Hi, this issue has been reported to Debian's bug tracker some weeks ago ... but it seems that it hasn't found its way to upstream yet: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900997 Could you please take care? Thanks & regards, Gerardo
You will never send your password to a remote server unless you configure your CUPS local file settings to use a remote server. About certificates this is CUPS-API which doesn't provide any, and usually runs unencrypted. The is nothing I can do to improve this AFAIK because it's all dependent on user settings and CUPS-API IIRC doesn't provide extra information...
Hi, I think that the issue here is not that the password needs to be sent, but that the dialog is not clear about what's the password for and if the password is going to be sent encrypted or not. I think that the dialog could do with that additional information, making it clear that you are about to expose the password to the server and/or the whole network (if sent non encrypted). Happy hacking,
Hello I'm having a look at this in the hope of getting print-manager included in Debian's next stable release. However, I have only little experience in C++, and none with KDE hacking. How can we detect when a password is required for a remote server? Is that only through the KCupsConnection in ChooseUri.cpp:122, or am I mistaken? Regards -Steven
(In reply to Steven De Herdt from comment #3) > How can we detect when a password is required for a remote server? Is that > only through the KCupsConnection in ChooseUri.cpp:122, or am I mistaken? I have investigated this a bit and as far as I understand the relevant code is in KCupsConnection.cpp: 1) A callback function is set using cupsSetPasswordCB2(password_cb, m_passwordDialog); s.a. the CUPS programming manual for that function: https://www.cups.org/doc/cupspm.html#cupsSetPasswordCB2 2) With this callback function set, CUPS calls this function 'password_cb' also defined in 'KCupsConnection.cpp' whenever authentication is required, and that function shows the dialog in question. I have created a demo change that shows how the prompt can be adapted: https://paste.kde.org/pqwlthsjx This just uses the prompt as directly passed via CUPS to the callback function, but further information can probably retrieved from the other parameters to the callback function as needed. (In my sample setup, this would show "Password for myuser on 192.168.122.238?" as the prompt text.)
Created attachment 117719 [details] Sample cupsd.conf for CUPS server to require authentication In order to trigger the authentication dialog, I used a test setup with a VM (IP: 192.168.122.238) as the CUPS server, with the attached /etc/cups/cupsd.conf file, and a file ~/.cups/client.conf on my host machine to actually use that server. The content of client.conf is this: ServerName 192.168.122.238 User myuser
(In reply to Michael Weghorn from comment #4) > I have created a demo change that shows how the prompt can be adapted: > https://paste.kde.org/pqwlthsjx And this is a simpler version (some changes were not required): https://paste.kde.org/py9vdxy0m
Please send the patch to phabricator - more details on: https://community.kde.org/Get_Involved/development#Submit_a_patch
(In reply to Luigi Toscano from comment #7) > Please send the patch to phabricator - more details on: > https://community.kde.org/Get_Involved/development#Submit_a_patch I can do, but I didn't want to "hijack" this while Steven is working on it, so that was originally more intended as a reply to his question. @Steven: Are you currently looking at this? If so, feel free to take over anything you can user from my "demo". Otherwise, I can have another look and create a change on Phabricator as well. Whatever fits better for you...
(In reply to Michael Weghorn from comment #8) > @Steven: Are you currently looking at this? If so, feel free to take over > anything you can user from my "demo". Otherwise, I can have another look and > create a change on Phabricator as well. Whatever fits better for you... That's considerate of you Michael, but I haven't done any more work than exploring the source and experimenting a bit with cups. So on the contrary, I'm happy someone who seems to know what they're doing is working on this. Please go ahead and submit a patch!
Created attachment 117781 [details] Screenshot showing the authentication dialog with the patch applied I have now created this patch in Phabricator: https://phabricator.kde.org/D18648 With the patch applied, it is stated that CUPS requires authentication and the prompt information as passed by CUPS to the callback function is used, s. the attached screenshot. If there's any other ideas for better text for the prompt, please mention it either here or (probably even better) on the Phabricator change.
Hi Michael, your patch is already included in a new package uploaded to Debian's unstable. Thanks to all involved!
(In reply to Steven De Herdt from comment #11) > Hi Michael, > your patch is already included in a new package uploaded to Debian's > unstable. > Thanks to all involved! Thank you, too, for taking the initiative! I wouldn't have taken a look otherwise.
Git commit 9fc009743a32738b5f585a826a370f3ee6a1c408 by Luigi Toscano, on behalf of Michael Weghorn. Committed on 02/02/2019 at 00:34. Pushed by ltoscano into branch 'master'. Show more information on CUPS auth dialog Summary: This extends 'KCupsPasswordDialog' so that a prompt text can be set. It is explicitly stated that authentication is required by CUPS, which was not totally clear beforehand and prompt information as passed via the CUPS callback function is displayed in addition. This e.g. makes clear what host the authentication information is sent to. Test Plan: Set up a remote CUPS server that requires authentication and modify '~/.cups/client.conf' so that it points to this server, e.g. as described in https://bugs.kde.org/show_bug.cgi?id=397125#c6 . Start print-manager and make sure the authentication dialog is clear what the authentication is needed for and where the information is sent. Reviewers: dantti, ngraham Reviewed By: dantti, ngraham Subscribers: ltoscano, ngraham, kde-utils-devel Differential Revision: https://phabricator.kde.org/D18648 M +3 -1 libkcups/KCupsConnection.cpp M +9 -2 libkcups/KCupsPasswordDialog.cpp M +2 -0 libkcups/KCupsPasswordDialog.h https://commits.kde.org/print-manager/9fc009743a32738b5f585a826a370f3ee6a1c408