source: trunk/server/source3/client/smbspool.c@ 1012

Last change on this file since 1012 was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 16.0 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 SMB backend for the Common UNIX Printing System ("CUPS")
4
5 Copyright (C) Michael R Sweet 1999
6 Copyright (C) Andrew Tridgell 1994-1998
7 Copyright (C) Andrew Bartlett 2002
8 Copyright (C) Rodrigo Fernandez-Vizarra 2005
9 Copyright (C) James Peach 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23*/
24
25#include "includes.h"
26#include "system/filesys.h"
27#include "system/passwd.h"
28#include "libsmb/libsmb.h"
29
30/*
31 * Starting with CUPS 1.3, Kerberos support is provided by cupsd including
32 * the forwarding of user credentials via the authenticated session between
33 * user and server and the KRB5CCNAME environment variable which will point
34 * to a temporary file or an in-memory representation depending on the version
35 * of Kerberos you use. As a result, all of the ticket code that used to
36 * live here has been removed, and we depend on the user session (if you
37 * run smbspool by hand) or cupsd to provide the necessary Kerberos info.
38 *
39 * Also, the AUTH_USERNAME and AUTH_PASSWORD environment variables provide
40 * for per-job authentication for non-Kerberized printing. We use those
41 * if there is no username and password specified in the device URI.
42 *
43 * Finally, if we have an authentication failure we return exit code 2
44 * which tells CUPS to hold the job for authentication and bug the user
45 * to get the necessary credentials.
46 */
47
48#define MAX_RETRY_CONNECT 3
49
50
51/*
52 * Globals...
53 */
54
55
56
57/*
58 * Local functions...
59 */
60
61static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status);
62static void list_devices(void);
63static struct cli_state *smb_complete_connection(const char *, const char *,
64 int, const char *, const char *, const char *, const char *, int, bool *need_auth);
65static struct cli_state *smb_connect(const char *, const char *, int, const
66 char *, const char *, const char *, const char *, bool *need_auth);
67static int smb_print(struct cli_state *, char *, FILE *);
68static char *uri_unescape_alloc(const char *);
69#if 0
70static bool smb_encrypt;
71#endif
72
73/*
74 * 'main()' - Main entry for SMB backend.
75 */
76
77int /* O - Exit status */
78main(int argc, /* I - Number of command-line arguments */
79 char *argv[])
80{ /* I - Command-line arguments */
81 int i; /* Looping var */
82 int copies; /* Number of copies */
83 int port; /* Port number */
84 char uri[1024], /* URI */
85 *sep, /* Pointer to separator */
86 *tmp, *tmp2, /* Temp pointers to do escaping */
87 *password; /* Password */
88 char *username, /* Username */
89 *server, /* Server name */
90 *printer;/* Printer name */
91 const char *workgroup; /* Workgroup */
92 FILE *fp; /* File to print */
93 int status = 1; /* Status of LPD job */
94 struct cli_state *cli; /* SMB interface */
95 char null_str[1];
96 int tries = 0;
97 bool need_auth = true;
98 const char *dev_uri;
99 TALLOC_CTX *frame = talloc_stackframe();
100
101 null_str[0] = '\0';
102
103 /*
104 * we expect the URI in argv[0]. Detect the case where it is in
105 * argv[1] and cope
106 */
107 if (argc > 2 && strncmp(argv[0], "smb://", 6) &&
108 strncmp(argv[1], "smb://", 6) == 0) {
109 argv++;
110 argc--;
111 }
112
113 if (argc == 1) {
114 /*
115 * NEW! In CUPS 1.1 the backends are run with no arguments
116 * to list the available devices. These can be devices
117 * served by this backend or any other backends (i.e. you
118 * can have an SNMP backend that is only used to enumerate
119 * the available network printers... :)
120 */
121
122 list_devices();
123 status = 0;
124 goto done;
125 }
126
127 if (argc < 6 || argc > 7) {
128 fprintf(stderr,
129"Usage: %s [DEVICE_URI] job-id user title copies options [file]\n"
130" The DEVICE_URI environment variable can also contain the\n"
131" destination printer:\n"
132"\n"
133" smb://[username:password@][workgroup/]server[:port]/printer\n",
134 argv[0]);
135 goto done;
136 }
137
138 /*
139 * If we have 7 arguments, print the file named on the command-line.
140 * Otherwise, print data from stdin...
141 */
142
143 if (argc == 6) {
144 /*
145 * Print from Copy stdin to a temporary file...
146 */
147
148 fp = stdin;
149 copies = 1;
150 } else if ((fp = fopen(argv[6], "rb")) == NULL) {
151 perror("ERROR: Unable to open print file");
152 goto done;
153 } else {
154 copies = atoi(argv[4]);
155 }
156
157 /*
158 * Find the URI...
159 */
160
161 dev_uri = getenv("DEVICE_URI");
162 if (dev_uri) {
163 strncpy(uri, dev_uri, sizeof(uri) - 1);
164 } else if (strncmp(argv[0], "smb://", 6) == 0) {
165 strncpy(uri, argv[0], sizeof(uri) - 1);
166 } else {
167 fputs("ERROR: No device URI found in DEVICE_URI environment variable or argv[0] !\n", stderr);
168 goto done;
169 }
170
171 uri[sizeof(uri) - 1] = '\0';
172
173 /*
174 * Extract the destination from the URI...
175 */
176
177 if ((sep = strrchr_m(uri, '@')) != NULL) {
178 tmp = uri + 6;
179 *sep++ = '\0';
180
181 /* username is in tmp */
182
183 server = sep;
184
185 /*
186 * Extract password as needed...
187 */
188
189 if ((tmp2 = strchr_m(tmp, ':')) != NULL) {
190 *tmp2++ = '\0';
191 password = uri_unescape_alloc(tmp2);
192 } else {
193 password = null_str;
194 }
195 username = uri_unescape_alloc(tmp);
196 } else {
197 if ((username = getenv("AUTH_USERNAME")) == NULL) {
198 username = null_str;
199 }
200
201 if ((password = getenv("AUTH_PASSWORD")) == NULL) {
202 password = null_str;
203 }
204
205 server = uri + 6;
206 }
207
208 tmp = server;
209
210 if ((sep = strchr_m(tmp, '/')) == NULL) {
211 fputs("ERROR: Bad URI - need printer name!\n", stderr);
212 goto done;
213 }
214
215 *sep++ = '\0';
216 tmp2 = sep;
217
218 if ((sep = strchr_m(tmp2, '/')) != NULL) {
219 /*
220 * Convert to smb://[username:password@]workgroup/server/printer...
221 */
222
223 *sep++ = '\0';
224
225 workgroup = uri_unescape_alloc(tmp);
226 server = uri_unescape_alloc(tmp2);
227 printer = uri_unescape_alloc(sep);
228 } else {
229 workgroup = NULL;
230 server = uri_unescape_alloc(tmp);
231 printer = uri_unescape_alloc(tmp2);
232 }
233
234 if ((sep = strrchr_m(server, ':')) != NULL) {
235 *sep++ = '\0';
236
237 port = atoi(sep);
238 } else {
239 port = 0;
240 }
241
242 /*
243 * Setup the SAMBA server state...
244 */
245
246 setup_logging("smbspool", DEBUG_STDOUT);
247
248 lp_set_in_client(True); /* Make sure that we tell lp_load we are */
249
250 load_case_tables();
251
252 if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
253 fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", get_dyn_CONFIGFILE());
254 goto done;
255 }
256
257 if (workgroup == NULL) {
258 workgroup = lp_workgroup();
259 }
260
261 load_interfaces();
262
263 do {
264 cli = smb_connect(workgroup, server, port, printer,
265 username, password, argv[2], &need_auth);
266 if (cli == NULL) {
267 if (need_auth) {
268 exit(2);
269 } else if (getenv("CLASS") == NULL) {
270 fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n");
271 sleep(60);
272 tries++;
273 } else {
274 fprintf(stderr, "ERROR: Unable to connect to CIFS host, trying next printer...\n");
275 goto done;
276 }
277 }
278 } while ((cli == NULL) && (tries < MAX_RETRY_CONNECT));
279
280 if (cli == NULL) {
281 fprintf(stderr, "ERROR: Unable to connect to CIFS host after (tried %d times)\n", tries);
282 goto done;
283 }
284
285 /*
286 * Now that we are connected to the server, ignore SIGTERM so that we
287 * can finish out any page data the driver sends (e.g. to eject the
288 * current page... Only ignore SIGTERM if we are printing data from
289 * stdin (otherwise you can't cancel raw jobs...)
290 */
291
292 if (argc < 7) {
293 CatchSignal(SIGTERM, SIG_IGN);
294 }
295
296 /*
297 * Queue the job...
298 */
299
300 for (i = 0; i < copies; i++) {
301 status = smb_print(cli, argv[3] /* title */ , fp);
302 if (status != 0) {
303 break;
304 }
305 }
306
307 cli_shutdown(cli);
308
309 /*
310 * Return the queue status...
311 */
312
313done:
314
315 TALLOC_FREE(frame);
316 return (status);
317}
318
319
320/*
321 * 'get_exit_code()' - Get the backend exit code based on the current error.
322 */
323
324static int
325get_exit_code(struct cli_state * cli,
326 NTSTATUS nt_status)
327{
328 int i;
329
330 /* List of NTSTATUS errors that are considered
331 * authentication errors
332 */
333 static const NTSTATUS auth_errors[] =
334 {
335 NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
336 NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
337 NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
338 NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
339 NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
340 NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
341 };
342
343
344 fprintf(stderr, "DEBUG: get_exit_code(cli=%p, nt_status=%x)\n",
345 cli, NT_STATUS_V(nt_status));
346
347 for (i = 0; i < ARRAY_SIZE(auth_errors); i++) {
348 if (!NT_STATUS_EQUAL(nt_status, auth_errors[i])) {
349 continue;
350 }
351
352 if (cli) {
353 if (cli->use_kerberos && cli->got_kerberos_mechanism)
354 fputs("ATTR: auth-info-required=negotiate\n", stderr);
355 else
356 fputs("ATTR: auth-info-required=username,password\n", stderr);
357 }
358
359 /*
360 * 2 = authentication required...
361 */
362
363 return (2);
364
365 }
366
367 /*
368 * 1 = fail
369 */
370
371 return (1);
372}
373
374
375/*
376 * 'list_devices()' - List the available printers seen on the network...
377 */
378
379static void
380list_devices(void)
381{
382 /*
383 * Eventually, search the local workgroup for available hosts and printers.
384 */
385
386 puts("network smb \"Unknown\" \"Windows Printer via SAMBA\"");
387}
388
389
390static struct cli_state *
391smb_complete_connection(const char *myname,
392 const char *server,
393 int port,
394 const char *username,
395 const char *password,
396 const char *workgroup,
397 const char *share,
398 int flags,
399 bool *need_auth)
400{
401 struct cli_state *cli; /* New connection */
402 NTSTATUS nt_status;
403
404 /* Start the SMB connection */
405 *need_auth = false;
406 nt_status = cli_start_connection(&cli, myname, server, NULL, port,
407 Undefined, flags);
408 if (!NT_STATUS_IS_OK(nt_status)) {
409 fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
410 return NULL;
411 }
412
413 /*
414 * We pretty much guarantee password must be valid or a pointer to a
415 * 0 char.
416 */
417 if (!password) {
418 *need_auth = true;
419 return NULL;
420 }
421
422 nt_status = cli_session_setup(cli, username,
423 password, strlen(password) + 1,
424 password, strlen(password) + 1,
425 workgroup);
426 if (!NT_STATUS_IS_OK(nt_status)) {
427 fprintf(stderr, "ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
428
429 if (get_exit_code(cli, nt_status) == 2) {
430 *need_auth = true;
431 }
432
433 cli_shutdown(cli);
434
435 return NULL;
436 }
437
438 nt_status = cli_tcon_andx(cli, share, "?????", password,
439 strlen(password) + 1);
440 if (!NT_STATUS_IS_OK(nt_status)) {
441 fprintf(stderr, "ERROR: Tree connect failed (%s)\n",
442 nt_errstr(nt_status));
443
444 if (get_exit_code(cli, nt_status) == 2) {
445 *need_auth = true;
446 }
447
448 cli_shutdown(cli);
449
450 return NULL;
451 }
452#if 0
453 /* Need to work out how to specify this on the URL. */
454 if (smb_encrypt) {
455 if (!cli_cm_force_encryption(cli,
456 username,
457 password,
458 workgroup,
459 share)) {
460 fprintf(stderr, "ERROR: encryption setup failed\n");
461 cli_shutdown(cli);
462 return NULL;
463 }
464 }
465#endif
466
467 return cli;
468}
469
470/*
471 * 'smb_connect()' - Return a connection to a server.
472 */
473
474static struct cli_state * /* O - SMB connection */
475smb_connect(const char *workgroup, /* I - Workgroup */
476 const char *server, /* I - Server */
477 const int port, /* I - Port */
478 const char *share, /* I - Printer */
479 const char *username, /* I - Username */
480 const char *password, /* I - Password */
481 const char *jobusername, /* I - User who issued the print job */
482 bool *need_auth)
483{ /* O - Need authentication? */
484 struct cli_state *cli; /* New connection */
485 char *myname = NULL; /* Client name */
486 struct passwd *pwd;
487
488 /*
489 * Get the names and addresses of the client and server...
490 */
491 myname = get_myname(talloc_tos());
492 if (!myname) {
493 return NULL;
494 }
495
496 /*
497 * See if we have a username first. This is for backwards compatible
498 * behavior with 3.0.14a
499 */
500
501 if (username && *username && !getenv("KRB5CCNAME")) {
502 cli = smb_complete_connection(myname, server, port, username,
503 password, workgroup, share, 0, need_auth);
504 if (cli) {
505 fputs("DEBUG: Connected with username/password...\n", stderr);
506 return (cli);
507 }
508 }
509
510 /*
511 * Try to use the user kerberos credentials (if any) to authenticate
512 */
513 cli = smb_complete_connection(myname, server, port, jobusername, "",
514 workgroup, share,
515 CLI_FULL_CONNECTION_USE_KERBEROS, need_auth);
516
517 if (cli) {
518 fputs("DEBUG: Connected using Kerberos...\n", stderr);
519 return (cli);
520 }
521
522 /* give a chance for a passwordless NTLMSSP session setup */
523 pwd = getpwuid(geteuid());
524 if (pwd == NULL) {
525 return NULL;
526 }
527
528 cli = smb_complete_connection(myname, server, port, pwd->pw_name, "",
529 workgroup, share, 0, need_auth);
530
531 if (cli) {
532 fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
533 return (cli);
534 }
535
536 /*
537 * last try. Use anonymous authentication
538 */
539
540 cli = smb_complete_connection(myname, server, port, "", "",
541 workgroup, share, 0, need_auth);
542 /*
543 * Return the new connection...
544 */
545
546 return (cli);
547}
548
549
550/*
551 * 'smb_print()' - Queue a job for printing using the SMB protocol.
552 */
553
554static int /* O - 0 = success, non-0 = failure */
555smb_print(struct cli_state * cli, /* I - SMB connection */
556 char *title, /* I - Title/job name */
557 FILE * fp)
558{ /* I - File to print */
559 uint16_t fnum; /* File number */
560 int nbytes, /* Number of bytes read */
561 tbytes; /* Total bytes read */
562 char buffer[8192], /* Buffer for copy */
563 *ptr; /* Pointer into title */
564 NTSTATUS nt_status;
565
566
567 /*
568 * Sanitize the title...
569 */
570
571 for (ptr = title; *ptr; ptr++) {
572 if (!isalnum((int) *ptr) && !isspace((int) *ptr)) {
573 *ptr = '_';
574 }
575 }
576
577 /*
578 * Open the printer device...
579 */
580
581 nt_status = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE,
582 &fnum);
583 if (!NT_STATUS_IS_OK(nt_status)) {
584 fprintf(stderr, "ERROR: %s opening remote spool %s\n",
585 nt_errstr(nt_status), title);
586 return get_exit_code(cli, nt_status);
587 }
588
589 /*
590 * Copy the file to the printer...
591 */
592
593 if (fp != stdin)
594 rewind(fp);
595
596 tbytes = 0;
597
598 while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0) {
599 NTSTATUS status;
600
601 status = cli_writeall(cli, fnum, 0, (uint8_t *)buffer,
602 tbytes, nbytes, NULL);
603 if (!NT_STATUS_IS_OK(status)) {
604 int ret = get_exit_code(cli, status);
605 fprintf(stderr, "ERROR: Error writing spool: %s\n",
606 nt_errstr(status));
607 fprintf(stderr, "DEBUG: Returning status %d...\n",
608 ret);
609 cli_close(cli, fnum);
610
611 return (ret);
612 }
613 tbytes += nbytes;
614 }
615
616 nt_status = cli_close(cli, fnum);
617 if (!NT_STATUS_IS_OK(nt_status)) {
618 fprintf(stderr, "ERROR: %s closing remote spool %s\n",
619 nt_errstr(nt_status), title);
620 return get_exit_code(cli, nt_status);
621 } else {
622 return (0);
623 }
624}
625
626static char *
627uri_unescape_alloc(const char *uritok)
628{
629 char *ret;
630
631 ret = (char *) SMB_STRDUP(uritok);
632 if (!ret) {
633 return NULL;
634 }
635
636 rfc1738_unescape(ret);
637 return ret;
638}
Note: See TracBrowser for help on using the repository browser.