[cups-devel] CUPS return 401 when using CUPS_ADD_PRINTER ipp operation in 2.2v

Michael Sweet msweet at apple.com
Tue Sep 6 09:40:56 PDT 2016 

This operation requires authentication unless you override the default policies in cupsd.conf.

> On Sep 6, 2016, at 1:23 AM, Ajaydharan Mohandoss <Ajaydharan.Mohandoss at microfocus.com> wrote:
> 
> Adding the CUPS log file of both versions of CUPS for the CUPS-ADD-Printer request,
> 
> Mac 10.11 - (CUPS 2.1v):
> 
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: uri="/admin", limit=10...
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: Location /admin/log(10) Limit 7f
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: Location /admin/conf(11) Limit 7f
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: Location /admin(6) Limit 7f
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: Location /(1) Limit 7f
> d [30/Aug/2016:15:45:58 +0530] cupsdFindBest: best=/admin
> d [30/Aug/2016:15:45:58 +0530] [Client 134] con->uri="/admin/", con->best=0x7feb8950c110(/admin)
> D [30/Aug/2016:15:45:58 +0530] [Client 134] No authentication data provided.
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: con->uri="/admin/", con->best=0x7feb8950c110(/admin)
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=0
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
> D [30/Aug/2016:15:45:58 +0530] [Client 134] 2.0 CUPS-Add-Modify-Printer 6
> d [30/Aug/2016:15:45:58 +0530] cupsdProcessIPPRequest(0x7feb89804e00[134]): operation_id = 4003
> D [30/Aug/2016:15:45:58 +0530] CUPS-Add-Modify-Printer ipp://localhost/printers/audit_printer
> d [30/Aug/2016:15:45:58 +0530] add_printer(0x7feb89804e00[134], ipp://localhost/printers/audit_printer)
> d [30/Aug/2016:15:45:58 +0530] cupsdFindPolicyOp(p=0x7feb89520bd0, op=4003(CUPS-Add-Modify-Printer))
> d [30/Aug/2016:15:45:58 +0530] cupsdFindPolicyOp: Found wildcard match...
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: con->uri="/admin/", con->best=0x7feb89520ef0((null))
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=0
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: op=0(0x0000)
> d [30/Aug/2016:15:45:58 +0530] cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
> d [30/Aug/2016:15:45:58 +0530] cupsdAddPrinter("audit_printer")
> d [30/Aug/2016:15:45:58 +0530] cupsdAddPrinter: Adding audit_printer to Printers
> 
> 
> Mac 10.12 Beta - (CUPS 2.2v):
> 
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: uri="/admin", limit=10...
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: Location /admin/log(10) Limit 7f
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: Location /admin/conf(11) Limit 7f
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: Location /admin(6) Limit 7f
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: Location /(1) Limit 7f
> d [30/Aug/2016:15:50:47 +0530] cupsdFindBest: best=/admin
> d [30/Aug/2016:15:50:47 +0530] [Client 16] con->uri="/admin/", con->best=0x7ff6067036b0(/admin)
> D [30/Aug/2016:15:50:47 +0530] [Client 16] No authentication data provided.
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: con->uri="/admin/", con->best=0x7ff6067036b0(/admin)
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=0
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
> D [30/Aug/2016:15:50:47 +0530] [Client 16] 2.0 CUPS-Add-Modify-Printer 6
> d [30/Aug/2016:15:50:47 +0530] cupsdProcessIPPRequest(0x7ff606804c00[16]): operation_id = 4003
> D [30/Aug/2016:15:50:47 +0530] CUPS-Add-Modify-Printer ipp://localhost/printers/audit_printer
> d [30/Aug/2016:15:50:47 +0530] add_printer(0x7ff606804c00[16], ipp://localhost/printers/audit_printer)
> d [30/Aug/2016:15:50:47 +0530] cupsdFindPolicyOp(p=0x7ff606703b60, op=4003(CUPS-Add-Modify-Printer))
> d [30/Aug/2016:15:50:47 +0530] cupsdFindPolicyOp: Found exact match...
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: con->uri="/admin/", con->best=0x7ff606706060((null))
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: level=CUPSD_AUTH_USER, type=Basic, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=1
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: op=4003(CUPS-Add-Modify-Printer)
> d [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
> D [30/Aug/2016:15:50:47 +0530] cupsdIsAuthorized: username=""
> D [30/Aug/2016:15:50:47 +0530] [Client 16] Returning HTTP Unauthorized for CUPS-Add-Modify-Printer (ipp://localhost/printers/audit_printer) from localhost
> 
> From the latest CUPS client, CUPS finds the policy OP as exact match in which it returns the user type as CUPS_AUTH_USER whereas in old version of CUPS it returns CUPS_AUTH_ANON. Due to this, it throws the error as HTTP 401.
> 
> Thanks & Regards
> Ajay
> 
> 
> 
>>>> Ajaydharan Mohandoss <Ajaydharan.Mohandoss at microfocus.com> 01-09-2016 09:15 >>>
> Hi
> 
> In Cups 2.1, I add a new printer using CUPS_ADD_PRINTER ipp operation which installs the printer automatically. But in CUPS 2.2v, using the same operation returns a 401-Unauthorized http error?
> 
> I compared the 2.1 and 2.2v code logs for all cupsd related information. When CUPS process the incoming CUPS_ADD_PRINTER request, earlier version of CUPS used to return "wildcard match" in CupsdFindPolicyOp method along with the default policy but latest version of 2.2v returns "exact match" in CupsdFindPolicyOp method. Due to this, it returns policy type as USER instead of ANONYMOUS.
> 
> Can anyone help me what changes have been added in default CUPS policies which makes the above request to return USER policy type instead of ANONYMOUS?
> 
> Thanks & Regards
> Ajay
> 
> 
> 
> _______________________________________________
> cups-devel mailing list
> cups-devel at cups.org
> https://lists.cups.org/mailman/listinfo/cups-devel

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

More information about the cups mailing list