Context Navigation

source: vendor/3.6.9/source3/client/smbspool.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 16.0 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	SMB backend for the Common UNIX Printing System ("CUPS")
4
5	Copyright (C) Michael R Sweet 1999
6	Copyright (C) Andrew Tridgell 1994-1998
7	Copyright (C) Andrew Bartlett 2002
8	Copyright (C) Rodrigo Fernandez-Vizarra 2005
9	Copyright (C) James Peach 2008
10
11	This program is free software; you can redistribute it and/or modify
12	it under the terms of the GNU General Public License as published by
13	the Free Software Foundation; either version 3 of the License, or
14	(at your option) any later version.
15
16	This program is distributed in the hope that it will be useful,
17	but WITHOUT ANY WARRANTY; without even the implied warranty of
18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	GNU General Public License for more details.
20
21	You should have received a copy of the GNU General Public License
22	along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	#include "includes.h"
26	#include "system/filesys.h"
27	#include "system/passwd.h"
28	#include "libsmb/libsmb.h"
29
30	/*
31	* Starting with CUPS 1.3, Kerberos support is provided by cupsd including
32	* the forwarding of user credentials via the authenticated session between
33	* user and server and the KRB5CCNAME environment variable which will point
34	* to a temporary file or an in-memory representation depending on the version
35	* of Kerberos you use. As a result, all of the ticket code that used to
36	* live here has been removed, and we depend on the user session (if you
37	* run smbspool by hand) or cupsd to provide the necessary Kerberos info.
38	*
39	* Also, the AUTH_USERNAME and AUTH_PASSWORD environment variables provide
40	* for per-job authentication for non-Kerberized printing. We use those
41	* if there is no username and password specified in the device URI.
42	*
43	* Finally, if we have an authentication failure we return exit code 2
44	* which tells CUPS to hold the job for authentication and bug the user
45	* to get the necessary credentials.
46	*/
47
48	#define MAX_RETRY_CONNECT 3
49
50
51	/*
52	* Globals...
53	*/
54
55
56
57	/*
58	* Local functions...
59	*/
60
61	static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status);
62	static void list_devices(void);
63	static struct cli_state smb_complete_connection(const char , const char *,
64	int, const char , const char , const char , const char , int, bool *need_auth);
65	static struct cli_state smb_connect(const char , const char *, int, const
66	char , const char , const char , const char , bool *need_auth);
67	static int smb_print(struct cli_state , char , FILE *);
68	static char uri_unescape_alloc(const char );
69	#if 0
70	static bool smb_encrypt;
71	#endif
72
73	/*
74	* 'main()' - Main entry for SMB backend.
75	*/
76
77	int /* O - Exit status */
78	main(int argc, /* I - Number of command-line arguments */
79	char *argv[])
80	{ /* I - Command-line arguments */
81	int i; /* Looping var */
82	int copies; /* Number of copies */
83	int port; /* Port number */
84	char uri[1024], /* URI */
85	sep, / Pointer to separator */
86	tmp, tmp2, /* Temp pointers to do escaping */
87	password; / Password */
88	char username, / Username */
89	server, / Server name */
90	printer;/ Printer name */
91	const char workgroup; / Workgroup */
92	FILE fp; / File to print */
93	int status = 1; /* Status of LPD job */
94	struct cli_state cli; / SMB interface */
95	char null_str[1];
96	int tries = 0;
97	bool need_auth = true;
98	const char *dev_uri;
99	TALLOC_CTX *frame = talloc_stackframe();
100
101	null_str[0] = '\0';
102
103	/*
104	* we expect the URI in argv[0]. Detect the case where it is in
105	* argv[1] and cope
106	*/
107	if (argc > 2 && strncmp(argv[0], "smb://", 6) &&
108	strncmp(argv[1], "smb://", 6) == 0) {
109	argv++;
110	argc--;
111	}
112
113	if (argc == 1) {
114	/*
115	* NEW! In CUPS 1.1 the backends are run with no arguments
116	* to list the available devices. These can be devices
117	* served by this backend or any other backends (i.e. you
118	* can have an SNMP backend that is only used to enumerate
119	* the available network printers... :)
120	*/
121
122	list_devices();
123	status = 0;
124	goto done;
125	}
126
127	if (argc < 6 \|\| argc > 7) {
128	fprintf(stderr,
129	"Usage: %s [DEVICE_URI] job-id user title copies options [file]\n"
130	" The DEVICE_URI environment variable can also contain the\n"
131	" destination printer:\n"
132	"\n"
133	" smb://[username:password@][workgroup/]server[:port]/printer\n",
134	argv[0]);
135	goto done;
136	}
137
138	/*
139	* If we have 7 arguments, print the file named on the command-line.
140	* Otherwise, print data from stdin...
141	*/
142
143	if (argc == 6) {
144	/*
145	* Print from Copy stdin to a temporary file...
146	*/
147
148	fp = stdin;
149	copies = 1;
150	} else if ((fp = fopen(argv[6], "rb")) == NULL) {
151	perror("ERROR: Unable to open print file");
152	goto done;
153	} else {
154	copies = atoi(argv[4]);
155	}
156
157	/*
158	* Find the URI...
159	*/
160
161	dev_uri = getenv("DEVICE_URI");
162	if (dev_uri) {
163	strncpy(uri, dev_uri, sizeof(uri) - 1);
164	} else if (strncmp(argv[0], "smb://", 6) == 0) {
165	strncpy(uri, argv[0], sizeof(uri) - 1);
166	} else {
167	fputs("ERROR: No device URI found in DEVICE_URI environment variable or argv[0] !\n", stderr);
168	goto done;
169	}
170
171	uri[sizeof(uri) - 1] = '\0';
172
173	/*
174	* Extract the destination from the URI...
175	*/
176
177	if ((sep = strrchr_m(uri, '@')) != NULL) {
178	tmp = uri + 6;
179	*sep++ = '\0';
180
181	/* username is in tmp */
182
183	server = sep;
184
185	/*
186	* Extract password as needed...
187	*/
188
189	if ((tmp2 = strchr_m(tmp, ':')) != NULL) {
190	*tmp2++ = '\0';
191	password = uri_unescape_alloc(tmp2);
192	} else {
193	password = null_str;
194	}
195	username = uri_unescape_alloc(tmp);
196	} else {
197	if ((username = getenv("AUTH_USERNAME")) == NULL) {
198	username = null_str;
199	}
200
201	if ((password = getenv("AUTH_PASSWORD")) == NULL) {
202	password = null_str;
203	}
204
205	server = uri + 6;
206	}
207
208	tmp = server;
209
210	if ((sep = strchr_m(tmp, '/')) == NULL) {
211	fputs("ERROR: Bad URI - need printer name!\n", stderr);
212	goto done;
213	}
214
215	*sep++ = '\0';
216	tmp2 = sep;
217
218	if ((sep = strchr_m(tmp2, '/')) != NULL) {
219	/*
220	* Convert to smb://[username:password@]workgroup/server/printer...
221	*/
222
223	*sep++ = '\0';
224
225	workgroup = uri_unescape_alloc(tmp);
226	server = uri_unescape_alloc(tmp2);
227	printer = uri_unescape_alloc(sep);
228	} else {
229	workgroup = NULL;
230	server = uri_unescape_alloc(tmp);
231	printer = uri_unescape_alloc(tmp2);
232	}
233
234	if ((sep = strrchr_m(server, ':')) != NULL) {
235	*sep++ = '\0';
236
237	port = atoi(sep);
238	} else {
239	port = 0;
240	}
241
242	/*
243	* Setup the SAMBA server state...
244	*/
245
246	setup_logging("smbspool", DEBUG_STDOUT);
247
248	lp_set_in_client(True); /* Make sure that we tell lp_load we are */
249
250	load_case_tables();
251
252	if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
253	fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", get_dyn_CONFIGFILE());
254	goto done;
255	}
256
257	if (workgroup == NULL) {
258	workgroup = lp_workgroup();
259	}
260
261	load_interfaces();
262
263	do {
264	cli = smb_connect(workgroup, server, port, printer,
265	username, password, argv[2], &need_auth);
266	if (cli == NULL) {
267	if (need_auth) {
268	exit(2);
269	} else if (getenv("CLASS") == NULL) {
270	fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n");
271	sleep(60);
272	tries++;
273	} else {
274	fprintf(stderr, "ERROR: Unable to connect to CIFS host, trying next printer...\n");
275	goto done;
276	}
277	}
278	} while ((cli == NULL) && (tries < MAX_RETRY_CONNECT));
279
280	if (cli == NULL) {
281	fprintf(stderr, "ERROR: Unable to connect to CIFS host after (tried %d times)\n", tries);
282	goto done;
283	}
284
285	/*
286	* Now that we are connected to the server, ignore SIGTERM so that we
287	* can finish out any page data the driver sends (e.g. to eject the
288	* current page... Only ignore SIGTERM if we are printing data from
289	* stdin (otherwise you can't cancel raw jobs...)
290	*/
291
292	if (argc < 7) {
293	CatchSignal(SIGTERM, SIG_IGN);
294	}
295
296	/*
297	* Queue the job...
298	*/
299
300	for (i = 0; i < copies; i++) {
301	status = smb_print(cli, argv[3] /* title */ , fp);
302	if (status != 0) {
303	break;
304	}
305	}
306
307	cli_shutdown(cli);
308
309	/*
310	* Return the queue status...
311	*/
312
313	done:
314
315	TALLOC_FREE(frame);
316	return (status);
317	}
318
319
320	/*
321	* 'get_exit_code()' - Get the backend exit code based on the current error.
322	*/
323
324	static int
325	get_exit_code(struct cli_state * cli,
326	NTSTATUS nt_status)
327	{
328	int i;
329
330	/* List of NTSTATUS errors that are considered
331	* authentication errors
332	*/
333	static const NTSTATUS auth_errors[] =
334	{
335	NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
336	NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
337	NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
338	NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
339	NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
340	NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
341	};
342
343
344	fprintf(stderr, "DEBUG: get_exit_code(cli=%p, nt_status=%x)\n",
345	cli, NT_STATUS_V(nt_status));
346
347	for (i = 0; i < ARRAY_SIZE(auth_errors); i++) {
348	if (!NT_STATUS_EQUAL(nt_status, auth_errors[i])) {
349	continue;
350	}
351
352	if (cli) {
353	if (cli->use_kerberos && cli->got_kerberos_mechanism)
354	fputs("ATTR: auth-info-required=negotiate\n", stderr);
355	else
356	fputs("ATTR: auth-info-required=username,password\n", stderr);
357	}
358
359	/*
360	* 2 = authentication required...
361	*/
362
363	return (2);
364
365	}
366
367	/*
368	* 1 = fail
369	*/
370
371	return (1);
372	}
373
374
375	/*
376	* 'list_devices()' - List the available printers seen on the network...
377	*/
378
379	static void
380	list_devices(void)
381	{
382	/*
383	* Eventually, search the local workgroup for available hosts and printers.
384	*/
385
386	puts("network smb \"Unknown\" \"Windows Printer via SAMBA\"");
387	}
388
389
390	static struct cli_state *
391	smb_complete_connection(const char *myname,
392	const char *server,
393	int port,
394	const char *username,
395	const char *password,
396	const char *workgroup,
397	const char *share,
398	int flags,
399	bool *need_auth)
400	{
401	struct cli_state cli; / New connection */
402	NTSTATUS nt_status;
403
404	/* Start the SMB connection */
405	*need_auth = false;
406	nt_status = cli_start_connection(&cli, myname, server, NULL, port,
407	Undefined, flags);
408	if (!NT_STATUS_IS_OK(nt_status)) {
409	fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
410	return NULL;
411	}
412
413	/*
414	* We pretty much guarantee password must be valid or a pointer to a
415	* 0 char.
416	*/
417	if (!password) {
418	*need_auth = true;
419	return NULL;
420	}
421
422	nt_status = cli_session_setup(cli, username,
423	password, strlen(password) + 1,
424	password, strlen(password) + 1,
425	workgroup);
426	if (!NT_STATUS_IS_OK(nt_status)) {
427	fprintf(stderr, "ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
428
429	if (get_exit_code(cli, nt_status) == 2) {
430	*need_auth = true;
431	}
432
433	cli_shutdown(cli);
434
435	return NULL;
436	}
437
438	nt_status = cli_tcon_andx(cli, share, "?????", password,
439	strlen(password) + 1);
440	if (!NT_STATUS_IS_OK(nt_status)) {
441	fprintf(stderr, "ERROR: Tree connect failed (%s)\n",
442	nt_errstr(nt_status));
443
444	if (get_exit_code(cli, nt_status) == 2) {
445	*need_auth = true;
446	}
447
448	cli_shutdown(cli);
449
450	return NULL;
451	}
452	#if 0
453	/* Need to work out how to specify this on the URL. */
454	if (smb_encrypt) {
455	if (!cli_cm_force_encryption(cli,
456	username,
457	password,
458	workgroup,
459	share)) {
460	fprintf(stderr, "ERROR: encryption setup failed\n");
461	cli_shutdown(cli);
462	return NULL;
463	}
464	}
465	#endif
466
467	return cli;
468	}
469
470	/*
471	* 'smb_connect()' - Return a connection to a server.
472	*/
473
474	static struct cli_state * /* O - SMB connection */
475	smb_connect(const char workgroup, / I - Workgroup */
476	const char server, / I - Server */
477	const int port, /* I - Port */
478	const char share, / I - Printer */
479	const char username, / I - Username */
480	const char password, / I - Password */
481	const char jobusername, / I - User who issued the print job */
482	bool *need_auth)
483	{ /* O - Need authentication? */
484	struct cli_state cli; / New connection */
485	char myname = NULL; / Client name */
486	struct passwd *pwd;
487
488	/*
489	* Get the names and addresses of the client and server...
490	*/
491	myname = get_myname(talloc_tos());
492	if (!myname) {
493	return NULL;
494	}
495
496	/*
497	* See if we have a username first. This is for backwards compatible
498	* behavior with 3.0.14a
499	*/
500
501	if (username && *username && !getenv("KRB5CCNAME")) {
502	cli = smb_complete_connection(myname, server, port, username,
503	password, workgroup, share, 0, need_auth);
504	if (cli) {
505	fputs("DEBUG: Connected with username/password...\n", stderr);
506	return (cli);
507	}
508	}
509
510	/*
511	* Try to use the user kerberos credentials (if any) to authenticate
512	*/
513	cli = smb_complete_connection(myname, server, port, jobusername, "",
514	workgroup, share,
515	CLI_FULL_CONNECTION_USE_KERBEROS, need_auth);
516
517	if (cli) {
518	fputs("DEBUG: Connected using Kerberos...\n", stderr);
519	return (cli);
520	}
521
522	/* give a chance for a passwordless NTLMSSP session setup */
523	pwd = getpwuid(geteuid());
524	if (pwd == NULL) {
525	return NULL;
526	}
527
528	cli = smb_complete_connection(myname, server, port, pwd->pw_name, "",
529	workgroup, share, 0, need_auth);
530
531	if (cli) {
532	fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
533	return (cli);
534	}
535
536	/*
537	* last try. Use anonymous authentication
538	*/
539
540	cli = smb_complete_connection(myname, server, port, "", "",
541	workgroup, share, 0, need_auth);
542	/*
543	* Return the new connection...
544	*/
545
546	return (cli);
547	}
548
549
550	/*
551	* 'smb_print()' - Queue a job for printing using the SMB protocol.
552	*/
553
554	static int /* O - 0 = success, non-0 = failure */
555	smb_print(struct cli_state * cli, /* I - SMB connection */
556	char title, / I - Title/job name */
557	FILE * fp)
558	{ /* I - File to print */
559	uint16_t fnum; /* File number */
560	int nbytes, /* Number of bytes read */
561	tbytes; /* Total bytes read */
562	char buffer[8192], /* Buffer for copy */
563	ptr; / Pointer into title */
564	NTSTATUS nt_status;
565
566
567	/*
568	* Sanitize the title...
569	*/
570
571	for (ptr = title; *ptr; ptr++) {
572	if (!isalnum((int) ptr) && !isspace((int) ptr)) {
573	*ptr = '_';
574	}
575	}
576
577	/*
578	* Open the printer device...
579	*/
580
581	nt_status = cli_open(cli, title, O_RDWR \| O_CREAT \| O_TRUNC, DENY_NONE,
582	&fnum);
583	if (!NT_STATUS_IS_OK(nt_status)) {
584	fprintf(stderr, "ERROR: %s opening remote spool %s\n",
585	nt_errstr(nt_status), title);
586	return get_exit_code(cli, nt_status);
587	}
588
589	/*
590	* Copy the file to the printer...
591	*/
592
593	if (fp != stdin)
594	rewind(fp);
595
596	tbytes = 0;
597
598	while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0) {
599	NTSTATUS status;
600
601	status = cli_writeall(cli, fnum, 0, (uint8_t *)buffer,
602	tbytes, nbytes, NULL);
603	if (!NT_STATUS_IS_OK(status)) {
604	int ret = get_exit_code(cli, status);
605	fprintf(stderr, "ERROR: Error writing spool: %s\n",
606	nt_errstr(status));
607	fprintf(stderr, "DEBUG: Returning status %d...\n",
608	ret);
609	cli_close(cli, fnum);
610
611	return (ret);
612	}
613	tbytes += nbytes;
614	}
615
616	nt_status = cli_close(cli, fnum);
617	if (!NT_STATUS_IS_OK(nt_status)) {
618	fprintf(stderr, "ERROR: %s closing remote spool %s\n",
619	nt_errstr(nt_status), title);
620	return get_exit_code(cli, nt_status);
621	} else {
622	return (0);
623	}
624	}
625
626	static char *
627	uri_unescape_alloc(const char *uritok)
628	{
629	char *ret;
630
631	ret = (char *) SMB_STRDUP(uritok);
632	if (!ret) {
633	return NULL;
634	}
635
636	rfc1738_unescape(ret);
637	return ret;
638	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: