[cups] How to define Policy that allows all for anybody?

Johannes Meixner jsmeix at suse.de
Tue Jun 30 08:03:22 PDT 2015 

Hello Michael,

On Jun 30 09:22 Michael Sweet wrote (excerpt):
> Do you see any errors in error_log or access_log when doing the lpstat?

Nothing in access_log and no errors in error_log
but with debug2 I get in error_log:
-------------------------------------------------------------------
# rccups stop

# rm /var/log/cups/*

# rccups start

# echo 'begin test lpstat -p that hangs up and then ctrl+c abort'
  >>/var/log/cups/error_log

# lpstat -p
^C

# echo 'end test lpstat -p that hangs up and then ctrl+c abort'
  >>/var/log/cups/error_log

# grep -A1000 'begin test ' /var/log/cups/error_log | fold -s -w70
begin test lpstat -p that hangs up and then ctrl+c abort
d [30/Jun/2015:16:47:45 +0200]
cupsdAcceptClient(lis=0x7fbeb542ccc0(8)) Clients=0
D [30/Jun/2015:16:47:45 +0200] [Client 12] Accepted from
localhost:631 (IPv6)
d [30/Jun/2015:16:47:45 +0200] cupsdAddSelect(fd=12,
read_cb=0x7fbeb4ae4850, write_cb=(nil), data=0x7fbeb5b07f00)
D [30/Jun/2015:16:47:45 +0200] [Client 12] Waiting for request.
d [30/Jun/2015:16:47:45 +0200] cupsdCheckJobs: 0 active jobs,
sleeping=0, reload=0, curtime=1435675665
d [30/Jun/2015:16:47:45 +0200] select_timeout: JobHistoryUpdate=0
d [30/Jun/2015:16:47:45 +0200] [Client 12] cupsdReadClient error=0,
used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH,
data_remaining=0, request=(nil)(), file=-1
D [30/Jun/2015:16:47:45 +0200] [Client 12] POST / HTTP/1.1
D [30/Jun/2015:16:47:45 +0200] cupsdSetBusyState: newbusy="Active
clients", busy="Not busy"
d [30/Jun/2015:16:47:45 +0200] cupsdFindBest: uri = "/"...
d [30/Jun/2015:16:47:45 +0200] cupsdFindBest: Location /admin/conf
Limit 7f
d [30/Jun/2015:16:47:45 +0200] cupsdFindBest: Location /admin Limit 7f
d [30/Jun/2015:16:47:45 +0200] cupsdFindBest: Location / Limit 7f
d [30/Jun/2015:16:47:45 +0200] cupsdFindBest: best = /
d [30/Jun/2015:16:47:45 +0200] [Client 12] con->uri="/",
con->best=0x7fbeb542c9c0(/)
d [30/Jun/2015:16:47:45 +0200] [Client 12] Authorization=""
D [30/Jun/2015:16:47:45 +0200] [Client 12] No authentication data
provided.
d [30/Jun/2015:16:47:45 +0200] cupsdIsAuthorized: con->uri="/",
con->best=0x7fbeb542c9c0(/)
d [30/Jun/2015:16:47:45 +0200] cupsdIsAuthorized:
level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL,
num_names=0
d [30/Jun/2015:16:47:45 +0200] cupsdIsAuthorized:
auth=CUPSD_AUTH_ALLOW...
D [30/Jun/2015:16:47:45 +0200] [Client 12] 2.0 CUPS-Get-Printers 1
d [30/Jun/2015:16:47:45 +0200]
cupsdProcessIPPRequest(0x7fbeb5b07f00[12]): operation_id = 4002
D [30/Jun/2015:16:47:45 +0200] CUPS-Get-Printers
d [30/Jun/2015:16:47:45 +0200] get_printers(0x7fbeb5b07f00[12], 0)
d [30/Jun/2015:16:47:45 +0200] cupsdFindPolicyOp(p=0x7fbeb543a9c0,
op=4002(CUPS-Get-Printers))
d [30/Jun/2015:16:47:45 +0200] cupsdFindPolicyOp: No match found.
d [30/Jun/2015:16:47:45 +0200] cupsdCheckPolicy: No matching
operation, returning 0.
D [30/Jun/2015:16:47:45 +0200] [Client 12] Returning HTTP Unknown for
CUPS-Get-Printers (no URI) from localhost
d [30/Jun/2015:16:47:45 +0200] [Client 12] cupsdSendError code=0,
auth_type=0
d [30/Jun/2015:16:47:45 +0200] select_timeout: JobHistoryUpdate=0
D [30/Jun/2015:16:47:46 +0200] Report: clients=1
D [30/Jun/2015:16:47:46 +0200] Report: jobs=6
D [30/Jun/2015:16:47:46 +0200] Report: jobs-active=0
D [30/Jun/2015:16:47:46 +0200] Report: printers=3
D [30/Jun/2015:16:47:46 +0200] Report: stringpool-string-count=101675
D [30/Jun/2015:16:47:46 +0200] Report: stringpool-alloc-bytes=17512
D [30/Jun/2015:16:47:46 +0200] Report: stringpool-total-bytes=1902288
d [30/Jun/2015:16:47:46 +0200] select_timeout: JobHistoryUpdate=0
d [30/Jun/2015:16:47:46 +0200] select_timeout(0): 300 seconds to
timeout a client connection
d [30/Jun/2015:16:47:47 +0200] [Client 12] cupsdReadClient error=0,
used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH,
data_remaining=0, request=0x7fbeb5b06c30(IPP_DATA), file=-1
D [30/Jun/2015:16:47:47 +0200] [Client 12] HTTP_STATE_WAITING Closing
on EOF
D [30/Jun/2015:16:47:47 +0200] [Client 12] Closing connection.
D [30/Jun/2015:16:47:47 +0200] cupsdSetBusyState: newbusy="Not busy",
busy="Active clients"
d [30/Jun/2015:16:47:47 +0200] cupsdRemoveSelect(fd=12)
d [30/Jun/2015:16:47:47 +0200] select_timeout: JobHistoryUpdate=0
d [30/Jun/2015:16:47:48 +0200] select_timeout: JobHistoryUpdate=0
d [30/Jun/2015:16:47:48 +0200] select_timeout(0): 86400 seconds to do
nothing
end test lpstat -p that hangs up and then ctrl+c abort
------------------------------------------------------------------

I use in cupsd.conf

<Policy allowallforanybody>
   JobPrivateAccess all
   JobPrivateValues none
   SubscriptionPrivateAccess all
   SubscriptionPrivateValues none
   <Limit All Validate-Job Cancel-Jobs Cancel-My-Jobs
  Close-Job CUPS-Get-Document>
     Order deny,allow
     Allow from all
   </Limit>
</Policy>
DefaultPolicy allowallforanybody



> Is this with stock CUPS, or with SuSE patches added?

This is with our CUPS but we do not have patches that
change how CUPS actually works. Our few patches are
basically about "cosmetic" issues, cf.
https://build.opensuse.org/package/show/Printing/cups

Nevertheless tomorrow I will verify it with stock CUPS.



Kind Regards
Johannes Meixner
-- 
SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard,
Dilip Upmanyu, Graham Norton - HRB 21284 (AG Nuernberg)

More information about the cups mailing list