[Pkg-samba-maint] Bug#479512: samba: locks up when cups server unresponsive

Steve Langasek vorlon at debian.org
Sun Jun 8 04:40:48 UTC 2008 

tags 479512 confirmed upstream
thanks

On Mon, May 05, 2008 at 10:31:00AM +0200, Michal Suchanek wrote:
> Package: samba
> Version: 1:3.0.28a-2
> Severity: important

> The samba server always tries to connect to a cups server, even when
> there are no printing shares, and "load printers" is set to no.

> When this server does not respond (as it drops the packets) samba blocks
> indefinitely trying to connect to the server failing to open its
> listening sockets at all.

> This is serious usability, and possibly security bug. The server fails
> when another service that is not even required for proper operation
> fails.

FWIW, I can only confirm this bug if cupsys is *not* running on localhost.

If it is running, then libcupsys by default uses the unix socket
/var/run/cups/cups.sock, and samba is able to connect in spite of any
firewalling.

If cups is not running, then I can reproduce the problem with the following
configuration:

# /etc/init.d/cupsys stop
Stopping Common Unix Printing System: cupsd.
# testparm --parameter-name='load printers'  -s -v 2>/dev/null
No
# iptables -A INPUT -p tcp -d 127.0.0.1/8 --dport 631 -j DROP
# telnet localhost ipp
Trying 127.0.0.1...<hangs>
^C
# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd<hangs>
^C
#

I agree that this is a bug that should be corrected.

> I never had cups running but the question if the server is actually
> running is irrelevant when the packets are dropped by networking
> (because they are not to a service I intend to run).

Dropping packets instead of rejecting them is a pathological firewalling
policy.  I strongly recommend against doing this.

> The problem occured with localhost but I would expect there is an
> option for using remote cups, and networking problems could have
> similar results.

Yes, you can configure samba to use a remote cups server by setting
ServerName in /etc/cups/client.conf.  But why would you ever do that if you
didn't actually intend to point CUPS at a viable server...?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-samba-maint mailing list