Bug 47435 - Broken cups symlink check in postinst
Broken cups symlink check in postinst
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Printserver
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-3-errata
Assigned To: Felix Botner
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-01 16:17 CEST by Hendrik Peter
Modified: 2019-01-09 13:27 CET (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hendrik Peter univentionstaff 2018-08-01 16:17:28 CEST
File: univention-printserver.postinst
Line: 69 - 74
Error:
 mv: das Überschreiben des Verzeichnisses '/usr/share/cups/model.orig/model' mit einem Nicht‐Verzeichnis ist nicht möglich.
 ln: die symbolische Verknüpfung '/usr/share/cups/model/ppd' konnte nicht angelegt werden: Die Datei existiert bereits

Note:
 '/usr/share/cups/model.orig' was a folder
 '/usr/share/cups/model' was the correct symlink to '/usr/share/ppd'

----

The code of the mentioned lines is supposed to create a symlink from folder '/usr/share/ppd' to '/usr/share/cups/model' because cups only checks the model-Folder for ppd-Files, but only if this link doesn't exist yet.

Unfortunately, the if-check will return true for both scenarios:
1) The model-Folder still is a simple, empty folder delivered by an cups-Package
2) The model-Folder is the wanted symlink

This means that the code will always try to overwrite the backed up 'model.orig' folder with the symlink 'model' folder, which should be prevented.
In best case, just unwanted symlink subfolders will be created ('/usr/share/ppd/ppd'). In worst case, the link will be destroyed and cups won't be able to reach any ppd files anymore.

The if-check should check if the model-Folder correctly points to the ppd-Folder with a command like:
 if [ ! "/usr/share/cups/model" -ef "/usr/share/ppd" ]; then
  [...]
 fi
Comment 1 Moritz Bunkus 2018-11-07 09:34:46 CET
This leads to real problems with existing installations, see e.g. this forum thread[1].

In my case, an up-to-date UCS 4.3-2, "/usr/share/cups/model" was a directory, and inside there's a symlink "/usr/share/cups/model/ppd" → "/usr/share/ppd".

Unfortunately the file names of all driver definitions (both the ones provided by Univention as the ones created myself in accordance with the admin manual[2]) are relative to /usr/share/ppd, but the "lpadmin" command that's executed in order to modify the printer looks in /usr/share/cups/model. For file names such as "foomatic-rip/Apple-ImageWriter-iwhi.ppd" "lpadmin" would look for "/usr/share/cups/model/foomatic-rip/Apple-ImageWriter-iwhi.ppd" — which obviously doesn't exist.

If "/usr/share/cups/model" were a symlink to "/usr/share/ppd" instead, the relative file name would work again.

The problem is that due to "lpadmin" not finding the PPD, it doesn't modify any of the other printer properties either, meaning none of the changes made in the LDAP end up in "printers.conf".

My system was set up back in the days of… 4.1 or even 4.0, I don't quite remember. It was updated regularly via "univention-upgrade".

[1]  https://help.univention.com/t/cups-ppd-und-timing-problem/9988
[2]  https://docs.software-univention.de/manual-4.3.html#central:udm:example:printer
Comment 2 Moritz Bunkus 2018-11-07 09:40:26 CET
Addendum: here's an example error message from "/var/log/univention/listener.log" from my system where "/usr/share/cups/model" is still a directory with "/usr/share/cups/model/ppd" symlinking to "/usr/share/ppd":

07.11.18 09:20:12.583  LISTENER    ( PROCESS ) : updating 'cn=aurora,cn=printers,dc=bs,dc=linet-services,dc=de' command m
07.11.18 09:20:12.627  LISTENER    ( WARN    ) : cups-printers: info: univention-lpadmin -u allow:all -o auth-info-required=none -p aurora -m foomatic-rip/Apple-ImageWriter-iwhi.ppd -v socket://aurora.bs.linet-services.de:9100 -E
lpadmin: Unable to copy PPD file.
The command "/usr/sbin/lpadmin -u allow:all -o auth-info-required=none -p aurora -m foomatic-rip/Apple-ImageWriter-iwhi.ppd -v socket://aurora.bs.linet-services.de:9100 -E -h localhost" returned 1
07.11.18 09:20:12.972  LISTENER    ( ERROR   ) : cups-printers: Failed to execute the univention-lpadmin command. Please check the cups state.
{}
{'austausch': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'hosts allow': None}, 'PXE Images': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'hosts allow': None}, 'n-central-installation': {'invalid us
{'aurora': {'invalid users': None, 'valid users': None, 'hosts deny': None, 'smbname': None, 'hosts allow': None}}
Reloading smbd.
Reloading smbd configuration (via systemctl): smbd.service.
Reloading smbd.
Reloading smbd configuration (via systemctl): smbd.service.
Comment 3 Felix Botner univentionstaff 2018-12-20 16:19:00 CET
ensure /usr/share/cups/model is a link to /usr/share/ppd in postinst

4fdb5fc18a853968938815ab26857f45bf5c0994 - univention-printserver
f9f0102e36d4f335c5082d98fd71cdbda3f0098f - yaml
d0463e0ab14e2555725e9645e61fdf72a31d1893 - merged to 4.4-0
Comment 4 Erik Damrose univentionstaff 2019-01-08 12:17:23 CET
OK: ensure /usr/share/cups/model is a link to /usr/share/ppd in postinst
OK: yaml
OK: merge to 4.4-0, package build

Verified
Comment 5 Arvid Requate univentionstaff 2019-01-09 13:27:08 CET
<http://errata.software-univention.de/ucs/4.3/397.html>