cupsd should not allow Get-Jobs without printer-uri attribute #2996

michaelrsweet opened this Issue Nov 12, 2008 · 3 comments


None yet
1 participant

michaelrsweet commented Nov 12, 2008

Version: 1.3-current User: michalex

CUPS clients often use the only attribute job-uri "ipp://localhost/jobs" in Get-Jobs (0x000A) IPP operation (to get list of all server jobs). CUPS server should not accept such requests as the Get-Jobs operation is printer-object operation and the printer-uri attribute is required in valid request. Use the job-uri "ipp://localhost/jobs" in such a way violates the IPP protocol, because the security is printer-based (various printers can return/use various uri-security-supported and uri-authentication-supported values). To get all jobs, clients should get all available printers (e.g. using CUPS-Get-Printers) and then cycle the Get-Jobs operation for each printer with respect to its security.


michaelrsweet commented Nov 13, 2008 User: mike

While cupsd should definitely not allow a Get-Jobs request without a printer-uri attribute, it has always (by design) allowed query operations that list all jobs on all printers using a printer-uri of ipp://server/printers, since Get-Jobs is a query operation and cannot be limited without causing significant interoperability issues. Moreover, the IPP standard and working group has never considered get/read operations as things that need to have special access control.

So, while we will add a check to cupsd to require a printer-uri for get-jobs, we will not prevent access to "all" jobs with a printer-uri of "ipp://server/printers". You can define a default policy for Get-Jobs that limits things globally, and then use a per-printer policy for the specific access controls you want for each printer.

Changed the summary and the version to reflect what will be changed...


michaelrsweet commented Nov 13, 2008 User: mike

Fixed in Subversion repository.


michaelrsweet commented Nov 13, 2008


Index: scheduler/ipp.c

--- scheduler/ipp.c (revision 8118)
+++ scheduler/ipp.c (working copy)
@@ -6785,12 +6785,17 @@

  • Is the destination valid?
  • if (strcmp(uri->name, "printer-uri"))
  • {
  • send_ipp_status(con, IPP_BAD_REQUEST, _("No printer-uri in request!"));
  • return;
  • }

httpSeparateURI(HTTP_URI_CODING_ALL, uri->values[0].string.text, scheme,
sizeof(scheme), username, sizeof(username), host,
sizeof(host), &port, resource, sizeof(resource));

  • if (!strcmp(resource, "/") ||
  •  (!strncmp(resource, "/jobs", 5) && strlen(resource) <= 6))
  • if (!strcmp(resource, "/"))
    dest = NULL;
    dtype = (cups_ptype_t)0;

@michaelrsweet michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment