[PATCH] Don't try to contact the CUPS server when no printers are needed

Christian Perrier bubulle at debian.org
Fri Apr 24 18:19:01 GMT 2009 

Hello,

The attached small patch is intended to uselessly avoid contacting a
CUPS server when it can safely be determined no printers are not needed.

The original bug report that lead to this was:

====================================================
The samba server always tries to connect to a cups server, even when
there are no printing shares, and "load printers" is set to no.

When this server does not respond (as it drops the packets) samba blocks
indefinitely trying to connect to the server failing to open its
listening sockets at all.

This is serious usability, and possibly security bug. The server fails
when another service that is not even required for proper operation
fails.
====================================================


Please note that our user mentioned that his server was existing *but*
configured to drop packets. Of course, I don't think this should be
considered an issue. Only, at worse, some kind of possible minor DoS
attack.

Later comments by Steve Langášek:

FWIW, I can only confirm this bug if cupsys is *not* running on localhost.

If it is running, then libcupsys by default uses the unix socket
/var/run/cups/cups.sock, and samba is able to connect in spite of any
firewalling.

If cups is not running, then I can reproduce the problem with the following
configuration:

# /etc/init.d/cupsys stop
Stopping Common Unix Printing System: cupsd.
# testparm --parameter-name='load printers'  -s -v 2>/dev/null
No
# iptables -A INPUT -p tcp -d 127.0.0.1/8 --dport 631 -j DROP
# telnet localhost ipp
Trying 127.0.0.1...<hangs>
^C
# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd<hangs>
^C

(please note that s/cupsys/cups is now needed)



The attached patch, reported in Bugzilla #5525, fixes that
issue. Unfortunately, it seems that nobody picked on it as of now...

Would you mind considering it for 3.3 or 3.4. I'm not sure it's worth
having it in 3.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: no-unnecessary-cups.patch
Type: text/x-diff
Size: 626 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090424/cdba5cbf/no-unnecessary-cups.bin

More information about the samba-technical mailing list