cupsext password callback doesn't work

Bug #674570 reported by Tim Waugh
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
HPLIP
New
Undecided
Unassigned

Bug Description

The cupsext routines don't set the CUPS user until after a response is received. This means that if we are running as a non-system user on the local machine, connecting over a UNIX Domain Socket (which we do, by default) so that PeerCred is used for authentication, the response will be client-error-forbidden and there will be no password callback.

If you only set the CUPS user in the password callback, you're doing it too late. You only get to respond with the password for the current user at that stage.

Symptom: running hp-setup as a normal user fails.

hp-setup[24849]: debug: Found match: drv:///hp/hpcups.drv/hp-deskjet_990c.ppd
hp-setup[24849]: debug: [('drv:///hp/hpcups.drv/hp-deskjet_990c.ppd', [])]
hp-setup[24849]: debug: One match found.
hp-setup[24849]: debug: addPrinter('DeskJet_990C', 'hp:/usb/DeskJet_990C?serial=US05N1J00XLG', '', '', 'drv:///hp/hpcups.drv/hp-deskjet_990c.ppd', '')
hp-setup[24849]: debug: addPrinter() returned (0, client-error-forbidden)
hp-setup[24849]: debug: Device URI ipp://192.168.2.1:631/printers/Aaron is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: Device URI ipp://192.168.2.1:631/printers/Aaron-Fax is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: Device URI ipp://192.168.2.1:631/printers/Ben is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: Device URI usb://EPSON/Stylus%20D78 is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: Device URI ipp://192.168.2.1:631/printers/foo is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: Device URI ipp://192.168.2.1:631/printers/HP-LaserJet-6MP is invalid/unknown
hp-setup[24849]: debug: Exception: 4 (Unknown/invalid device-uri field)
hp-setup[24849]: debug: {}
error: Printer queue setup failed. Please restart CUPS and try again.

Done.

Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=616569

Revision history for this message
Tim Waugh (twaugh) wrote :

Example fix, just for addPrinter

Revision history for this message
Naga Samrat Chowdary, Narla (samrat-hplip) wrote :

if any user, other than root require the privilege from CUPS to perform admin operations.
Any user can get privilege to perform Admin operations by adding user to list of groups which are available with the "SystemGroup" attribute in /etc/cups/cupsd.conf file.
if hp-setup fails, currently HPLIP will check for the list of groups available in /etc/cups/cupsd.conf file and current user part of groups.
and intimate user, if user required to be part of any group.

Hope attached patch may not be required.
I have written that patch and that is available in hplip-3.10.9 build.
Please refer https://bugs.launchpad.net/hplip/+bug/660441 for more information on this patch.

Thanks,
Naga Samrat Chowdary, Narla

Changed in hplip:
status: New → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Tim Waugh (twaugh) wrote :

Trying to read /etc/cups/cupsd.conf will fail unless you are root, on a correct installation of CUPS. You should not need to do that.

Why would you require a configuration change (and a *restart of the CUPS scheduler*!) simply to allow a user to perform an operation? Just use the normal authentication mechanism like everyone else does.

The patch from bug #660441 was to fix a traceback. My patch above, hplip-addprinter.patch is to fix a lack of password authentication. They are quite different issues!

Changed in hplip:
status: Fix Released → New
Revision history for this message
Naga Samrat Chowdary, Narla (samrat-hplip) wrote :

Yes, on some distributions both owner and group of /etc/cups/cupsd.conf are "root".
for some distributions owner is "root" and group is "lp"
for example:
Fedora: -rw-r--r-- 1 root lp .....
Ubuntu: -rw-r--r-- 1 root root ....

and the "SystemGroup" attribute values are also varying from one distribution to other distribution.
for example:
ubuntu it is "lpadmin",
Suse it is "sys root",
Fedora it is "sys root",
Debian it is "lpadmin",
here in case of fedora user is required to added to "sys" group and "root" is optional.
and in case of ubuntu user is required to add to "lpadmin"

For instance, in fedora if user is not part of "sys" group. and user part of "lp" group. then while running hp-setup printer will get detect on USB but as user not part of "sys" group. add printer will fail. if we add current user to "sys" group in fedora, we will be able to add printer queue.

With the patch applied on hplip-3.10.9, the patch we will not change the CUPS Configuration file. it read configuration file and detect the groups to which user is required to add.

The patch you are given is working while adding printer on SUSE (even user is not part of "sys", because "SystemGroup" attribute values are "sys root".). as we are telling "root" user by saying cupsSetUser("root") to CUPS server.
But, add printer operation with your patch is failed on Ubuntu. because user is required to add to only "lpadmin" group.
I have tested this on both Suse and Ubuntu.

is this bug report is on RHEL?
and the patch on hplip-3.10.9 has applied only to qt4 platforms. will extent that to qt3 platforms too.

Thanks,
Naga Samrat Chowdary, Narla

Revision history for this message
Tim Waugh (twaugh) wrote :

Well, set the user to something else first, then, but you *must* handle the case where you get "Forbidden" instead of a password callback.

e.g. try as current (real) user; in case of 'Forbidden', set user to 'root' and try again.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.