Bug 51196

Summary: cups-printers listener fails to create printer due to overquoting
Product: UCS Reporter: Arvid Requate <requate>
Component: PrintserverAssignee: Florian Best <best>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: best
Version: UCS 4.4   
Target Milestone: UCS 4.4-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.137 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Regression
Max CVSS v3 score:
Bug Depends on: 17421, 48947    
Bug Blocks:    
Attachments: patch

Description Arvid Requate univentionstaff 2020-04-30 16:19:02 CEST 
While writing a test case fo shares/printer I got this error in listener.log:

============================================================
13.03.20 10:04:51.094  LISTENER    ( WARN    ) : cups-printers: info: univention-lpadmin -u 'deny:Administrator,@Printer Admins' -p sexjtrmwku -L 26nj93mq33 -m 
foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd -D ea2im3i3by -v parallel://11.249.129.5 -E
lpadmin: Unknown allow/deny option "'deny:Administrator,@Printer Admins'".
The command "/usr/sbin/lpadmin -u 'deny:Administrator,@Printer Admins' -p sexjtrmwku -L 26nj93mq33 -m foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplifi
ed.5.2.ppd -D ea2im3i3by -v parallel://11.249.129.5 -E -h localhost" returned 1
13.03.20 10:04:51.417  LISTENER    ( ERROR   ) : cups-printers: Failed to execute the univention-lpadmin command. Please check the cups state.
============================================================

The printer share was created like this:
============================================================
Creating shares/printer object with /usr/sbin/udm-test shares/printer create --position cn=printers,dc=ar41i1,dc=qa --set setQuota=0 --set ACLtype=deny --set description=ea2im3i3by --set producer=cn=Generic,cn=cups,cn=univention,dc=ar41i1,dc=qa --set ACLUsers=uid=Administrator,cn=users,dc=ar41i1,dc=qa --set sambaName=kjv9escg5k --set jobPrice=495 --set 'ACLGroups=cn=Printer Admins,cn=groups,dc=ar41i1,dc=qa' --set 'uri=parallel:// 11.249.129.5' --set location=26nj93mq33 --set spoolHost=master10.ar41i1.qa --set pagePrice=18 --set model=foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd --set name=sexjtrmwku
============================================================

My initial assessment showed that lpadmin is run via listner.run, which uses os.spawnv and shouldn't need shell quoting. On the other hand the quoting in important if the command get's run as a shell script. I'll append a patch.
Comment 1 Arvid Requate univentionstaff 2020-04-30 16:19:27 CEST 
Created attachment 10343 [details]
patch
Comment 2 Florian Best univentionstaff 2020-05-04 13:05:18 CEST 
Reproducible:
udm shares/printer create --position cn=printers,$(ucr get ldap/base) --set setQuota=0 --set ACLtype=deny --set description=ea2im3i3by --set producer=cn=Generic,cn=cups,cn=univention,$(ucr get ldap/base) --set ACLUsers=uid=Administrator,cn=users,$(ucr get
ldap/base) --set sambaName=kjv9escg5k --set jobPrice=495 --set "ACLGroups=cn=Printer Admins,cn=groups,$(ucr get ldap/base)" --set 'uri=parallel:// 11.249.129.5' --set location=26nj93mq33 --set spoolHost=$(hostname -f) --set pagePrice=18 --set model=foomatic-rip/Generic-PCL_4_Printer-gutenprint-ijs-simplified.5.2.ppd --set name=foo

univention-printserver (12.0.1-16)
d58b10bfefe7 | Bug #51196: fix quoting error in cups-printer listener module

univention-printserver.yaml
7091d23e6a08 | YAML Bug #51196

FYI: the package seems missing a dependency on univention-samba(?). It otherwise always prints into the listener.log:
/usr/bin/python: No module named univention.lib.share_restrictions
Comment 3 Arvid Requate univentionstaff 2020-05-05 14:21:50 CEST 
Verified.
Comment 4 Erik Damrose univentionstaff 2020-05-06 14:40:05 CEST 
<http://errata.software-univention.de/ucs/4.4/585.html>