mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
s3-printing: Move all tdb upgrade functions to a separate file.
Signed-off-by: Jim McDonough <jmcd@samba.org>
This commit is contained in:
parent
c18913a2c2
commit
35e03ef5c2
@ -860,7 +860,8 @@ PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_aix.o \
|
||||
printing/print_iprint.o printing/print_standard.o
|
||||
|
||||
PRINTBASE_OBJ = printing/notify.o printing/printing_db.o
|
||||
PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o $(PRINTBASE_OBJ)
|
||||
PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o \
|
||||
printing/nt_printing_tdb.o $(PRINTBASE_OBJ)
|
||||
|
||||
SMBD_OBJ = $(SMBD_OBJ_BASE) $(SMBD_OBJ_MAIN)
|
||||
|
||||
|
@ -22,6 +22,7 @@
|
||||
#include "includes.h"
|
||||
#include "librpc/gen_ndr/messaging.h"
|
||||
#include "printing/pcap.h"
|
||||
#include "printing/nt_printing_tdb.h"
|
||||
#include "registry.h"
|
||||
#include "registry/reg_objects.h"
|
||||
#include "../librpc/gen_ndr/ndr_security.h"
|
||||
@ -29,22 +30,6 @@
|
||||
|
||||
#include "../rpc_server/srv_spoolss_util.h"
|
||||
|
||||
static TDB_CONTEXT *tdb_forms; /* used for forms files */
|
||||
static TDB_CONTEXT *tdb_drivers; /* used for driver files */
|
||||
static TDB_CONTEXT *tdb_printers; /* used for printers files */
|
||||
|
||||
#define FORMS_PREFIX "FORMS/"
|
||||
#define DRIVERS_PREFIX "DRIVERS/"
|
||||
#define PRINTERS_PREFIX "PRINTERS/"
|
||||
#define SECDESC_PREFIX "SECDESC/"
|
||||
#define GLOBAL_C_SETPRINTER "GLOBALS/c_setprinter"
|
||||
|
||||
#define NTDRIVERS_DATABASE_VERSION_1 1
|
||||
#define NTDRIVERS_DATABASE_VERSION_2 2
|
||||
#define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
|
||||
#define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
|
||||
#define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
|
||||
|
||||
/* Map generic permissions to printer object specific permissions */
|
||||
|
||||
const struct generic_mapping printer_generic_mapping = {
|
||||
@ -98,393 +83,22 @@ static const struct print_architecture_table_node archi_table[]= {
|
||||
{NULL, "", -1 }
|
||||
};
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
generate a new TDB_DATA key for storing a printer
|
||||
****************************************************************************/
|
||||
|
||||
static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
|
||||
{
|
||||
fstring share;
|
||||
char *keystr = NULL;
|
||||
TDB_DATA key;
|
||||
|
||||
fstrcpy(share, sharename);
|
||||
strlower_m(share);
|
||||
|
||||
keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
|
||||
key = string_term_tdb_data(keystr ? keystr : "");
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
generate a new TDB_DATA key for storing a printer security descriptor
|
||||
****************************************************************************/
|
||||
|
||||
static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
|
||||
const char* sharename )
|
||||
{
|
||||
fstring share;
|
||||
char *keystr = NULL;
|
||||
TDB_DATA key;
|
||||
|
||||
fstrcpy(share, sharename );
|
||||
strlower_m(share);
|
||||
|
||||
keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
|
||||
key = string_term_tdb_data(keystr ? keystr : "");
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
****************************************************************************/
|
||||
|
||||
static bool upgrade_to_version_3(void)
|
||||
{
|
||||
TDB_DATA kbuf, newkey, dbuf;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
|
||||
|
||||
for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
|
||||
newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
|
||||
|
||||
dbuf = tdb_fetch(tdb_drivers, kbuf);
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving form\n"));
|
||||
if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving printer\n"));
|
||||
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
|
||||
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Fix an issue with security descriptors. Printer sec_desc must
|
||||
use more than the generic bits that were previously used
|
||||
in <= 3.0.14a. They must also have a owner and group SID assigned.
|
||||
Otherwise, any printers than have been migrated to a Windows
|
||||
host using printmig.exe will not be accessible.
|
||||
*******************************************************************/
|
||||
|
||||
static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
|
||||
TDB_DATA data, void *state )
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct sec_desc_buf *sd_orig = NULL;
|
||||
struct sec_desc_buf *sd_new, *sd_store;
|
||||
struct security_descriptor *sec, *new_sec;
|
||||
TALLOC_CTX *ctx = state;
|
||||
int result, i;
|
||||
uint32 sd_size;
|
||||
size_t size_new_sec;
|
||||
|
||||
if (!data.dptr || data.dsize == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* upgrade the security descriptor */
|
||||
|
||||
status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
/* delete bad entries */
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si. Deleting....\n",
|
||||
(const char *)key.dptr ));
|
||||
tdb_delete( tdb_printers, key );
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!sd_orig) {
|
||||
return 0;
|
||||
}
|
||||
sec = sd_orig->sd;
|
||||
|
||||
/* is this even valid? */
|
||||
|
||||
if ( !sec->dacl ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* update access masks */
|
||||
|
||||
for ( i=0; i<sec->dacl->num_aces; i++ ) {
|
||||
switch ( sec->dacl->aces[i].access_mask ) {
|
||||
case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
|
||||
break;
|
||||
|
||||
case GENERIC_ALL_ACCESS:
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
|
||||
break;
|
||||
|
||||
case READ_CONTROL_ACCESS:
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
|
||||
|
||||
default: /* no change */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* create a new struct security_descriptor with the appropriate owner and group SIDs */
|
||||
|
||||
new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
|
||||
&global_sid_Builtin_Administrators,
|
||||
&global_sid_Builtin_Administrators,
|
||||
NULL, NULL, &size_new_sec );
|
||||
if (!new_sec) {
|
||||
return 0;
|
||||
}
|
||||
sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
|
||||
if (!sd_new) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* store it back */
|
||||
|
||||
sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
|
||||
+ sizeof(struct sec_desc_buf);
|
||||
|
||||
status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
|
||||
return 0;
|
||||
}
|
||||
|
||||
result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
|
||||
|
||||
/* 0 to continue and non-zero to stop traversal */
|
||||
|
||||
return (result == -1);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
*******************************************************************/
|
||||
|
||||
static bool upgrade_to_version_4(void)
|
||||
{
|
||||
TALLOC_CTX *ctx;
|
||||
int result;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
|
||||
|
||||
if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
|
||||
return False;
|
||||
|
||||
result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
|
||||
|
||||
talloc_destroy( ctx );
|
||||
|
||||
return ( result != -1 );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Fix an issue with security descriptors. Printer sec_desc must
|
||||
use more than the generic bits that were previously used
|
||||
in <= 3.0.14a. They must also have a owner and group SID assigned.
|
||||
Otherwise, any printers than have been migrated to a Windows
|
||||
host using printmig.exe will not be accessible.
|
||||
*******************************************************************/
|
||||
|
||||
static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
|
||||
TDB_DATA data, void *state )
|
||||
{
|
||||
TALLOC_CTX *ctx = talloc_tos();
|
||||
TDB_DATA new_key;
|
||||
|
||||
if (!data.dptr || data.dsize == 0)
|
||||
return 0;
|
||||
|
||||
/* upgrade printer records and security descriptors */
|
||||
|
||||
if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
|
||||
new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
|
||||
}
|
||||
else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
|
||||
new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
|
||||
}
|
||||
else {
|
||||
/* ignore this record */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* delete the original record and store under the normalized key */
|
||||
|
||||
if ( tdb_delete( the_tdb, key ) != 0 ) {
|
||||
DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
|
||||
key.dptr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
|
||||
DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
|
||||
key.dptr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
*******************************************************************/
|
||||
|
||||
static bool upgrade_to_version_5(void)
|
||||
{
|
||||
TALLOC_CTX *ctx;
|
||||
int result;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
|
||||
|
||||
if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
|
||||
return False;
|
||||
|
||||
result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
|
||||
|
||||
talloc_destroy( ctx );
|
||||
|
||||
return ( result != -1 );
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Open the NT printing tdbs. Done once before fork().
|
||||
****************************************************************************/
|
||||
|
||||
bool nt_printing_init(struct messaging_context *msg_ctx)
|
||||
{
|
||||
const char *vstring = "INFO/version";
|
||||
WERROR win_rc;
|
||||
int32 vers_id;
|
||||
|
||||
if ( tdb_drivers && tdb_printers && tdb_forms )
|
||||
return True;
|
||||
|
||||
if (tdb_drivers)
|
||||
tdb_close(tdb_drivers);
|
||||
tdb_drivers = tdb_open_log(state_path("ntdrivers.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
|
||||
if (!tdb_drivers) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt drivers database %s (%s)\n",
|
||||
state_path("ntdrivers.tdb"), strerror(errno) ));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (tdb_printers)
|
||||
tdb_close(tdb_printers);
|
||||
tdb_printers = tdb_open_log(state_path("ntprinters.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
|
||||
if (!tdb_printers) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt printers database %s (%s)\n",
|
||||
state_path("ntprinters.tdb"), strerror(errno) ));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (tdb_forms)
|
||||
tdb_close(tdb_forms);
|
||||
tdb_forms = tdb_open_log(state_path("ntforms.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
|
||||
if (!tdb_forms) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt forms database %s (%s)\n",
|
||||
state_path("ntforms.tdb"), strerror(errno) ));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* handle a Samba upgrade */
|
||||
|
||||
vers_id = tdb_fetch_int32(tdb_drivers, vstring);
|
||||
if (vers_id == -1) {
|
||||
DEBUG(10, ("Fresh database\n"));
|
||||
tdb_store_int32( tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5 );
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_5;
|
||||
}
|
||||
|
||||
if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
|
||||
|
||||
if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
|
||||
if (!upgrade_to_version_3())
|
||||
return False;
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_3;
|
||||
}
|
||||
|
||||
if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) || (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
|
||||
/* Written on a bigendian machine with old fetch_int code. Save as le. */
|
||||
/* The only upgrade between V2 and V3 is to save the version in little-endian. */
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_3;
|
||||
}
|
||||
|
||||
if (vers_id == NTDRIVERS_DATABASE_VERSION_3 ) {
|
||||
if ( !upgrade_to_version_4() )
|
||||
return False;
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_4;
|
||||
}
|
||||
|
||||
if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
|
||||
if ( !upgrade_to_version_5() )
|
||||
return False;
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_5;
|
||||
}
|
||||
|
||||
|
||||
if ( vers_id != NTDRIVERS_DATABASE_VERSION_5 ) {
|
||||
DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
|
||||
return False;
|
||||
}
|
||||
if (!nt_printing_tdb_upgrade()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* register callback to handle updating printers as new
|
||||
* drivers are installed
|
||||
*/
|
||||
|
||||
messaging_register(msg_ctx, NULL, MSG_PRINTER_DRVUPGRADE,
|
||||
do_drv_upgrade_printer);
|
||||
|
||||
@ -492,14 +106,13 @@ bool nt_printing_init(struct messaging_context *msg_ctx)
|
||||
tell messages.c that you interested in receiving PRINT_GENERAL
|
||||
msgs. This is done in serverid_register() */
|
||||
|
||||
|
||||
if ( lp_security() == SEC_ADS ) {
|
||||
win_rc = check_published_printers();
|
||||
if (!W_ERROR_IS_OK(win_rc))
|
||||
DEBUG(0, ("nt_printing_init: error checking published printers: %s\n", win_errstr(win_rc)));
|
||||
}
|
||||
|
||||
return True;
|
||||
return true;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
|
460
source3/printing/nt_printing_tdb.c
Normal file
460
source3/printing/nt_printing_tdb.c
Normal file
@ -0,0 +1,460 @@
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* RPC Pipe client / server routines
|
||||
* Copyright (c) Andrew Tridgell 1992-2000,
|
||||
* Copyright (c) Jean François Micouleau 1998-2000.
|
||||
* Copyright (c) Gerald Carter 2002-2005.
|
||||
* Copyright (c) Andreas Schneider 2010.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "printing/nt_printing_tdb.h"
|
||||
|
||||
#include "librpc/gen_ndr/ndr_security.h"
|
||||
|
||||
#define FORMS_PREFIX "FORMS/"
|
||||
#define DRIVERS_PREFIX "DRIVERS/"
|
||||
#define PRINTERS_PREFIX "PRINTERS/"
|
||||
#define SECDESC_PREFIX "SECDESC/"
|
||||
|
||||
#define NTDRIVERS_DATABASE_VERSION_1 1
|
||||
#define NTDRIVERS_DATABASE_VERSION_2 2
|
||||
#define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
|
||||
#define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
|
||||
#define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
|
||||
|
||||
static TDB_CONTEXT *tdb_forms; /* used for forms files */
|
||||
static TDB_CONTEXT *tdb_drivers; /* used for driver files */
|
||||
static TDB_CONTEXT *tdb_printers; /* used for printers files */
|
||||
|
||||
/****************************************************************************
|
||||
generate a new TDB_DATA key for storing a printer
|
||||
****************************************************************************/
|
||||
|
||||
static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
|
||||
{
|
||||
fstring share;
|
||||
char *keystr = NULL;
|
||||
TDB_DATA key;
|
||||
|
||||
fstrcpy(share, sharename);
|
||||
strlower_m(share);
|
||||
|
||||
keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
|
||||
key = string_term_tdb_data(keystr ? keystr : "");
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
generate a new TDB_DATA key for storing a printer security descriptor
|
||||
****************************************************************************/
|
||||
|
||||
static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
|
||||
const char* sharename )
|
||||
{
|
||||
fstring share;
|
||||
char *keystr = NULL;
|
||||
TDB_DATA key;
|
||||
|
||||
fstrcpy(share, sharename );
|
||||
strlower_m(share);
|
||||
|
||||
keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
|
||||
key = string_term_tdb_data(keystr ? keystr : "");
|
||||
|
||||
return key;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Upgrade the tdb files to version 3
|
||||
****************************************************************************/
|
||||
|
||||
static bool upgrade_to_version_3(void)
|
||||
{
|
||||
TDB_DATA kbuf, newkey, dbuf;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
|
||||
|
||||
for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
|
||||
newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
|
||||
|
||||
dbuf = tdb_fetch(tdb_drivers, kbuf);
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving form\n"));
|
||||
if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving printer\n"));
|
||||
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
|
||||
DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
|
||||
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
|
||||
return False;
|
||||
}
|
||||
if (tdb_delete(tdb_drivers, kbuf) != 0) {
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
|
||||
return False;
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(dbuf.dptr);
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Fix an issue with security descriptors. Printer sec_desc must
|
||||
use more than the generic bits that were previously used
|
||||
in <= 3.0.14a. They must also have a owner and group SID assigned.
|
||||
Otherwise, any printers than have been migrated to a Windows
|
||||
host using printmig.exe will not be accessible.
|
||||
*******************************************************************/
|
||||
|
||||
static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
|
||||
TDB_DATA data, void *state )
|
||||
{
|
||||
NTSTATUS status;
|
||||
struct sec_desc_buf *sd_orig = NULL;
|
||||
struct sec_desc_buf *sd_new, *sd_store;
|
||||
struct security_descriptor *sec, *new_sec;
|
||||
TALLOC_CTX *ctx = state;
|
||||
int result, i;
|
||||
uint32 sd_size;
|
||||
size_t size_new_sec;
|
||||
|
||||
if (!data.dptr || data.dsize == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* upgrade the security descriptor */
|
||||
|
||||
status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
/* delete bad entries */
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si. Deleting....\n",
|
||||
(const char *)key.dptr ));
|
||||
tdb_delete( tdb_printers, key );
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!sd_orig) {
|
||||
return 0;
|
||||
}
|
||||
sec = sd_orig->sd;
|
||||
|
||||
/* is this even valid? */
|
||||
|
||||
if ( !sec->dacl ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* update access masks */
|
||||
|
||||
for ( i=0; i<sec->dacl->num_aces; i++ ) {
|
||||
switch ( sec->dacl->aces[i].access_mask ) {
|
||||
case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
|
||||
break;
|
||||
|
||||
case GENERIC_ALL_ACCESS:
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
|
||||
break;
|
||||
|
||||
case READ_CONTROL_ACCESS:
|
||||
sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
|
||||
|
||||
default: /* no change */
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* create a new struct security_descriptor with the appropriate owner and group SIDs */
|
||||
|
||||
new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
|
||||
&global_sid_Builtin_Administrators,
|
||||
&global_sid_Builtin_Administrators,
|
||||
NULL, NULL, &size_new_sec );
|
||||
if (!new_sec) {
|
||||
return 0;
|
||||
}
|
||||
sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
|
||||
if (!sd_new) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* store it back */
|
||||
|
||||
sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
|
||||
+ sizeof(struct sec_desc_buf);
|
||||
|
||||
status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
|
||||
return 0;
|
||||
}
|
||||
|
||||
result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
|
||||
|
||||
/* 0 to continue and non-zero to stop traversal */
|
||||
|
||||
return (result == -1);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Upgrade the tdb files to version 4
|
||||
*******************************************************************/
|
||||
|
||||
static bool upgrade_to_version_4(void)
|
||||
{
|
||||
TALLOC_CTX *ctx;
|
||||
int result;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
|
||||
|
||||
if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
|
||||
return False;
|
||||
|
||||
result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
|
||||
|
||||
talloc_destroy( ctx );
|
||||
|
||||
return ( result != -1 );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Fix an issue with security descriptors. Printer sec_desc must
|
||||
use more than the generic bits that were previously used
|
||||
in <= 3.0.14a. They must also have a owner and group SID assigned.
|
||||
Otherwise, any printers than have been migrated to a Windows
|
||||
host using printmig.exe will not be accessible.
|
||||
*******************************************************************/
|
||||
|
||||
static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
|
||||
TDB_DATA data, void *state )
|
||||
{
|
||||
TALLOC_CTX *ctx = talloc_tos();
|
||||
TDB_DATA new_key;
|
||||
|
||||
if (!data.dptr || data.dsize == 0)
|
||||
return 0;
|
||||
|
||||
/* upgrade printer records and security descriptors */
|
||||
|
||||
if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
|
||||
new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
|
||||
}
|
||||
else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
|
||||
new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
|
||||
}
|
||||
else {
|
||||
/* ignore this record */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* delete the original record and store under the normalized key */
|
||||
|
||||
if ( tdb_delete( the_tdb, key ) != 0 ) {
|
||||
DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
|
||||
key.dptr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
|
||||
DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
|
||||
key.dptr));
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Upgrade the tdb files to version 5
|
||||
*******************************************************************/
|
||||
|
||||
static bool upgrade_to_version_5(void)
|
||||
{
|
||||
TALLOC_CTX *ctx;
|
||||
int result;
|
||||
|
||||
DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
|
||||
|
||||
if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
|
||||
return False;
|
||||
|
||||
result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
|
||||
|
||||
talloc_destroy( ctx );
|
||||
|
||||
return ( result != -1 );
|
||||
}
|
||||
|
||||
bool nt_printing_tdb_upgrade(void)
|
||||
{
|
||||
const char *drivers_path = state_path("ntdrivers.tdb");
|
||||
const char *printers_path = state_path("ntprinters.tdb");
|
||||
const char *forms_path = state_path("ntforms.tdb");
|
||||
bool drivers_exists = file_exist(drivers_path);
|
||||
bool printers_exists = file_exist(printers_path);
|
||||
bool forms_exists = file_exist(forms_path);
|
||||
const char *vstring = "INFO/version";
|
||||
int32_t vers_id;
|
||||
|
||||
if (!drivers_exists && !printers_exists && !forms_exists) {
|
||||
return true;
|
||||
}
|
||||
|
||||
tdb_drivers = tdb_open_log(drivers_path,
|
||||
0,
|
||||
TDB_DEFAULT,
|
||||
O_RDWR|O_CREAT,
|
||||
0600);
|
||||
if (tdb_drivers == NULL) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt drivers "
|
||||
"database %s (%s)\n",
|
||||
drivers_path, strerror(errno)));
|
||||
return false;
|
||||
}
|
||||
|
||||
tdb_printers = tdb_open_log(printers_path,
|
||||
0,
|
||||
TDB_DEFAULT,
|
||||
O_RDWR|O_CREAT,
|
||||
0600);
|
||||
if (tdb_printers == NULL) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt printers "
|
||||
"database %s (%s)\n",
|
||||
printers_path, strerror(errno)));
|
||||
return false;
|
||||
}
|
||||
|
||||
tdb_forms = tdb_open_log(forms_path,
|
||||
0,
|
||||
TDB_DEFAULT,
|
||||
O_RDWR|O_CREAT,
|
||||
0600);
|
||||
if (tdb_forms == NULL) {
|
||||
DEBUG(0,("nt_printing_init: Failed to open nt forms "
|
||||
"database %s (%s)\n",
|
||||
forms_path, strerror(errno)));
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Samba upgrade */
|
||||
vers_id = tdb_fetch_int32(tdb_drivers, vstring);
|
||||
if (vers_id == -1) {
|
||||
DEBUG(10, ("Fresh database\n"));
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_5;
|
||||
}
|
||||
|
||||
if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
|
||||
if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) ||
|
||||
(IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
|
||||
if (!upgrade_to_version_3()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_3;
|
||||
}
|
||||
|
||||
if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) ||
|
||||
(IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
|
||||
/*
|
||||
* Written on a bigendian machine with old fetch_int
|
||||
* code. Save as le. The only upgrade between V2 and V3
|
||||
* is to save the version in little-endian.
|
||||
*/
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_3;
|
||||
}
|
||||
|
||||
if (vers_id == NTDRIVERS_DATABASE_VERSION_3) {
|
||||
if (!upgrade_to_version_4()) {
|
||||
return false;
|
||||
}
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_4;
|
||||
}
|
||||
|
||||
if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
|
||||
if (!upgrade_to_version_5()) {
|
||||
return false;
|
||||
}
|
||||
tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
|
||||
vers_id = NTDRIVERS_DATABASE_VERSION_5;
|
||||
}
|
||||
|
||||
if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
|
||||
DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (tdb_drivers) {
|
||||
tdb_close(tdb_drivers);
|
||||
tdb_drivers = NULL;
|
||||
}
|
||||
|
||||
if (tdb_printers) {
|
||||
tdb_close(tdb_printers);
|
||||
tdb_printers = NULL;
|
||||
}
|
||||
|
||||
if (tdb_forms) {
|
||||
tdb_close(tdb_forms);
|
||||
tdb_forms = NULL;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
28
source3/printing/nt_printing_tdb.h
Normal file
28
source3/printing/nt_printing_tdb.h
Normal file
@ -0,0 +1,28 @@
|
||||
/*
|
||||
* Unix SMB/CIFS implementation.
|
||||
* RPC Pipe client / server routines
|
||||
* Copyright (c) Andrew Tridgell 1992-2000,
|
||||
* Copyright (c) Jean François Micouleau 1998-2000.
|
||||
* Copyright (c) Gerald Carter 2002-2005.
|
||||
* Copyright (c) Andreas Schneider 2010.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef _NT_PRINTING_TDB_H_
|
||||
#define _NT_PRINTING_TDB_H_
|
||||
|
||||
bool nt_printing_tdb_upgrade(void);
|
||||
|
||||
#endif /* _NT_PRINTING_TDB_H_ */
|
@ -751,7 +751,8 @@ PRINTING_SRC = '''printing/pcap.c printing/print_svid.c printing/print_aix.c
|
||||
printing/print_iprint.c'''
|
||||
|
||||
PRINTBASE_SRC = '''printing/notify.c printing/printing_db.c'''
|
||||
PRINTBACKEND_SRC = 'printing/printing.c printing/nt_printing.c ${PRINTBASE_SRC}'
|
||||
PRINTBACKEND_SRC = '''printing/printing.c printing/nt_printing.c
|
||||
printing/nt_printing_tdb.c ${PRINTBASE_SRC}'''
|
||||
|
||||
SMBD_SRC = '''${SMBD_SRC_BASE} ${SMBD_SRC_MAIN}'''
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user