[Samba] smbsrv_reply_printwrite not returning a response causing the print job to be truncated to 124 bytes

Mateusz Mikołajczyk mikolajczyk.mateusz at gmail.com
Thu Apr 29 10:58:18 UTC 2021 

I've also searched trough github and found that the commit that removed
those 0 bytes (if they are in fact what I believe they are - a response
packet) was 591669ba066cde377c0c14e3473f23b35530b4ba which was
called r24431: Convert the reply_printXX calls to the new API. Of course
that were the changes in source3 directory rather than source4, but it
could be what originated the changes in samba 4 as well - that's only my
guess

czw., 29 kwi 2021 o 12:42 Mateusz Mikołajczyk <mikolajczyk.mateusz at gmail.com>
napisał(a):

> I haven't received last email but I can see your text appearing on the web
> archive of the mailing list - I hope I'm replying in a correct way :)
>
> I'm using the binaries from debian buster - the exact version
> is 4.9.5+dfsg-5+deb10u1+rpi1 but I've also compiled latest stable release:
> 4.14.3. from what I could tell on github, last changes to this function
> were made ~15 years ago
>
> I've seen this issue has appeared already on the mailing list and I wrote
> to the authors of the tickets and one of them responded that the last
> version of samba that was working (that he checked) with this printing
> protocol was 3.0.3. I have then looked inside the 3.0.3 source and the
> function that implements this there is called reply_printwrite and at the
> very beginning of the function I can see those two zeroes (one of them is
> presumably 16 bit):
>
> int outsize = set_message(outbuf,0,0,True);
>
> which makes the response packet of 0xc1 + 3 zero bytes.
>
> I'm starting samba via systemd:
>
> sudo systemctl start smbd
> sudo systemctl start nmbd
>
>
> czw., 29 kwi 2021 o 08:45 Mateusz Mikołajczyk <
> mikolajczyk.mateusz at gmail.com> napisał(a):
>
>> yes, I'm aware that this protocol (and even this way of printing) is
>> deprecated and believe me, I would like to move away from it :(
>> unfortunetely that's the luxury I don't have.
>>
>> smb.conf is as following (lines proceeding with # removed for brevity,
>> MINOLTA is the name of the CUPS printer (konica minolta)):
>>
>> ```
>> [global]
>>    workgroup = WORKGROUP
>>    netbios name = SERVER
>>    server string = SERVER
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    logging = file
>>    panic action = /usr/share/samba/panic-action %d
>>    server role = standalone server
>>    obey pam restrictions = yes
>>    unix password sync = yes
>>    passwd program = /usr/bin/passwd %u
>>    passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>    pam password change = yes
>>    map to guest = bad user
>>
>> [MINOLTA]
>>    printer = MINOLTA
>>    browseable = yes
>>    printing = cups
>>    path = /var/spool/samba
>>    printable = yes
>>    guest ok = yes
>>    writable = yes
>>    create mask = 0777
>>
>>    ntvfs handler = simple
>>    aio read size = 0
>>    aio write size = 0
>>
>>    strict sync = yes
>>    sync always = yes
>> ```
>>
>> p.s. it could be that this (i.e. synchronous reply with a 0xc1 packet and
>> 3 null bytes) was an undocumented feature available only in the xp server,
>> because when I tried to connect the DOS client to a windows 10 machine (of
>> course I enabled smb1 / cifs protocol first) the print job would be added
>> to the spooler but would indefinetely show 'buffering'.
>>
>>
>> czw., 29 kwi 2021 o 08:35 Mateusz Mikołajczyk <
>> mikolajczyk.mateusz at gmail.com> napisał(a):
>>
>>> yes, I'm aware that this protocol (and even this way of printing) is
>>> deprecated and believe me, I would like to move away from it :(
>>> unfortunetely that's the luxury I don't have.
>>>
>>> smb.conf is as following (lines proceeding with # removed for brevity,
>>> MINOLTA is the name of the CUPS printer (konica minolta)):
>>>
>>> ```
>>> [global]
>>>    workgroup = WORKGROUP
>>>    netbios name = SERVER
>>>    server string = SERVER
>>>    log file = /var/log/samba/log.%m
>>>    max log size = 1000
>>>    logging = file
>>>    panic action = /usr/share/samba/panic-action %d
>>>    server role = standalone server
>>>    obey pam restrictions = yes
>>>    unix password sync = yes
>>>    passwd program = /usr/bin/passwd %u
>>>    passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>    pam password change = yes
>>>    map to guest = bad user
>>>
>>> [MINOLTA]
>>>    printer = MINOLTA
>>>    browseable = yes
>>>    printing = cups
>>>    path = /var/spool/samba
>>>    printable = yes
>>>    guest ok = yes
>>>    writable = yes
>>>    create mask = 0777
>>>
>>>    ntvfs handler = simple
>>>    aio read size = 0
>>>    aio write size = 0
>>>
>>>    strict sync = yes
>>>    sync always = yes
>>> ```
>>>
>>> p.s. it could be that this (i.e. synchronous reply with a 0xc1 packet
>>> and 3 null bytes) was an undocumented feature available only in the xp
>>> server, because when I tried to connect the DOS client to a windows 10
>>> machine (of course I enabled smb1 / cifs protocol first) the print job
>>> would be added to the spooler but would indefinetely show 'buffering'.
>>>
>>> czw., 29 kwi 2021 o 05:43 Jeremy Allison <jra at samba.org> napisał(a):
>>>
>>>> On Thu, Apr 29, 2021 at 01:38:04AM +0200, Mateusz Mikołajczyk via samba
>>>> wrote:
>>>> >Hello. I am investigating a weird issue with an old MS Net client for
>>>> DOS
>>>> >(v 3.0). I have used wireshark in order to inspect the packets and see
>>>> the
>>>> >difference between samba and windows xp server responses. this
>>>> question is
>>>> >only about printing capabilities as file sharing works flawlessly.
>>>> >
>>>> >when the client negotiates protocol it is settled as 2 / Greater than
>>>> CORE
>>>> >PROTOCOL and up to LANMAN2.1
>>>> >
>>>> >the start of print request seems to be OK, the server (in both
>>>> >implementations) returns a file ID in the response that's labeled as
>>>> 'Open
>>>> >Print File Response / 0xC0'. Then the client sends print job (packet
>>>> id:
>>>> >0xc1) (124 bytes of it in fact - I suppose that's either due to some
>>>> buffer
>>>> >size or a maximum packet length) and that's when the servers differ in
>>>> >terms of response.
>>>> >
>>>> >windows xp responds with 0xc1 and the data section contains 3 zero
>>>> bytes
>>>> >(0x00, 0x00, 0x00). Wireshark describes this as 'Write Print File
>>>> >Response'. Samba does not respond at all which makes the client simply
>>>> >hang. Then, after couple of seconds samba simply puts the print job to
>>>> cups
>>>> >which makes the output truncated. By inspecting samba source code for
>>>> 0xc1
>>>> >I saw a reference to smbsrv_reply_printwrite. I've read the source
>>>> code for
>>>> >that function and I can't understand why it would not return a
>>>> response at
>>>> >all. I would understand if it would return an error packet or
>>>> something but
>>>> >there's simply no response at all.
>>>> >
>>>> >here's what I tried so far:
>>>> >
>>>> >   ntvfs handler = print
>>>> >   aio read size = 0
>>>> >   aio write size = 0
>>>> >
>>>> >   strict sync = yes
>>>> >   sync always = yes
>>>> >
>>>> >but somethinig tells me that because at the very beginning of the
>>>> function
>>>> >there's a hardcoded NTVFS_ASYNC_STATE_MAY_ASYNC then I am simply out of
>>>> >luck?
>>>>
>>>> Looks like you're using the (unsupported code) ntvfs file
>>>> server. That's legacy code only used for testing.
>>>>
>>>> You need to be talking to smbd, not the samba binary.
>>>>
>>>> Please ensure you have smbd running, and as I'm sure
>>>> Rowland will ask, please submit your smb.conf :-).
>>>>
>>>
>>>
>>> --
>>> pozdrawiam serdecznie,
>>> Mateusz Mikołajczyk, a.k.a. toudi
>>>
>>
>>
>> --
>> pozdrawiam serdecznie,
>> Mateusz Mikołajczyk, a.k.a. toudi
>>
>
>
> --
> pozdrawiam serdecznie,
> Mateusz Mikołajczyk, a.k.a. toudi
>


-- 
pozdrawiam serdecznie,
Mateusz Mikołajczyk, a.k.a. toudi

More information about the samba mailing list