[cups.bugs] [MOD] STR #3585: @OWNER evaluated as group
dkastens.uos
dkastens at uos.de
Wed May 19 08:19:32 PDT 2010
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
I created a policy where users should only see their own jobs.
<Limit Get-Jobs Get-Job-Attributes>
AuthType Basic
Require user @OWNER
</Limit>
When a user calls "lpstat" and authenticates, he gets the message "lpstat:
Forbidden". The errorlog shows the messages:
cupsdIsAuthorized: level=CUPSD_AUTH_USER, type=Basic,
satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=1
cupsdIsAuthorized: op=a(Get-Jobs)
cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
cupsdIsAuthorized: username="myuser"
cupsdIsAuthorized: Checking user membership...
cupsdCheckGroup(username="myuser", user=0xabc880, groupname="OWNER")
get_md5_password(username="dkastens", group="OWNER", passwd=0xabc0)
Returning HTTP Forbidden for Get-Jobs (ipp://localhost/) from localhost
It seems, that the "@OWNER" entry is evaluated as a group entry and not as
the owner of a job. When I set the limits to "valid-user" the lpstat
command works.
Link: http://www.cups.org/str.php?L3585
Version: 1.4.3
More information about the cups
mailing list