFE_FREE(dbuf.dptr);
282                                 DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
283                                 return False;
284                         }
285                 }
286
287                 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
288                         DEBUG(0,("upgrade_to_version_3:moving printer\n"));
289                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
290                                 SAFE_FREE(dbuf.dptr);
291                                 DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
292                                 return False;
293                         }
294                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
295                                 SAFE_FREE(dbuf.dptr);
296                                 DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
297                                 return False;
298                         }
299                 }
300
301                 if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
302                         DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
303                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
304                                 SAFE_FREE(dbuf.dptr);
305                                 DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
306                                 return False;
307                         }
308                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
309                                 SAFE_FREE(dbuf.dptr);
310                                 DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
311                                 return False;
312                         }
313                 }
314
315                 SAFE_FREE(dbuf.dptr);
316         }
317
318         return True;
319 }
320
321 /*******************************************************************
322  Fix an issue with security descriptors.  Printer sec_desc must
323  use more than the generic bits that were previously used
324  in <= 3.0.14a.  They must also have a owner and group SID assigned.
325  Otherwise, any printers than have been migrated to a Windows
326  host using printmig.exe will not be accessible.
327 *******************************************************************/
328
329 static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
330                             TDB_DATA data, void *state )
331 {
332         NTSTATUS status;
333         SEC_DESC_BUF *sd_orig = NULL;
334         SEC_DESC_BUF *sd_new, *sd_store;
335         SEC_DESC *sec, *new_sec;
336         TALLOC_CTX *ctx = state;
337         int result, i;
338         uint32 sd_size;
339         size_t size_new_sec;
340
341         if (!data.dptr || data.dsize == 0) {
342                 return 0;
343         }
344
345         if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
346                 return 0;
347         }
348
349         /* upgrade the security descriptor */
350
351         status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
352         if (!NT_STATUS_IS_OK(status)) {
353                 /* delete bad entries */
354                 DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si.  Deleting....\n",
355                         (const char *)key.dptr ));
356                 tdb_delete( tdb_printers, key );
357                 return 0;
358         }
359
360         if (!sd_orig) {
361                 return 0;
362         }
363         sec = sd_orig->sd;
364
365         /* is this even valid? */
366
367         if ( !sec->dacl ) {
368                 return 0;
369         }
370
371         /* update access masks */
372
373         for ( i=0; i<sec->dacl->num_aces; i++ ) {
374                 switch ( sec->dacl->aces[i].access_mask ) {
375                         case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
376                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
377                                 break;
378
379                         case GENERIC_ALL_ACCESS:
380                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
381                                 break;
382
383                         case READ_CONTROL_ACCESS:
384                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
385
386                         default:        /* no change */
387                                 break;
388                 }
389         }
390
391         /* create a new SEC_DESC with the appropriate owner and group SIDs */
392
393         new_sec = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
394                                  &global_sid_Builtin_Administrators,
395                                  &global_sid_Builtin_Administrators,
396                                  NULL, NULL, &size_new_sec );
397         if (!new_sec) {
398                 return 0;
399         }
400         sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
401         if (!sd_new) {
402                 return 0;
403         }
404
405         if ( !(sd_store = sec_desc_merge( ctx, sd_new, sd_orig )) ) {
406                 DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
407                 return 0;
408         }
409
410         /* store it back */
411
412         sd_size = ndr_size_security_descriptor(sd_store->sd, NULL, 0)
413                 + sizeof(SEC_DESC_BUF);
414
415         status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
416         if (!NT_STATUS_IS_OK(status)) {
417                 DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
418                 return 0;
419         }
420
421         result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
422
423         /* 0 to continue and non-zero to stop traversal */
424
425         return (result == -1);
426 }
427
428 /*******************************************************************
429 *******************************************************************/
430
431 static bool upgrade_to_version_4(void)
432 {
433         TALLOC_CTX *ctx;
434         int result;
435
436         DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
437
438         if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
439                 return False;
440
441         result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
442
443         talloc_destroy( ctx );
444
445         return ( result != -1 );
446 }
447
448 /*******************************************************************
449  Fix an issue with security descriptors.  Printer sec_desc must
450  use more than the generic bits that were previously used
451  in <= 3.0.14a.  They must also have a owner and group SID assigned.
452  Otherwise, any printers than have been migrated to a Windows
453  host using printmig.exe will not be accessible.
454 *******************************************************************/
455
456 static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
457                                   TDB_DATA data, void *state )
458 {
459         TALLOC_CTX *ctx = talloc_tos();
460         TDB_DATA new_key;
461
462         if (!data.dptr || data.dsize == 0)
463                 return 0;
464
465         /* upgrade printer records and security descriptors */
466
467         if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
468                 new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
469         }
470         else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
471                 new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
472         }
473         else {
474                 /* ignore this record */
475                 return 0;
476         }
477
478         /* delete the original record and store under the normalized key */
479
480         if ( tdb_delete( the_tdb, key ) != 0 ) {
481                 DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
482                         key.dptr));
483                 return 1;
484         }
485
486         if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
487                 DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
488                         key.dptr));
489                 return 1;
490         }
491
492         return 0;
493 }
494
495 /*******************************************************************
496 *******************************************************************/
497
498 static bool upgrade_to_version_5(void)
499 {
500         TALLOC_CTX *ctx;
501         int result;
502
503         DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
504
505         if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
506                 return False;
507
508         result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
509
510         talloc_destroy( ctx );
511
512         return ( result != -1 );
513 }
514
515 /****************************************************************************
516  Open the NT printing tdbs. Done once before fork().
517 ****************************************************************************/
518
519 bool nt_printing_init(struct messaging_context *msg_ctx)
520 {
521         const char *vstring = "INFO/version";
522         WERROR win_rc;
523         int32 vers_id;
524
525         if ( tdb_drivers && tdb_printers && tdb_forms )
526                 return True;
527
528         if (tdb_drivers)
529                 tdb_close(tdb_drivers);
530         tdb_drivers = tdb_open_log(state_path("ntdrivers.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
531         if (!tdb_drivers) {
532                 DEBUG(0,("nt_printing_init: Failed to open nt drivers database %s (%s)\n",
533                         state_path("ntdrivers.tdb"), strerror(errno) ));
534                 return False;
535         }
536
537         if (tdb_printers)
538                 tdb_close(tdb_printers);
539         tdb_printers = tdb_open_log(state_path("ntprinters.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
540         if (!tdb_printers) {
541                 DEBUG(0,("nt_printing_init: Failed to open nt printers database %s (%s)\n",
542                         state_path("ntprinters.tdb"), strerror(errno) ));
543                 return False;
544         }
545
546         if (tdb_forms)
547                 tdb_close(tdb_forms);
548         tdb_forms = tdb_open_log(state_path("ntforms.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
549         if (!tdb_forms) {
550                 DEBUG(0,("nt_printing_init: Failed to open nt forms database %s (%s)\n",
551                         state_path("ntforms.tdb"), strerror(errno) ));
552                 return False;
553         }
554
555         /* handle a Samba upgrade */
556
557         vers_id = tdb_fetch_int32(tdb_drivers, vstring);
558         if (vers_id == -1) {
559                 DEBUG(10, ("Fresh database\n"));
560                 tdb_store_int32( tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5 );
561                 vers_id = NTDRIVERS_DATABASE_VERSION_5;
562         }
563
564         if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
565
566                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
567                         if (!upgrade_to_version_3())
568                                 return False;
569                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
570                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
571                 }
572
573                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
574                         /* Written on a bigendian machine with old fetch_int code. Save as le. */
575                         /* The only upgrade between V2 and V3 is to save the version in little-endian. */
576                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
577                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
578                 }
579
580                 if (vers_id == NTDRIVERS_DATABASE_VERSION_3 ) {
581                         if ( !upgrade_to_version_4() )
582                                 return False;
583                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
584                         vers_id = NTDRIVERS_DATABASE_VERSION_4;
585                 }
586
587                 if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
588                         if ( !upgrade_to_version_5() )
589                                 return False;
590                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
591                         vers_id = NTDRIVERS_DATABASE_VERSION_5;
592                 }
593
594
595                 if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
596                         DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
597                         return False;
598                 }
599         }
600
601         update_c_setprinter(True);
602
603         /*
604          * register callback to handle updating printers as new
605          * drivers are installed
606          */
607
608         messaging_register(msg_ctx, NULL, MSG_PRINTER_DRVUPGRADE,
609                            do_drv_upgrade_printer);
610
611         /*
612          * register callback to handle updating printer data
613          * when a driver is initialized
614          */
615
616         messaging_register(msg_ctx, NULL, MSG_PRINTERDATA_INIT_RESET,
617                            reset_all_printerdata);
618
619         /* of course, none of the message callbacks matter if you don't
620            tell messages.c that you interested in receiving PRINT_GENERAL
621            msgs.  This is done in claim_connection() */
622
623
624         if ( lp_security() == SEC_ADS ) {
625                 win_rc = check_published_printers();
626                 if (!W_ERROR_IS_OK(win_rc))
627                         DEBUG(0, ("nt_printing_init: error checking published printers: %s\n", win_errstr(win_rc)));
628         }
629
630         return True;
631 }
632
633 /*******************************************************************
634  Function to allow filename parsing "the old way".
635 ********************************************************************/
636
637 static NTSTATUS driver_unix_convert(connection_struct *conn,
638                                     const char *old_name,
639                                     struct smb_filename **smb_fname)
640 {
641         NTSTATUS status;
642         TALLOC_CTX *ctx = talloc_tos();
643         char *name = talloc_strdup(ctx, old_name);
644
645         if (!name) {
646                 return NT_STATUS_NO_MEMORY;
647         }
648         unix_format(name);
649         name = unix_clean_name(ctx, name);
650         if (!name) {
651                 return NT_STATUS_NO_MEMORY;
652         }
653         trim_string(name,"/","/");
654
655         status = unix_convert(ctx, conn, name, smb_fname, 0);
656         if (!NT_STATUS_IS_OK(status)) {
657                 return NT_STATUS_NO_MEMORY;
658         }
659
660         return NT_STATUS_OK;
661 }
662
663 /*******************************************************************
664  tdb traversal function for counting printers.
665 ********************************************************************/
666
667 static int traverse_counting_printers(TDB_CONTEXT *t, TDB_DATA key,
668                                       TDB_DATA data, void *context)
669 {
670         int *printer_count = (int*)context;
671
672         if (memcmp(PRINTERS_PREFIX, key.dptr, sizeof(PRINTERS_PREFIX)-1) == 0) {
673                 (*printer_count)++;
674                 DEBUG(10,("traverse_counting_printers: printer = [%s]  printer_count = %d\n", key.dptr, *printer_count));
675         }
676
677         return 0;
678 }
679
680 /*******************************************************************
681  Update the spooler global c_setprinter. This variable is initialized
682  when the parent smbd starts with the number of existing printers. It
683  is monotonically increased by the current number of printers *after*
684  each add or delete printer RPC. Only Microsoft knows why... JRR020119
685 ********************************************************************/
686
687 uint32 update_c_setprinter(bool initialize)
688 {
689         int32 c_setprinter;
690         int32 printer_count = 0;
691
692         tdb_lock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
693
694         /* Traverse the tdb, counting the printers */
695         tdb_traverse(tdb_printers, traverse_counting_printers, (void *)&printer_count);
696
697         /* If initializing, set c_setprinter to current printers count
698          * otherwise, bump it by the current printer count
699          */
700         if (!initialize)
701                 c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER) + printer_count;
702         else
703                 c_setprinter = printer_count;
704
705         DEBUG(10,("update_c_setprinter: c_setprinter = %u\n", (unsigned int)c_setprinter));
706         tdb_store_int32(tdb_printers, GLOBAL_C_SETPRINTER, c_setprinter);
707
708         tdb_unlock_bystring(tdb_printers, GLOBAL_C_SETPRINTER);
709
710         return (uint32)c_setprinter;
711 }
712
713 /*******************************************************************
714  Get the spooler global c_setprinter, accounting for initialization.
715 ********************************************************************/
716
717 uint32 get_c_setprinter(void)
718 {
719         int32 c_setprinter = tdb_fetch_int32(tdb_printers, GLOBAL_C_SETPRINTER);
720
721         if (c_setprinter == (int32)-1)
722                 c_setprinter = update_c_setprinter(True);
723
724         DEBUG(10,("get_c_setprinter: c_setprinter = %d\n", c_setprinter));
725
726         return (uint32)c_setprinter;
727 }
728
729 /****************************************************************************
730  Get builtin form struct list.
731 ****************************************************************************/
732
733 int get_builtin_ntforms(nt_forms_struct **list)
734 {
735         *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
736         if (!*list) {
737                 return 0;
738         }
739         return ARRAY_SIZE(default_forms);
740 }
741
742 /****************************************************************************
743  get a builtin form struct
744 ****************************************************************************/
745
746 bool get_a_builtin_ntform_by_string(const char *form_name, nt_forms_struct *form)
747 {
748         int i;
749         DEBUGADD(6,("Looking for builtin form %s \n", form_name));
750         for (i=0; i<ARRAY_SIZE(default_forms); i++) {
751                 if (strequal(form_name,default_forms[i].name)) {
752                         DEBUGADD(6,("Found builtin form %s \n", form_name));
753                         memcpy(form,&default_forms[i],sizeof(*form));
754                         return true;
755                 }
756         }
757
758         return false;
759 }
760
761 /****************************************************************************
762  get a form struct list.
763 ****************************************************************************/
764
765 int get_ntforms(nt_forms_struct **list)
766 {
767         TDB_DATA kbuf, newkey, dbuf;
768         nt_forms_struct form;
769         int ret;
770         int i;
771         int n = 0;
772
773         *list = NULL;
774
775         for (kbuf = tdb_firstkey(tdb_forms);
776              kbuf.dptr;
777              newkey = tdb_nextkey(tdb_forms, kbuf), free(kbuf.dptr), kbuf=newkey)
778         {
779                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) != 0)
780                         continue;
781
782                 dbuf = tdb_fetch(tdb_forms, kbuf);
783                 if (!dbuf.dptr)
784                         continue;
785
786                 fstrcpy(form.name, (const char *)kbuf.dptr+strlen(FORMS_PREFIX));
787                 ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddd",
788                                  &i, &form.flag, &form.width, &form.length, &form.left,
789                                  &form.top, &form.right, &form.bottom);
790                 SAFE_FREE(dbuf.dptr);
791                 if (ret != dbuf.dsize)
792                         continue;
793
794                 *list = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1);
795                 if (!*list) {
796                         DEBUG(0,("get_ntforms: Realloc fail.\n"));
797                         return 0;
798                 }
799                 (*list)[n] = form;
800                 n++;
801         }
802
803
804         return n;
805 }
806
807 /****************************************************************************
808 write a form struct list
809 ****************************************************************************/
810
811 int write_ntforms(nt_forms_struct **list, int number)
812 {
813         TALLOC_CTX *ctx = talloc_tos();
814         char *buf = NULL;
815         char *key = NULL;
816         int len;
817         TDB_DATA dbuf;
818         int i;
819
820         for (i=0;i<number;i++) {
821                 /* save index, so list is rebuilt in correct order */
822                 len = tdb_pack(NULL, 0, "dddddddd",
823                                i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
824                                (*list)[i].left, (*list)[i].top, (*list)[i].right,
825                                (*list)[i].bottom);
826                 if (!len) {
827                         continue;
828                 }
829                 buf = TALLOC_ARRAY(ctx, char, len);
830                 if (!buf) {
831                         return 0;
832                 }
833                 len = tdb_pack((uint8 *)buf, len, "dddddddd",
834                                i, (*list)[i].flag, (*list)[i].width, (*list)[i].length,
835                                (*list)[i].left, (*list)[i].top, (*list)[i].right,
836                                (*list)[i].bottom);
837                 key = talloc_asprintf(ctx, "%s%s", FORMS_PREFIX, (*list)[i].name);
838                 if (!key) {
839                         return 0;
840                 }
841                 dbuf.dsize = len;
842                 dbuf.dptr = (uint8 *)buf;
843                 if (tdb_store_bystring(tdb_forms, key, dbuf, TDB_REPLACE) != 0) {
844                         TALLOC_FREE(key);
845                         TALLOC_FREE(buf);
846                         break;
847                 }
848                 TALLOC_FREE(key);
849                 TALLOC_FREE(buf);
850        }
851
852        return i;
853 }
854
855 /****************************************************************************
856 add a form struct at the end of the list
857 ****************************************************************************/
858 bool add_a_form(nt_forms_struct **list, struct spoolss_AddFormInfo1 *form, int *count)
859 {
860         int n=0;
861         bool update;
862
863         /*
864          * NT tries to add forms even when
865          * they are already in the base
866          * only update the values if already present
867          */
868
869         update=False;
870
871         for (n=0; n<*count; n++) {
872                 if ( strequal((*list)[n].name, form->form_name) ) {
873                         update=True;
874                         break;
875                 }
876         }
877
878         if (update==False) {
879                 if((*list=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) {
880                         DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
881                         return False;
882                 }
883                 fstrcpy((*list)[n].name, form->form_name);
884                 (*count)++;
885         }
886
887         (*list)[n].flag         = form->flags;
888         (*list)[n].width        = form->size.width;
889         (*list)[n].length       = form->size.height;
890         (*list)[n].left         = form->area.left;
891         (*list)[n].top          = form->area.top;
892         (*list)[n].right        = form->area.right;
893         (*list)[n].bottom       = form->area.bottom;
894
895         DEBUG(6,("add_a_form: Successfully %s form [%s]\n",
896                 update ? "updated" : "added", form->form_name));
897
898         return True;
899 }
900
901 /****************************************************************************
902  Delete a named form struct.
903 ****************************************************************************/
904
905 bool delete_a_form(nt_forms_struct **list, const char *del_name, int *count, WERROR *ret)
906 {
907         char *key = NULL;
908         int n=0;
909
910         *ret = WERR_OK;
911
912         for (n=0; n<*count; n++) {
913                 if (!strncmp((*list)[n].name, del_name, strlen(del_name))) {
914                         DEBUG(103, ("delete_a_form, [%s] in list\n", del_name));
915                         break;
916                 }
917         }
918
919         if (n == *count) {
920                 DEBUG(10,("delete_a_form, [%s] not found\n", del_name));
921                 *ret = WERR_INVALID_PARAM;
922                 return False;
923         }
924
925         if (asprintf(&key, "%s%s", FORMS_PREFIX, (*list)[n].name) < 0) {
926                 *ret = WERR_NOMEM;
927                 return false;
928         }
929         if (tdb_delete_bystring(tdb_forms, key) != 0) {
930                 SAFE_FREE(key);
931                 *ret = WERR_NOMEM;
932                 return False;
933         }
934         SAFE_FREE(key);
935         return true;
936 }
937
938 /****************************************************************************
939  Update a form struct.
940 ****************************************************************************/
941
942 void update_a_form(nt_forms_struct **list, struct spoolss_AddFormInfo1 *form, int count)
943 {
944         int n=0;
945
946         DEBUG(106, ("[%s]\n", form->form_name));
947         for (n=0; n<count; n++) {
948                 DEBUGADD(106, ("n [%d]:[%s]\n", n, (*list)[n].name));
949                 if (!strncmp((*list)[n].name, form->form_name, strlen(form->form_name)))
950                         break;
951         }
952
953         if (n==count) return;
954
955         (*list)[n].flag         = form->flags;
956         (*list)[n].width        = form->size.width;
957         (*list)[n].length       = form->size.height;
958         (*list)[n].left         = form->area.left;
959         (*list)[n].top          = form->area.top;
960         (*list)[n].right        = form->area.right;
961         (*list)[n].bottom       = form->area.bottom;
962 }
963
964 /****************************************************************************
965  Get the nt drivers list.
966  Traverse the database and look-up the matching names.
967 ****************************************************************************/
968 int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
969 {
970         int total=0;
971         const char *short_archi;
972         char *key = NULL;
973         TDB_DATA kbuf, newkey;
974
975         short_archi = get_short_archi(architecture);
976         if (!short_archi) {
977                 return 0;
978         }
979
980         if (asprintf(&key, "%s%s/%d/", DRIVERS_PREFIX,
981                                 short_archi, version) < 0) {
982                 return 0;
983         }
984
985         for (kbuf = tdb_firstkey(tdb_drivers);
986              kbuf.dptr;
987              newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
988
989                 if (strncmp((const char *)kbuf.dptr, key, strlen(key)) != 0)
990                         continue;
991
992                 if((*list = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) {
993                         DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
994                         SAFE_FREE(key);
995                         return -1;
996                 }
997
998                 fstrcpy((*list)[total], (const char *)kbuf.dptr+strlen(key));
999                 total++;
1000         }
1001
1002         SAFE_FREE(key);
1003         return(total);
1004 }
1005
1006 /****************************************************************************
1007  Function to do the mapping between the long architecture name and
1008  the short one.
1009 ****************************************************************************/
1010
1011 const char *get_short_archi(const char *long_archi)
1012 {
1013         int i=-1;
1014
1015         DEBUG(107,("Getting architecture dependant directory\n"));
1016         do {
1017                 i++;
1018         } while ( (archi_table[i].long_archi!=NULL ) &&
1019                   StrCaseCmp(long_archi, archi_table[i].long_archi) );
1020
1021         if (archi_table[i].long_archi==NULL) {
1022                 DEBUGADD(10,("Unknown architecture [%s] !\n", long_archi));
1023                 return NULL;
1024         }
1025
1026         /* this might be client code - but shouldn't this be an fstrcpy etc? */
1027
1028         DEBUGADD(108,("index: [%d]\n", i));
1029         DEBUGADD(108,("long architecture: [%s]\n", archi_table[i].long_archi));
1030         DEBUGADD(108,("short architecture: [%s]\n", archi_table[i].short_archi));
1031
1032         return archi_table[i].short_archi;
1033 }
1034
1035 /****************************************************************************
1036  Version information in Microsoft files is held in a VS_VERSION_INFO structure.
1037  There are two case to be covered here: PE (Portable Executable) and NE (New
1038  Executable) files. Both files support the same INFO structure, but PE files
1039  store the signature in unicode, and NE files store it as !unicode.
1040  returns -1 on error, 1 on version info found, and 0 on no version info found.
1041 ****************************************************************************/
1042
1043 static int get_file_version(files_struct *fsp, char *fname,uint32 *major, uint32 *minor)
1044 {
1045         int     i;
1046         char    *buf = NULL;
1047         ssize_t byte_count;
1048
1049         if ((buf=(char *)SMB_MALLOC(DOS_HEADER_SIZE)) == NULL) {
1050                 DEBUG(0,("get_file_version: PE file [%s] DOS Header malloc failed bytes = %d\n",
1051                                 fname, DOS_HEADER_SIZE));
1052                 goto error_exit;
1053         }
1054
1055         if ((byte_count = vfs_read_data(fsp, buf, DOS_HEADER_SIZE)) < DOS_HEADER_SIZE) {
1056                 DEBUG(3,("get_file_version: File [%s] DOS header too short, bytes read = %lu\n",
1057                          fname, (unsigned long)byte_count));
1058                 goto no_version_info;
1059         }
1060
1061         /* Is this really a DOS header? */
1062         if (SVAL(buf,DOS_HEADER_MAGIC_OFFSET) != DOS_HEADER_MAGIC) {
1063                 DEBUG(6,("get_file_version: File [%s] bad DOS magic = 0x%x\n",
1064                                 fname, SVAL(buf,DOS_HEADER_MAGIC_OFFSET)));
1065                 goto no_version_info;
1066         }
1067
1068         /* Skip OEM header (if any) and the DOS stub to start of Windows header */
1069         if (SMB_VFS_LSEEK(fsp, SVAL(buf,DOS_HEADER_LFANEW_OFFSET), SEEK_SET) == (SMB_OFF_T)-1) {
1070                 DEBUG(3,("get_file_version: File [%s] too short, errno = %d\n",
1071                                 fname, errno));
1072                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1073                 goto no_version_info;
1074         }
1075
1076         /* Note: DOS_HEADER_SIZE and NE_HEADER_SIZE are incidentally same */
1077         if ((byte_count = vfs_read_data(fsp, buf, NE_HEADER_SIZE)) < NE_HEADER_SIZE) {
1078                 DEBUG(3,("get_file_version: File [%s] Windows header too short, bytes read = %lu\n",
1079                          fname, (unsigned long)byte_count));
1080                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1081                 goto no_version_info;
1082         }
1083
1084         /* The header may be a PE (Portable Executable) or an NE (New Executable) */
1085         if (IVAL(buf,PE_HEADER_SIGNATURE_OFFSET) == PE_HEADER_SIGNATURE) {
1086                 unsigned int num_sections;
1087                 unsigned int section_table_bytes;
1088
1089                 /* Just skip over optional header to get to section table */
1090                 if (SMB_VFS_LSEEK(fsp,
1091                                 SVAL(buf,PE_HEADER_OPTIONAL_HEADER_SIZE)-(NE_HEADER_SIZE-PE_HEADER_SIZE),
1092                                 SEEK_CUR) == (SMB_OFF_T)-1) {
1093                         DEBUG(3,("get_file_version: File [%s] Windows optional header too short, errno = %d\n",
1094                                 fname, errno));
1095                         goto error_exit;
1096                 }
1097
1098                 /* get the section table */
1099                 num_sections        = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS);
1100                 section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE;
1101                 if (section_table_bytes == 0)
1102                         goto error_exit;
1103
1104                 SAFE_FREE(buf);
1105                 if ((buf=(char *)SMB_MALLOC(section_table_bytes)) == NULL) {
1106                         DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
1107                                         fname, section_table_bytes));
1108                         goto error_exit;
1109                 }
1110
1111                 if ((byte_count = vfs_read_data(fsp, buf, section_table_bytes)) < section_table_bytes) {
1112                         DEBUG(3,("get_file_version: PE file [%s] Section header too short, bytes read = %lu\n",
1113                                  fname, (unsigned long)byte_count));
1114                         goto error_exit;
1115                 }
1116
1117                 /* Iterate the section table looking for the resource section ".rsrc" */
1118                 for (i = 0; i < num_sections; i++) {
1119                         int sec_offset = i * PE_HEADER_SECT_HEADER_SIZE;
1120
1121                         if (strcmp(".rsrc", &buf[sec_offset+PE_HEADER_SECT_NAME_OFFSET]) == 0) {
1122                                 unsigned int section_pos   = IVAL(buf,sec_offset+PE_HEADER_SECT_PTR_DATA_OFFSET);
1123                                 unsigned int section_bytes = IVAL(buf,sec_offset+PE_HEADER_SECT_SIZE_DATA_OFFSET);
1124
1125                                 if (section_bytes == 0)
1126                                         goto error_exit;
1127
1128                                 SAFE_FREE(buf);
1129                                 if ((buf=(char *)SMB_MALLOC(section_bytes)) == NULL) {
1130                                         DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
1131                                                         fname, section_bytes));
1132                                         goto error_exit;
1133                                 }
1134
1135                                 /* Seek to the start of the .rsrc section info */
1136                                 if (SMB_VFS_LSEEK(fsp, section_pos, SEEK_SET) == (SMB_OFF_T)-1) {
1137                                         DEBUG(3,("get_file_version: PE file [%s] too short for section info, errno = %d\n",
1138                                                         fname, errno));
1139                                         goto error_exit;
1140                                 }
1141
1142                                 if ((byte_count = vfs_read_data(fsp, buf, section_bytes)) < section_bytes) {
1143                                         DEBUG(3,("get_file_version: PE file [%s] .rsrc section too short, bytes read = %lu\n",
1144                                                  fname, (unsigned long)byte_count));
1145                                         goto error_exit;
1146                                 }
1147
1148                                 if (section_bytes < VS_VERSION_INFO_UNICODE_SIZE)
1149                                         goto error_exit;
1150
1151                                 for (i=0; i<section_bytes-VS_VERSION_INFO_UNICODE_SIZE; i++) {
1152                                         /* Scan for 1st 3 unicoded bytes followed by word aligned magic value */
1153                                         if (buf[i] == 'V' && buf[i+1] == '\0' && buf[i+2] == 'S') {
1154                                                 /* Align to next long address */
1155                                                 int pos = (i + sizeof(VS_SIGNATURE)*2 + 3) & 0xfffffffc;
1156
1157                                                 if (IVAL(buf,pos) == VS_MAGIC_VALUE) {
1158                                                         *major = IVAL(buf,pos+VS_MAJOR_OFFSET);
1159                                                         *minor = IVAL(buf,pos+VS_MINOR_OFFSET);
1160
1161                                                         DEBUG(6,("get_file_version: PE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
1162                                                                           fname, *major, *minor,
1163                                                                           (*major>>16)&0xffff, *major&0xffff,
1164                                                                           (*minor>>16)&0xffff, *minor&0xffff));
1165                                                         SAFE_FREE(buf);
1166                                                         return 1;
1167                                                 }
1168                                         }
1169                                 }
1170                         }
1171                 }
1172
1173                 /* Version info not found, fall back to origin date/time */
1174                 DEBUG(10,("get_file_version: PE file [%s] has no version info\n", fname));
1175                 SAFE_FREE(buf);
1176                 return 0;
1177
1178         } else if (SVAL(buf,NE_HEADER_SIGNATURE_OFFSET) == NE_HEADER_SIGNATURE) {
1179                 if (CVAL(buf,NE_HEADER_TARGET_OS_OFFSET) != NE_HEADER_TARGOS_WIN ) {
1180                         DEBUG(3,("get_file_version: NE file [%s] wrong target OS = 0x%x\n",
1181                                         fname, CVAL(buf,NE_HEADER_TARGET_OS_OFFSET)));
1182                         /* At this point, we assume the file is in error. It still could be somthing
1183                          * else besides a NE file, but it unlikely at this point. */
1184                         goto error_exit;
1185                 }
1186
1187                 /* Allocate a bit more space to speed up things */
1188                 SAFE_FREE(buf);
1189                 if ((buf=(char *)SMB_MALLOC(VS_NE_BUF_SIZE)) == NULL) {
1190                         DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
1191                                         fname, PE_HEADER_SIZE));
1192                         goto error_exit;
1193                 }
1194
1195                 /* This is a HACK! I got tired of trying to sort through the messy
1196                  * 'NE' file format. If anyone wants to clean this up please have at
1197                  * it, but this works. 'NE' files will eventually fade away. JRR */
1198                 while((byte_count = vfs_read_data(fsp, buf, VS_NE_BUF_SIZE)) > 0) {
1199                         /* Cover case that should not occur in a well formed 'NE' .dll file */
1200                         if (byte_count-VS_VERSION_INFO_SIZE <= 0) break;
1201
1202                         for(i=0; i<byte_count; i++) {
1203                                 /* Fast skip past data that can't possibly match */
1204                                 if (buf[i] != 'V') continue;
1205
1206                                 /* Potential match data crosses buf boundry, move it to beginning
1207                                  * of buf, and fill the buf with as much as it will hold. */
1208                                 if (i>byte_count-VS_VERSION_INFO_SIZE) {
1209                                         int bc;
1210
1211                                         memcpy(buf, &buf[i], byte_count-i);
1212                                         if ((bc = vfs_read_data(fsp, &buf[byte_count-i], VS_NE_BUF_SIZE-
1213                                                                    (byte_count-i))) < 0) {
1214
1215                                                 DEBUG(0,("get_file_version: NE file [%s] Read error, errno=%d\n",
1216                                                                  fname, errno));
1217                                                 goto error_exit;
1218                                         }
1219
1220                                         byte_count = bc + (byte_count - i);
1221                                         if (byte_count<VS_VERSION_INFO_SIZE) break;
1222
1223                                         i = 0;
1224                                 }
1225
1226                                 /* Check that the full signature string and the magic number that
1227                                  * follows exist (not a perfect solution, but the chances that this
1228                                  * occurs in code is, well, remote. Yes I know I'm comparing the 'V'
1229                                  * twice, as it is simpler to read the code. */
1230                                 if (strcmp(&buf[i], VS_SIGNATURE) == 0) {
1231                                         /* Compute skip alignment to next long address */
1232                                         int skip = -(SMB_VFS_LSEEK(fsp, 0, SEEK_CUR) - (byte_count - i) +
1233                                                                  sizeof(VS_SIGNATURE)) & 3;
1234                                         if (IVAL(buf,i+sizeof(VS_SIGNATURE)+skip) != 0xfeef04bd) continue;
1235
1236                                         *major = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MAJOR_OFFSET);
1237                                         *minor = IVAL(buf,i+sizeof(VS_SIGNATURE)+skip+VS_MINOR_OFFSET);
1238                                         DEBUG(6,("get_file_version: NE file [%s] Version = %08x:%08x (%d.%d.%d.%d)\n",
1239                                                           fname, *major, *minor,
1240                                                           (*major>>16)&0xffff, *major&0xffff,
1241                                                           (*minor>>16)&0xffff, *minor&0xffff));
1242                                         SAFE_FREE(buf);
1243                                         return 1;
1244                                 }
1245                         }
1246                 }
1247
1248                 /* Version info not found, fall back to origin date/time */
1249                 DEBUG(0,("get_file_version: NE file [%s] Version info not found\n", fname));
1250                 SAFE_FREE(buf);
1251                 return 0;
1252
1253         } else
1254                 /* Assume this isn't an error... the file just looks sort of like a PE/NE file */
1255                 DEBUG(3,("get_file_version: File [%s] unknown file format, signature = 0x%x\n",
1256                                 fname, IVAL(buf,PE_HEADER_SIGNATURE_OFFSET)));
1257
1258         no_version_info:
1259                 SAFE_FREE(buf);
1260                 return 0;
1261
1262         error_exit:
1263                 SAFE_FREE(buf);
1264                 return -1;
1265 }
1266
1267 /****************************************************************************
1268 Drivers for Microsoft systems contain multiple files. Often, multiple drivers
1269 share one or more files. During the MS installation process files are checked
1270 to insure that only a newer version of a shared file is installed over an
1271 older version. There are several possibilities for this comparison. If there
1272 is no previous version, the new one is newer (obviously). If either file is
1273 missing the version info structure, compare the creation date (on Unix use
1274 the modification date). Otherwise chose the numerically larger version number.
1275 ****************************************************************************/
1276
1277 static int file_version_is_newer(connection_struct *conn, fstring new_file, fstring old_file)
1278 {
1279         bool use_version = true;
1280
1281         uint32 new_major;
1282         uint32 new_minor;
1283         time_t new_create_time;
1284
1285         uint32 old_major;
1286         uint32 old_minor;
1287         time_t old_create_time;
1288
1289         struct smb_filename *smb_fname = NULL;
1290         files_struct    *fsp = NULL;
1291         SMB_STRUCT_STAT st;
1292
1293         NTSTATUS status;
1294         int ret;
1295
1296         SET_STAT_INVALID(st);
1297         new_create_time = (time_t)0;
1298         old_create_time = (time_t)0;
1299
1300         /* Get file version info (if available) for previous file (if it exists) */
1301         status = driver_unix_convert(conn, old_file, &smb_fname);
1302         if (!NT_STATUS_IS_OK(status)) {
1303                 goto error_exit;
1304         }
1305
1306         status = SMB_VFS_CREATE_FILE(
1307                 conn,                                   /* conn */
1308                 NULL,                                   /* req */
1309                 0,                                      /* root_dir_fid */
1310                 smb_fname,                              /* fname */
1311                 FILE_GENERIC_READ,                      /* access_mask */
1312                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1313                 FILE_OPEN,                              /* create_disposition*/
1314                 0,                                      /* create_options */
1315                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1316                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1317                 0,                                      /* allocation_size */
1318                 0,                                      /* private_flags */
1319                 NULL,                                   /* sd */
1320                 NULL,                                   /* ea_list */
1321                 &fsp,                                   /* result */
1322                 NULL);                                  /* pinfo */
1323
1324         if (!NT_STATUS_IS_OK(status)) {
1325                 /* Old file not found, so by definition new file is in fact newer */
1326                 DEBUG(10,("file_version_is_newer: Can't open old file [%s], "
1327                           "errno = %d\n", smb_fname_str_dbg(smb_fname),
1328                           errno));
1329                 ret = 1;
1330                 goto done;
1331
1332         } else {
1333                 ret = get_file_version(fsp, old_file, &old_major, &old_minor);
1334                 if (ret == -1) {
1335                         goto error_exit;
1336                 }
1337
1338                 if (!ret) {
1339                         DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
1340                                          old_file));
1341                         use_version = false;
1342                         if (SMB_VFS_FSTAT(fsp, &st) == -1) {
1343                                  goto error_exit;
1344                         }
1345                         old_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
1346                         DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
1347                                 (long)old_create_time));
1348                 }
1349         }
1350         close_file(NULL, fsp, NORMAL_CLOSE);
1351         fsp = NULL;
1352
1353         /* Get file version info (if available) for new file */
1354         status = driver_unix_convert(conn, new_file, &smb_fname);
1355         if (!NT_STATUS_IS_OK(status)) {
1356                 goto error_exit;
1357         }
1358
1359         status = SMB_VFS_CREATE_FILE(
1360                 conn,                                   /* conn */
1361                 NULL,                                   /* req */
1362                 0,                                      /* root_dir_fid */
1363                 smb_fname,                              /* fname */
1364                 FILE_GENERIC_READ,                      /* access_mask */
1365                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1366                 FILE_OPEN,                              /* create_disposition*/
1367                 0,                                      /* create_options */
1368                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1369                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1370                 0,                                      /* allocation_size */
1371                 0,                                      /* private_flags */
1372                 NULL,                                   /* sd */
1373                 NULL,                                   /* ea_list */
1374                 &fsp,                                   /* result */
1375                 NULL);                                  /* pinfo */
1376
1377         if (!NT_STATUS_IS_OK(status)) {
1378                 /* New file not found, this shouldn't occur if the caller did its job */
1379                 DEBUG(3,("file_version_is_newer: Can't open new file [%s], "
1380                          "errno = %d\n", smb_fname_str_dbg(smb_fname), errno));
1381                 goto error_exit;
1382
1383         } else {
1384                 ret = get_file_version(fsp, new_file, &new_major, &new_minor);
1385                 if (ret == -1) {
1386                         goto error_exit;
1387                 }
1388
1389                 if (!ret) {
1390                         DEBUG(6,("file_version_is_newer: Version info not found [%s], use mod time\n",
1391                                          new_file));
1392                         use_version = false;
1393                         if (SMB_VFS_FSTAT(fsp, &st) == -1) {
1394                                 goto error_exit;
1395                         }
1396                         new_create_time = convert_timespec_to_time_t(st.st_ex_mtime);
1397                         DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n",
1398                                 (long)new_create_time));
1399                 }
1400         }
1401         close_file(NULL, fsp, NORMAL_CLOSE);
1402         fsp = NULL;
1403
1404         if (use_version && (new_major != old_major || new_minor != old_minor)) {
1405                 /* Compare versions and choose the larger version number */
1406                 if (new_major > old_major ||
1407                         (new_major == old_major && new_minor > old_minor)) {
1408
1409                         DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
1410                         ret = 1;
1411                         goto done;
1412                 }
1413                 else {
1414                         DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
1415                         ret = 0;
1416                         goto done;
1417                 }
1418
1419         } else {
1420                 /* Compare modification time/dates and choose the newest time/date */
1421                 if (new_create_time > old_create_time) {
1422                         DEBUG(6,("file_version_is_newer: Replacing [%s] with [%s]\n", old_file, new_file));
1423                         ret = 1;
1424                         goto done;
1425                 }
1426                 else {
1427                         DEBUG(6,("file_version_is_newer: Leaving [%s] unchanged\n", old_file));
1428                         ret = 0;
1429                         goto done;
1430                 }
1431         }
1432
1433  error_exit:
1434         if(fsp)
1435                 close_file(NULL, fsp, NORMAL_CLOSE);
1436         ret = -1;
1437  done:
1438         TALLOC_FREE(smb_fname);
1439         return ret;
1440 }
1441
1442 /****************************************************************************
1443 Determine the correct cVersion associated with an architecture and driver
1444 ****************************************************************************/
1445 static uint32 get_correct_cversion(struct pipes_struct *p,
1446                                    const char *architecture,
1447                                    const char *driverpath_in,
1448                                    WERROR *perr)
1449 {
1450         int               cversion;
1451         NTSTATUS          nt_status;
1452         struct smb_filename *smb_fname = NULL;
1453         char *driverpath = NULL;
1454         files_struct      *fsp = NULL;
1455         connection_struct *conn = NULL;
1456         NTSTATUS status;
1457         char *oldcwd;
1458         fstring printdollar;
1459         int printdollar_snum;
1460
1461         *perr = WERR_INVALID_PARAM;
1462
1463         /* If architecture is Windows 95/98/ME, the version is always 0. */
1464         if (strcmp(architecture, SPL_ARCH_WIN40) == 0) {
1465                 DEBUG(10,("get_correct_cversion: Driver is Win9x, cversion = 0\n"));
1466                 *perr = WERR_OK;
1467                 return 0;
1468         }
1469
1470         /* If architecture is Windows x64, the version is always 3. */
1471         if (strcmp(architecture, SPL_ARCH_X64) == 0) {
1472                 DEBUG(10,("get_correct_cversion: Driver is x64, cversion = 3\n"));
1473                 *perr = WERR_OK;
1474                 return 3;
1475         }
1476
1477         fstrcpy(printdollar, "print$");
1478
1479         printdollar_snum = find_service(printdollar);
1480         if (printdollar_snum == -1) {
1481                 *perr = WERR_NO_SUCH_SHARE;
1482                 return -1;
1483         }
1484
1485         nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum,
1486                                        lp_pathname(printdollar_snum),
1487                                        p->server_info, &oldcwd);
1488         if (!NT_STATUS_IS_OK(nt_status)) {
1489                 DEBUG(0,("get_correct_cversion: create_conn_struct "
1490                          "returned %s\n", nt_errstr(nt_status)));
1491                 *perr = ntstatus_to_werror(nt_status);
1492                 return -1;
1493         }
1494
1495         /* Open the driver file (Portable Executable format) and determine the
1496          * deriver the cversion. */
1497         driverpath = talloc_asprintf(talloc_tos(),
1498                                         "%s/%s",
1499                                         architecture,
1500                                         driverpath_in);
1501         if (!driverpath) {
1502                 *perr = WERR_NOMEM;
1503                 goto error_exit;
1504         }
1505
1506         nt_status = driver_unix_convert(conn, driverpath, &smb_fname);
1507         if (!NT_STATUS_IS_OK(nt_status)) {
1508                 *perr = ntstatus_to_werror(nt_status);
1509                 goto error_exit;
1510         }
1511
1512         nt_status = vfs_file_exist(conn, smb_fname);
1513         if (!NT_STATUS_IS_OK(nt_status)) {
1514                 *perr = WERR_BADFILE;
1515                 goto error_exit;
1516         }
1517
1518         status = SMB_VFS_CREATE_FILE(
1519                 conn,                                   /* conn */
1520                 NULL,                                   /* req */
1521                 0,                                      /* root_dir_fid */
1522                 smb_fname,                              /* fname */
1523                 FILE_GENERIC_READ,                      /* access_mask */
1524                 FILE_SHARE_READ | FILE_SHARE_WRITE,     /* share_access */
1525                 FILE_OPEN,                              /* create_disposition*/
1526                 0,                                      /* create_options */
1527                 FILE_ATTRIBUTE_NORMAL,                  /* file_attributes */
1528                 INTERNAL_OPEN_ONLY,                     /* oplock_request */
1529                 0,                                      /* private_flags */
1530                 0,                                      /* allocation_size */
1531                 NULL,                                   /* sd */
1532                 NULL,                                   /* ea_list */
1533                 &fsp,                                   /* result */
1534                 NULL);                                  /* pinfo */
1535
1536         if (!NT_STATUS_IS_OK(status)) {
1537                 DEBUG(3,("get_correct_cversion: Can't open file [%s], errno = "
1538                          "%d\n", smb_fname_str_dbg(smb_fname), errno));
1539                 *perr = WERR_ACCESS_DENIED;
1540                 goto error_exit;
1541         } else {
1542                 uint32 major;
1543                 uint32 minor;
1544                 int    ret;
1545
1546                 ret = get_file_version(fsp, smb_fname->base_name, &major, &minor);
1547                 if (ret == -1) goto error_exit;
1548
1549                 if (!ret) {
1550                         DEBUG(6,("get_correct_cversion: Version info not "
1551                                  "found [%s]\n",
1552                                  smb_fname_str_dbg(smb_fname)));
1553                         goto error_exit;
1554                 }
1555
1556                 /*
1557                  * This is a Microsoft'ism. See references in MSDN to VER_FILEVERSION
1558                  * for more details. Version in this case is not just the version of the
1559                  * file, but the version in the sense of kernal mode (2) vs. user mode
1560                  * (3) drivers. Other bits of the version fields are the version info.
1561                  * JRR 010716
1562                 */
1563                 cversion = major & 0x0000ffff;
1564                 switch (cversion) {
1565                         case 2: /* WinNT drivers */
1566                         case 3: /* Win2K drivers */
1567                                 break;
1568
1569                         default:
1570                                 DEBUG(6,("get_correct_cversion: cversion "
1571                                          "invalid [%s]  cversion = %d\n",
1572                                          smb_fname_str_dbg(smb_fname),
1573                                          cversion));
1574                                 goto error_exit;
1575                 }
1576
1577                 DEBUG(10,("get_correct_cversion: Version info found [%s] major"
1578                           " = 0x%x  minor = 0x%x\n",
1579                           smb_fname_str_dbg(smb_fname), major, minor));
1580         }
1581
1582         DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n",
1583                   smb_fname_str_dbg(smb_fname), cversion));
1584
1585         goto done;
1586
1587  error_exit:
1588         cversion = -1;
1589  done:
1590         TALLOC_FREE(smb_fname);
1591         if (fsp != NULL) {
1592                 close_file(NULL, fsp, NORMAL_CLOSE);
1593         }
1594         if (conn != NULL) {
1595                 vfs_ChDir(conn, oldcwd);
1596                 conn_free(conn);
1597         }
1598         if (cversion != -1) {
1599                 *perr = WERR_OK;
1600         }
1601         return cversion;
1602 }
1603
1604 /****************************************************************************
1605 ****************************************************************************/
1606
1607 #define strip_driver_path(_mem_ctx, _element) do { \
1608         if ((_p = strrchr((_element), '\\')) != NULL) { \
1609                 (_element) = talloc_asprintf((_mem_ctx), "%s", _p+1); \
1610                 W_ERROR_HAVE_NO_MEMORY((_element)); \
1611         } \
1612 } while (0);
1613
1614 static WERROR clean_up_driver_struct_level(TALLOC_CTX *mem_ctx,
1615                                            struct pipes_struct *rpc_pipe,
1616                                            const char *architecture,
1617                                            const char **driver_path,
1618                                            const char **data_file,
1619                                            const char **config_file,
1620                                            const char **help_file,
1621                                            struct spoolss_StringArray *dependent_files,
1622                                            uint32_t *version)
1623 {
1624         const char *short_architecture;
1625         int i;
1626         WERROR err;
1627         char *_p;
1628
1629         /* clean up the driver name.
1630          * we can get .\driver.dll
1631          * or worse c:\windows\system\driver.dll !
1632          */
1633         /* using an intermediate string to not have overlaping memcpy()'s */
1634
1635         strip_driver_path(mem_ctx, *driver_path);
1636         strip_driver_path(mem_ctx, *data_file);
1637         strip_driver_path(mem_ctx, *config_file);
1638         strip_driver_path(mem_ctx, *help_file);
1639
1640         if (dependent_files && dependent_files->string) {
1641                 for (i=0; dependent_files->string[i]; i++) {
1642                         strip_driver_path(mem_ctx, dependent_files->string[i]);
1643                 }
1644         }
1645
1646         short_architecture = get_short_archi(architecture);
1647         if (!short_architecture) {
1648                 return WERR_UNKNOWN_PRINTER_DRIVER;
1649         }
1650
1651         /* jfm:7/16/2000 the client always sends the cversion=0.
1652          * The server should check which version the driver is by reading
1653          * the PE header of driver->driverpath.
1654          *
1655          * For Windows 95/98 the version is 0 (so the value sent is correct)
1656          * For Windows NT (the architecture doesn't matter)
1657          *      NT 3.1: cversion=0
1658          *      NT 3.5/3.51: cversion=1
1659          *      NT 4: cversion=2
1660          *      NT2K: cversion=3
1661          */
1662
1663         *version = get_correct_cversion(rpc_pipe, short_architecture,
1664                                         *driver_path, &err);
1665         if (*version == -1) {
1666                 return err;
1667         }
1668
1669         return WERR_OK;
1670 }
1671
1672 /****************************************************************************
1673 ****************************************************************************/
1674
1675 WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe,
1676                               struct spoolss_AddDriverInfoCtr *r)
1677 {
1678         switch (r->level) {
1679         case 3:
1680                 return clean_up_driver_struct_level(r, rpc_pipe,
1681                                                     r->info.info3->architecture,
1682                                                     &r->info.info3->driver_path,
1683                                                     &r->info.info3->data_file,
1684                                                     &r->info.info3->config_file,
1685                                                     &r->info.info3->help_file,
1686                                                     r->info.info3->dependent_files,
1687                                                     &r->info.info3->version);
1688         case 6:
1689                 return clean_up_driver_struct_level(r, rpc_pipe,
1690                                                     r->info.info6->architecture,
1691                                                     &r->info.info6->driver_path,
1692                                                     &r->info.info6->data_file,
1693                                                     &r->info.info6->config_file,
1694                                                     &r->info.info6->help_file,
1695                                                     r->info.info6->dependent_files,
1696                                                     &r->info.info6->version);
1697         default:
1698                 return WERR_NOT_SUPPORTED;
1699         }
1700 }
1701
1702 /****************************************************************************
1703  This function sucks and should be replaced. JRA.
1704 ****************************************************************************/
1705
1706 static void convert_level_6_to_level3(struct spoolss_AddDriverInfo3 *dst,
1707                                       const struct spoolss_AddDriverInfo6 *src)
1708 {
1709         dst->version            = src->version;
1710
1711         dst->driver_name        = src->driver_name;
1712         dst->architecture       = src->architecture;
1713         dst->driver_path        = src->driver_path;
1714         dst->data_file          = src->data_file;
1715         dst->config_file        = src->config_file;
1716         dst->help_file          = src->help_file;
1717         dst->monitor_name       = src->monitor_name;
1718         dst->default_datatype   = src->default_datatype;
1719         dst->_ndr_size_dependent_files = src->_ndr_size_dependent_files;
1720         dst->dependent_files    = src->dependent_files;
1721 }
1722
1723 /****************************************************************************
1724  This function sucks and should be replaced. JRA.
1725 ****************************************************************************/
1726
1727 static void convert_level_8_to_level3(TALLOC_CTX *mem_ctx,
1728                                       struct spoolss_AddDriverInfo3 *dst,
1729                                       const struct spoolss_DriverInfo8 *src)
1730 {
1731         dst->version            = src->version;
1732         dst->driver_name        = src->driver_name;
1733         dst->architecture       = src->architecture;
1734         dst->driver_path        = src->driver_path;
1735         dst->data_file          = src->data_file;
1736         dst->config_file        = src->config_file;
1737         dst->help_file          = src->help_file;
1738         dst->monitor_name       = src->monitor_name;
1739         dst->default_datatype   = src->default_datatype;
1740         if (src->dependent_files) {
1741                 dst->dependent_files = talloc_zero(mem_ctx, struct spoolss_StringArray);
1742                 if (!dst->dependent_files) return;
1743                 dst->dependent_files->string = src->dependent_files;
1744         } else {
1745                 dst->dependent_files = NULL;
1746         }
1747 }
1748
1749 /****************************************************************************
1750 ****************************************************************************/
1751
1752 static WERROR move_driver_file_to_download_area(TALLOC_CTX *mem_ctx,
1753                                                 connection_struct *conn,
1754                                                 const char *driver_file,
1755                                                 const char *short_architecture,
1756                                                 uint32_t driver_version,
1757                                                 uint32_t version)
1758 {
1759         struct smb_filename *smb_fname_old = NULL;
1760         struct smb_filename *smb_fname_new = NULL;
1761         char *old_name = NULL;
1762         char *new_name = NULL;
1763         NTSTATUS status;
1764         WERROR ret;
1765
1766         old_name = talloc_asprintf(mem_ctx, "%s/%s",
1767                                    short_architecture, driver_file);
1768         W_ERROR_HAVE_NO_MEMORY(old_name);
1769
1770         new_name = talloc_asprintf(mem_ctx, "%s/%d/%s",
1771                                    short_architecture, driver_version, driver_file);
1772         if (new_name == NULL) {
1773                 TALLOC_FREE(old_name);
1774                 return WERR_NOMEM;
1775         }
1776
1777         if (version != -1 && (version = file_version_is_newer(conn, old_name, new_name)) > 0) {
1778
1779                 status = driver_unix_convert(conn, old_name, &smb_fname_old);
1780                 if (!NT_STATUS_IS_OK(status)) {
1781                         ret = WERR_NOMEM;
1782                         goto out;
1783                 }
1784
1785                 /* Setup a synthetic smb_filename struct */
1786                 smb_fname_new = TALLOC_ZERO_P(mem_ctx, struct smb_filename);
1787                 if (!smb_fname_new) {
1788                         ret = WERR_NOMEM;
1789                         goto out;
1790                 }
1791
1792                 smb_fname_new->base_name = new_name;
1793
1794                 DEBUG(10,("move_driver_file_to_download_area: copying '%s' to "
1795                           "'%s'\n", smb_fname_old->base_name,
1796                           smb_fname_new->base_name));
1797
1798                 status = copy_file(mem_ctx, conn, smb_fname_old, smb_fname_new,
1799                                    OPENX_FILE_EXISTS_TRUNCATE |
1800                                    OPENX_FILE_CREATE_IF_NOT_EXIST,
1801                                    0, false);
1802
1803                 if (!NT_STATUS_IS_OK(status)) {
1804                         DEBUG(0,("move_driver_file_to_download_area: Unable "
1805                                  "to rename [%s] to [%s]: %s\n",
1806                                  smb_fname_old->base_name, new_name,
1807                                  nt_errstr(status)));
1808                         ret = WERR_ACCESS_DENIED;
1809                         goto out;
1810                 }
1811         }
1812
1813         ret = WERR_OK;
1814  out:
1815         TALLOC_FREE(smb_fname_old);
1816         TALLOC_FREE(smb_fname_new);
1817         return ret;
1818 }
1819
1820 WERROR move_driver_to_download_area(struct pipes_struct *p,
1821                                     struct spoolss_AddDriverInfoCtr *r,
1822                                     WERROR *perr)
1823 {
1824         struct spoolss_AddDriverInfo3 *driver;
1825         struct spoolss_AddDriverInfo3 converted_driver;
1826         const char *short_architecture;
1827         struct smb_filename *smb_dname = NULL;
1828         char *new_dir = NULL;
1829         connection_struct *conn = NULL;
1830         NTSTATUS nt_status;
1831         int i;
1832         TALLOC_CTX *ctx = talloc_tos();
1833         int ver = 0;
1834         char *oldcwd;
1835         fstring printdollar;
1836         int printdollar_snum;
1837
1838         *perr = WERR_OK;
1839
1840         switch (r->level) {
1841         case 3:
1842                 driver = r->info.info3;
1843                 break;
1844         case 6:
1845                 convert_level_6_to_level3(&converted_driver, r->info.info6);
1846                 driver = &converted_driver;
1847                 break;
1848         default:
1849                 DEBUG(0,("move_driver_to_download_area: Unknown info level (%u)\n", (unsigned int)r->level));
1850                 return WERR_UNKNOWN_LEVEL;
1851         }
1852
1853         short_architecture = get_short_archi(driver->architecture);
1854         if (!short_architecture) {
1855                 return WERR_UNKNOWN_PRINTER_DRIVER;
1856         }
1857
1858         fstrcpy(printdollar, "print$");
1859
1860         printdollar_snum = find_service(printdollar);
1861         if (printdollar_snum == -1) {
1862                 *perr = WERR_NO_SUCH_SHARE;
1863                 return WERR_NO_SUCH_SHARE;
1864         }
1865
1866         nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum,
1867                                        lp_pathname(printdollar_snum),
1868                                        p->server_info, &oldcwd);
1869         if (!NT_STATUS_IS_OK(nt_status)) {
1870                 DEBUG(0,("move_driver_to_download_area: create_conn_struct "
1871                          "returned %s\n", nt_errstr(nt_status)));
1872                 *perr = ntstatus_to_werror(nt_status);
1873                 return *perr;
1874         }
1875
1876         new_dir = talloc_asprintf(ctx,
1877                                 "%s/%d",
1878                                 short_architecture,
1879                                 driver->version);
1880         if (!new_dir) {
1881                 *perr = WERR_NOMEM;
1882                 goto err_exit;
1883         }
1884         nt_status = driver_unix_convert(conn, new_dir, &smb_dname);
1885         if (!NT_STATUS_IS_OK(nt_status)) {
1886                 *perr = WERR_NOMEM;
1887                 goto err_exit;
1888         }
1889
1890         DEBUG(5,("Creating first directory: %s\n", smb_dname->base_name));
1891
1892         create_directory(conn, NULL, smb_dname);
1893
1894         /* For each driver file, archi\filexxx.yyy, if there is a duplicate file
1895          * listed for this driver which has already been moved, skip it (note:
1896          * drivers may list the same file name several times. Then check if the
1897          * file already exists in archi\version\, if so, check that the version
1898          * info (or time stamps if version info is unavailable) is newer (or the
1899          * date is later). If it is, move it to archi\version\filexxx.yyy.
1900          * Otherwise, delete the file.
1901          *
1902          * If a file is not moved to archi\version\ because of an error, all the
1903          * rest of the 'unmoved' driver files are removed from archi\. If one or
1904          * more of the driver's files was already moved to archi\version\, it
1905          * potentially leaves the driver in a partially updated state. Version
1906          * trauma will most likely occur if an client attempts to use any printer
1907          * bound to the driver. Perhaps a rewrite to make sure the moves can be
1908          * done is appropriate... later JRR
1909          */
1910
1911         DEBUG(5,("Moving files now !\n"));
1912
1913         if (driver->driver_path && strlen(driver->driver_path)) {
1914
1915                 *perr = move_driver_file_to_download_area(ctx,
1916                                                           conn,
1917                                                           driver->driver_path,
1918                                                           short_architecture,
1919                                                           driver->version,
1920                                                           ver);
1921                 if (!W_ERROR_IS_OK(*perr)) {
1922                         if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1923                                 ver = -1;
1924                         }
1925                         goto err_exit;
1926                 }
1927         }
1928
1929         if (driver->data_file && strlen(driver->data_file)) {
1930                 if (!strequal(driver->data_file, driver->driver_path)) {
1931
1932                         *perr = move_driver_file_to_download_area(ctx,
1933                                                                   conn,
1934                                                                   driver->data_file,
1935                                                                   short_architecture,
1936                                                                   driver->version,
1937                                                                   ver);
1938                         if (!W_ERROR_IS_OK(*perr)) {
1939                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1940                                         ver = -1;
1941                                 }
1942                                 goto err_exit;
1943                         }
1944                 }
1945         }
1946
1947         if (driver->config_file && strlen(driver->config_file)) {
1948                 if (!strequal(driver->config_file, driver->driver_path) &&
1949                     !strequal(driver->config_file, driver->data_file)) {
1950
1951                         *perr = move_driver_file_to_download_area(ctx,
1952                                                                   conn,
1953                                                                   driver->config_file,
1954                                                                   short_architecture,
1955                                                                   driver->version,
1956                                                                   ver);
1957                         if (!W_ERROR_IS_OK(*perr)) {
1958                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1959                                         ver = -1;
1960                                 }
1961                                 goto err_exit;
1962                         }
1963                 }
1964         }
1965
1966         if (driver->help_file && strlen(driver->help_file)) {
1967                 if (!strequal(driver->help_file, driver->driver_path) &&
1968                     !strequal(driver->help_file, driver->data_file) &&
1969                     !strequal(driver->help_file, driver->config_file)) {
1970
1971                         *perr = move_driver_file_to_download_area(ctx,
1972                                                                   conn,
1973                                                                   driver->help_file,
1974                                                                   short_architecture,
1975                                                                   driver->version,
1976                                                                   ver);
1977                         if (!W_ERROR_IS_OK(*perr)) {
1978                                 if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
1979                                         ver = -1;
1980                                 }
1981                                 goto err_exit;
1982                         }
1983                 }
1984         }
1985
1986         if (driver->dependent_files && driver->dependent_files->string) {
1987                 for (i=0; driver->dependent_files->string[i]; i++) {
1988                         if (!strequal(driver->dependent_files->string[i], driver->driver_path) &&
1989                             !strequal(driver->dependent_files->string[i], driver->data_file) &&
1990                             !strequal(driver->dependent_files->string[i], driver->config_file) &&
1991                             !strequal(driver->dependent_files->string[i], driver->help_file)) {
1992                                 int j;
1993                                 for (j=0; j < i; j++) {
1994                                         if (strequal(driver->dependent_files->string[i], driver->dependent_files->string[j])) {
1995                                                 goto NextDriver;
1996                                         }
1997                                 }
1998
1999                                 *perr = move_driver_file_to_download_area(ctx,
2000                                                                           conn,
2001                                                                           driver->dependent_files->string[i],
2002                                                                           short_architecture,
2003                                                                           driver->version,
2004                                                                           ver);
2005                                 if (!W_ERROR_IS_OK(*perr)) {
2006                                         if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) {
2007                                                 ver = -1;
2008                                         }
2009                                         goto err_exit;
2010                                 }
2011                         }
2012                 NextDriver: ;
2013                 }
2014         }
2015
2016   err_exit:
2017         TALLOC_FREE(smb_dname);
2018
2019         if (conn != NULL) {
2020                 vfs_ChDir(conn, oldcwd);
2021                 conn_free(conn);
2022         }
2023
2024         if (W_ERROR_EQUAL(*perr, WERR_OK)) {
2025                 return WERR_OK;
2026         }
2027         if (ver == -1) {
2028                 return WERR_UNKNOWN_PRINTER_DRIVER;
2029         }
2030         return (*perr);
2031 }
2032
2033 /****************************************************************************
2034 ****************************************************************************/
2035
2036 static uint32 add_a_printer_driver_3(struct spoolss_AddDriverInfo3 *driver)
2037 {
2038         TALLOC_CTX *ctx = talloc_tos();
2039         int len, buflen;
2040         const char *architecture;
2041         char *directory = NULL;
2042         char *key = NULL;
2043         uint8 *buf;
2044         int i, ret;
2045         TDB_DATA dbuf;
2046
2047         architecture = get_short_archi(driver->architecture);
2048         if (!architecture) {
2049                 return (uint32)-1;
2050         }
2051
2052         /* The names are relative. We store them in the form: \print$\arch\version\driver.xxx
2053          * \\server is added in the rpc server layer.
2054          * It does make sense to NOT store the server's name in the printer TDB.
2055          */
2056
2057         directory = talloc_asprintf(ctx, "\\print$\\%s\\%d\\",
2058                         architecture, driver->version);
2059         if (!directory) {
2060                 return (uint32)-1;
2061         }
2062
2063 #define gen_full_driver_unc_path(ctx, directory, file) \
2064         do { \
2065                 if (file && strlen(file)) { \
2066                         file = talloc_asprintf(ctx, "%s%s", directory, file); \
2067                 } else { \
2068                         file = talloc_strdup(ctx, ""); \
2069                 } \
2070                 if (!file) { \
2071                         return (uint32_t)-1; \
2072                 } \
2073         } while (0);
2074
2075         /* .inf files do not always list a file for each of the four standard files.
2076          * Don't prepend a path to a null filename, or client claims:
2077          *   "The server on which the printer resides does not have a suitable
2078          *   <printer driver name> printer driver installed. Click OK if you
2079          *   wish to install the driver on your local machine."
2080          */
2081
2082         gen_full_driver_unc_path(ctx, directory, driver->driver_path);
2083         gen_full_driver_unc_path(ctx, directory, driver->data_file);
2084         gen_full_driver_unc_path(ctx, directory, driver->config_file);
2085         gen_full_driver_unc_path(ctx, directory, driver->help_file);
2086
2087         if (driver->dependent_files && driver->dependent_files->string) {
2088                 for (i=0; driver->dependent_files->string[i]; i++) {
2089                         gen_full_driver_unc_path(ctx, directory,
2090                                 driver->dependent_files->string[i]);
2091                 }
2092         }
2093
2094         key = talloc_asprintf(ctx, "%s%s/%d/%s", DRIVERS_PREFIX,
2095                         architecture, driver->version, driver->driver_name);
2096         if (!key) {
2097                 return (uint32)-1;
2098         }
2099
2100         DEBUG(5,("add_a_printer_driver_3: Adding driver with key %s\n", key ));
2101
2102         buf = NULL;
2103         len = buflen = 0;
2104
2105  again:
2106         len = 0;
2107         len += tdb_pack(buf+len, buflen-len, "dffffffff",
2108                         driver->version,
2109                         driver->driver_name,
2110                         driver->architecture,
2111                         driver->driver_path,
2112                         driver->data_file,
2113                         driver->config_file,
2114                         driver->help_file,
2115                         driver->monitor_name ? driver->monitor_name : "",
2116                         driver->default_datatype ? driver->default_datatype : "");
2117
2118         if (driver->dependent_files && driver->dependent_files->string) {
2119                 for (i=0; driver->dependent_files->string[i]; i++) {
2120                         len += tdb_pack(buf+len, buflen-len, "f",
2121                                         driver->dependent_files->string[i]);
2122                 }
2123         }
2124
2125         if (len != buflen) {
2126                 buf = (uint8 *)SMB_REALLOC(buf, len);
2127                 if (!buf) {
2128                         DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
2129                         ret = -1;
2130                         goto done;
2131                 }
2132                 buflen = len;
2133                 goto again;
2134         }
2135
2136         dbuf.dptr = buf;
2137         dbuf.dsize = len;
2138
2139         ret = tdb_store_bystring(tdb_drivers, key, dbuf, TDB_REPLACE);
2140
2141 done:
2142         if (ret)
2143                 DEBUG(0,("add_a_printer_driver_3: Adding driver with key %s failed.\n", key ));
2144
2145         SAFE_FREE(buf);
2146         return ret;
2147 }
2148
2149 /****************************************************************************
2150 ****************************************************************************/
2151
2152 static uint32_t add_a_printer_driver_8(struct spoolss_DriverInfo8 *driver)
2153 {
2154         TALLOC_CTX *mem_ctx = talloc_new(talloc_tos());
2155         struct spoolss_AddDriverInfo3 info3;
2156         uint32_t ret;
2157
2158         convert_level_8_to_level3(mem_ctx, &info3, driver);
2159
2160         ret = add_a_printer_driver_3(&info3);
2161         talloc_free(mem_ctx);
2162
2163         return ret;
2164 }
2165
2166 /****************************************************************************
2167 ****************************************************************************/
2168
2169 static WERROR get_a_printer_driver_3_default(TALLOC_CTX *mem_ctx,
2170                                              struct spoolss_DriverInfo3 *info,
2171                                              const char *driver, const char *arch)
2172 {
2173         info->driver_name = talloc_strdup(mem_ctx, driver);
2174         if (!info->driver_name) {
2175                 return WERR_NOMEM;
2176         }
2177
2178         info->default_datatype = talloc_strdup(mem_ctx, "RAW");
2179         if (!info->default_datatype) {
2180                 return WERR_NOMEM;
2181         }
2182
2183         info->driver_path = talloc_strdup(mem_ctx, "");
2184         info->data_file = talloc_strdup(mem_ctx, "");
2185         info->config_file = talloc_strdup(mem_ctx, "");
2186         info->help_file = talloc_strdup(mem_ctx, "");
2187         if (!info->driver_path || !info->data_file || !info->config_file || !info->help_file) {
2188                 return WERR_NOMEM;
2189         }
2190
2191         return WERR_OK;
2192 }
2193
2194 /****************************************************************************
2195 ****************************************************************************/
2196
2197 static WERROR get_a_printer_driver_3(TALLOC_CTX *mem_ctx,
2198                                      struct spoolss_DriverInfo3 *driver,
2199                                      const char *drivername, const char *arch,
2200                                      uint32_t version)
2201 {
2202         TDB_DATA dbuf;
2203         const char *architecture;
2204         int len = 0;
2205         int i;
2206         char *key = NULL;
2207         fstring name, driverpath, environment, datafile, configfile, helpfile, monitorname, defaultdatatype;
2208
2209         architecture = get_short_archi(arch);
2210         if ( !architecture ) {
2211                 return WERR_UNKNOWN_PRINTER_DRIVER;
2212         }
2213
2214         /* Windows 4.0 (i.e. win9x) should always use a version of 0 */
2215
2216         if ( strcmp( architecture, SPL_ARCH_WIN40 ) == 0 )
2217                 version = 0;
2218
2219         DEBUG(8,("get_a_printer_driver_3: [%s%s/%d/%s]\n", DRIVERS_PREFIX, architecture, version, drivername));
2220
2221         if (asprintf(&key, "%s%s/%d/%s", DRIVERS_PREFIX,
2222                                 architecture, version, drivername) < 0) {
2223                 return WERR_NOMEM;
2224         }
2225
2226         dbuf = tdb_fetch_bystring(tdb_drivers, key);
2227         if (!dbuf.dptr) {
2228                 SAFE_FREE(key);
2229                 return WERR_UNKNOWN_PRINTER_DRIVER;
2230         }
2231
2232         len += tdb_unpack(dbuf.dptr, dbuf.dsize, "dffffffff",
2233                           &driver->version,
2234                           name,
2235                           environment,
2236                           driverpath,
2237                           datafile,
2238                           configfile,
2239                           helpfile,
2240                           monitorname,
2241                           defaultdatatype);
2242
2243         driver->driver_name     = talloc_strdup(mem_ctx, name);
2244         driver->architecture    = talloc_strdup(mem_ctx, environment);
2245         driver->driver_path     = talloc_strdup(mem_ctx, driverpath);
2246         driver->data_file       = talloc_strdup(mem_ctx, datafile);
2247         driver->config_file     = talloc_strdup(mem_ctx, configfile);
2248         driver->help_file       = talloc_strdup(mem_ctx, helpfile);
2249         driver->monitor_name    = talloc_strdup(mem_ctx, monitorname);
2250         driver->default_datatype        = talloc_strdup(mem_ctx, defaultdatatype);
2251
2252         i=0;
2253
2254         while (len < dbuf.dsize) {
2255
2256                 fstring file;
2257
2258                 driver->dependent_files = talloc_realloc(mem_ctx, driver->dependent_files, const char *, i+2);
2259                 if (!driver->dependent_files ) {
2260                         DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
2261                         break;
2262                 }
2263
2264                 len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f",
2265                                   &file);
2266
2267                 driver->dependent_files[i] = talloc_strdup(mem_ctx, file);
2268
2269                 i++;
2270         }
2271
2272         if (driver->dependent_files)
2273                 driver->dependent_files[i] = NULL;
2274
2275         SAFE_FREE(dbuf.dptr);
2276         SAFE_FREE(key);
2277
2278         if (len != dbuf.dsize) {
2279                 return get_a_printer_driver_3_default(mem_ctx, driver, drivername, arch);
2280         }
2281
2282         return WERR_OK;
2283 }
2284
2285 /****************************************************************************
2286 ****************************************************************************/
2287 int pack_devicemode(NT_DEVICEMODE *nt_devmode, uint8 *buf, int buflen)
2288 {
2289         int len = 0;
2290
2291         len += tdb_pack(buf+len, buflen-len, "p", nt_devmode);
2292
2293         if (!nt_devmode)
2294                 return len;
2295
2296         len += tdb_pack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
2297                         nt_devmode->devicename,
2298                         nt_devmode->formname,
2299
2300                         nt_devmode->specversion,
2301                         nt_devmode->driverversion,
2302                         nt_devmode->size,
2303                         nt_devmode->driverextra,
2304                         nt_devmode->orientation,
2305                         nt_devmode->papersize,
2306                         nt_devmode->paperlength,
2307                         nt_devmode->paperwidth,
2308                         nt_devmode->scale,
2309                         nt_devmode->copies,
2310                         nt_devmode->defaultsource,
2311                         nt_devmode->printquality,
2312                         nt_devmode->color,
2313                         nt_devmode->duplex,
2314                         nt_devmode->yresolution,
2315                         nt_devmode->ttoption,
2316                         nt_devmode->collate,
2317                         nt_devmode->logpixels,
2318
2319                         nt_devmode->fields,
2320                         nt_devmode->bitsperpel,
2321                         nt_devmode->pelswidth,
2322                         nt_devmode->pelsheight,
2323                         nt_devmode->displayflags,
2324                         nt_devmode->displayfrequency,
2325                         nt_devmode->icmmethod,
2326                         nt_devmode->icmintent,
2327                         nt_devmode->mediatype,
2328                         nt_devmode->dithertype,
2329                         nt_devmode->reserved1,
2330                         nt_devmode->reserved2,
2331                         nt_devmode->panningwidth,
2332                         nt_devmode->panningheight,
2333                         nt_devmode->nt_dev_private);
2334
2335         if (nt_devmode->nt_dev_private) {
2336                 len += tdb_pack(buf+len, buflen-len, "B",
2337                                 nt_devmode->driverextra,
2338                                 nt_devmode->nt_dev_private);
2339         }
2340
2341         DEBUG(8,("Packed devicemode [%s]\n", nt_devmode->formname));
2342
2343         return len;
2344 }
2345
2346 /****************************************************************************
2347  Pack all values in all printer keys
2348  ***************************************************************************/
2349
2350 static int pack_values(NT_PRINTER_DATA *data, uint8 *buf, int buflen)
2351 {
2352         int             len = 0;
2353         int             i, j;
2354         struct regval_blob      *val;
2355         struct regval_ctr       *val_ctr;
2356         char *path = NULL;
2357         int             num_values;
2358
2359         if ( !data )
2360                 return 0;
2361
2362         /* loop over all keys */
2363
2364         for ( i=0; i<data->num_keys; i++ ) {
2365                 val_ctr = data->keys[i].values;
2366                 num_values = regval_ctr_numvals( val_ctr );
2367
2368                 /* pack the keyname followed by a empty value */
2369
2370                 len += tdb_pack(buf+len, buflen-len, "pPdB",
2371                                 &data->keys[i].name,
2372                                 data->keys[i].name,
2373                                 REG_NONE,
2374                                 0,
2375                                 NULL);
2376
2377                 /* now loop over all values */
2378
2379                 for ( j=0; j<num_values; j++ ) {
2380                         /* pathname should be stored as <key>\<value> */
2381
2382                         val = regval_ctr_specific_value( val_ctr, j );
2383                         if (asprintf(&path, "%s\\%s",
2384                                         data->keys[i].name,
2385                                         regval_name(val)) < 0) {
2386                                 return -1;
2387                         }
2388
2389                         len += tdb_pack(buf+len, buflen-len, "pPdB",
2390                                         val,
2391                                         path,
2392                                         regval_type(val),
2393                                         regval_size(val),
2394                                         regval_data_p(val) );
2395
2396                         DEBUG(8,("specific: [%s], len: %d\n", regval_name(val), regval_size(val)));
2397                         SAFE_FREE(path);
2398                 }
2399
2400         }
2401
2402         /* terminator */
2403
2404         len += tdb_pack(buf+len, buflen-len, "p", NULL);
2405
2406         return len;
2407 }
2408
2409
2410 /****************************************************************************
2411  Delete a printer - this just deletes the printer info file, any open
2412  handles are not affected.
2413 ****************************************************************************/
2414
2415 uint32 del_a_printer(const char *sharename)
2416 {
2417         TDB_DATA kbuf;
2418         char *printdb_path = NULL;
2419         TALLOC_CTX *ctx = talloc_tos();
2420
2421         kbuf = make_printer_tdbkey(ctx, sharename);
2422         tdb_delete(tdb_printers, kbuf);
2423
2424         kbuf= make_printers_secdesc_tdbkey(ctx, sharename);
2425         tdb_delete(tdb_printers, kbuf);
2426
2427         close_all_print_db();
2428
2429         if (geteuid() == sec_initial_uid()) {
2430                 if (asprintf(&printdb_path, "%s%s.tdb",
2431                                 cache_path("printing/"),
2432                                 sharename) < 0) {
2433                         return (uint32)-1;
2434                 }
2435                 unlink(printdb_path);
2436                 SAFE_FREE(printdb_path);
2437         }
2438
2439         return 0;
2440 }
2441
2442 /****************************************************************************
2443 ****************************************************************************/
2444 static WERROR update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
2445 {
2446         uint8 *buf;
2447         int buflen, len;
2448         int retlen;
2449         WERROR ret;
2450         TDB_DATA kbuf, dbuf;
2451
2452         /*
2453          * in addprinter: no servername and the printer is the name
2454          * in setprinter: servername is \\server
2455          *                and printer is \\server\\printer
2456          *
2457          * Samba manages only local printers.
2458          * we currently don't support things like i
2459          * path=\\other_server\printer
2460          *
2461          * We only store the printername, not \\server\printername
2462          */
2463
2464         if ( info->servername[0] != '\0' ) {
2465                 trim_string(info->printername, info->servername, NULL);
2466                 trim_char(info->printername, '\\', '\0');
2467                 info->servername[0]='\0';
2468         }
2469
2470         /*
2471          * JFM: one day I'll forget.
2472          * below that's info->portname because that's the SAMBA sharename
2473          * and I made NT 'thinks' it's the portname
2474          * the info->sharename is the thing you can name when you add a printer
2475          * that's the short-name when you create shared printer for 95/98
2476          * So I've made a limitation in SAMBA: you can only have 1 printer model
2477          * behind a SAMBA share.
2478          */
2479
2480         buf = NULL;
2481         buflen = 0;
2482
2483  again:
2484         len = 0;
2485         len += tdb_pack(buf+len, buflen-len, "dddddddddddfffffPfffff",
2486                         info->attributes,
2487                         info->priority,
2488                         info->default_priority,
2489                         info->starttime,
2490                         info->untiltime,
2491                         info->status,
2492                         info->cjobs,
2493                         info->averageppm,
2494                         info->changeid,
2495                         info->c_setprinter,
2496                         info->setuptime,
2497                         info->servername,
2498                         info->printername,
2499                         info->sharename,
2500                         info->portname,
2501                         info->drivername,
2502                         info->comment,
2503                         info->location,
2504                         info->sepfile,
2505                         info->printprocessor,
2506                         info->datatype,
2507                         info->parameters);
2508
2509         len += pack_devicemode(info->devmode, buf+len, buflen-len);
2510         retlen = pack_values( info->data, buf+len, buflen-len );
2511         if (retlen == -1) {
2512                 ret = WERR_NOMEM;
2513                 goto done;
2514         }
2515         len += retlen;
2516
2517         if (buflen != len) {
2518                 buf = (uint8 *)SMB_REALLOC(buf, len);
2519                 if (!buf) {
2520                         DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
2521                         ret = WERR_NOMEM;
2522                         goto done;
2523                 }
2524                 buflen = len;
2525                 goto again;
2526         }
2527
2528         kbuf = make_printer_tdbkey(talloc_tos(), info->sharename );
2529
2530         dbuf.dptr = buf;
2531         dbuf.dsize = len;
2532
2533         ret = (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) == 0? WERR_OK : WERR_NOMEM);
2534
2535 done:
2536         if (!W_ERROR_IS_OK(ret))
2537                 DEBUG(8, ("error updating printer to tdb on disk\n"));
2538
2539         SAFE_FREE(buf);
2540
2541         DEBUG(8,("packed printer [%s] with driver [%s] portname=[%s] len=%d\n",
2542                  info->sharename, info->drivername, info->portname, len));
2543
2544         return ret;
2545 }
2546
2547
2548 /****************************************************************************
2549  Malloc and return an NT devicemode.
2550 ****************************************************************************/
2551
2552 NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename)
2553 {
2554
2555         char adevice[MAXDEVICENAME];
2556         NT_DEVICEMODE *nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE);
2557
2558         if (nt_devmode == NULL) {
2559                 DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));
2560                 return NULL;
2561         }
2562
2563         ZERO_STRUCTP(nt_devmode);
2564
2565         slprintf(adevice, sizeof(adevice), "%s", default_devicename);
2566         fstrcpy(nt_devmode->devicename, adevice);
2567
2568         fstrcpy(nt_devmode->formname, "Letter");
2569
2570         nt_devmode->specversion      = DMSPEC_NT4_AND_ABOVE;
2571         nt_devmode->driverversion    = 0x0400;
2572         nt_devmode->size             = 0x00DC;
2573         nt_devmode->driverextra      = 0x0000;
2574         nt_devmode->fields           = DEVMODE_FORMNAME |
2575                                        DEVMODE_TTOPTION |
2576                                        DEVMODE_PRINTQUALITY |
2577                                        DEVMODE_DEFAULTSOURCE |
2578                                        DEVMODE_COPIES |
2579                                        DEVMODE_SCALE |
2580                                        DEVMODE_PAPERSIZE |
2581                                        DEVMODE_ORIENTATION;
2582         nt_devmode->orientation      = DMORIENT_PORTRAIT;
2583         nt_devmode->papersize        = DMPAPER_LETTER;
2584         nt_devmode->paperlength      = 0;
2585         nt_devmode->paperwidth       = 0;
2586         nt_devmode->scale            = 0x64;
2587         nt_devmode->copies           = 1;
2588         nt_devmode->defaultsource    = DMBIN_FORMSOURCE;
2589         nt_devmode->printquality     = DMRES_HIGH;           /* 0x0258 */
2590         nt_devmode->color            = DMRES_MONOCHROME;
2591         nt_devmode->duplex           = DMDUP_SIMPLEX;
2592         nt_devmode->yresolution      = 0;
2593         nt_devmode->ttoption         = DMTT_SUBDEV;
2594         nt_devmode->collate          = DMCOLLATE_FALSE;
2595         nt_devmode->icmmethod        = 0;
2596         nt_devmode->icmintent        = 0;
2597         nt_devmode->mediatype        = 0;
2598         nt_devmode->dithertype       = 0;
2599
2600         /* non utilisés par un driver d'imprimante */
2601         nt_devmode->logpixels        = 0;
2602         nt_devmode->bitsperpel       = 0;
2603         nt_devmode->pelswidth        = 0;
2604         nt_devmode->pelsheight       = 0;
2605         nt_devmode->displayflags     = 0;
2606         nt_devmode->displayfrequency = 0;
2607         nt_devmode->reserved1        = 0;
2608         nt_devmode->reserved2        = 0;
2609         nt_devmode->panningwidth     = 0;
2610         nt_devmode->panningheight    = 0;
2611
2612         nt_devmode->nt_dev_private = NULL;
2613         return nt_devmode;
2614 }
2615
2616 /****************************************************************************
2617  Clean up and deallocate a (maybe partially) allocated NT_DEVICEMODE.
2618 ****************************************************************************/
2619
2620 void free_nt_devicemode(NT_DEVICEMODE **devmode_ptr)
2621 {
2622         NT_DEVICEMODE *nt_devmode = *devmode_ptr;
2623
2624         if(nt_devmode == NULL)
2625                 return;
2626
2627         DEBUG(106,("free_nt_devicemode: deleting DEVMODE\n"));
2628
2629         SAFE_FREE(nt_devmode->nt_dev_private);
2630         SAFE_FREE(*devmode_ptr);
2631 }
2632
2633 /****************************************************************************
2634  Clean up and deallocate a (maybe partially) allocated NT_PRINTER_INFO_LEVEL_2.
2635 ****************************************************************************/
2636
2637 static void free_nt_printer_info_level_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr)
2638 {
2639         NT_PRINTER_INFO_LEVEL_2 *info = *info_ptr;
2640
2641         if ( !info )
2642                 return;
2643
2644         free_nt_devicemode(&info->devmode);
2645
2646         TALLOC_FREE( *info_ptr );
2647 }
2648
2649
2650 /****************************************************************************
2651 ****************************************************************************/
2652 int unpack_devicemode(NT_DEVICEMODE **nt_devmode, const uint8 *buf, int buflen)
2653 {
2654         int len = 0;
2655         int extra_len = 0;
2656         NT_DEVICEMODE devmode;
2657
2658         ZERO_STRUCT(devmode);
2659
2660         len += tdb_unpack(buf+len, buflen-len, "p", nt_devmode);
2661
2662         if (!*nt_devmode) return len;
2663
2664         len += tdb_unpack(buf+len, buflen-len, "ffwwwwwwwwwwwwwwwwwwddddddddddddddp",
2665                           devmode.devicename,
2666                           devmode.formname,
2667
2668                           &devmode.specversion,
2669                           &devmode.driverversion,
2670                           &devmode.size,
2671                           &devmode.driverextra,
2672                           &devmode.orientation,
2673                           &devmode.papersize,
2674                           &devmode.paperlength,
2675                           &devmode.paperwidth,
2676                           &devmode.scale,
2677                           &devmode.copies,
2678                           &devmode.defaultsource,
2679                           &devmode.printquality,
2680                           &devmode.color,
2681                           &devmode.duplex,
2682                           &devmode.yresolution,
2683                           &devmode.ttoption,
2684                           &devmode.collate,
2685                           &devmode.logpixels,
2686
2687                           &devmode.fields,
2688                           &devmode.bitsperpel,
2689                           &devmode.pelswidth,
2690                           &devmode.pelsheight,
2691                           &devmode.displayflags,
2692                           &devmode.displayfrequency,
2693                           &devmode.icmmethod,
2694                           &devmode.icmintent,
2695                           &devmode.mediatype,
2696                           &devmode.dithertype,
2697                           &devmode.reserved1,
2698                           &devmode.reserved2,
2699                           &devmode.panningwidth,
2700                           &devmode.panningheight,
2701                           &devmode.nt_dev_private);
2702
2703         if (devmode.nt_dev_private) {
2704                 /* the len in tdb_unpack is an int value and
2705                  * devmode.driverextra is only a short
2706                  */
2707                 len += tdb_unpack(buf+len, buflen-len, "B", &extra_len, &devmode.nt_dev_private);
2708                 devmode.driverextra=(uint16)extra_len;
2709
2710                 /* check to catch an invalid TDB entry so we don't segfault */
2711                 if (devmode.driverextra == 0) {
2712                         devmode.nt_dev_private = NULL;
2713                 }
2714         }
2715
2716         *nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
2717         if (!*nt_devmode) {
2718                 SAFE_FREE(devmode.nt_dev_private);
2719                 return -1;
2720         }
2721
2722         DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
2723         if (devmode.nt_dev_private)
2724                 DEBUG(8,("with a private section of %d bytes\n", devmode.driverextra));
2725
2726         return len;
2727 }
2728
2729 /****************************************************************************
2730  Allocate and initialize a new slot.
2731 ***************************************************************************/
2732
2733 int add_new_printer_key( NT_PRINTER_DATA *data, const char *name )
2734 {
2735         NT_PRINTER_KEY  *d;
2736         int             key_index;
2737
2738         if ( !name || !data )
2739                 return -1;
2740
2741         /* allocate another slot in the NT_PRINTER_KEY array */
2742
2743         if ( !(d = TALLOC_REALLOC_ARRAY( data, data->keys, NT_PRINTER_KEY, data->num_keys+1)) ) {
2744                 DEBUG(0,("add_new_printer_key: Realloc() failed!\n"));
2745                 return -1;
2746         }
2747
2748         data->keys = d;
2749
2750         key_index = data->num_keys;
2751
2752         /* initialze new key */
2753
2754         data->keys[key_index].name = talloc_strdup( data, name );
2755
2756         if ( !(data->keys[key_index].values = TALLOC_ZERO_P( data, struct regval_ctr )) )
2757                 return -1;
2758
2759         data->num_keys++;
2760
2761         DEBUG(10,("add_new_printer_key: Inserted new data key [%s]\n", name ));
2762
2763         return key_index;
2764 }
2765
2766 /****************************************************************************
2767  search for a registry key name in the existing printer data
2768  ***************************************************************************/
2769
2770 int delete_printer_key( NT_PRINTER_DATA *data, const char *name )
2771 {
2772         int i;
2773
2774         for ( i=0; i<data->num_keys; i++ ) {
2775                 if ( strequal( data->keys[i].name, name ) ) {
2776
2777                         /* cleanup memory */
2778
2779                         TALLOC_FREE( data->keys[i].name );
2780                         TALLOC_FREE( data->keys[i].values );
2781
2782                         /* if not the end of the array, move remaining elements down one slot */
2783
2784                         data->num_keys--;
2785                         if ( data->num_keys && (i < data->num_keys) )
2786                                 memmove( &data->keys[i], &data->keys[i+1], sizeof(NT_PRINTER_KEY)*(data->num_keys-i) );
2787
2788                         break;
2789                 }
2790         }
2791
2792
2793         return data->num_keys;
2794 }
2795
2796 /****************************************************************************
2797  search for a registry key name in the existing printer data
2798  ***************************************************************************/
2799
2800 int lookup_printerkey( NT_PRINTER_DATA *data, const char *name )
2801 {
2802         int             key_index = -1;
2803         int             i;
2804
2805         if ( !data || !name )
2806                 return -1;
2807
2808         DEBUG(12,("lookup_printerkey: Looking for [%s]\n", name));
2809
2810         /* loop over all existing keys */
2811
2812         for ( i=0; i<data->num_keys; i++ ) {
2813                 if ( strequal(data->keys[i].name, name) ) {
2814                         DEBUG(12,("lookup_printerkey: Found [%s]!\n", name));
2815                         key_index = i;
2816                         break;
2817
2818                 }
2819         }
2820
2821         return key_index;
2822 }
2823
2824 /****************************************************************************
2825  ***************************************************************************/
2826
2827 int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subkeys )
2828 {
2829         int     i, j;
2830         int     key_len;
2831         int     num_subkeys = 0;
2832         char    *p;
2833         fstring *subkeys_ptr = NULL;
2834         fstring subkeyname;
2835
2836         *subkeys = NULL;
2837
2838         if ( !data )
2839                 return 0;
2840
2841         if ( !key )
2842                 return -1;
2843
2844         /* special case of asking for the top level printer data registry key names */
2845
2846         if ( strlen(key) == 0 ) {
2847                 for ( i=0; i<data->num_keys; i++ ) {
2848
2849                         /* found a match, so allocate space and copy the name */
2850
2851                         if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
2852                                 DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
2853                                         num_subkeys+1));
2854                                 return -1;
2855                         }
2856
2857                         fstrcpy( subkeys_ptr[num_subkeys], data->keys[i].name );
2858                         num_subkeys++;
2859                 }
2860
2861                 goto done;
2862         }
2863
2864         /* asking for the subkeys of some key */
2865         /* subkey paths are stored in the key name using '\' as the delimiter */
2866
2867         for ( i=0; i<data->num_keys; i++ ) {
2868                 if ( StrnCaseCmp(data->keys[i].name, key, strlen(key)) == 0 ) {
2869
2870                         /* if we found the exact key, then break */
2871                         key_len = strlen( key );
2872                         if ( strlen(data->keys[i].name) == key_len )
2873                                 break;
2874
2875                         /* get subkey path */
2876
2877                         p = data->keys[i].name + key_len;
2878                         if ( *p == '\\' )
2879                                 p++;
2880                         fstrcpy( subkeyname, p );
2881                         if ( (p = strchr( subkeyname, '\\' )) )
2882                                 *p = '\0';
2883
2884                         /* don't add a key more than once */
2885
2886                         for ( j=0; j<num_subkeys; j++ ) {
2887                                 if ( strequal( subkeys_ptr[j], subkeyname ) )
2888                                         break;
2889                         }
2890
2891                         if ( j != num_subkeys )
2892                                 continue;
2893
2894                         /* found a match, so allocate space and copy the name */
2895
2896                         if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
2897                                 DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
2898                                         num_subkeys+1));
2899                                 return 0;
2900                         }
2901
2902                         fstrcpy( subkeys_ptr[num_subkeys], subkeyname );
2903                         num_subkeys++;
2904                 }
2905
2906         }
2907
2908         /* return error if the key was not found */
2909
2910         if ( i == data->num_keys ) {
2911                 SAFE_FREE(subkeys_ptr);
2912                 return -1;
2913         }
2914
2915 done:
2916         /* tag off the end */
2917
2918         if (num_subkeys)
2919                 fstrcpy(subkeys_ptr[num_subkeys], "" );
2920
2921         *subkeys = subkeys_ptr;
2922
2923         return num_subkeys;
2924 }
2925
2926 #ifdef HAVE_ADS
2927 static void map_sz_into_ctr(struct regval_ctr *ctr, const char *val_name,
2928                             const char *sz)
2929 {
2930         regval_ctr_delvalue(ctr, val_name);
2931         regval_ctr_addvalue_sz(ctr, val_name, sz);
2932 }
2933
2934 static void map_dword_into_ctr(struct regval_ctr *ctr, const char *val_name,
2935                                uint32 dword)
2936 {
2937         regval_ctr_delvalue(ctr, val_name);
2938         regval_ctr_addvalue(ctr, val_name, REG_DWORD,
2939                             (char *) &dword, sizeof(dword));
2940 }
2941
2942 static void map_bool_into_ctr(struct regval_ctr *ctr, const char *val_name,
2943                               bool b)
2944 {
2945         uint8 bin_bool = (b ? 1 : 0);
2946         regval_ctr_delvalue(ctr, val_name);
2947         regval_ctr_addvalue(ctr, val_name, REG_BINARY,
2948                             (char *) &bin_bool, sizeof(bin_bool));
2949 }
2950
2951 static void map_single_multi_sz_into_ctr(struct regval_ctr *ctr, const char *val_name,
2952                                          const char *multi_sz)
2953 {
2954         const char *a[2];
2955
2956         a[0] = multi_sz;
2957         a[1] = NULL;
2958
2959         regval_ctr_delvalue(ctr, val_name);
2960         regval_ctr_addvalue_multi_sz(ctr, val_name, a);
2961 }
2962
2963 /****************************************************************************
2964  * Map the NT_PRINTER_INFO_LEVEL_2 data into DsSpooler keys for publishing.
2965  *
2966  * @param info2 NT_PRINTER_INFO_LEVEL_2 describing printer - gets modified
2967  * @return bool indicating success or failure
2968  ***************************************************************************/
2969
2970 static bool map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2)
2971 {
2972         struct regval_ctr *ctr = NULL;
2973         fstring longname;
2974         const char *dnssuffix;
2975         char *allocated_string = NULL;
2976         const char *ascii_str;
2977         int i;
2978
2979         if ((i = lookup_printerkey(info2->data, SPOOL_DSSPOOLER_KEY)) < 0)
2980                 i = add_new_printer_key(info2->data, SPOOL_DSSPOOLER_KEY);
2981         ctr = info2->data->keys[i].values;
2982
2983         map_sz_into_ctr(ctr, SPOOL_REG_PRINTERNAME, info2->sharename);
2984         map_sz_into_ctr(ctr, SPOOL_REG_SHORTSERVERNAME, global_myname());
2985
2986         /* we make the assumption that the netbios name is the same
2987            as the DNS name sinc ethe former will be what we used to
2988            join the domain */
2989
2990         dnssuffix = get_mydnsdomname(talloc_tos());
2991         if (dnssuffix && *dnssuffix) {
2992                 fstr_sprintf( longname, "%s.%s", global_myname(), dnssuffix );
2993         } else {
2994                 fstrcpy( longname, global_myname() );
2995         }
2996
2997         map_sz_into_ctr(ctr, SPOOL_REG_SERVERNAME, longname);
2998
2999         if (asprintf(&allocated_string, "\\\\%s\\%s", longname, info2->sharename) == -1) {
3000                 return false;
3001         }
3002         map_sz_into_ctr(ctr, SPOOL_REG_UNCNAME, allocated_string);
3003         SAFE_FREE(allocated_string);
3004
3005         map_dword_into_ctr(ctr, SPOOL_REG_VERSIONNUMBER, 4);
3006         map_sz_into_ctr(ctr, SPOOL_REG_DRIVERNAME, info2->drivername);
3007         map_sz_into_ctr(ctr, SPOOL_REG_LOCATION, info2->location);
3008         map_sz_into_ctr(ctr, SPOOL_REG_DESCRIPTION, info2->comment);
3009         map_single_multi_sz_into_ctr(ctr, SPOOL_REG_PORTNAME, info2->portname);
3010         map_sz_into_ctr(ctr, SPOOL_REG_PRINTSEPARATORFILE, info2->sepfile);
3011         map_dword_into_ctr(ctr, SPOOL_REG_PRINTSTARTTIME, info2->starttime);
3012         map_dword_into_ctr(ctr, SPOOL_REG_PRINTENDTIME, info2->untiltime);
3013         map_dword_into_ctr(ctr, SPOOL_REG_PRIORITY, info2->priority);
3014
3015         map_bool_into_ctr(ctr, SPOOL_REG_PRINTKEEPPRINTEDJOBS,
3016                           (info2->attributes &
3017                            PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS));
3018
3019         switch (info2->attributes & 0x3) {
3020         case 0:
3021                 ascii_str = SPOOL_REGVAL_PRINTWHILESPOOLING;
3022                 break;
3023         case 1:
3024                 ascii_str = SPOOL_REGVAL_PRINTAFTERSPOOLED;
3025                 break;
3026         case 2:
3027                 ascii_str = SPOOL_REGVAL_PRINTDIRECT;
3028                 break;
3029         default:
3030                 ascii_str = "unknown";
3031         }
3032         map_sz_into_ctr(ctr, SPOOL_REG_PRINTSPOOLING, ascii_str);
3033
3034         return True;
3035 }
3036
3037 /*****************************************************************
3038  ****************************************************************/
3039
3040 static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2,
3041                                struct GUID guid)
3042 {
3043         int i;
3044         struct regval_ctr *ctr=NULL;
3045
3046         /* find the DsSpooler key */
3047         if ((i = lookup_printerkey(info2->data, SPOOL_DSSPOOLER_KEY)) < 0)
3048                 i = add_new_printer_key(info2->data, SPOOL_DSSPOOLER_KEY);
3049         ctr = info2->data->keys[i].values;
3050
3051         regval_ctr_delvalue(ctr, "objectGUID");
3052
3053         /* We used to store this as a REG_BINARY but that causes
3054            Vista to whine */
3055
3056         regval_ctr_addvalue_sz(ctr, "objectGUID",
3057                                GUID_string(talloc_tos(), &guid));
3058 }
3059
3060 static WERROR nt_printer_publish_ads(ADS_STRUCT *ads,
3061                                      NT_PRINTER_INFO_LEVEL *printer)
3062 {
3063         ADS_STATUS ads_rc;
3064         LDAPMessage *res;
3065         char *prt_dn = NULL, *srv_dn, *srv_cn_0, *srv_cn_escaped, *sharename_escaped;
3066         char *srv_dn_utf8, **srv_cn_utf8;
3067         TALLOC_CTX *ctx;
3068         ADS_MODLIST mods;
3069         const char *attrs[] = {"objectGUID", NULL};
3070         struct GUID guid;
3071         WERROR win_rc = WERR_OK;
3072         size_t converted_size;
3073
3074         /* build the ads mods */
3075         ctx = talloc_init("nt_printer_publish_ads");
3076         if (ctx == NULL) {
3077                 return WERR_NOMEM;
3078         }
3079
3080         DEBUG(5, ("publishing printer %s\n", printer->info_2->printername));
3081
3082         /* figure out where to publish */
3083         ads_find_machine_acct(ads, &res, global_myname());
3084
3085         /* We use ldap_get_dn here as we need the answer
3086          * in utf8 to call ldap_explode_dn(). JRA. */
3087
3088         srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
3089         if (!srv_dn_utf8) {
3090                 TALLOC_FREE(ctx);
3091                 return WERR_SERVER_UNAVAILABLE;
3092         }
3093         ads_msgfree(ads, res);
3094         srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
3095         if (!srv_cn_utf8) {
3096                 TALLOC_FREE(ctx);
3097                 ldap_memfree(srv_dn_utf8);
3098                 return WERR_SERVER_UNAVAILABLE;
3099         }
3100         /* Now convert to CH_UNIX. */
3101         if (!pull_utf8_talloc(ctx, &srv_dn, srv_dn_utf8, &converted_size)) {
3102                 TALLOC_FREE(ctx);
3103                 ldap_memfree(srv_dn_utf8);
3104                 ldap_memfree(srv_cn_utf8);
3105                 return WERR_SERVER_UNAVAILABLE;
3106         }
3107         if (!pull_utf8_talloc(ctx, &srv_cn_0, srv_cn_utf8[0], &converted_size)) {
3108                 TALLOC_FREE(ctx);
3109                 ldap_memfree(srv_dn_utf8);
3110                 ldap_memfree(srv_cn_utf8);
3111                 TALLOC_FREE(srv_dn);
3112                 return WERR_SERVER_UNAVAILABLE;
3113         }
3114
3115         ldap_memfree(srv_dn_utf8);
3116         ldap_memfree(srv_cn_utf8);
3117
3118         srv_cn_escaped = escape_rdn_val_string_alloc(srv_cn_0);
3119         if (!srv_cn_escaped) {
3120                 TALLOC_FREE(ctx);
3121                 return WERR_SERVER_UNAVAILABLE;
3122         }
3123         sharename_escaped = escape_rdn_val_string_alloc(printer->info_2->sharename);
3124         if (!sharename_escaped) {
3125                 SAFE_FREE(srv_cn_escaped);
3126                 TALLOC_FREE(ctx);
3127                 return WERR_SERVER_UNAVAILABLE;
3128         }
3129
3130         prt_dn = talloc_asprintf(ctx, "cn=%s-%s,%s", srv_cn_escaped, sharename_escaped, srv_dn);
3131
3132         SAFE_FREE(srv_cn_escaped);
3133         SAFE_FREE(sharename_escaped);
3134
3135         mods = ads_init_mods(ctx);
3136
3137         if (mods == NULL) {
3138                 SAFE_FREE(prt_dn);
3139                 TALLOC_FREE(ctx);
3140                 return WERR_NOMEM;
3141         }
3142
3143         get_local_printer_publishing_data(ctx, &mods, printer->info_2->data);
3144         ads_mod_str(ctx, &mods, SPOOL_REG_PRINTERNAME,
3145                     printer->info_2->sharename);
3146
3147         /* publish it */
3148         ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods);
3149         if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) {
3150                 int i;
3151                 for (i=0; mods[i] != 0; i++)
3152                         ;
3153                 mods[i] = (LDAPMod *)-1;
3154                 ads_rc = ads_add_printer_entry(ads, prt_dn, ctx, &mods);
3155         }
3156
3157         if (!ADS_ERR_OK(ads_rc))
3158                 DEBUG(3, ("error publishing %s: %s\n", printer->info_2->sharename, ads_errstr(ads_rc)));
3159
3160         /* retreive the guid and store it locally */
3161         if (ADS_ERR_OK(ads_search_dn(ads, &res, prt_dn, attrs))) {
3162                 ZERO_STRUCT(guid);
3163                 ads_pull_guid(ads, res, &guid);
3164                 ads_msgfree(ads, res);
3165                 store_printer_guid(printer->info_2, guid);
3166                 win_rc = mod_a_printer(printer, 2);
3167         }
3168         TALLOC_FREE(ctx);
3169
3170         return win_rc;
3171 }
3172
3173 static WERROR nt_printer_unpublish_ads(ADS_STRUCT *ads,
3174                                        NT_PRINTER_INFO_LEVEL *printer)
3175 {
3176         ADS_STATUS ads_rc;
3177         LDAPMessage *res = NULL;
3178         char *prt_dn = NULL;
3179
3180         DEBUG(5, ("unpublishing printer %s\n", printer->info_2->printername));
3181
3182         /* remove the printer from the directory */
3183         ads_rc = ads_find_printer_on_server(ads, &res,
3184                             printer->info_2->sharename, global_myname());
3185
3186         if (ADS_ERR_OK(ads_rc) && res && ads_count_replies(ads, res)) {
3187                 prt_dn = ads_get_dn(ads, talloc_tos(), res);
3188                 if (!prt_dn) {
3189                         ads_msgfree(ads, res);
3190                         return WERR_NOMEM;
3191                 }
3192                 ads_rc = ads_del_dn(ads, prt_dn);
3193                 TALLOC_FREE(prt_dn);
3194         }
3195
3196         if (res) {
3197                 ads_msgfree(ads, res);
3198         }
3199         return WERR_OK;
3200 }
3201
3202 /****************************************************************************
3203  * Publish a printer in the directory
3204  *
3205  * @param snum describing printer service
3206  * @return WERROR indicating status of publishing
3207  ***************************************************************************/
3208
3209 WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action)
3210 {
3211         ADS_STATUS ads_rc;
3212         ADS_STRUCT *ads = NULL;
3213         NT_PRINTER_INFO_LEVEL *printer = NULL;
3214         WERROR win_rc;
3215
3216         win_rc = get_a_printer(print_hnd, &printer, 2, lp_servicename(snum));
3217         if (!W_ERROR_IS_OK(win_rc))
3218                 goto done;
3219
3220         switch (action) {
3221         case DSPRINT_PUBLISH:
3222         case DSPRINT_UPDATE:
3223                 /* set the DsSpooler info and attributes */
3224                 if (!(map_nt_printer_info2_to_dsspooler(printer->info_2))) {
3225                         win_rc = WERR_NOMEM;
3226                         goto done;
3227                 }
3228
3229                 printer->info_2->attributes |= PRINTER_ATTRIBUTE_PUBLISHED;
3230                 break;
3231         case DSPRINT_UNPUBLISH:
3232                 printer->info_2->attributes ^= PRINTER_ATTRIBUTE_PUBLISHED;
3233                 break;
3234         default:
3235                 win_rc = WERR_NOT_SUPPORTED;
3236                 goto done;
3237         }
3238
3239         win_rc = mod_a_printer(printer, 2);
3240         if (!W_ERROR_IS_OK(win_rc)) {
3241                 DEBUG(3, ("err %d saving data\n", W_ERROR_V(win_rc)));
3242                 goto done;
3243         }
3244
3245         ads = ads_init(lp_realm(), lp_workgroup(), NULL);
3246         if (!ads) {
3247                 DEBUG(3, ("ads_init() failed\n"));
3248                 win_rc = WERR_SERVER_UNAVAILABLE;
3249                 goto done;
3250         }
3251         setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
3252         SAFE_FREE(ads->auth.password);
3253         ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
3254                 NULL, NULL);
3255
3256         /* ads_connect() will find the DC for us */
3257         ads_rc = ads_connect(ads);
3258         if (!ADS_ERR_OK(ads_rc)) {
3259                 DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
3260                 win_rc = WERR_ACCESS_DENIED;
3261                 goto done;
3262         }
3263
3264         switch (action) {
3265         case DSPRINT_PUBLISH:
3266         case DSPRINT_UPDATE:
3267                 win_rc = nt_printer_publish_ads(ads, printer);
3268                 break;
3269         case DSPRINT_UNPUBLISH:
3270                 win_rc = nt_printer_unpublish_ads(ads, printer);
3271                 break;
3272         }
3273
3274 done:
3275         free_a_printer(&printer, 2);
3276         ads_destroy(&ads);
3277         return win_rc;
3278 }
3279
3280 WERROR check_published_printers(void)
3281 {
3282         ADS_STATUS ads_rc;
3283         ADS_STRUCT *ads = NULL;
3284         int snum;
3285         int n_services = lp_numservices();
3286         NT_PRINTER_INFO_LEVEL *printer = NULL;
3287
3288         ads = ads_init(lp_realm(), lp_workgroup(), NULL);
3289         if (!ads) {
3290                 DEBUG(3, ("ads_init() failed\n"));
3291                 return WERR_SERVER_UNAVAILABLE;
3292         }
3293         setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
3294         SAFE_FREE(ads->auth.password);
3295         ads->auth.password = secrets_fetch_machine_password(lp_workgroup(),
3296                 NULL, NULL);
3297
3298         /* ads_connect() will find the DC for us */
3299         ads_rc = ads_connect(ads);
3300         if (!ADS_ERR_OK(ads_rc)) {
3301                 DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc)));
3302                 ads_destroy(&ads);
3303                 ads_kdestroy("MEMORY:prtpub_cache");
3304                 return WERR_ACCESS_DENIED;
3305         }
3306
3307         for (snum = 0; snum < n_services; snum++) {
3308                 if (!(lp_snum_ok(snum) && lp_print_ok(snum)))
3309                         continue;
3310
3311                 if (W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2,
3312                                                 lp_servicename(snum))) &&
3313                     (printer->info_2->attributes & PRINTER_ATTRIBUTE_PUBLISHED))
3314                         nt_printer_publish_ads(ads, printer);
3315
3316                 free_a_printer(&printer, 2);
3317         }
3318
3319         ads_destroy(&ads);
3320         ads_kdestroy("MEMORY:prtpub_cache");
3321         return WERR_OK;
3322 }
3323
3324 bool is_printer_published(Printer_entry *print_hnd, int snum,
3325                           struct GUID *guid)
3326 {
3327         NT_PRINTER_INFO_LEVEL *printer = NULL;
3328         struct regval_ctr *ctr;
3329         struct regval_blob *guid_val;
3330         WERROR win_rc;
3331         int i;