Bug 397125

Summary: print-manager should provide information regarding where the password is getting sent and the characteristics of the server
Product: [Frameworks and Libraries] print-manager Reporter: Gerhard Dittes <g-a-d>
Component: generalAssignee: Daniel Nicoletti <dantti12>
Status: RESOLVED FIXED    
Severity: critical CC: luigi.toscano, m.weghorn, maxy, nate, steven.deherdt
Priority: NOR    
Version: 18.04   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed In: 19.04.0
Sentry Crash Report:
Attachments: Sample cupsd.conf for CUPS server to require authentication
Screenshot showing the authentication dialog with the patch applied

Description Gerhard Dittes 2018-08-03 12:43:39 UTC
Hi,

this issue has been reported to Debian's bug tracker some weeks ago ... but it seems that it hasn't found its way to upstream yet:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900997

Could you please take care?

Thanks & regards, Gerardo
Comment 1 Daniel Nicoletti 2018-08-03 13:10:42 UTC
You will never send your password to a remote server unless you configure your CUPS local file settings to use a remote server.

About certificates this is CUPS-API which doesn't provide any, and usually runs unencrypted.

The is nothing I can do to improve this AFAIK because it's all dependent on user settings and CUPS-API IIRC doesn't provide extra information...
Comment 2 Maximiliano Curia 2018-09-06 09:05:45 UTC
Hi,

I think that the issue here is not that the password needs to be sent, but that the dialog is not clear about what's the password for and if the password is going to be sent encrypted or not. I think that the dialog could do with that additional information, making it clear that you are about to expose the password to the server and/or the whole network (if sent non encrypted).

Happy hacking,
Comment 3 Steven De Herdt 2019-01-23 21:54:21 UTC
Hello

I'm having a look at this in the hope of getting print-manager included in Debian's next stable release.  However, I have only little experience in C++, and none with KDE hacking.

How can we detect when a password is required for a remote server?  Is that only through the KCupsConnection in ChooseUri.cpp:122, or am I mistaken?

Regards
-Steven
Comment 4 Michael Weghorn 2019-01-29 22:18:37 UTC
(In reply to Steven De Herdt from comment #3)
> How can we detect when a password is required for a remote server?  Is that
> only through the KCupsConnection in ChooseUri.cpp:122, or am I mistaken?

I have investigated this a bit and as far as I understand the relevant code is in KCupsConnection.cpp:

1) A callback function is set using

    cupsSetPasswordCB2(password_cb, m_passwordDialog);

s.a. the CUPS programming manual for that function: https://www.cups.org/doc/cupspm.html#cupsSetPasswordCB2

2) With this callback function set, CUPS calls this function 'password_cb' also defined in 'KCupsConnection.cpp' whenever authentication is required, and that function shows the dialog in question.

I have created a demo change that shows how the prompt can be adapted: https://paste.kde.org/pqwlthsjx

This just uses the prompt as directly passed via CUPS to the callback function, but further information can probably retrieved from the other parameters to the callback function as needed. (In my sample setup, this would show "Password for myuser on 192.168.122.238?" as the prompt text.)
Comment 5 Michael Weghorn 2019-01-29 22:24:45 UTC
Created attachment 117719 [details]
Sample cupsd.conf for CUPS server to require authentication

In order to trigger the authentication dialog, I used a test setup with a VM (IP: 192.168.122.238) as the CUPS server, with the attached /etc/cups/cupsd.conf file, and a file ~/.cups/client.conf on my host machine to actually use that server. The content of client.conf is this:

ServerName 192.168.122.238
User myuser
Comment 6 Michael Weghorn 2019-01-30 07:22:51 UTC
(In reply to Michael Weghorn from comment #4)
> I have created a demo change that shows how the prompt can be adapted:
> https://paste.kde.org/pqwlthsjx

And this is a simpler version (some changes were not required): https://paste.kde.org/py9vdxy0m
Comment 7 Luigi Toscano 2019-01-30 13:05:22 UTC
Please send the patch to phabricator - more details on:
https://community.kde.org/Get_Involved/development#Submit_a_patch
Comment 8 Michael Weghorn 2019-01-30 13:40:09 UTC
(In reply to Luigi Toscano from comment #7)
> Please send the patch to phabricator - more details on:
> https://community.kde.org/Get_Involved/development#Submit_a_patch

I can do, but I didn't want to "hijack" this while Steven is working on it, so that was originally more intended as a reply to his question.

@Steven: Are you currently looking at this? If so, feel free to take over anything you can user from my "demo". Otherwise, I can have another look and create a change on Phabricator as well. Whatever fits better for you...
Comment 9 Steven De Herdt 2019-01-31 00:44:11 UTC
(In reply to Michael Weghorn from comment #8)
> @Steven: Are you currently looking at this? If so, feel free to take over
> anything you can user from my "demo". Otherwise, I can have another look and
> create a change on Phabricator as well. Whatever fits better for you...

That's considerate of you Michael, but I haven't done any more work than exploring the source and experimenting a bit with cups.  So on the contrary, I'm happy someone who seems to know what they're doing is working on this.  Please go ahead and submit a patch!
Comment 10 Michael Weghorn 2019-02-01 17:06:33 UTC
Created attachment 117781 [details]
Screenshot showing the authentication dialog with the patch applied

I have now created this patch in Phabricator: https://phabricator.kde.org/D18648

With the patch applied, it is stated that CUPS requires authentication and the prompt information as passed by CUPS to the callback function is used, s. the attached screenshot.

If there's any other ideas for better text for the prompt, please mention it either here or (probably even better) on the Phabricator change.
Comment 11 Steven De Herdt 2019-02-01 22:15:32 UTC
Hi Michael,
your patch is already included in a new package uploaded to Debian's unstable.
Thanks to all involved!
Comment 12 Michael Weghorn 2019-02-02 00:28:15 UTC
(In reply to Steven De Herdt from comment #11)
> Hi Michael,
> your patch is already included in a new package uploaded to Debian's
> unstable.
> Thanks to all involved!

Thank you, too, for taking the initiative! I wouldn't have taken a look otherwise.
Comment 13 Luigi Toscano 2019-02-02 00:34:47 UTC
Git commit 9fc009743a32738b5f585a826a370f3ee6a1c408 by Luigi Toscano, on behalf of Michael Weghorn.
Committed on 02/02/2019 at 00:34.
Pushed by ltoscano into branch 'master'.

Show more information on CUPS auth dialog

Summary:
This extends 'KCupsPasswordDialog' so that a prompt text can be
set.
It is explicitly stated that authentication is required
by CUPS, which was not totally clear beforehand and
prompt information as passed via the CUPS
callback function is displayed in addition.

This e.g. makes clear what host the authentication
information is sent to.

Test Plan:
Set up a remote CUPS server that requires authentication
and modify '~/.cups/client.conf' so that it points to this server,
e.g. as described in https://bugs.kde.org/show_bug.cgi?id=397125#c6 .

Start print-manager and make sure the authentication dialog is clear
what the authentication is needed for and where the information is sent.

Reviewers: dantti, ngraham

Reviewed By: dantti, ngraham

Subscribers: ltoscano, ngraham, kde-utils-devel

Differential Revision: https://phabricator.kde.org/D18648

M  +3    -1    libkcups/KCupsConnection.cpp
M  +9    -2    libkcups/KCupsPasswordDialog.cpp
M  +2    -0    libkcups/KCupsPasswordDialog.h

https://commits.kde.org/print-manager/9fc009743a32738b5f585a826a370f3ee6a1c408