cups-remote-pending-held when only Send-Document requires encryption #4125

Closed
michaelrsweet opened this Issue Jun 14, 2012 · 5 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Jun 14, 2012

Version: 1.5.3
CUPS.org User: twaugh.redhat

When the ipp backend tries to use Create-Job/Send-Document to a server that only requires encryption for Send-Document, the Create-Job request succeeds and the Send-Document request fails. "upgrade required" is not handled.

The ipp backend then waits for the remote job to complete, which of course it never can.

Collaborator

michaelrsweet commented Jun 14, 2012

CUPS.org User: twaugh.redhat

ipp backend output attached, as well as an example cupsd.conf for the server.

Collaborator

michaelrsweet commented Jun 20, 2012

CUPS.org User: mike

This is a bogus configuration. Will look at some options for supporting this, but in the meantime this can be addressed by the customer by fixing the policy to require authentication for both.

What we will probably do is fix both the HTTP upgrade stuff and add some code to cupsd to "fix" the bad policy (Create/Send need the same authentication requirements).

Collaborator

michaelrsweet commented Dec 13, 2012

CUPS.org User: mike

Fixed in Subversion repository.

Collaborator

michaelrsweet commented Dec 13, 2012

"cupsd.conf":

MaxLogSize 0

Show troubleshooting information in error_log.

LogLevel debug
SystemGroup sys root
Port 631
Listen /var/run/cups/cups.sock
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseRemoteProtocols CUPS
BrowseAddress @Local
BrowseLocalProtocols CUPS dnssd
DefaultAuthType Basic

Order allow,deny
Allow @Local

<Location /admin>
Order allow,deny

<Location /admin/conf>
AuthType Default
Require user @System
Order allow,deny



Require user @owner @System
Order deny,allow


AuthType Default
Require user @System
Order deny,allow


AuthType Default
Require user @System
Order deny,allow


Require user @owner @System
Order deny,allow


Order deny,allow




AuthType Default
Order deny,allow


AuthType Default
Require user @owner @System
Order deny,allow


AuthType Default
Require user @System
Order deny,allow


AuthType Default
Require user @System
Order deny,allow


AuthType Default
Require user @owner @System
Order deny,allow


Order deny,allow




Order deny,allow


AuthType Default
Encryption Required
Require user @owner @System
Order deny,allow


AuthType Default
Encryption Required
Require user @System
Order deny,allow


AuthType Default
Encryption Required
Require user @System
Order deny,allow


AuthType Default
Encryption Required
Require user @owner @System
Order deny,allow


Order deny,allow

Collaborator

michaelrsweet commented Dec 13, 2012

"str4125.patch":

Index: backend/ipp.c

--- backend/ipp.c (revision 10756)
+++ backend/ipp.c (working copy)
@@ -1354,8 +1354,9 @@
/*

  • If the printer only claims to support IPP/1.0, or if the user specifically

  • included version=1.0 in the URI, then do not try to use Create-Job or

    • * Send-Document. This is another dreaded compatibility hack, but unfortunately
    • * there are enough broken printers out there that we need this for now...
    • * Send-Document. This is another dreaded compatibility hack, but
    • * unfortunately there are enough broken printers out there that we need
    • * this for now...
      */

    if (version == 10)
    @@ -1812,6 +1813,27 @@

    goto cleanup;
    }

    • else if (ipp_status == IPP_STATUS_ERROR_CUPS_UPGRADE_REQUIRED)
    • {
    • /*
      
    •  \* Server is configured incorrectly; the policy for Create-Job and
      
    •  \* Send-Document has to be the same (auth or no auth, encryption or
      
    •  \* no encryption).  Force the queue to stop since printing will never
      
    •  \* work.
      
    •  */
      
    •  fputs("DEBUG: The server or printer is configured incorrectly.\n",
      
    •        stderr);
      
    •  fputs("DEBUG: The policy for Create-Job and Send-Document must have the "
      
    •        "same authentication and encryption requirements.\n", stderr);
      
    •  ipp_status = IPP_STATUS_ERROR_INTERNAL;
      
    •  if (job_id > 0)
      
    • cancel_job(http, uri, job_id, resource, argv[2], version);
    •  goto cleanup;
      
    • }
      else if (ipp_status == IPP_NOT_FOUND)
      {
      /*

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment