[cups.general] cups-1.1.22rc1 - Pausing via samba unauthorized depending on order of SystemGroup conf

Thu Oct 14 11:23:05 PDT 2004

Hi Kurt!

> Stabbing into the dark now....

Thanks :).

Yes, that's why it seems so weird... the only change between one group
working and the other group working is the order listed in SystemGroup.
Rotating the order allows it to work as long as the person is in the
first group listed.

I've tried various combinations with quoting and without etc... in all
cases it only succeeds when user is a member of whatever the first group
is.  If I were to add root as the first SystemGroup it fails for both of
the other groups... though there are no authorization problems for any
of the groups in the list when using the cups web interface.

> Have you tried to get a debuglevel >=3 (you may need 10)
> to see what credentials the clients really submit to Samba,

Yes, and out of the box the Samba debug is a little sparse here:

[2004/10/14 13:14:27, 5] printing/print_cups.c:cups_queue_pause(1155)
  cups_queue_pause(2)
[2004/10/14 13:14:27, 0] printing/print_cups.c:cups_queue_pause(1223)
  Unable to pause printer test - client-error-not-authorized

And when it works:

[2004/10/14 13:22:59, 5] printing/print_cups.c:cups_queue_pause(1155)
  cups_queue_pause(2)

This request uses a different mechanism than what is used to log the
"usual" samba traffic.

> Have you ever tried to get a "LogLevel debug2" error_log of the
> process?

Here's where it works:

d [14/Oct/2004:14:01:57 -0400] AcceptClient(lis=0x4474e0) 0 NumClients =
0
D [14/Oct/2004:14:01:57 -0400] AcceptClient: 6 from localhost:631.
d [14/Oct/2004:14:01:57 -0400] AcceptClient: Adding fd 6 to InputSet...
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
D [14/Oct/2004:14:01:57 -0400] ReadClient: 6 POST /admin/ HTTP/1.1
d [14/Oct/2004:14:01:57 -0400] decode_auth(0x40323008): Authorization
string = ""
d [14/Oct/2004:14:01:57 -0400] decode_auth: 6 username=""
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: con->uri = "/admin/"
d [14/Oct/2004:14:01:57 -0400] FindBest: uri = "/admin/"...
d [14/Oct/2004:14:01:57 -0400] FindBest: Location / Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /jobs Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /admin Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: best = "/admin"
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: auth = 0, satisfy=0...
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: username = "" password = 0
chars
d [14/Oct/2004:14:01:57 -0400] ReadClient: Unauthorized request for
/admin/...
D [14/Oct/2004:14:01:57 -0400] SendError: 6 code=401 (Unauthorized)
d [14/Oct/2004:14:01:57 -0400] FindBest: uri = "/admin/"...
d [14/Oct/2004:14:01:57 -0400] FindBest: Location / Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /jobs Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /admin Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: best = "/admin"
D [14/Oct/2004:14:01:57 -0400] CloseClient: 6
d [14/Oct/2004:14:01:57 -0400] CloseClient: Removing fd 6 from InputSet
and OutputSet...
d [14/Oct/2004:14:01:57 -0400] AcceptClient(lis=0x4474e0) 0 NumClients =
0
D [14/Oct/2004:14:01:57 -0400] AcceptClient: 6 from localhost:631.
d [14/Oct/2004:14:01:57 -0400] AcceptClient: Adding fd 6 to InputSet...
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
D [14/Oct/2004:14:01:57 -0400] ReadClient: 6 POST /admin/ HTTP/1.1
d [14/Oct/2004:14:01:57 -0400] decode_auth(0x40323008): Authorization
string = "Local 9DD4150CB49B73249C247D7AEFB5BC04"
d [14/Oct/2004:14:01:57 -0400] decode_auth: 6 username="root"
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: con->uri = "/admin/"
d [14/Oct/2004:14:01:57 -0400] FindBest: uri = "/admin/"...
d [14/Oct/2004:14:01:57 -0400] FindBest: Location / Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /jobs Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: Location /admin Limit 7f
d [14/Oct/2004:14:01:57 -0400] FindBest: best = "/admin"
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: auth = 0, satisfy=0...
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: username = "root" password
= 0 chars
d [14/Oct/2004:14:01:57 -0400] IsAuthorized: Checking "root", address =
7f000001, hostname = "localhost"
d [14/Oct/2004:14:01:57 -0400] POST /admin/
d [14/Oct/2004:14:01:57 -0400] CONTENT_TYPE = application/ipp
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 167, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 159, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 125, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 91, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 46, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6 con->data_encoding =
length, con->data_remaining = 1, con->file = -1
d [14/Oct/2004:14:01:57 -0400] ProcessIPPRequest(0x40323008[6]):
operation_id = 0010
d [14/Oct/2004:14:01:57 -0400] ProcessIPPRequest:
URI="ipp://localhost/printers/test"
d [14/Oct/2004:14:01:57 -0400] stop_printer(0x40323008[6],
ipp://localhost/printers/test)
I [14/Oct/2004:14:01:57 -0400] Saving printers.conf...
I [14/Oct/2004:14:01:57 -0400] Printer 'test' stopped by 'root'.
D [14/Oct/2004:14:01:57 -0400] ProcessIPPRequest: 6 status_code=0
d [14/Oct/2004:14:01:57 -0400] ProcessIPPRequest: Adding fd 6 to
OutputSet...
d [14/Oct/2004:14:01:57 -0400] WriteClient: Removing fd 6 from
OutputSet...
d [14/Oct/2004:14:01:57 -0400] ReadClient: 6, used=0, file=-1
d [14/Oct/2004:14:01:57 -0400] ReadClient: httpGets returned EOF...
D [14/Oct/2004:14:01:57 -0400] CloseClient: 6
d [14/Oct/2004:14:01:57 -0400] CloseClient: Removing fd 6 from InputSet
and OutputSet...

Here's where it doesn't:

d [14/Oct/2004:14:05:53 -0400] AcceptClient(lis=0x4474e0) 0 NumClients =
0
D [14/Oct/2004:14:05:53 -0400] AcceptClient: 6 from localhost:631.
d [14/Oct/2004:14:05:53 -0400] AcceptClient: Adding fd 6 to InputSet...
d [14/Oct/2004:14:05:53 -0400] ReadClient: 6, used=0, file=-1
D [14/Oct/2004:14:05:53 -0400] ReadClient: 6 POST /admin/ HTTP/1.1
d [14/Oct/2004:14:05:53 -0400] decode_auth(0x40323008): Authorization
string = ""
d [14/Oct/2004:14:05:53 -0400] decode_auth: 6 username=""
d [14/Oct/2004:14:05:53 -0400] IsAuthorized: con->uri = "/admin/"
d [14/Oct/2004:14:05:53 -0400] FindBest: uri = "/admin/"...
d [14/Oct/2004:14:05:53 -0400] FindBest: Location / Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: Location /jobs Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: Location /admin Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: best = "/admin"
d [14/Oct/2004:14:05:53 -0400] IsAuthorized: auth = 0, satisfy=0...
d [14/Oct/2004:14:05:53 -0400] IsAuthorized: username = "" password = 0
chars
d [14/Oct/2004:14:05:53 -0400] ReadClient: Unauthorized request for
/admin/...
D [14/Oct/2004:14:05:53 -0400] SendError: 6 code=401 (Unauthorized)
d [14/Oct/2004:14:05:53 -0400] FindBest: uri = "/admin/"...
d [14/Oct/2004:14:05:53 -0400] FindBest: Location / Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: Location /jobs Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: Location /admin Limit 7f
d [14/Oct/2004:14:05:53 -0400] FindBest: best = "/admin"
D [14/Oct/2004:14:05:53 -0400] CloseClient: 6
d [14/Oct/2004:14:05:53 -0400] CloseClient: Removing fd 6 from InputSet
and OutputSet...

The only change between the two was the order of SystemGroup in
cupsd.conf and restart cups.  I did nothing on the Samba side.  It works
for members of the other group when it doesn't work for members of my
group.

> Sorry for not being of more help.

Thanks, though.  I appreciate it!

~ Daniel