Bug 1420130

Summary: samba_krb5_wrapper does not list devices when called with no arguments
Product: Red Hat Enterprise Linux 7 Reporter: Bryan Mason <bmason>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED ERRATA QA Contact: Robin Hack <rhack>
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: asn, bmason, gdeschner, jarrpa, rhack
Target Milestone: rcKeywords: Patch, Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: samba-4.6.0-0.1.rc4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 18:21:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1298243    
Attachments:
Description Flags
Proposed patch
none
Another possible patch
none
New patch none

Description Bryan Mason 2017-02-07 22:43:36 UTC 
Description of problem:

  The new samba_krb5_wrapper that allows CUPS to use Kerberos to
  authenticate with printers doesn't list SMB devices when called with
  no arguments.  As a result, the SMB protocol isn't listed as a 
  possible printer connection mechanism.

Version-Release number of selected component (if applicable):

  samba-4.4.4-9

How reproducible:

  100%

Steps to Reproduce:

  run "lpinfo -v"

  or

  run "/usr/lib/cups/backend/smb"

Actual results:

  # lpinfo -v
  serial serial:/dev/ttyS0?baud=115200
  network ipps
  network lpd
  network socket
  network https
  network http
  network ipp

  # /usr/lib/cups/backend/smb
  DEBUG: SMBSPOOL_KRB5 - Started with uid=0

  DEBUG: SMBSPOOL_KRB5 - AUTH_INFO_REQUIRED is not set
  ATTR: auth-info-required=negotiate

Expected results:

  # lpinfo -v
  serial serial:/dev/ttyS0?baud=115200
  network ipps
  network lpd
  network socket
  network https
  network http
  network ipp
  network smb

  (Last entry "network smb" should be included)

  # /usr/lib/cups/backend/smb 
  network smb "Unknown" "Windows Printer via SAMBA"

Additional info:

  When the "lpinfo -v" command is used, cupsd calls
  /usr/lib/cups/daemon/cups-deviced to execute all the backends in
  /usr/lib/cups/backend with no arguments.  When a backend is called
  with no arguments, it should list all the devices that are accessible
  via that backend.

  This mechanism is also used by the Web UI and system-config-printer to
  enumerate  possible  print  devices.   If  samba_krb5_wrapper  doesn't
  provide the proper out put, SMB will not be listed as an option in the
  GUI when installing new printers.

  Proposed patch forthcoming...
Comment 1 Bryan Mason 2017-02-07 23:51:20 UTC 
Created attachment 1248514 [details]
Proposed patch

Before (no "network smb" entry):

  # lpinfo -v
  serial serial:/dev/ttyS0?baud=115200
  network ipps
  network lpd
  network socket
  network https
  network http
  network ipp

After ("network smb" included as third entry):

  # lpinfo -v
  serial serial:/dev/ttyS0?baud=115200
  network ipps
  network smb
  network lpd
  network socket
  network https
  network http
  network ipp
Comment 4 Bryan Mason 2017-02-09 18:21:54 UTC 
Created attachment 1248878 [details]
Another possible patch

This patch falls back to the smbspool command if AUTH_INFO_REQUIRED is not set or is not set to "negotiate".  Because cups-deviced doesn't set AUTH_INFO_REQUIRED when searching for devices, this allows the wrapper to call smbspool to send the line

  network smb "Unknown" "Windows Printer via SAMBA"

back to cups-deviced/cupsd when enumerating devices.

I believe this patch will also allow the backend to be used both with SMB printers that use Kerberos as well as SMB printers that use other authentication methods (username,password for example).
Comment 5 Andreas Schneider 2017-02-10 10:31:06 UTC 
I think I prefer the patch from comment #4.

Could you please apply this to the Samba git master branch. And send a git-format patch with your sign-off to samba-technical mailing list or attach it here. However you need to sign the CoO that your patch can be added, see 

https://git.samba.org/?p=samba.git;a=blob;f=README.contributing
Comment 6 Andreas Schneider 2017-02-10 10:32:00 UTC 
The commit message requires the following line in the description:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12575
Comment 8 Bryan Mason 2017-02-16 07:22:18 UTC 
Created attachment 1250789 [details]
New patch

As requested, a patch created using "git format-patch" with BUG: and Signed-off-by: headers.  I also sent this to samba-technical.
Comment 12 errata-xmlrpc 2017-08-01 18:21:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1950