Bug 32771 - Uploading a printer driver with missing files leads to an "access denied" message
Uploading a printer driver with missing files leads to an "access denied" mes...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.1
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Felix Botner
Arvid Requate
:
Depends on:
Blocks: 36216
  Show dependency treegraph
 
Reported: 2013-10-01 10:46 CEST by Janis Meybohm
Modified: 2019-10-02 17:51 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
The x86 version of this driver is broken (3.15 MB, application/zip)
2013-10-01 10:46 CEST, Janis Meybohm
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-10-01 10:46:55 CEST
Created attachment 5479 [details]
The x86 version of this driver is broken

Ticket#: 2013090221002923 

A customer tried to upload a printer driver (x64 and x86) but the process fails with an "access denied" message on the windows system.

The samba logfile looks like the server expects the client to provide a file "UNIVERSALXP" which does not exist and therefore WERR_ACCESS_DENIED is returned:
--- log.samba
[2013/09/25 11:03:42.156009, 10, pid=1549, effective(0, 5000), real(0, 0)] ../source3/printing/nt_printing.c:938(move_driver_file_to_download_area)
  move_driver_file_to_download_area: copying 'x64/universalxp' to 'x64/3/UNIVERSALXP'
[2013/09/25 11:03:42.156066,  0, pid=1549, effective(0, 5000), real(0, 0)] ../source3/printing/nt_printing.c:949(move_driver_file_to_download_area)
  move_driver_file_to_download_area: Unable to rename [x64/universalxp] to [x64/3/UNIVERSALXP]: NT_STATUS_OBJECT_NAME_NOT_FOUND
[2013/09/25 11:03:42.156122,  4, pid=1549, effective(0, 5000), real(0, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
  pop_sec_ctx (0, 5000) - sec_ctx_stack_ndx = 1
[2013/09/25 11:03:42.156167,  4, pid=1549, effective(0, 5000), real(0, 0), class=vfs] ../source3/smbd/vfs.c:816(vfs_ChDir)
  vfs_ChDir to /tmp
[2013/09/25 11:03:42.156226,  4, pid=1549, effective(0, 5000), real(0, 0), class=vfs] ../source3/smbd/vfs.c:827(vfs_ChDir)
  vfs_ChDir got /tmp
[2013/09/25 11:03:42.156269, 10, pid=1549, effective(0, 5000), real(0, 0), class=dfs_samba4] ../source3/modules/vfs_dfs_samba4.c:99(dfs_samba4_disconnect)
  dfs_samba4_disconnect() connect to service[print$].
[2013/09/25 11:03:42.156450,  1, pid=1549, effective(0, 5000), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug)
       spoolss_AddPrinterDriverEx: struct spoolss_AddPrinterDriverEx
          out: struct spoolss_AddPrinterDriverEx
              result                   : WERR_ACCESS_DENIED
---


Looking at the drivers "inf" file the "UNIVERSALXP" installer section does not specify a "DriverFile" section, so "UNIVERSALXP" is assumed as driver file name which does not exist in the package.
--- OEMsetup.inf
;
; Installer Sections
;
; These sections control file installation, and reference all files that
; need to be copied. The section name will be assumed to be the driver
; file, unless there is an explicit DriverFile section listed.
;
[UNIVERSALXP]
CopyFiles=@KyUniL.GPD,KYDLL_CopyFiles,AUTOCONFIG,PlugIn
DataFile=KyUniL.GPD
DataSection=UNIDRV_BIDI_DATA
Include=NTPRINT.INF
Needs=TTFSUB.OEM,UNIDRV_BIDI.OEM,UNIDRV_BIDI_DATA
---


Reproducing this process on a Windows 2008 R2 printserver leads to a "Choose file for x86 driver" dialog instead of "access denied" so I assume the behaviour of samba is not correct in this place.
Comment 1 Tim Petersen univentionstaff 2014-04-15 14:40:22 CEST
Seen again at 2014032021007797
Comment 2 Arvid Requate univentionstaff 2014-04-15 15:18:47 CEST
Ok, one idea would be to diff two network traces from an upload of this driver, one to a native Windows System and the other to a Samba(4?only?) DC and spot the difference in server response that triggers different Client GUI actions ("Choose file for x86 driver" dialog  vs.  "access denied" message).
Comment 3 Felix Botner univentionstaff 2014-09-04 15:40:16 CEST
Trying to upload a broken printdriver (e.g. DriverFile missing in inf file) on 
a windows dc results in WERR_APP_INIT_FAILURE. 

With samba as dc, WERR_ACCESS_DENIED is returned.

move_driver_file_to_download_area() in source3/printing/nt_printing.c now returns the werror() of the return nt_status from the copy_file (which fails for the broken driver).

With samba i get the following error on the client when trying to install the broken driver:

 Ein Treiber Kyocera Classic Universaldriver, Typ 3 - Benutzermodus, x86 konnte 
 nicht installiert werden. Der Vorgang konnte nicht abgeschlossen werden (Fehler 
 0x00000002).

With a windows ad (w2k8r2en):

 Ein Treiber Kyocera Classic Universaldriver, Typ 3 - Benutzermodus, x86 konnte 
 nicht installiert werden. Der Vorgang konnte nicht abgeschlossen werden (Fehler 
 0x0000023f).

(In reply to Janis Meybohm from comment #0)
> Reproducing this process on a Windows 2008 R2 printserver leads to a "Choose 
> file for x86 driver" dialog instead of "access denied" so I assume the 
> behaviour of samba is not correct in this place.

I never got a "Choose file for ..." dialog.

YAML: 2014-09-04-samba.yaml

3.2-0-0-ucs/2\:4.1.0-1-errata3.2-3/97_bug32771_broken_printdriver_error_code_fix.patch

4.0-0-0-ucs/2\:4.2.0~alpha1-2/97_bug32771_broken_printdriver_error_code_fix.patch
Comment 4 Arvid Requate univentionstaff 2014-09-08 18:19:45 CEST
Ok, looks good. 0x0000023f is WERR_APP_INIT_FAILURE, which is not very helpful, so I guess returning the real underlying error code (WERR_BADFILE) is better.

Advisory is also Ok.
Comment 5 Janek Walkenhorst univentionstaff 2014-09-10 17:47:05 CEST
http://errata.univention.de/ucs/3.2/205.html
Comment 6 Janek Walkenhorst univentionstaff 2014-10-22 16:07:34 CEST
http://errata.univention.de/ucs/3.2/224.html