Bug 49288

Summary:	add syntax restriction for share names
Product:	UCS	Reporter:	Florian Best <best>
Component:	UMC - Shares	Assignee:	UMC maintainers <umc-maintainers>
Status:	NEW ---	QA Contact:	UMC maintainers <umc-maintainers>
Severity:	normal
Priority:	P5
Version:	UCS 4.4
Target Milestone:	---
Hardware:	Other
OS:	Linux
URL:	https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-shares--directories--files--and-metadata
See Also:	https://forge.univention.org/bugzilla/show_bug.cgi?id=48947
What kind of report is it?:	Feature Request	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:

Description Florian Best

2019-04-15 10:55:33 CEST

The syntax classes for samba share and printer names should respect the official restrictions:

- A share name must be no more than 80 characters in length.
- The following characters are illegal in a share name:
  \ / [ ] : | < > + = ; , * ? "
- Control characters in range 0x00 through 0x1F, inclusive, are illegal in a 
share name.
- All other Unicode characters are legal.
- Names are case preserving and case insensitive.

https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-shares--directories--files--and-metadata

Comment 1 Florian Best

2019-04-15 15:45:13 CEST

cups printer names cannot contain spaces, according to the lpadmin manpage:
"Unlike the System V printing system, CUPS allows printer names to contain any printable character except SPACE, TAB, "/", or "#".  Also, printer and class names are not case-sensitive."

But I doubt this... I tried adding a printer containing " and lp always gives me Permission Denied.
I also saw some commit in CUPS which prevents < and > in URL's due to a Cross Site Scripting issues.