Univention Bugzilla – Bug 32771
Uploading a printer driver with missing files leads to an "access denied" message
Last modified: 2019-10-02 17:51:26 CEST
Created attachment 5479 [details] The x86 version of this driver is broken Ticket#: 2013090221002923 A customer tried to upload a printer driver (x64 and x86) but the process fails with an "access denied" message on the windows system. The samba logfile looks like the server expects the client to provide a file "UNIVERSALXP" which does not exist and therefore WERR_ACCESS_DENIED is returned: --- log.samba [2013/09/25 11:03:42.156009, 10, pid=1549, effective(0, 5000), real(0, 0)] ../source3/printing/nt_printing.c:938(move_driver_file_to_download_area) move_driver_file_to_download_area: copying 'x64/universalxp' to 'x64/3/UNIVERSALXP' [2013/09/25 11:03:42.156066, 0, pid=1549, effective(0, 5000), real(0, 0)] ../source3/printing/nt_printing.c:949(move_driver_file_to_download_area) move_driver_file_to_download_area: Unable to rename [x64/universalxp] to [x64/3/UNIVERSALXP]: NT_STATUS_OBJECT_NAME_NOT_FOUND [2013/09/25 11:03:42.156122, 4, pid=1549, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1 [2013/09/25 11:03:42.156167, 4, pid=1549, effective(0, 5000), real(0, 0), class=vfs] ../source3/smbd/vfs.c:816(vfs_ChDir) vfs_ChDir to /tmp [2013/09/25 11:03:42.156226, 4, pid=1549, effective(0, 5000), real(0, 0), class=vfs] ../source3/smbd/vfs.c:827(vfs_ChDir) vfs_ChDir got /tmp [2013/09/25 11:03:42.156269, 10, pid=1549, effective(0, 5000), real(0, 0), class=dfs_samba4] ../source3/modules/vfs_dfs_samba4.c:99(dfs_samba4_disconnect) dfs_samba4_disconnect() connect to service[print$]. [2013/09/25 11:03:42.156450, 1, pid=1549, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug) spoolss_AddPrinterDriverEx: struct spoolss_AddPrinterDriverEx out: struct spoolss_AddPrinterDriverEx result : WERR_ACCESS_DENIED --- Looking at the drivers "inf" file the "UNIVERSALXP" installer section does not specify a "DriverFile" section, so "UNIVERSALXP" is assumed as driver file name which does not exist in the package. --- OEMsetup.inf ; ; Installer Sections ; ; These sections control file installation, and reference all files that ; need to be copied. The section name will be assumed to be the driver ; file, unless there is an explicit DriverFile section listed. ; [UNIVERSALXP] CopyFiles=@KyUniL.GPD,KYDLL_CopyFiles,AUTOCONFIG,PlugIn DataFile=KyUniL.GPD DataSection=UNIDRV_BIDI_DATA Include=NTPRINT.INF Needs=TTFSUB.OEM,UNIDRV_BIDI.OEM,UNIDRV_BIDI_DATA --- Reproducing this process on a Windows 2008 R2 printserver leads to a "Choose file for x86 driver" dialog instead of "access denied" so I assume the behaviour of samba is not correct in this place.
Seen again at 2014032021007797
Ok, one idea would be to diff two network traces from an upload of this driver, one to a native Windows System and the other to a Samba(4?only?) DC and spot the difference in server response that triggers different Client GUI actions ("Choose file for x86 driver" dialog vs. "access denied" message).
Trying to upload a broken printdriver (e.g. DriverFile missing in inf file) on a windows dc results in WERR_APP_INIT_FAILURE. With samba as dc, WERR_ACCESS_DENIED is returned. move_driver_file_to_download_area() in source3/printing/nt_printing.c now returns the werror() of the return nt_status from the copy_file (which fails for the broken driver). With samba i get the following error on the client when trying to install the broken driver: Ein Treiber Kyocera Classic Universaldriver, Typ 3 - Benutzermodus, x86 konnte nicht installiert werden. Der Vorgang konnte nicht abgeschlossen werden (Fehler 0x00000002). With a windows ad (w2k8r2en): Ein Treiber Kyocera Classic Universaldriver, Typ 3 - Benutzermodus, x86 konnte nicht installiert werden. Der Vorgang konnte nicht abgeschlossen werden (Fehler 0x0000023f). (In reply to Janis Meybohm from comment #0) > Reproducing this process on a Windows 2008 R2 printserver leads to a "Choose > file for x86 driver" dialog instead of "access denied" so I assume the > behaviour of samba is not correct in this place. I never got a "Choose file for ..." dialog. YAML: 2014-09-04-samba.yaml 3.2-0-0-ucs/2\:4.1.0-1-errata3.2-3/97_bug32771_broken_printdriver_error_code_fix.patch 4.0-0-0-ucs/2\:4.2.0~alpha1-2/97_bug32771_broken_printdriver_error_code_fix.patch
Ok, looks good. 0x0000023f is WERR_APP_INIT_FAILURE, which is not very helpful, so I guess returning the real underlying error code (WERR_BADFILE) is better. Advisory is also Ok.
http://errata.univention.de/ucs/3.2/205.html
http://errata.univention.de/ucs/3.2/224.html