[PATCH] Fix for Denied access for all client printing operations against Windows 2016
Justin Stephenson
jstephen at redhat.com
Wed Sep 5 20:55:41 UTC 2018
Thank you for the review Jeremy.
Updated patches attached with the corrected version number in the .xml docs.
Kind regards,
Justin Stephenson
On Wed, Sep 5, 2018 at 4:18 PM, Jeremy Allison <jra at samba.org> wrote:
> On Tue, Sep 04, 2018 at 12:14:59PM -0400, Justin Stephenson via
> samba-technical wrote:
> > Hi,
> >
> > Please see attached patchset to fix Bug 13597
> > https://bugzilla.samba.org/show_bug.cgi?id=13597
> >
> > The microsoft documentation team has confirmed this discovered behavior
> and
> > will be updating the protocol specification regarding the build number
> > requirements.
> >
> > Thank you to Guenther Deschner for writing two of the commits in this
> > patchset.
> >
> > Gitlab Merge request: https://gitlab.com/samba-team/
> samba/merge_requests/66
> >
> > Thank you,
> >
> > Justin Stephenson
>
> Hi Justin,
>
> Thanks a *LOT* for this fix. The code changes LGTM (can I get
> a second Team reviewer please ?).
>
> However, I don't understand the xml documentation patches here.
>
> You have:
>
> +<samba:parameter name="spoolss_client: os_major"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option
> allows
> + to modify the build number. The complete default version
> number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> + </para>
> +</description>
> +<value type="default">2</value>
> +<value type="example">3</value>
>
> +<samba:parameter name="spoolss_client: os_minor"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option
> allows
> + to modify the build number. The complete default version
> number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> + </para>
> +</description>
> +<value type="default">0</value>
> +<value type="example">1</value>
>
> +<samba:parameter name="spoolss_client: os_build"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option
> allows
> + to modify the build number. The complete default version
> number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> + </para>
> +</description>
> +<value type="default">1381</value>
> +<value type="example">6000</value>
>
> But in the code changes you end up with:
>
> +/* Windows 7 and Windows Server 2008 R2 */
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 6
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 1
> +#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 7007
>
> Can you fix up the .xml docs to match the code changes
> you're making, otherwise it's hard for others to understand
> what these parameters mean ?
>
> Thanks.
>
> Jeremy.
>
>
> > From 2475ac8dbfd83c06f4a12dac939aaf38bed81b51 Mon Sep 17 00:00:00 2001
> > From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> > Date: Fri, 31 Aug 2018 17:36:19 +0200
> > Subject: [PATCH 1/6] s3-spoolss: Make spoolss client os_major,os_minor
> and
> > os_build configurable.
> >
> > Similar to spoolss server options, make the client advertised OS version
> > values configurable to allow overriding the defaults provided to the
> print server.
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
> >
> > Signed-off-by: Guenther Deschner <gd at samba.org>
> > ---
> > .../smbdotconf/printing/spoolssosversion.xml | 42 +++++++++++++++++++
> > source3/rpc_client/cli_spoolss.c | 29 ++++++-------
> > source3/rpc_client/init_spoolss.c | 30 +++++++++++++
> > source3/rpc_client/init_spoolss.h | 3 ++
> > 4 files changed, 88 insertions(+), 16 deletions(-)
> >
> > diff --git a/docs-xml/smbdotconf/printing/spoolssosversion.xml
> b/docs-xml/smbdotconf/printing/spoolssosversion.xml
> > index 0ef4489a657..5878a4b00cd 100644
> > --- a/docs-xml/smbdotconf/printing/spoolssosversion.xml
> > +++ b/docs-xml/smbdotconf/printing/spoolssosversion.xml
> > @@ -39,3 +39,45 @@
> > <value type="default">2195</value>
> > <value type="example">7601</value>
> > </samba:parameter>
> > +
> > +<samba:parameter name="spoolss_client: os_major"
> > + context="G"
> > + type="integer"
> > + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc
> ">
> > +<description>
> > + <para>Windows might require a new os version number. This option
> allows
> > + to modify the build number. The complete default version
> number is:
> > + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> > + </para>
> > +</description>
> > +<value type="default">2</value>
> > +<value type="example">3</value>
> > +</samba:parameter>
> > +
> > +<samba:parameter name="spoolss_client: os_minor"
> > + context="G"
> > + type="integer"
> > + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> > +<description>
> > + <para>Windows might require a new os version number. This option
> allows
> > + to modify the build number. The complete default version
> number is:
> > + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> > + </para>
> > +</description>
> > +<value type="default">0</value>
> > +<value type="example">1</value>
> > +</samba:parameter>
> > +
> > +<samba:parameter name="spoolss_client: os_build"
> > + context="G"
> > + type="integer"
> > + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> > +<description>
> > + <para>Windows might require a new os version number. This option
> allows
> > + to modify the build number. The complete default version
> number is:
> > + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows
> 2008 R2).
> > + </para>
> > +</description>
> > +<value type="default">1381</value>
> > +<value type="example">6000</value>
> > +</samba:parameter>
> > diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_
> spoolss.c
> > index 7f6ed8e3c91..36ca806f531 100644
> > --- a/source3/rpc_client/cli_spoolss.c
> > +++ b/source3/rpc_client/cli_spoolss.c
> > @@ -28,6 +28,7 @@
> > #include "rpc_client/cli_spoolss.h"
> > #include "auth/gensec/gensec.h"
> > #include "auth/credentials/credentials.h"
> > +#include "rpc_client/init_spoolss.h"
> >
> > /**********************************************************************
> > convencience wrapper around rpccli_spoolss_OpenPrinterEx
> > @@ -49,14 +50,12 @@ WERROR rpccli_spoolss_openprinter_ex(struct
> rpc_pipe_client *cli,
> >
> > ZERO_STRUCT(devmode_ctr);
> >
> > - level1.size = 28;
> > - level1.client = talloc_asprintf(mem_ctx, "\\\\%s",
> lp_netbios_name());
> > - W_ERROR_HAVE_NO_MEMORY(level1.client);
> > - level1.user = cli_credentials_get_username(creds);
> > - level1.build = 1381;
> > - level1.major = 2;
> > - level1.minor = 0;
> > - level1.processor = 0;
> > + werror = spoolss_init_spoolss_UserLevel1(mem_ctx,
> > +
> cli_credentials_get_username(creds),
> > + &level1);
> > + if (!W_ERROR_IS_OK(werror)) {
> > + return werror;
> > + }
> >
> > userlevel_ctr.level = 1;
> > userlevel_ctr.user_info.level1 = &level1;
> > @@ -229,14 +228,12 @@ WERROR rpccli_spoolss_addprinterex(struct
> rpc_pipe_client *cli,
> > ZERO_STRUCT(devmode_ctr);
> > ZERO_STRUCT(secdesc_ctr);
> >
> > - level1.size = 28;
> > - level1.build = 1381;
> > - level1.major = 2;
> > - level1.minor = 0;
> > - level1.processor = 0;
> > - level1.client = talloc_asprintf(mem_ctx, "\\\\%s",
> lp_netbios_name());
> > - W_ERROR_HAVE_NO_MEMORY(level1.client);
> > - level1.user = cli_credentials_get_username(creds);
> > + result = spoolss_init_spoolss_UserLevel1(mem_ctx,
> > +
> cli_credentials_get_username(creds),
> > + &level1);
> > + if (!W_ERROR_IS_OK(result)) {
> > + return result;
> > + }
> >
> > userlevel_ctr.level = 1;
> > userlevel_ctr.user_info.level1 = &level1;
> > diff --git a/source3/rpc_client/init_spoolss.c
> b/source3/rpc_client/init_spoolss.c
> > index 9a4dab6d417..1996465ee9f 100644
> > --- a/source3/rpc_client/init_spoolss.c
> > +++ b/source3/rpc_client/init_spoolss.c
> > @@ -446,3 +446,33 @@ const char *spoolss_get_short_filesys_environment(const
> char *environment)
> > return NULL;
> > }
> > }
> > +
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 2
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 0
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 1381
> > +
> > +WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> > + const char *username,
> > + struct spoolss_UserLevel1 *r)
> > +{
> > + ZERO_STRUCTP(r);
> > +
> > + r->size = 28;
> > + r->client = talloc_asprintf(mem_ctx, "\\\\%s",
> lp_netbios_name());
> > + W_ERROR_HAVE_NO_MEMORY(r->client);
> > + r->user = talloc_strdup(mem_ctx, username);
> > + W_ERROR_HAVE_NO_MEMORY(r->user);
> > + r->processor = 0;
> > +
> > + r->major = lp_parm_int(GLOBAL_SECTION_SNUM,
> > + "spoolss_client", "os_major",
> > + GLOBAL_SPOOLSS_CLIENT_OS_
> MAJOR_DEFAULT);
> > + r->minor = lp_parm_int(GLOBAL_SECTION_SNUM,
> > + "spoolss_client", "os_minor",
> > + GLOBAL_SPOOLSS_CLIENT_OS_
> MINOR_DEFAULT);
> > + r->build = lp_parm_int(GLOBAL_SECTION_SNUM,
> > + "spoolss_client", "os_build",
> > + GLOBAL_SPOOLSS_CLIENT_OS_
> BUILD_DEFAULT);
> > +
> > + return WERR_OK;
> > +}
> > diff --git a/source3/rpc_client/init_spoolss.h
> b/source3/rpc_client/init_spoolss.h
> > index 376eaefe914..062e37b97e4 100644
> > --- a/source3/rpc_client/init_spoolss.h
> > +++ b/source3/rpc_client/init_spoolss.h
> > @@ -48,5 +48,8 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX
> *mem_ctx,
> > WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
> > struct spoolss_security_descriptor
> **secdesc);
> > const char *spoolss_get_short_filesys_environment(const char
> *environment);
> > +WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> > + const char *username,
> > + struct spoolss_UserLevel1 *r);
> >
> > #endif /* _RPC_CLIENT_INIT_SPOOLSS_H_ */
> > --
> > 2.17.1
> >
> >
> > From b76926934e379cc2f42733bed5594fc339d2f8da Mon Sep 17 00:00:00 2001
> > From: Justin Stephenson <jstephen at redhat.com>
> > Date: Fri, 31 Aug 2018 13:28:58 -0400
> > Subject: [PATCH 2/6] s3-rpc_client: Advertise Windows 7 client info
> >
> > Client printing operations currently fail against Windows
> > Server 2016 with Access Denied if a client os build number
> > lower than 6000 is advertised. Increase the default build number,
> > major, and minor versions to values associated with client
> > OS versoins Windows 7 and Windows Server 2008 R2.
> >
> > The build number value specifically needs to be increased to
> > allow these operations to succeed.
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
> >
> > Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> > ---
> > source3/rpc_client/init_spoolss.c | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/source3/rpc_client/init_spoolss.c
> b/source3/rpc_client/init_spoolss.c
> > index 1996465ee9f..c341b82b6ee 100644
> > --- a/source3/rpc_client/init_spoolss.c
> > +++ b/source3/rpc_client/init_spoolss.c
> > @@ -447,9 +447,10 @@ const char *spoolss_get_short_filesys_environment(const
> char *environment)
> > }
> > }
> >
> > -#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 2
> > -#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 0
> > -#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 1381
> > +/* Windows 7 and Windows Server 2008 R2 */
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 6
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 1
> > +#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 7007
> >
> > WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> > const char *username,
> > --
> > 2.17.1
> >
> >
> > From da7a67846dc2b52dd98d5868a3259c6954290027 Mon Sep 17 00:00:00 2001
> > From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> > Date: Fri, 31 Aug 2018 18:22:04 +0200
> > Subject: [PATCH 3/6] s3-rpcclient: Use spoolss_init_spoolss_UserLevel1
> in
> > winspool cmds
> >
> > Use spoolss initialization function to set client version information for
> > iremotewinspool printer operations
> >
> > Signed-off-by: Guenther Deschner <gd at samba.org>
> > ---
> > source3/rpcclient/cmd_iremotewinspool.c | 16 +++++++++-------
> > 1 file changed, 9 insertions(+), 7 deletions(-)
> >
> > diff --git a/source3/rpcclient/cmd_iremotewinspool.c
> b/source3/rpcclient/cmd_iremotewinspool.c
> > index c6148ec02c7..7f0cecfaf01 100644
> > --- a/source3/rpcclient/cmd_iremotewinspool.c
> > +++ b/source3/rpcclient/cmd_iremotewinspool.c
> > @@ -24,6 +24,7 @@
> > #include "libsmb/libsmb.h"
> > #include "auth/gensec/gensec.h"
> > #include "auth/credentials/credentials.h"
> > +#include "rpc_client/init_spoolss.h"
> >
> > /***********************************************************
> *****************
> > ************************************************************
> ****************/
> > @@ -33,6 +34,7 @@ static WERROR cmd_iremotewinspool_async_open_printer(struct
> rpc_pipe_client *cli
> > int argc, const char
> **argv)
> > {
> > NTSTATUS status;
> > + WERROR werror;
> > struct policy_handle hnd;
> > struct spoolss_DevmodeContainer devmode_ctr;
> > struct spoolss_UserLevelCtr client_info_ctr;
> > @@ -59,13 +61,13 @@ static WERROR cmd_iremotewinspool_async_open_printer(struct
> rpc_pipe_client *cli
> >
> > ZERO_STRUCT(devmode_ctr);
> >
> > - level1.size = 40;
> > - level1.client = talloc_asprintf(mem_ctx, "\\\\%s",
> lp_netbios_name());
> > - W_ERROR_HAVE_NO_MEMORY(level1.client);
> > - level1.user = cli_credentials_get_username(creds);
> > - level1.build = 1381;
> > - level1.major = 3;
> > - level1.minor = 0;
> > + werror = spoolss_init_spoolss_UserLevel1(mem_ctx,
> > +
> cli_credentials_get_username(creds),
> > + &level1);
> > + if (!W_ERROR_IS_OK(werror)) {
> > + return werror;
> > + }
> > +
> > level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
> >
> > client_info_ctr.level = 1;
> > --
> > 2.17.1
> >
> >
> > From ca9bce09f2c81f9fddb8f88ad7f11c746f5ac80b Mon Sep 17 00:00:00 2001
> > From: Justin Stephenson <jstephen at redhat.com>
> > Date: Wed, 15 Aug 2018 11:10:21 -0400
> > Subject: [PATCH 4/6] iremotewinspool-tests: Allow modification of OS
> client
> > version information
> >
> > Add test_get_client_info() function to set and, or modify the client OS
> > version values advertised in the iremotewinspool torture tests.
> >
> > The OS build numbers are used from the table in:
> >
> > [MS-RPRN] <168> Section 2.2.3.10.1
> >
> > Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> > ---
> > source4/torture/rpc/iremotewinspool.c | 86 ++++++++++++++++++++++-----
> > 1 file changed, 72 insertions(+), 14 deletions(-)
> >
> > diff --git a/source4/torture/rpc/iremotewinspool.c
> b/source4/torture/rpc/iremotewinspool.c
> > index d419e9c082b..d80f2f74c65 100644
> > --- a/source4/torture/rpc/iremotewinspool.c
> > +++ b/source4/torture/rpc/iremotewinspool.c
> > @@ -33,31 +33,77 @@ struct test_iremotewinspool_context {
> > const char *environment;
> > };
> >
> > +enum client_os_version
> > +{
> > + WIN_2000,
> > + WIN_VISTA,
> > + WIN_SERVER_2008,
> > + WIN_7,
> > + WIN_SERVER_2008R2,
> > + WIN_8,
> > + WIN_SERVER_2012,
> > + WIN_10,
> > + WIN_SERVER_2016
> > +};
> > +
> > +static struct spoolss_UserLevel1 test_get_client_info(struct
> torture_context *tctx,
> > + enum
> client_os_version os,
> > + enum
> spoolss_MajorVersion major_number,
> > + enum
> spoolss_MinorVersion minor_number)
> > +{
> > + struct spoolss_UserLevel1 level1;
> > +
> > + level1.size = 28;
> > + level1.client = talloc_asprintf(tctx, "\\\\%s", "mthelena");
> > + level1.user = "GD";
> > + level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
> > + level1.major = major_number;
> > + level1.minor = minor_number;
> > +
> > + switch (os) {
> > + case WIN_SERVER_2016:
> > + case WIN_10:
> > + level1.build = 10586;
> > + break;
> > + case WIN_SERVER_2012:
> > + case WIN_8:
> > + level1.build = 9200;
> > + break;
> > + case WIN_SERVER_2008R2:
> > + case WIN_7:
> > + level1.build = 7007;
> > + break;
> > + case WIN_SERVER_2008:
> > + case WIN_VISTA:
> > + level1.build = 6000;
> > + break;
> > + case WIN_2000:
> > + level1.build = 1382;
> > + break;
> > + default:
> > + level1.build = 7007;
> > + }
> > +
> > + return level1;
> > +}
> > +
> > static bool test_AsyncOpenPrinter_byprinter(struct torture_context
> *tctx,
> > struct
> test_iremotewinspool_context *ctx,
> > struct dcerpc_pipe *p,
> > const char *printer_name,
> > + struct spoolss_UserLevel1
> cinfo,
> > struct policy_handle *handle)
> > {
> > struct dcerpc_binding_handle *b = p->binding_handle;
> > struct spoolss_DevmodeContainer devmode_ctr;
> > struct spoolss_UserLevelCtr client_info_ctr;
> > - struct spoolss_UserLevel1 level1;
> > uint32_t access_mask = SERVER_ALL_ACCESS;
> > struct winspool_AsyncOpenPrinter r;
> >
> > ZERO_STRUCT(devmode_ctr);
> >
> > - level1.size = 28;
> > - level1.client = talloc_asprintf(tctx, "\\\\%s", "mthelena");
> > - level1.user = "GD";
> > - level1.build = 1381;
> > - level1.major = 3;
> > - level1.minor = 0;
> > - level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
> > -
> > client_info_ctr.level = 1;
> > - client_info_ctr.user_info.level1 = &level1;
> > + client_info_ctr.user_info.level1 = &cinfo;
> >
> > r.in.pPrinterName = printer_name;
> > r.in.pDatatype = NULL;
> > @@ -196,6 +242,7 @@ static bool torture_rpc_iremotewinspool_setup_common(struct
> torture_context *tct
> > struct
> test_iremotewinspool_context *t)
> > {
> > const char *printer_name;
> > + struct spoolss_UserLevel1 client_info;
> > struct dcerpc_binding *binding;
> >
> > torture_assert_ntstatus_ok(tctx,
> > @@ -216,10 +263,12 @@ static bool torture_rpc_iremotewinspool_setup_common(struct
> torture_context *tct
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(t->iremotewinspool_pipe));
> >
> > + client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > +
> > torture_assert(tctx,
> > test_AsyncOpenPrinter_byprinter(tctx, t,
> > t->iremotewinspool_pipe,
> printer_name,
> > - &t->server_handle),
> > + client_info,
> &t->server_handle),
> > "failed to open
> printserver");
> > torture_assert(tctx,
> > test_get_environment(tctx,
> > @@ -269,12 +318,15 @@ static bool test_AsyncClosePrinter(struct
> torture_context *tctx,
> >
> > struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> > const char *printer_name;
> > + struct spoolss_UserLevel1 client_info;
> > struct policy_handle handle;
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > + client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > +
> > torture_assert(tctx,
> > - test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, &handle),
> > + test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > "failed to test AsyncOpenPrinter");
> >
> > torture_assert(tctx,
> > @@ -292,12 +344,15 @@ static bool test_AsyncOpenPrinter(struct
> torture_context *tctx,
> >
> > struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> > const char *printer_name;
> > + struct spoolss_UserLevel1 client_info;
> > struct policy_handle handle;
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > + client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > +
> > torture_assert(tctx,
> > - test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, &handle),
> > + test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > "failed to test AsyncOpenPrinter");
> >
> > test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
> > @@ -871,6 +926,7 @@ static bool test_OpenPrinter(struct torture_context
> *tctx,
> > struct policy_handle handle;
> > struct dcerpc_pipe *s;
> > struct dcerpc_binding *binding;
> > + struct spoolss_UserLevel1 client_info;
> > struct spoolss_ClosePrinter r;
> >
> > torture_assert_ntstatus_ok(tctx,
> > @@ -891,8 +947,10 @@ static bool test_OpenPrinter(struct torture_context
> *tctx,
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > + client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > +
> > torture_assert(tctx,
> > - test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, &handle),
> > + test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > "failed to open printserver via winspool");
> >
> >
> > --
> > 2.17.1
> >
> >
> > From 80ee68584befaaad8e2e55d950c04d5d1a6bc873 Mon Sep 17 00:00:00 2001
> > From: Justin Stephenson <jstephen at redhat.com>
> > Date: Wed, 22 Aug 2018 13:23:18 -0400
> > Subject: [PATCH 5/6] iremotewinspool-tests: Add client os build number
> > validation test
> >
> > Add test validating the AsyncOpenPrinter result based on the provided
> > client info build number
> >
> > Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> > ---
> > source4/torture/rpc/iremotewinspool.c | 65 +++++++++++++++++++++++++++
> > 1 file changed, 65 insertions(+)
> >
> > diff --git a/source4/torture/rpc/iremotewinspool.c
> b/source4/torture/rpc/iremotewinspool.c
> > index d80f2f74c65..805f46c8b89 100644
> > --- a/source4/torture/rpc/iremotewinspool.c
> > +++ b/source4/torture/rpc/iremotewinspool.c
> > @@ -360,6 +360,70 @@ static bool test_AsyncOpenPrinter(struct
> torture_context *tctx,
> > return true;
> > }
> >
> > +/*
> > + * Validate the result of AsyncOpenPrinter calls based on client info
> > + * build number. Windows Server 2016 rejects an advertised build
> > + * number less than 6000(Windows Vista and Windows Server 2008, or
> older)
> > + */
> > +static bool test_AsyncOpenPrinterValidateBuildNumber(struct
> torture_context *tctx,
> > + void *private_data)
> > +{
> > + struct test_iremotewinspool_context *ctx =
> > + talloc_get_type_abort(private_data, struct
> test_iremotewinspool_context);
> > +
> > + struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> > + const char *printer_name;
> > + struct spoolss_UserLevel1 client_info;
> > + struct policy_handle handle;
> > + struct dcerpc_binding_handle *b = p->binding_handle;
> > + struct spoolss_DevmodeContainer devmode_ctr;
> > + struct spoolss_UserLevelCtr client_info_ctr = {
> > + .level = 1,
> > + };
> > + uint32_t access_mask = SERVER_ALL_ACCESS;
> > + struct winspool_AsyncOpenPrinter r;
> > + NTSTATUS status;
> > + bool ok = false;
> > +
> > + printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> > + torture_assert_not_null(tctx, printer_name, "Cannot allocate
> memory");
> > +
> > + /* fail with Windows 2000 build number */
> > + client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > +
> > + ZERO_STRUCT(devmode_ctr);
> > +
> > + client_info_ctr.user_info.level1 = &client_info;
> > +
> > + r.in.pPrinterName = printer_name;
> > + r.in.pDatatype = NULL;
> > + r.in.pDevModeContainer = &devmode_ctr;
> > + r.in.AccessRequired = access_mask;
> > + r.in.pClientInfo = &client_info_ctr;
> > + r.out.pHandle = &handle;
> > +
> > + status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
> > + torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter
> failed");
> > + torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
> > + "AsyncOpenPrinter should have failed");
> > +
> > + /* succeed with Windows 7 build number */
> > + client_info = test_get_client_info(tctx, WIN_7, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info_ctr.user_info.level1 = &client_info;
> > + r.in.pClientInfo = &client_info_ctr;
> > +
> > + status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
> > + torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter
> failed");
> > + torture_assert_werr_ok(tctx, r.out.result,
> > + "AsyncOpenPrinter failed");
> > +
> > + ok = test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
> > + torture_assert(tctx, ok, "failed to AsyncClosePrinter handle");
> > +
> > + return true;
> > +
> > +}
> > +
> > static struct spoolss_NotifyOption *setup_printserver_NotifyOption(struct
> torture_context *tctx)
> > {
> > struct spoolss_NotifyOption *o;
> > @@ -986,6 +1050,7 @@ struct torture_suite *torture_rpc_iremotewinspool(TALLOC_CTX
> *mem_ctx)
> > torture_tcase_add_simple_test(tcase, "
> AsyncCorePrinterDriverInstalled", test_AsyncCorePrinterDriverInstalled);
> > torture_tcase_add_simple_test(tcase, "
> AsyncDeletePrintDriverPackage", test_AsyncDeletePrintDriverPackage);
> > torture_tcase_add_simple_test(tcase, "
> AsyncGetPrinterDriverDirectory", test_AsyncGetPrinterDriverDirectory);
> > + torture_tcase_add_simple_test(tcase, "
> AsyncOpenPrinterValidateBuildNumber", test_AsyncOpenPrinterValidateBuildN
> umber);
> >
> > tcase = torture_suite_add_tcase(suite, "handles");
> >
> > --
> > 2.17.1
> >
> >
> > From cb14b4cea01f7018de7440ff482e11834d35c85b Mon Sep 17 00:00:00 2001
> > From: Justin Stephenson <jstephen at redhat.com>
> > Date: Fri, 31 Aug 2018 15:28:36 -0400
> > Subject: [PATCH 6/6] spoolss-iremotewinspool-tests: Use more recent
> client OS
> > version
> >
> > Set torture test client info build, major, and minor
> > version numbers to Windows 7 and Windows Server 2008 R2 values
> >
> > buildnum: 7007
> > major: 6
> > minor: 1
> >
> > Build number taken from
> > [MS-RPRN] <168> Section 2.2.3.10.1
> >
> > Major/Minor numbers taken from
> > https://docs.microsoft.com/en-us/windows/desktop/sysinfo/
> operating-system-version
> >
> > Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> > ---
> > source4/torture/rpc/iremotewinspool.c | 10 +++++-----
> > source4/torture/rpc/spoolss_access.c | 7 ++++---
> > 2 files changed, 9 insertions(+), 8 deletions(-)
> >
> > diff --git a/source4/torture/rpc/iremotewinspool.c
> b/source4/torture/rpc/iremotewinspool.c
> > index 805f46c8b89..b4dbe71160e 100644
> > --- a/source4/torture/rpc/iremotewinspool.c
> > +++ b/source4/torture/rpc/iremotewinspool.c
> > @@ -263,7 +263,7 @@ static bool torture_rpc_iremotewinspool_setup_common(struct
> torture_context *tct
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(t->iremotewinspool_pipe));
> >
> > - client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> >
> > torture_assert(tctx,
> > test_AsyncOpenPrinter_byprinter(tctx, t,
> > @@ -323,7 +323,7 @@ static bool test_AsyncClosePrinter(struct
> torture_context *tctx,
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > - client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> >
> > torture_assert(tctx,
> > test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > @@ -349,7 +349,7 @@ static bool test_AsyncOpenPrinter(struct
> torture_context *tctx,
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > - client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> >
> > torture_assert(tctx,
> > test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > @@ -408,7 +408,7 @@ static bool test_AsyncOpenPrinterValidateBuildNumber(struct
> torture_context *tct
> > "AsyncOpenPrinter should have failed");
> >
> > /* succeed with Windows 7 build number */
> > - client_info = test_get_client_info(tctx, WIN_7, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> > client_info_ctr.user_info.level1 = &client_info;
> > r.in.pClientInfo = &client_info_ctr;
> >
> > @@ -1011,7 +1011,7 @@ static bool test_OpenPrinter(struct
> torture_context *tctx,
> >
> > printer_name = talloc_asprintf(tctx, "\\\\%s",
> dcerpc_server_name(p));
> >
> > - client_info = test_get_client_info(tctx, WIN_2000, 3,
> SPOOLSS_MINOR_VERSION_0);
> > + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> >
> > torture_assert(tctx,
> > test_AsyncOpenPrinter_byprinter(tctx, ctx, p,
> printer_name, client_info, &handle),
> > diff --git a/source4/torture/rpc/spoolss_access.c
> b/source4/torture/rpc/spoolss_access.c
> > index 28cecf08b14..946b420b60a 100644
> > --- a/source4/torture/rpc/spoolss_access.c
> > +++ b/source4/torture/rpc/spoolss_access.c
> > @@ -74,9 +74,10 @@ static bool test_openprinter_handle(struct
> torture_context *tctx,
> > level1.size = 28;
> > level1.client = talloc_asprintf(tctx, "\\\\%s", "smbtorture");
> > level1.user = username;
> > - level1.build = 1381;
> > - level1.major = 3;
> > - level1.minor = 0;
> > + /* Windows 7 and Windows Server 2008 R2 */
> > + level1.build = 7007;
> > + level1.major = 6;
> > + level1.minor = 1;
> > level1.processor= 0;
> >
> > r.in.printername = printername;
> > --
> > 2.17.1
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: printing-osclient_info_fix.patch
Type: text/x-patch
Size: 23586 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180905/90163097/printing-osclient_info_fix-0001.bin>
More information about the samba-technical
mailing list