no longer able to print to smb printers (regression from 1.1.20final+cvs20040330-4ubuntu15)

Hi, I am increasing priority of this bug. This bug was introduced either in
1.1.20final+cvs20040330-4ubuntu15.
Last time I was able to print (according to /var/log/cups/error_log.*) was at
08.Oct. My next try was at 11.Oct
and it failed with :

I [11/Oct/2004:12:39:02 +0200] Job 13 queued on 'LaserJet-8000' by 'ondrej'.
I [11/Oct/2004:12:39:02 +0200] Started filter /usr/lib/cups/filter/pstops (PID
12401) for job 13.
I [11/Oct/2004:12:39:02 +0200] Started filter /usr/lib/cups/filter/foomatic-rip
(PID 12402) for job 13.
I [11/Oct/2004:12:39:02 +0200] Started backend /usr/lib/cups/backend/smb (PID
12403) for job 13.
E [11/Oct/2004:12:39:03 +0200] [Job 13] Connection failed with error
NT_STATUS_ACCESS_DENIED
E [11/Oct/2004:12:39:03 +0200] [Job 13] Unable to connect to SAMBA host, will
retry in 60 seconds...foomatic-rip version $Revision: 3.43.2.5 $ running...

Ondrej.

Created an attachment (id=494)
FIxed patch for CAN-2004-0923

Somebody has to review if I havn't introduced information leakage from
https://bugzilla.ubuntu.com/show_bug.cgi?id=2218 again.

I have removed:
@@ -2013,7 +2018,7 @@
     LogMessage(L_DEBUG, "StartJob: %s\n", processPath);
 #endif /* __APPLE__ */

- argv[0] = printer->device_uri;
+ argv[0] = sani_uri;

     filterfds[slot][0] = -1;
     filterfds[slot][1] = open("/dev/null", O_WRONLY);

from patch. So the scheduler sends original URI to filter instead of sanitized
one. This was cause of the trouble. I have just tested it on my computer
(recompiled) and SMB printing works again.

Ondrej.

Here is the upstream report for CAN-2004-0923:

http://www.cups.org/str.php?L920

which shows that the original security fix did not have this change, but it was
intentionally added later. So I think we could reintroduce some exposure by
reverting that part of the patch. That function is enormous, so I'm not sure
what is going on yet.

Debian seems to have taken the earlier version of the patch without this change.
 CUPS CVS shows that this change has not been reverted upstream:

http://cvs.easysw.com/cvsweb.cgi/cups/scheduler/job.c

so if this change breaks SMB printing, it affects the CUPS upstream releases as
well.

According to the comments upstream, the command-line parameter should not be
used for authentication info, instead preferring the environment variable (which
is at least marginally less visible). According to the smbspool manpage:

       smbspool tries to get the URI from argv[0]. If argv[0] contains the
       name of the program then it looks in the DEVICE_URI environment vari‐
       able.

The code in smbspool looks like this:

  if (strncmp(argv[0], "smb://", 6) == 0)
    strncpy(uri, argv[0], sizeof(uri) - 1);
  else if (getenv("DEVICE_URI") != NULL)
    strncpy(uri, getenv("DEVICE_URI"), sizeof(uri) - 1);

Please try the attached patch instead of the change you made before.

Created an attachment (id=496)
Patch for smbspool to prefer DEVICE_URI environment variable

I knew that my fix is not 100% :-). I am building samba with your patch right know.
But it looks ok on first sight.

Ondrej.

Thanks very much for testing; I was having trouble finding someone with an SMB
print server to test.

I cannot test this as well (what a coincidence that Ubuntu developers don't have
Windows boxes for testing :-) ), but I will look at the patch again and upload
the package if Ondrej confirms that it works again.

smbspool patch doesn't work as expected :-(.

I am digging deeper to find proper solution.

It looks like it could be simply done, by not passing any DeviceURI in argv[0]
at all,
AFAIK all modern backends could work with that.

Ondrej

This was propably some error on my side at first time. I just compiled it again
with smbspool patch linked /usr/lib/cups/backends/smb to source tree build and
it works like charm.

Anyway CAN-2004-0924 fix is not proper, because it will broke all other clients
depending on username:password in argv[0]. I don't know any, but it would be
good to find any other way how to securely pass credentials (f.e. pass it in
some other fd 5 or something like that), but that's more an upstream issue.

O.

(In reply to comment #10)
> This was propably some error on my side at first time. I just compiled it again
> with smbspool patch linked /usr/lib/cups/backends/smb to source tree build and
> it works like charm.

Thanks a lot for testing this!

> Anyway CAN-2004-0924 fix is not proper, because it will broke all other clients
> depending on username:password in argv[0]. I don't know any, but it would be
> good to find any other way how to securely pass credentials (f.e. pass it in
> some other fd 5 or something like that), but that's more an upstream issue.

Agreed. But we rather accept another broken client than an open CAN issue for
Warty. Neither Matt nor I currently know about another usage of smbspool in
Ubuntu, so I will upload the patched package to have this resolved for Warty.
Then we can wait for upstream to implement the "proper" solution.

Thanks again!

Fixed in:
 samba (3.0.7-1ubuntu6) warty; urgency=low
 .
   * Added patch prefer_device_uri: change smbspool to prefer DEVICE_URI over
     argv[0] to make printing work with the CUPS changes for CAN-2004-0923
     (this removed authentication tokens from argv[0]). (Warty bug #9107)

*** Bug 9131 has been marked as a duplicate of this bug. ***