Bug 165677

Summary: Printing to a SMB printer reveals credentials.
Product: [Fedora] Fedora Reporter: Nils Olav Selåsdal <nos>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-11 11:55:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nils Olav Selåsdal 2005-08-11 11:25:46 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b3) Gecko/20050729 Fedora/1.1-0.2.5.deerpark.alpha2 Firefox/1.0+

Description of problem:
$ ps -ef |grep smb
root      1920     1  0 Aug08 ?        00:00:00 smbd -D
root      1922  1920  0 Aug08 ?        00:00:00 smbd -D
root     23715  1920  0 Aug09 ?        00:00:00 smbd -D
root     23716  1920  0 Aug09 ?        00:00:04 smbd -D
root     26309  1754  0 Aug10 ?        00:00:00 smb://192.168.170.20/nolav:vin2004.170.20/HPLaserJet2300 27 noselasd  1  /var/spool/cups/d00027-001
root     28167  1920  0 08:13 ?        00:00:00 smbd -D
root     28168  1920  0 08:13 ?        00:00:01 smbd -D

Cups has been configured manually iirc, with a url for the printer as 
smb://192.168.170.20/nolav:vin2004.170.20/HPLaserJet2300
(as that was the originally the only way on FC2 I could get it to work)
As shown above, something (cups/samba ?) changes the name of a process to this URL which includes the user and password.



Version-Release number of selected component (if applicable):
cups-1.1.23-16,samba-3.0.14a-2

How reproducible:
Didn't try

Steps to Reproduce:
I'm not sure how.

Actual Results:  Process reveals credentials through process name.

Expected Results:  Credentials hidden.

Additional info:
Comment 1 Tim Waugh 2005-08-11 11:55:37 UTC 
You're using the wrong URI form.  Refer to /usr/share/doc/cups-*/sam.html:

smb://workgroup/server/sharename
smb://server/sharename
smb://user:pass@workgroup/server/sharename
smb://user:pass@server/sharename

are the accepted forms.
Comment 2 Nils Olav Selåsdal 2005-08-11 12:33:33 UTC 
Agreed, it seems the printers.conf has, for some odd reason
DeviceURI
smb://nilsolav:w84xmas.170.20/nilsolav:w84xmas.170.20/HPLaserJet2300

To my defence, this was created by the FC2 printer config actually, and I havnt'
touched it since upgrading.

I take it it masks out the credentials on valid URIs, and all is well.