Bug 1173 - %J tries to execute and crashed print command
Summary: %J tries to execute and crashed print command
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Printing (show other bugs)
Version: 3.0.2a
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-10 17:15 UTC by Tony Ewell
Modified: 2005-11-14 09:31 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tony Ewell 2004-03-10 17:15:17 UTC
Hi All,
   
I wrote my own print command for Samba printing to keep track of
lost print jobs (attached below).  (The lost jobs are reported under
bug #1114.)   My print command is entered into smb.conf as following:

           print command = /usr/bin/supersmbprint  %p %s %J tony,kpack

If the job name variable (%J) contains a long string with parenthesis  and
upside down double quotes, my print routine will crash with the following.

      --------- from the user's log file = /var/log/samba-log.%m ------------
      h: -c: line 1: syntax error near unexpected token `('
      sh: -c: line 1: `/usr/bin/supersmbprint  HP4600 smbprn.00000171.zbvHIX 
      (We can change this from a â~@~\letterâ~@~] format to a â~@~\contractâ~@~] 
      for tony,kpack'


To my eyes, it looks as if Samba is actually trying to execute the %J variable.


To duplicate a messed up %J variable:

1)  open an Open Office text document

2)  Type in a long (80 or more character) string with parenthesis and
double quotes.  Example (remove the line break):

          (Now is the) time for "all" good men "to come" to the aid of
          their country "123456780" (times" yada, yada, yada, yada

verify that OO automatically flips opening quotes to upside down
quotes.

3)  Copy the sting into the clip board

4)  From the "File" pull down menu, select "properties".  Then select
the "Description" tab

5)  Paste the sting into the description box and click okay

6)  now print it

Feel free to use my print command to troubleshoot this.


Many thanks,
--Tony
aewell@gbis.com


---------------supersmbprint--------------------
#! /bin/bash
#
# supersmbprint   
#
# Purpose: check to see if Samba print jobs made it out of the 
#          samba print spool
#

# "print command" variables:
#              The print command is simply a text string. It will be used  ver-
#              batim after macro substitutions have been made:
#
#              %s, %f - the path and name of the spool file
#
#              %p - the appropriate printer name
#
#              %J - the job name as transmitted by the client.
#
#              %c  - The number of printed pages of the spooled job (if known).
#
#              %z - the size of the spooled print job (in bytes)
#
# Note: default Samba print command: lpr -r -P%p %s
#
# Note2: lpr is setxe to make 3 attempts spaced 10 seconds apart
#        before aborting with exist status of 1
#
#
# Call to this script from smb.conf:
#   /usr/bin/supersmbprint  %p %s %J FailEmailAddress

ThisScript=$0
PrinterName=$1
FileName=$2
JobName=$3
FailureEmailAddress=$4

tmp2="/tmp/"$FileName"2.tmp"

#logger -p user.notice -t supersmbprint "UserName `whoami`"
#logger -p user.notice -t supersmbprint "PrintName $PrinterName"
#logger -p user.notice -t supersmbprint "FileName $FileName"
#logger -p user.notice -t supersmbprint "JobName $JobName"
#logger -p user.notice -t supersmbprint "FailureEmailAddress $FailureEmailAddress"


echo "UserName:   `whoami`"     >  $tmp2
echo "PrintName:  $PrinterName" >> $tmp2
echo "FileName:   $FileName"    >> $tmp2
echo "JobName:    $JobName"     >> $tmp2
echo "  "                       >> $tmp2
echo "  "                       >> $tmp2

/usr/bin/lpr -V -P $PrinterName $FileName >> $tmp2 2>&1
ExitStatus=$?

if [ "$ExitStatus" = "0" ]; then  
   rm -f $FileName
   rm -f $tmp2
   exit 0

else
   cat $tmp2 | mail -s "supersmbprint failure" $FailureEmailAddress
   rm -f $tmp2
   rm -f $FileName
   exit 1
fi
Comment 1 Tony Ewell 2004-03-10 17:18:36 UTC
Ooopps, sorry.   That was Samba 3.0.2a running under Red Hat 9
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-03-11 04:38:39 UTC
change your print command to:

  print command = /usr/bin/supersmbprint  %p %s '%J' tony,kpack

It's the shell that is tripping up on the ()'s, not smbd.

Comment 3 Tony Ewell 2004-03-12 19:13:07 UTC
Hi Jerry,

   Enclosing %J in single quotes worked like a charm!  Thank you.

   My big concern is that it looked like the shell was attempting 
to run the contents of %J as if it were code.  (I also wanted my print
jobs to go through.) 

   I have noticed Samba's %J being used else where:

      Hyfax smb.conf:  lprm command = /usr/local/smbfax/smbfax dequeue %j
     
Might you consider surrounding variables as the implied behavior and
put them in, if the users forgets?

Many thanks,
--Tony
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-03-15 07:03:09 UTC
Thanks Tony.  I've add a note to the docs about this.
However I cannot find the smb.conf example you are referring
to.  Is this in the hylafax source distribution itself?
Comment 5 Tony Ewell 2004-03-18 11:51:11 UTC
Hi Jerry,

     Sorry this took so long to get back.  Things have been hectic.
All those pesky customers!  ;-) 

    The quote I took was from a how to:

                http://linuxgazette.com/issue79/fraile.html

The Samba part is about half way down the article.

     If you were to add single quotes around variables originating
from the external world (like %J), it would preclude ever attempting
to execute code from an overrun.  Just an idea.

Many thanks,
--Tony
Comment 6 Gerald (Jerry) Carter (dead mail address) 2004-03-18 12:19:10 UTC
ok.  We don't own that doc so the best we can 
do it to send a note to the author.  I'll handle that.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:19:56 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:31:25 UTC
database cleanup