[PATCH] Fix for Denied access for all client printing operations against Windows 2016
Jeremy Allison
jra at samba.org
Wed Sep 5 20:18:48 UTC 2018
On Tue, Sep 04, 2018 at 12:14:59PM -0400, Justin Stephenson via samba-technical wrote:
> Hi,
>
> Please see attached patchset to fix Bug 13597
> https://bugzilla.samba.org/show_bug.cgi?id=13597
>
> The microsoft documentation team has confirmed this discovered behavior and
> will be updating the protocol specification regarding the build number
> requirements.
>
> Thank you to Guenther Deschner for writing two of the commits in this
> patchset.
>
> Gitlab Merge request: https://gitlab.com/samba-team/samba/merge_requests/66
>
> Thank you,
>
> Justin Stephenson
Hi Justin,
Thanks a *LOT* for this fix. The code changes LGTM (can I get
a second Team reviewer please ?).
However, I don't understand the xml documentation patches here.
You have:
+<samba:parameter name="spoolss_client: os_major"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Windows might require a new os version number. This option allows
+ to modify the build number. The complete default version number is:
+ 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
+ </para>
+</description>
+<value type="default">2</value>
+<value type="example">3</value>
+<samba:parameter name="spoolss_client: os_minor"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Windows might require a new os version number. This option allows
+ to modify the build number. The complete default version number is:
+ 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
+ </para>
+</description>
+<value type="default">0</value>
+<value type="example">1</value>
+<samba:parameter name="spoolss_client: os_build"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Windows might require a new os version number. This option allows
+ to modify the build number. The complete default version number is:
+ 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
+ </para>
+</description>
+<value type="default">1381</value>
+<value type="example">6000</value>
But in the code changes you end up with:
+/* Windows 7 and Windows Server 2008 R2 */
+#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 6
+#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 1
+#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 7007
Can you fix up the .xml docs to match the code changes
you're making, otherwise it's hard for others to understand
what these parameters mean ?
Thanks.
Jeremy.
> From 2475ac8dbfd83c06f4a12dac939aaf38bed81b51 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> Date: Fri, 31 Aug 2018 17:36:19 +0200
> Subject: [PATCH 1/6] s3-spoolss: Make spoolss client os_major,os_minor and
> os_build configurable.
>
> Similar to spoolss server options, make the client advertised OS version
> values configurable to allow overriding the defaults provided to the print server.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
>
> Signed-off-by: Guenther Deschner <gd at samba.org>
> ---
> .../smbdotconf/printing/spoolssosversion.xml | 42 +++++++++++++++++++
> source3/rpc_client/cli_spoolss.c | 29 ++++++-------
> source3/rpc_client/init_spoolss.c | 30 +++++++++++++
> source3/rpc_client/init_spoolss.h | 3 ++
> 4 files changed, 88 insertions(+), 16 deletions(-)
>
> diff --git a/docs-xml/smbdotconf/printing/spoolssosversion.xml b/docs-xml/smbdotconf/printing/spoolssosversion.xml
> index 0ef4489a657..5878a4b00cd 100644
> --- a/docs-xml/smbdotconf/printing/spoolssosversion.xml
> +++ b/docs-xml/smbdotconf/printing/spoolssosversion.xml
> @@ -39,3 +39,45 @@
> <value type="default">2195</value>
> <value type="example">7601</value>
> </samba:parameter>
> +
> +<samba:parameter name="spoolss_client: os_major"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option allows
> + to modify the build number. The complete default version number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
> + </para>
> +</description>
> +<value type="default">2</value>
> +<value type="example">3</value>
> +</samba:parameter>
> +
> +<samba:parameter name="spoolss_client: os_minor"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option allows
> + to modify the build number. The complete default version number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
> + </para>
> +</description>
> +<value type="default">0</value>
> +<value type="example">1</value>
> +</samba:parameter>
> +
> +<samba:parameter name="spoolss_client: os_build"
> + context="G"
> + type="integer"
> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> +<description>
> + <para>Windows might require a new os version number. This option allows
> + to modify the build number. The complete default version number is:
> + 5.0.2195 (Windows 2000). The example is 6.1.7601 (Windows 2008 R2).
> + </para>
> +</description>
> +<value type="default">1381</value>
> +<value type="example">6000</value>
> +</samba:parameter>
> diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
> index 7f6ed8e3c91..36ca806f531 100644
> --- a/source3/rpc_client/cli_spoolss.c
> +++ b/source3/rpc_client/cli_spoolss.c
> @@ -28,6 +28,7 @@
> #include "rpc_client/cli_spoolss.h"
> #include "auth/gensec/gensec.h"
> #include "auth/credentials/credentials.h"
> +#include "rpc_client/init_spoolss.h"
>
> /**********************************************************************
> convencience wrapper around rpccli_spoolss_OpenPrinterEx
> @@ -49,14 +50,12 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli,
>
> ZERO_STRUCT(devmode_ctr);
>
> - level1.size = 28;
> - level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
> - W_ERROR_HAVE_NO_MEMORY(level1.client);
> - level1.user = cli_credentials_get_username(creds);
> - level1.build = 1381;
> - level1.major = 2;
> - level1.minor = 0;
> - level1.processor = 0;
> + werror = spoolss_init_spoolss_UserLevel1(mem_ctx,
> + cli_credentials_get_username(creds),
> + &level1);
> + if (!W_ERROR_IS_OK(werror)) {
> + return werror;
> + }
>
> userlevel_ctr.level = 1;
> userlevel_ctr.user_info.level1 = &level1;
> @@ -229,14 +228,12 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli,
> ZERO_STRUCT(devmode_ctr);
> ZERO_STRUCT(secdesc_ctr);
>
> - level1.size = 28;
> - level1.build = 1381;
> - level1.major = 2;
> - level1.minor = 0;
> - level1.processor = 0;
> - level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
> - W_ERROR_HAVE_NO_MEMORY(level1.client);
> - level1.user = cli_credentials_get_username(creds);
> + result = spoolss_init_spoolss_UserLevel1(mem_ctx,
> + cli_credentials_get_username(creds),
> + &level1);
> + if (!W_ERROR_IS_OK(result)) {
> + return result;
> + }
>
> userlevel_ctr.level = 1;
> userlevel_ctr.user_info.level1 = &level1;
> diff --git a/source3/rpc_client/init_spoolss.c b/source3/rpc_client/init_spoolss.c
> index 9a4dab6d417..1996465ee9f 100644
> --- a/source3/rpc_client/init_spoolss.c
> +++ b/source3/rpc_client/init_spoolss.c
> @@ -446,3 +446,33 @@ const char *spoolss_get_short_filesys_environment(const char *environment)
> return NULL;
> }
> }
> +
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 2
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 0
> +#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 1381
> +
> +WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> + const char *username,
> + struct spoolss_UserLevel1 *r)
> +{
> + ZERO_STRUCTP(r);
> +
> + r->size = 28;
> + r->client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
> + W_ERROR_HAVE_NO_MEMORY(r->client);
> + r->user = talloc_strdup(mem_ctx, username);
> + W_ERROR_HAVE_NO_MEMORY(r->user);
> + r->processor = 0;
> +
> + r->major = lp_parm_int(GLOBAL_SECTION_SNUM,
> + "spoolss_client", "os_major",
> + GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT);
> + r->minor = lp_parm_int(GLOBAL_SECTION_SNUM,
> + "spoolss_client", "os_minor",
> + GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT);
> + r->build = lp_parm_int(GLOBAL_SECTION_SNUM,
> + "spoolss_client", "os_build",
> + GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT);
> +
> + return WERR_OK;
> +}
> diff --git a/source3/rpc_client/init_spoolss.h b/source3/rpc_client/init_spoolss.h
> index 376eaefe914..062e37b97e4 100644
> --- a/source3/rpc_client/init_spoolss.h
> +++ b/source3/rpc_client/init_spoolss.h
> @@ -48,5 +48,8 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX *mem_ctx,
> WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
> struct spoolss_security_descriptor **secdesc);
> const char *spoolss_get_short_filesys_environment(const char *environment);
> +WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> + const char *username,
> + struct spoolss_UserLevel1 *r);
>
> #endif /* _RPC_CLIENT_INIT_SPOOLSS_H_ */
> --
> 2.17.1
>
>
> From b76926934e379cc2f42733bed5594fc339d2f8da Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Fri, 31 Aug 2018 13:28:58 -0400
> Subject: [PATCH 2/6] s3-rpc_client: Advertise Windows 7 client info
>
> Client printing operations currently fail against Windows
> Server 2016 with Access Denied if a client os build number
> lower than 6000 is advertised. Increase the default build number,
> major, and minor versions to values associated with client
> OS versoins Windows 7 and Windows Server 2008 R2.
>
> The build number value specifically needs to be increased to
> allow these operations to succeed.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
>
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source3/rpc_client/init_spoolss.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/source3/rpc_client/init_spoolss.c b/source3/rpc_client/init_spoolss.c
> index 1996465ee9f..c341b82b6ee 100644
> --- a/source3/rpc_client/init_spoolss.c
> +++ b/source3/rpc_client/init_spoolss.c
> @@ -447,9 +447,10 @@ const char *spoolss_get_short_filesys_environment(const char *environment)
> }
> }
>
> -#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 2
> -#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 0
> -#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 1381
> +/* Windows 7 and Windows Server 2008 R2 */
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MAJOR_DEFAULT 6
> +#define GLOBAL_SPOOLSS_CLIENT_OS_MINOR_DEFAULT 1
> +#define GLOBAL_SPOOLSS_CLIENT_OS_BUILD_DEFAULT 7007
>
> WERROR spoolss_init_spoolss_UserLevel1(TALLOC_CTX *mem_ctx,
> const char *username,
> --
> 2.17.1
>
>
> From da7a67846dc2b52dd98d5868a3259c6954290027 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
> Date: Fri, 31 Aug 2018 18:22:04 +0200
> Subject: [PATCH 3/6] s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in
> winspool cmds
>
> Use spoolss initialization function to set client version information for
> iremotewinspool printer operations
>
> Signed-off-by: Guenther Deschner <gd at samba.org>
> ---
> source3/rpcclient/cmd_iremotewinspool.c | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/source3/rpcclient/cmd_iremotewinspool.c b/source3/rpcclient/cmd_iremotewinspool.c
> index c6148ec02c7..7f0cecfaf01 100644
> --- a/source3/rpcclient/cmd_iremotewinspool.c
> +++ b/source3/rpcclient/cmd_iremotewinspool.c
> @@ -24,6 +24,7 @@
> #include "libsmb/libsmb.h"
> #include "auth/gensec/gensec.h"
> #include "auth/credentials/credentials.h"
> +#include "rpc_client/init_spoolss.h"
>
> /****************************************************************************
> ****************************************************************************/
> @@ -33,6 +34,7 @@ static WERROR cmd_iremotewinspool_async_open_printer(struct rpc_pipe_client *cli
> int argc, const char **argv)
> {
> NTSTATUS status;
> + WERROR werror;
> struct policy_handle hnd;
> struct spoolss_DevmodeContainer devmode_ctr;
> struct spoolss_UserLevelCtr client_info_ctr;
> @@ -59,13 +61,13 @@ static WERROR cmd_iremotewinspool_async_open_printer(struct rpc_pipe_client *cli
>
> ZERO_STRUCT(devmode_ctr);
>
> - level1.size = 40;
> - level1.client = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
> - W_ERROR_HAVE_NO_MEMORY(level1.client);
> - level1.user = cli_credentials_get_username(creds);
> - level1.build = 1381;
> - level1.major = 3;
> - level1.minor = 0;
> + werror = spoolss_init_spoolss_UserLevel1(mem_ctx,
> + cli_credentials_get_username(creds),
> + &level1);
> + if (!W_ERROR_IS_OK(werror)) {
> + return werror;
> + }
> +
> level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
>
> client_info_ctr.level = 1;
> --
> 2.17.1
>
>
> From ca9bce09f2c81f9fddb8f88ad7f11c746f5ac80b Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Wed, 15 Aug 2018 11:10:21 -0400
> Subject: [PATCH 4/6] iremotewinspool-tests: Allow modification of OS client
> version information
>
> Add test_get_client_info() function to set and, or modify the client OS
> version values advertised in the iremotewinspool torture tests.
>
> The OS build numbers are used from the table in:
>
> [MS-RPRN] <168> Section 2.2.3.10.1
>
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source4/torture/rpc/iremotewinspool.c | 86 ++++++++++++++++++++++-----
> 1 file changed, 72 insertions(+), 14 deletions(-)
>
> diff --git a/source4/torture/rpc/iremotewinspool.c b/source4/torture/rpc/iremotewinspool.c
> index d419e9c082b..d80f2f74c65 100644
> --- a/source4/torture/rpc/iremotewinspool.c
> +++ b/source4/torture/rpc/iremotewinspool.c
> @@ -33,31 +33,77 @@ struct test_iremotewinspool_context {
> const char *environment;
> };
>
> +enum client_os_version
> +{
> + WIN_2000,
> + WIN_VISTA,
> + WIN_SERVER_2008,
> + WIN_7,
> + WIN_SERVER_2008R2,
> + WIN_8,
> + WIN_SERVER_2012,
> + WIN_10,
> + WIN_SERVER_2016
> +};
> +
> +static struct spoolss_UserLevel1 test_get_client_info(struct torture_context *tctx,
> + enum client_os_version os,
> + enum spoolss_MajorVersion major_number,
> + enum spoolss_MinorVersion minor_number)
> +{
> + struct spoolss_UserLevel1 level1;
> +
> + level1.size = 28;
> + level1.client = talloc_asprintf(tctx, "\\\\%s", "mthelena");
> + level1.user = "GD";
> + level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
> + level1.major = major_number;
> + level1.minor = minor_number;
> +
> + switch (os) {
> + case WIN_SERVER_2016:
> + case WIN_10:
> + level1.build = 10586;
> + break;
> + case WIN_SERVER_2012:
> + case WIN_8:
> + level1.build = 9200;
> + break;
> + case WIN_SERVER_2008R2:
> + case WIN_7:
> + level1.build = 7007;
> + break;
> + case WIN_SERVER_2008:
> + case WIN_VISTA:
> + level1.build = 6000;
> + break;
> + case WIN_2000:
> + level1.build = 1382;
> + break;
> + default:
> + level1.build = 7007;
> + }
> +
> + return level1;
> +}
> +
> static bool test_AsyncOpenPrinter_byprinter(struct torture_context *tctx,
> struct test_iremotewinspool_context *ctx,
> struct dcerpc_pipe *p,
> const char *printer_name,
> + struct spoolss_UserLevel1 cinfo,
> struct policy_handle *handle)
> {
> struct dcerpc_binding_handle *b = p->binding_handle;
> struct spoolss_DevmodeContainer devmode_ctr;
> struct spoolss_UserLevelCtr client_info_ctr;
> - struct spoolss_UserLevel1 level1;
> uint32_t access_mask = SERVER_ALL_ACCESS;
> struct winspool_AsyncOpenPrinter r;
>
> ZERO_STRUCT(devmode_ctr);
>
> - level1.size = 28;
> - level1.client = talloc_asprintf(tctx, "\\\\%s", "mthelena");
> - level1.user = "GD";
> - level1.build = 1381;
> - level1.major = 3;
> - level1.minor = 0;
> - level1.processor = PROCESSOR_ARCHITECTURE_AMD64;
> -
> client_info_ctr.level = 1;
> - client_info_ctr.user_info.level1 = &level1;
> + client_info_ctr.user_info.level1 = &cinfo;
>
> r.in.pPrinterName = printer_name;
> r.in.pDatatype = NULL;
> @@ -196,6 +242,7 @@ static bool torture_rpc_iremotewinspool_setup_common(struct torture_context *tct
> struct test_iremotewinspool_context *t)
> {
> const char *printer_name;
> + struct spoolss_UserLevel1 client_info;
> struct dcerpc_binding *binding;
>
> torture_assert_ntstatus_ok(tctx,
> @@ -216,10 +263,12 @@ static bool torture_rpc_iremotewinspool_setup_common(struct torture_context *tct
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(t->iremotewinspool_pipe));
>
> + client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> +
> torture_assert(tctx,
> test_AsyncOpenPrinter_byprinter(tctx, t,
> t->iremotewinspool_pipe, printer_name,
> - &t->server_handle),
> + client_info, &t->server_handle),
> "failed to open printserver");
> torture_assert(tctx,
> test_get_environment(tctx,
> @@ -269,12 +318,15 @@ static bool test_AsyncClosePrinter(struct torture_context *tctx,
>
> struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> const char *printer_name;
> + struct spoolss_UserLevel1 client_info;
> struct policy_handle handle;
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> + client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> +
> torture_assert(tctx,
> - test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, &handle),
> + test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> "failed to test AsyncOpenPrinter");
>
> torture_assert(tctx,
> @@ -292,12 +344,15 @@ static bool test_AsyncOpenPrinter(struct torture_context *tctx,
>
> struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> const char *printer_name;
> + struct spoolss_UserLevel1 client_info;
> struct policy_handle handle;
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> + client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> +
> torture_assert(tctx,
> - test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, &handle),
> + test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> "failed to test AsyncOpenPrinter");
>
> test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
> @@ -871,6 +926,7 @@ static bool test_OpenPrinter(struct torture_context *tctx,
> struct policy_handle handle;
> struct dcerpc_pipe *s;
> struct dcerpc_binding *binding;
> + struct spoolss_UserLevel1 client_info;
> struct spoolss_ClosePrinter r;
>
> torture_assert_ntstatus_ok(tctx,
> @@ -891,8 +947,10 @@ static bool test_OpenPrinter(struct torture_context *tctx,
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> + client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> +
> torture_assert(tctx,
> - test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, &handle),
> + test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> "failed to open printserver via winspool");
>
>
> --
> 2.17.1
>
>
> From 80ee68584befaaad8e2e55d950c04d5d1a6bc873 Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Wed, 22 Aug 2018 13:23:18 -0400
> Subject: [PATCH 5/6] iremotewinspool-tests: Add client os build number
> validation test
>
> Add test validating the AsyncOpenPrinter result based on the provided
> client info build number
>
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source4/torture/rpc/iremotewinspool.c | 65 +++++++++++++++++++++++++++
> 1 file changed, 65 insertions(+)
>
> diff --git a/source4/torture/rpc/iremotewinspool.c b/source4/torture/rpc/iremotewinspool.c
> index d80f2f74c65..805f46c8b89 100644
> --- a/source4/torture/rpc/iremotewinspool.c
> +++ b/source4/torture/rpc/iremotewinspool.c
> @@ -360,6 +360,70 @@ static bool test_AsyncOpenPrinter(struct torture_context *tctx,
> return true;
> }
>
> +/*
> + * Validate the result of AsyncOpenPrinter calls based on client info
> + * build number. Windows Server 2016 rejects an advertised build
> + * number less than 6000(Windows Vista and Windows Server 2008, or older)
> + */
> +static bool test_AsyncOpenPrinterValidateBuildNumber(struct torture_context *tctx,
> + void *private_data)
> +{
> + struct test_iremotewinspool_context *ctx =
> + talloc_get_type_abort(private_data, struct test_iremotewinspool_context);
> +
> + struct dcerpc_pipe *p = ctx->iremotewinspool_pipe;
> + const char *printer_name;
> + struct spoolss_UserLevel1 client_info;
> + struct policy_handle handle;
> + struct dcerpc_binding_handle *b = p->binding_handle;
> + struct spoolss_DevmodeContainer devmode_ctr;
> + struct spoolss_UserLevelCtr client_info_ctr = {
> + .level = 1,
> + };
> + uint32_t access_mask = SERVER_ALL_ACCESS;
> + struct winspool_AsyncOpenPrinter r;
> + NTSTATUS status;
> + bool ok = false;
> +
> + printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
> + torture_assert_not_null(tctx, printer_name, "Cannot allocate memory");
> +
> + /* fail with Windows 2000 build number */
> + client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> +
> + ZERO_STRUCT(devmode_ctr);
> +
> + client_info_ctr.user_info.level1 = &client_info;
> +
> + r.in.pPrinterName = printer_name;
> + r.in.pDatatype = NULL;
> + r.in.pDevModeContainer = &devmode_ctr;
> + r.in.AccessRequired = access_mask;
> + r.in.pClientInfo = &client_info_ctr;
> + r.out.pHandle = &handle;
> +
> + status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
> + torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter failed");
> + torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
> + "AsyncOpenPrinter should have failed");
> +
> + /* succeed with Windows 7 build number */
> + client_info = test_get_client_info(tctx, WIN_7, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info_ctr.user_info.level1 = &client_info;
> + r.in.pClientInfo = &client_info_ctr;
> +
> + status = dcerpc_winspool_AsyncOpenPrinter_r(b, tctx, &r);
> + torture_assert_ntstatus_ok(tctx, status, "AsyncOpenPrinter failed");
> + torture_assert_werr_ok(tctx, r.out.result,
> + "AsyncOpenPrinter failed");
> +
> + ok = test_AsyncClosePrinter_byhandle(tctx, ctx, p, &handle);
> + torture_assert(tctx, ok, "failed to AsyncClosePrinter handle");
> +
> + return true;
> +
> +}
> +
> static struct spoolss_NotifyOption *setup_printserver_NotifyOption(struct torture_context *tctx)
> {
> struct spoolss_NotifyOption *o;
> @@ -986,6 +1050,7 @@ struct torture_suite *torture_rpc_iremotewinspool(TALLOC_CTX *mem_ctx)
> torture_tcase_add_simple_test(tcase, "AsyncCorePrinterDriverInstalled", test_AsyncCorePrinterDriverInstalled);
> torture_tcase_add_simple_test(tcase, "AsyncDeletePrintDriverPackage", test_AsyncDeletePrintDriverPackage);
> torture_tcase_add_simple_test(tcase, "AsyncGetPrinterDriverDirectory", test_AsyncGetPrinterDriverDirectory);
> + torture_tcase_add_simple_test(tcase, "AsyncOpenPrinterValidateBuildNumber", test_AsyncOpenPrinterValidateBuildNumber);
>
> tcase = torture_suite_add_tcase(suite, "handles");
>
> --
> 2.17.1
>
>
> From cb14b4cea01f7018de7440ff482e11834d35c85b Mon Sep 17 00:00:00 2001
> From: Justin Stephenson <jstephen at redhat.com>
> Date: Fri, 31 Aug 2018 15:28:36 -0400
> Subject: [PATCH 6/6] spoolss-iremotewinspool-tests: Use more recent client OS
> version
>
> Set torture test client info build, major, and minor
> version numbers to Windows 7 and Windows Server 2008 R2 values
>
> buildnum: 7007
> major: 6
> minor: 1
>
> Build number taken from
> [MS-RPRN] <168> Section 2.2.3.10.1
>
> Major/Minor numbers taken from
> https://docs.microsoft.com/en-us/windows/desktop/sysinfo/operating-system-version
>
> Signed-off-by: Justin Stephenson <jstephen at redhat.com>
> ---
> source4/torture/rpc/iremotewinspool.c | 10 +++++-----
> source4/torture/rpc/spoolss_access.c | 7 ++++---
> 2 files changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/source4/torture/rpc/iremotewinspool.c b/source4/torture/rpc/iremotewinspool.c
> index 805f46c8b89..b4dbe71160e 100644
> --- a/source4/torture/rpc/iremotewinspool.c
> +++ b/source4/torture/rpc/iremotewinspool.c
> @@ -263,7 +263,7 @@ static bool torture_rpc_iremotewinspool_setup_common(struct torture_context *tct
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(t->iremotewinspool_pipe));
>
> - client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
>
> torture_assert(tctx,
> test_AsyncOpenPrinter_byprinter(tctx, t,
> @@ -323,7 +323,7 @@ static bool test_AsyncClosePrinter(struct torture_context *tctx,
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> - client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
>
> torture_assert(tctx,
> test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> @@ -349,7 +349,7 @@ static bool test_AsyncOpenPrinter(struct torture_context *tctx,
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> - client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
>
> torture_assert(tctx,
> test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> @@ -408,7 +408,7 @@ static bool test_AsyncOpenPrinterValidateBuildNumber(struct torture_context *tct
> "AsyncOpenPrinter should have failed");
>
> /* succeed with Windows 7 build number */
> - client_info = test_get_client_info(tctx, WIN_7, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
> client_info_ctr.user_info.level1 = &client_info;
> r.in.pClientInfo = &client_info_ctr;
>
> @@ -1011,7 +1011,7 @@ static bool test_OpenPrinter(struct torture_context *tctx,
>
> printer_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
>
> - client_info = test_get_client_info(tctx, WIN_2000, 3, SPOOLSS_MINOR_VERSION_0);
> + client_info = test_get_client_info(tctx, WIN_7, 6, 1);
>
> torture_assert(tctx,
> test_AsyncOpenPrinter_byprinter(tctx, ctx, p, printer_name, client_info, &handle),
> diff --git a/source4/torture/rpc/spoolss_access.c b/source4/torture/rpc/spoolss_access.c
> index 28cecf08b14..946b420b60a 100644
> --- a/source4/torture/rpc/spoolss_access.c
> +++ b/source4/torture/rpc/spoolss_access.c
> @@ -74,9 +74,10 @@ static bool test_openprinter_handle(struct torture_context *tctx,
> level1.size = 28;
> level1.client = talloc_asprintf(tctx, "\\\\%s", "smbtorture");
> level1.user = username;
> - level1.build = 1381;
> - level1.major = 3;
> - level1.minor = 0;
> + /* Windows 7 and Windows Server 2008 R2 */
> + level1.build = 7007;
> + level1.major = 6;
> + level1.minor = 1;
> level1.processor= 0;
>
> r.in.printername = printername;
> --
> 2.17.1
>
More information about the samba-technical
mailing list