2
Unix SMB/CIFS implementation.
3
SMB backend for the Common UNIX Printing System ("CUPS")
5
Copyright (C) Michael R Sweet 1999
6
Copyright (C) Andrew Tridgell 1994-1998
7
Copyright (C) Andrew Bartlett 2002
8
Copyright (C) Rodrigo Fernandez-Vizarra 2005
9
Copyright (C) James Peach 2008
11
This program is free software; you can redistribute it and/or modify
12
it under the terms of the GNU General Public License as published by
13
the Free Software Foundation; either version 3 of the License, or
14
(at your option) any later version.
16
This program is distributed in the hope that it will be useful,
17
but WITHOUT ANY WARRANTY; without even the implied warranty of
18
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
GNU General Public License for more details.
21
You should have received a copy of the GNU General Public License
22
along with this program. If not, see <http://www.gnu.org/licenses/>.
28
* Starting with CUPS 1.3, Kerberos support is provided by cupsd including
29
* the forwarding of user credentials via the authenticated session between
30
* user and server and the KRB5CCNAME environment variable which will point
31
* to a temporary file or an in-memory representation depending on the version
32
* of Kerberos you use. As a result, all of the ticket code that used to
33
* live here has been removed, and we depend on the user session (if you
34
* run smbspool by hand) or cupsd to provide the necessary Kerberos info.
36
* Also, the AUTH_USERNAME and AUTH_PASSWORD environment variables provide
37
* for per-job authentication for non-Kerberized printing. We use those
38
* if there is no username and password specified in the device URI.
40
* Finally, if we have an authentication failure we return exit code 2
41
* which tells CUPS to hold the job for authentication and bug the user
42
* to get the necessary credentials.
45
#define MAX_RETRY_CONNECT 3
58
static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status);
59
static void list_devices(void);
60
static struct cli_state *smb_complete_connection(const char *, const char *,
61
int, const char *, const char *, const char *, const char *, int, bool *need_auth);
62
static struct cli_state *smb_connect(const char *, const char *, int, const
63
char *, const char *, const char *, const char *, bool *need_auth);
64
static int smb_print(struct cli_state *, char *, FILE *);
65
static char *uri_unescape_alloc(const char *);
67
static bool smb_encrypt;
71
* 'main()' - Main entry for SMB backend.
74
int /* O - Exit status */
75
main(int argc, /* I - Number of command-line arguments */
77
{ /* I - Command-line arguments */
78
int i; /* Looping var */
79
int copies; /* Number of copies */
80
int port; /* Port number */
81
char uri[1024], /* URI */
82
*sep, /* Pointer to separator */
83
*tmp, *tmp2, /* Temp pointers to do escaping */
84
*password; /* Password */
85
char *username, /* Username */
86
*server, /* Server name */
87
*printer;/* Printer name */
88
const char *workgroup; /* Workgroup */
89
FILE *fp; /* File to print */
90
int status = 1; /* Status of LPD job */
91
struct cli_state *cli; /* SMB interface */
94
bool need_auth = true;
96
TALLOC_CTX *frame = talloc_stackframe();
101
* we expect the URI in argv[0]. Detect the case where it is in
104
if (argc > 2 && strncmp(argv[0], "smb://", 6) &&
105
strncmp(argv[1], "smb://", 6) == 0) {
112
* NEW! In CUPS 1.1 the backends are run with no arguments
113
* to list the available devices. These can be devices
114
* served by this backend or any other backends (i.e. you
115
* can have an SNMP backend that is only used to enumerate
116
* the available network printers... :)
124
if (argc < 6 || argc > 7) {
126
"Usage: %s [DEVICE_URI] job-id user title copies options [file]\n"
127
" The DEVICE_URI environment variable can also contain the\n"
128
" destination printer:\n"
130
" smb://[username:password@][workgroup/]server[:port]/printer\n",
136
* If we have 7 arguments, print the file named on the command-line.
137
* Otherwise, print data from stdin...
142
* Print from Copy stdin to a temporary file...
147
} else if ((fp = fopen(argv[6], "rb")) == NULL) {
148
perror("ERROR: Unable to open print file");
151
copies = atoi(argv[4]);
158
dev_uri = getenv("DEVICE_URI");
160
strncpy(uri, dev_uri, sizeof(uri) - 1);
161
} else if (strncmp(argv[0], "smb://", 6) == 0) {
162
strncpy(uri, argv[0], sizeof(uri) - 1);
164
fputs("ERROR: No device URI found in DEVICE_URI environment variable or argv[0] !\n", stderr);
168
uri[sizeof(uri) - 1] = '\0';
171
* Extract the destination from the URI...
174
if ((sep = strrchr_m(uri, '@')) != NULL) {
178
/* username is in tmp */
183
* Extract password as needed...
186
if ((tmp2 = strchr_m(tmp, ':')) != NULL) {
188
password = uri_unescape_alloc(tmp2);
192
username = uri_unescape_alloc(tmp);
194
if ((username = getenv("AUTH_USERNAME")) == NULL) {
198
if ((password = getenv("AUTH_PASSWORD")) == NULL) {
207
if ((sep = strchr_m(tmp, '/')) == NULL) {
208
fputs("ERROR: Bad URI - need printer name!\n", stderr);
215
if ((sep = strchr_m(tmp2, '/')) != NULL) {
217
* Convert to smb://[username:password@]workgroup/server/printer...
222
workgroup = uri_unescape_alloc(tmp);
223
server = uri_unescape_alloc(tmp2);
224
printer = uri_unescape_alloc(sep);
227
server = uri_unescape_alloc(tmp);
228
printer = uri_unescape_alloc(tmp2);
231
if ((sep = strrchr_m(server, ':')) != NULL) {
240
* Setup the SAMBA server state...
243
setup_logging("smbspool", True);
245
lp_set_in_client(True); /* Make sure that we tell lp_load we are */
249
if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
250
fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", get_dyn_CONFIGFILE());
254
if (workgroup == NULL) {
255
workgroup = lp_workgroup();
261
cli = smb_connect(workgroup, server, port, printer,
262
username, password, argv[2], &need_auth);
266
} else if (getenv("CLASS") == NULL) {
267
fprintf(stderr, "ERROR: Unable to connect to CIFS host, will retry in 60 seconds...\n");
271
fprintf(stderr, "ERROR: Unable to connect to CIFS host, trying next printer...\n");
275
} while ((cli == NULL) && (tries < MAX_RETRY_CONNECT));
278
fprintf(stderr, "ERROR: Unable to connect to CIFS host after (tried %d times)\n", tries);
283
* Now that we are connected to the server, ignore SIGTERM so that we
284
* can finish out any page data the driver sends (e.g. to eject the
285
* current page... Only ignore SIGTERM if we are printing data from
286
* stdin (otherwise you can't cancel raw jobs...)
290
CatchSignal(SIGTERM, SIG_IGN);
297
for (i = 0; i < copies; i++) {
298
status = smb_print(cli, argv[3] /* title */ , fp);
307
* Return the queue status...
318
* 'get_exit_code()' - Get the backend exit code based on the current error.
322
get_exit_code(struct cli_state * cli,
327
/* List of NTSTATUS errors that are considered
328
* authentication errors
330
static const NTSTATUS auth_errors[] =
332
NT_STATUS_ACCESS_DENIED, NT_STATUS_ACCESS_VIOLATION,
333
NT_STATUS_SHARING_VIOLATION, NT_STATUS_PRIVILEGE_NOT_HELD,
334
NT_STATUS_INVALID_ACCOUNT_NAME, NT_STATUS_NO_SUCH_USER,
335
NT_STATUS_WRONG_PASSWORD, NT_STATUS_LOGON_FAILURE,
336
NT_STATUS_ACCOUNT_RESTRICTION, NT_STATUS_INVALID_LOGON_HOURS,
337
NT_STATUS_PASSWORD_EXPIRED, NT_STATUS_ACCOUNT_DISABLED
341
fprintf(stderr, "DEBUG: get_exit_code(cli=%p, nt_status=%x)\n",
342
cli, NT_STATUS_V(nt_status));
344
for (i = 0; i < ARRAY_SIZE(auth_errors); i++) {
345
if (!NT_STATUS_EQUAL(nt_status, auth_errors[i])) {
350
if (cli->use_kerberos && cli->got_kerberos_mechanism)
351
fputs("ATTR: auth-info-required=negotiate\n", stderr);
353
fputs("ATTR: auth-info-required=username,password\n", stderr);
357
* 2 = authentication required...
373
* 'list_devices()' - List the available printers seen on the network...
380
* Eventually, search the local workgroup for available hosts and printers.
383
puts("network smb \"Unknown\" \"Windows Printer via SAMBA\"");
387
static struct cli_state *
388
smb_complete_connection(const char *myname,
391
const char *username,
392
const char *password,
393
const char *workgroup,
398
struct cli_state *cli; /* New connection */
401
/* Start the SMB connection */
403
nt_status = cli_start_connection(&cli, myname, server, NULL, port,
404
Undefined, flags, NULL);
405
if (!NT_STATUS_IS_OK(nt_status)) {
406
fprintf(stderr, "ERROR: Connection failed: %s\n", nt_errstr(nt_status));
411
* We pretty much guarantee password must be valid or a pointer to a
419
nt_status = cli_session_setup(cli, username,
420
password, strlen(password) + 1,
421
password, strlen(password) + 1,
423
if (!NT_STATUS_IS_OK(nt_status)) {
424
fprintf(stderr, "ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
426
if (get_exit_code(cli, nt_status) == 2) {
435
nt_status = cli_tcon_andx(cli, share, "?????", password,
436
strlen(password) + 1);
437
if (!NT_STATUS_IS_OK(nt_status)) {
438
fprintf(stderr, "ERROR: Tree connect failed (%s)\n",
439
nt_errstr(nt_status));
441
if (get_exit_code(cli, nt_status) == 2) {
450
/* Need to work out how to specify this on the URL. */
452
if (!cli_cm_force_encryption(cli,
457
fprintf(stderr, "ERROR: encryption setup failed\n");
468
* 'smb_connect()' - Return a connection to a server.
471
static struct cli_state * /* O - SMB connection */
472
smb_connect(const char *workgroup, /* I - Workgroup */
473
const char *server, /* I - Server */
474
const int port, /* I - Port */
475
const char *share, /* I - Printer */
476
const char *username, /* I - Username */
477
const char *password, /* I - Password */
478
const char *jobusername, /* I - User who issued the print job */
480
{ /* O - Need authentication? */
481
struct cli_state *cli; /* New connection */
482
char *myname = NULL; /* Client name */
486
* Get the names and addresses of the client and server...
488
myname = get_myname(talloc_tos());
494
* See if we have a username first. This is for backwards compatible
495
* behavior with 3.0.14a
498
if (username && *username && !getenv("KRB5CCNAME")) {
499
cli = smb_complete_connection(myname, server, port, username,
500
password, workgroup, share, 0, need_auth);
502
fputs("DEBUG: Connected with username/password...\n", stderr);
508
* Try to use the user kerberos credentials (if any) to authenticate
510
cli = smb_complete_connection(myname, server, port, jobusername, "",
512
CLI_FULL_CONNECTION_USE_KERBEROS, need_auth);
515
fputs("DEBUG: Connected using Kerberos...\n", stderr);
519
/* give a chance for a passwordless NTLMSSP session setup */
520
pwd = getpwuid(geteuid());
525
cli = smb_complete_connection(myname, server, port, pwd->pw_name, "",
526
workgroup, share, 0, need_auth);
529
fputs("DEBUG: Connected with NTLMSSP...\n", stderr);
534
* last try. Use anonymous authentication
537
cli = smb_complete_connection(myname, server, port, "", "",
538
workgroup, share, 0, need_auth);
540
* Return the new connection...
548
* 'smb_print()' - Queue a job for printing using the SMB protocol.
551
static int /* O - 0 = success, non-0 = failure */
552
smb_print(struct cli_state * cli, /* I - SMB connection */
553
char *title, /* I - Title/job name */
555
{ /* I - File to print */
556
int fnum; /* File number */
557
int nbytes, /* Number of bytes read */
558
tbytes; /* Total bytes read */
559
char buffer[8192], /* Buffer for copy */
560
*ptr; /* Pointer into title */
564
* Sanitize the title...
567
for (ptr = title; *ptr; ptr++) {
568
if (!isalnum((int) *ptr) && !isspace((int) *ptr)) {
574
* Open the printer device...
577
fnum = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
579
fprintf(stderr, "ERROR: %s opening remote spool %s\n",
580
cli_errstr(cli), title);
581
return (get_exit_code(cli, cli_nt_error(cli)));
585
* Copy the file to the printer...
593
while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0) {
594
if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes) {
595
int status = get_exit_code(cli, cli_nt_error(cli));
597
fprintf(stderr, "ERROR: Error writing spool: %s\n", cli_errstr(cli));
598
fprintf(stderr, "DEBUG: Returning status %d...\n", status);
599
cli_close(cli, fnum);
606
if (!cli_close(cli, fnum)) {
607
fprintf(stderr, "ERROR: %s closing remote spool %s\n",
608
cli_errstr(cli), title);
609
return (get_exit_code(cli, cli_nt_error(cli)));
616
uri_unescape_alloc(const char *uritok)
620
ret = (char *) SMB_STRDUP(uritok);
625
rfc1738_unescape(ret);