search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine...
[Samba.git] / source3 / printing / nt_printing_tdb.c
blobeddefe59e7275d265e24958053620b8bf8a3cfa5
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (c) Andrew Tridgell 1992-2000,
5 * Copyright (c) Jean François Micouleau 1998-2000.
6 * Copyright (c) Gerald Carter 2002-2005.
7 * Copyright (c) Andreas Schneider 2010.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "system/filesys.h"
25 #include "printing/nt_printing_tdb.h"
26 #include "librpc/gen_ndr/spoolss.h"
27 #include "librpc/gen_ndr/ndr_security.h"
28 #include "libcli/security/security.h"
29 #include "util_tdb.h"
30 #include "lib/util/string_wrappers.h"
31
32 #define FORMS_PREFIX "FORMS/"
33 #define DRIVERS_PREFIX "DRIVERS/"
34 #define PRINTERS_PREFIX "PRINTERS/"
35 #define SECDESC_PREFIX "SECDESC/"
36
37 #define NTDRIVERS_DATABASE_VERSION_1 1
38 #define NTDRIVERS_DATABASE_VERSION_2 2
39 #define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
40 #define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
41 #define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
42
43 static TDB_CONTEXT *tdb_forms; /* used for forms files */
44 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
45 static TDB_CONTEXT *tdb_printers; /* used for printers files */
46
47 /****************************************************************************
48 generate a new TDB_DATA key for storing a printer
49 ****************************************************************************/
50
51 static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
52 {
53 fstring share;
54 char *keystr = NULL;
55 TDB_DATA key;
56
57 fstrcpy(share, sharename);
58 (void)strlower_m(share);
59
60 keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
61 key = string_term_tdb_data(keystr ? keystr : "");
62
63 return key;
64 }
65
66 /****************************************************************************
67 generate a new TDB_DATA key for storing a printer security descriptor
68 ****************************************************************************/
69
70 static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
71 const char* sharename )
72 {
73 fstring share;
74 char *keystr = NULL;
75 TDB_DATA key;
76
77 fstrcpy(share, sharename );
78 (void)strlower_m(share);
79
80 keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
81 key = string_term_tdb_data(keystr ? keystr : "");
82
83 return key;
84 }
85
86 /****************************************************************************
87 Upgrade the tdb files to version 3
88 ****************************************************************************/
89
90 static bool upgrade_to_version_3(void)
91 {
92 TDB_DATA kbuf, newkey, dbuf;
93
94 DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
95
96 for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
97 newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
98
99 dbuf = tdb_fetch(tdb_drivers, kbuf);
100
101 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
102 DEBUG(0,("upgrade_to_version_3:moving form\n"));
103 if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
104 SAFE_FREE(dbuf.dptr);
105 DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
106 return False;
107 }
108 if (tdb_delete(tdb_drivers, kbuf) != 0) {
109 SAFE_FREE(dbuf.dptr);
110 DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
111 return False;
112 }
113 }
114
115 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
116 DEBUG(0,("upgrade_to_version_3:moving printer\n"));
117 if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
118 SAFE_FREE(dbuf.dptr);
119 DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
120 return False;
121 }
122 if (tdb_delete(tdb_drivers, kbuf) != 0) {
123 SAFE_FREE(dbuf.dptr);
124 DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
125 return False;
126 }
127 }
128
129 if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
130 DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
131 if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
132 SAFE_FREE(dbuf.dptr);
133 DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
134 return False;
135 }
136 if (tdb_delete(tdb_drivers, kbuf) != 0) {
137 SAFE_FREE(dbuf.dptr);
138 DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
139 return False;
140 }
141 }
142
143 SAFE_FREE(dbuf.dptr);
144 }
145
146 return True;
147 }
148
149 /*******************************************************************
150 Fix an issue with security descriptors. Printer sec_desc must
151 use more than the generic bits that were previously used
152 in <= 3.0.14a. They must also have a owner and group SID assigned.
153 Otherwise, any printers than have been migrated to a Windows
154 host using printmig.exe will not be accessible.
155 *******************************************************************/
156
157 static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
158 TDB_DATA data, void *state )
159 {
160 NTSTATUS status;
161 struct sec_desc_buf *sd_orig = NULL;
162 struct sec_desc_buf *sd_new, *sd_store;
163 struct security_descriptor *sec, *new_sec;
164 TALLOC_CTX *ctx = state;
165 int result, i;
166 size_t size_new_sec;
167
168 if (!data.dptr || data.dsize == 0) {
169 return 0;
170 }
171
172 if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
173 return 0;
174 }
175
176 /* upgrade the security descriptor */
177
178 status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
179 if (!NT_STATUS_IS_OK(status)) {
180 /* delete bad entries */
181 DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si. Deleting....\n",
182 (const char *)key.dptr ));
183 tdb_delete( tdb_printers, key );
184 return 0;
185 }
186
187 if (!sd_orig) {
188 return 0;
189 }
190 sec = sd_orig->sd;
191
192 /* is this even valid? */
193
194 if ( !sec->dacl ) {
195 return 0;
196 }
197
198 /* update access masks */
199
200 for ( i=0; i<sec->dacl->num_aces; i++ ) {
201 switch ( sec->dacl->aces[i].access_mask ) {
202 case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
203 sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
204 break;
205
206 case GENERIC_ALL_ACCESS:
207 sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
208 break;
209
210 case READ_CONTROL_ACCESS:
211 sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
212
213 break;
214 default: /* no change */
215 break;
216 }
217 }
218
219 /* create a new struct security_descriptor with the appropriate owner and group SIDs */
220
221 new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
222 &global_sid_Builtin_Administrators,
223 &global_sid_Builtin_Administrators,
224 NULL, NULL, &size_new_sec );
225 if (!new_sec) {
226 return 0;
227 }
228 sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
229 if (!sd_new) {
230 return 0;
231 }
232
233 if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
234 DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
235 return 0;
236 }
237
238 /* store it back */
239
240 status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
241 if (!NT_STATUS_IS_OK(status)) {
242 DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
243 return 0;
244 }
245
246 result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
247
248 /* 0 to continue and non-zero to stop traversal */
249
250 return (result != 0);
251 }
252
253 /*******************************************************************
254 Upgrade the tdb files to version 4
255 *******************************************************************/
256
257 static bool upgrade_to_version_4(void)
258 {
259 TALLOC_CTX *ctx;
260 int result;
261
262 DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
263
264 if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
265 return False;
266
267 result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
268
269 talloc_destroy( ctx );
270
271 return ( result >= 0 );
272 }
273
274 /*******************************************************************
275 Fix an issue with security descriptors. Printer sec_desc must
276 use more than the generic bits that were previously used
277 in <= 3.0.14a. They must also have a owner and group SID assigned.
278 Otherwise, any printers than have been migrated to a Windows
279 host using printmig.exe will not be accessible.
280 *******************************************************************/
281
282 static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
283 TDB_DATA data, void *state )
284 {
285 TALLOC_CTX *ctx = talloc_tos();
286 TDB_DATA new_key;
287
288 if (!data.dptr || data.dsize == 0)
289 return 0;
290
291 /* upgrade printer records and security descriptors */
292
293 if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
294 new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
295 }
296 else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
297 new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
298 }
299 else {
300 /* ignore this record */
301 return 0;
302 }
303
304 /* delete the original record and store under the normalized key */
305
306 if ( tdb_delete( the_tdb, key ) != 0 ) {
307 DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
308 key.dptr));
309 return 1;
310 }
311
312 if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
313 DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
314 key.dptr));
315 return 1;
316 }
317
318 return 0;
319 }
320
321 /*******************************************************************
322 Upgrade the tdb files to version 5
323 *******************************************************************/
324
325 static bool upgrade_to_version_5(void)
326 {
327 TALLOC_CTX *ctx;
328 int result;
329
330 DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
331
332 if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
333 return False;
334
335 result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
336
337 talloc_destroy( ctx );
338
339 return ( result >= 0 );
340 }
341
342 bool nt_printing_tdb_upgrade(void)
343 {
344 char *drivers_path;
345 char *printers_path;
346 char *forms_path;
347 bool drivers_exists;
348 bool printers_exists;
349 bool forms_exists;
350 const char *vstring = "INFO/version";
351 int32_t vers_id;
352 bool ret;
353
354 drivers_path = state_path(talloc_tos(), "ntdrivers.tdb");
355 if (drivers_path == NULL) {
356 ret = false;
357 goto err_out;
358 }
359 printers_path = state_path(talloc_tos(), "ntprinters.tdb");
360 if (printers_path == NULL) {
361 ret = false;
362 goto err_drvdb_free;
363 }
364 forms_path = state_path(talloc_tos(), "ntforms.tdb");
365 if (forms_path == NULL) {
366 ret = false;
367 goto err_prdb_free;
368 }
369
370 drivers_exists = file_exist(drivers_path);
371 printers_exists = file_exist(printers_path);
372 forms_exists = file_exist(forms_path);
373
374 if (!drivers_exists && !printers_exists && !forms_exists) {
375 ret = true;
376 goto err_formsdb_free;
377 }
378
379 tdb_drivers = tdb_open_log(drivers_path,
380 0,
381 TDB_DEFAULT,
382 O_RDWR|O_CREAT,
383 0600);
384 if (tdb_drivers == NULL) {
385 DEBUG(0,("nt_printing_init: Failed to open nt drivers "
386 "database %s (%s)\n",
387 drivers_path, strerror(errno)));
388 ret = false;
389 goto err_formsdb_free;
390 }
391
392 tdb_printers = tdb_open_log(printers_path,
393 0,
394 TDB_DEFAULT,
395 O_RDWR|O_CREAT,
396 0600);
397 if (tdb_printers == NULL) {
398 DEBUG(0,("nt_printing_init: Failed to open nt printers "
399 "database %s (%s)\n",
400 printers_path, strerror(errno)));
401 ret = false;
402 goto err_drvdb_close;
403 }
404
405 tdb_forms = tdb_open_log(forms_path,
406 0,
407 TDB_DEFAULT,
408 O_RDWR|O_CREAT,
409 0600);
410 if (tdb_forms == NULL) {
411 DEBUG(0,("nt_printing_init: Failed to open nt forms "
412 "database %s (%s)\n",
413 forms_path, strerror(errno)));
414 ret = false;
415 goto err_prdb_close;
416 }
417
418 /* Samba upgrade */
419 vers_id = tdb_fetch_int32(tdb_drivers, vstring);
420 if (vers_id == -1) {
421 DEBUG(10, ("Fresh database\n"));
422 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
423 vers_id = NTDRIVERS_DATABASE_VERSION_5;
424 }
425
426 if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
427 if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) ||
428 (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
429 if (!upgrade_to_version_3()) {
430 ret = false;
431 goto err_formsdb_close;
432 }
433
434 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
435 vers_id = NTDRIVERS_DATABASE_VERSION_3;
436 }
437
438 if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) ||
439 (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
440 /*
441 * Written on a bigendian machine with old fetch_int
442 * code. Save as le. The only upgrade between V2 and V3
443 * is to save the version in little-endian.
444 */
445 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
446 vers_id = NTDRIVERS_DATABASE_VERSION_3;
447 }
448
449 if (vers_id == NTDRIVERS_DATABASE_VERSION_3) {
450 if (!upgrade_to_version_4()) {
451 ret = false;
452 goto err_formsdb_close;
453 }
454 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
455 vers_id = NTDRIVERS_DATABASE_VERSION_4;
456 }
457
458 if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
459 if (!upgrade_to_version_5()) {
460 ret = false;
461 goto err_formsdb_close;
462 }
463 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
464 vers_id = NTDRIVERS_DATABASE_VERSION_5;
465 }
466
467 if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
468 DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
469 ret = false;
470 goto err_formsdb_close;
471 }
472 }
473 ret = true;
474
475 err_formsdb_close:
476 if (tdb_forms) {
477 tdb_close(tdb_forms);
478 tdb_forms = NULL;
479 }
480 err_prdb_close:
481 if (tdb_printers) {
482 tdb_close(tdb_printers);
483 tdb_printers = NULL;
484 }
485 err_drvdb_close:
486 if (tdb_drivers) {
487 tdb_close(tdb_drivers);
488 tdb_drivers = NULL;
489 }
490 err_formsdb_free:
491 talloc_free(forms_path);
492 err_prdb_free:
493 talloc_free(printers_path);
494 err_drvdb_free:
495 talloc_free(drivers_path);
496 err_out:
497 return ret;
498 }
Samba GIT mirror