cupsd should not allow Get-Jobs without printer-uri attribute #2996

Closed
michaelrsweet opened this Issue Nov 12, 2008 · 3 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Nov 12, 2008

Version: 1.3-current
CUPS.org User: michalex

CUPS clients often use the only attribute job-uri "ipp://localhost/jobs" in Get-Jobs (0x000A) IPP operation (to get list of all server jobs). CUPS server should not accept such requests as the Get-Jobs operation is printer-object operation and the printer-uri attribute is required in valid request. Use the job-uri "ipp://localhost/jobs" in such a way violates the IPP protocol, because the security is printer-based (various printers can return/use various uri-security-supported and uri-authentication-supported values). To get all jobs, clients should get all available printers (e.g. using CUPS-Get-Printers) and then cycle the Get-Jobs operation for each printer with respect to its security.

Collaborator

michaelrsweet commented Nov 13, 2008

CUPS.org User: mike

While cupsd should definitely not allow a Get-Jobs request without a printer-uri attribute, it has always (by design) allowed query operations that list all jobs on all printers using a printer-uri of ipp://server/printers, since Get-Jobs is a query operation and cannot be limited without causing significant interoperability issues. Moreover, the IPP standard and working group has never considered get/read operations as things that need to have special access control.

So, while we will add a check to cupsd to require a printer-uri for get-jobs, we will not prevent access to "all" jobs with a printer-uri of "ipp://server/printers". You can define a default policy for Get-Jobs that limits things globally, and then use a per-printer policy for the specific access controls you want for each printer.

Changed the summary and the version to reflect what will be changed...

Collaborator

michaelrsweet commented Nov 13, 2008

CUPS.org User: mike

Fixed in Subversion repository.

Collaborator

michaelrsweet commented Nov 13, 2008

"str2996.patch":

Index: scheduler/ipp.c

--- scheduler/ipp.c (revision 8118)
+++ scheduler/ipp.c (working copy)
@@ -6785,12 +6785,17 @@

  • Is the destination valid?
    */
  • if (strcmp(uri->name, "printer-uri"))
  • {
  • send_ipp_status(con, IPP_BAD_REQUEST, _("No printer-uri in request!"));
  • return;
  • }

httpSeparateURI(HTTP_URI_CODING_ALL, uri->values[0].string.text, scheme,
sizeof(scheme), username, sizeof(username), host,
sizeof(host), &port, resource, sizeof(resource));

  • if (!strcmp(resource, "/") ||
  •  (!strncmp(resource, "/jobs", 5) && strlen(resource) <= 6))
    
  • if (!strcmp(resource, "/"))
    {
    dest = NULL;
    dtype = (cups_ptype_t)0;

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment