SUMMARY When setting up a network printer that requires authentication using a password with reserved characters, the printer is not created. Creating the printer with a dummy password and then later editing /etc/cups/printers.conf by hand to replace the dummy with the percent-encoded real password does work. Clearly, the password should be percent-encoded before creating the full url for cups. (N.B.: the login is percent-encoded as appropriate.) STEPS TO REPRODUCE 1. Make sure to use a password with reserved characters 2. Configure network printer (e.g., smb) that requires authentication 3. Setup network printer and add login and password in boxes provided OBSERVED RESULT * New printer not created * Error in log indicating that printer url is malformed (password is in cleartext in the log!!!) EXPECTED RESULT * Password is percent-encoded * Password is never ever sent to the system's log SOFTWARE/OS VERSIONS KDE Plasma Version: 5.21.5 KDE Frameworks Version: 5.82.0 Qt Version: 5.15.2
eek, cleartext passwords in logs == VHI priority
This still happens on Kubuntu 24.04: Enter some credentials (e.g. for a smb-printer) and find the password in cleartext in journalctl + in /var/log/syslog. It's rather easy to reproduce (I did with print-manager 4:23.08.5-0ubuntu4): 1) call "systemsettings kcm_printer_manager" 2) add new printer 3) select Other Network Printers --> Windows Printer via SAMBA 4) enter a string into the password field See each keystroke while you enter the above mentioned string (in cleartext) in the stderr output of the systemsettings command. And if you start the systemsettings via K-Menu (which utilizes the plasmashell that was started by a systemd --user service), all the above mentioned output is passed directly into the systemd-journal. Is it really necessary to log each single key stroke? And like Erik, I would really appreciate a more privacy respecting logging here... The nasty thing here is, that nobody expects to find his personal password somewhere in the log files. My first mitigation will be: in /usr/share/applications/kcm_printer_manager.desktop: change Exec=systemsettings kcm_printer_manager to Exec=sh -c "systemsettings kcm_printer_manager 2>/dev/null" and /usr/share/applications/systemsettings.desktop: change Exec=systemsettings to Exec=sh -c "systemsettings 2>/dev/null"
Just for Completeness: I solved this issue for my environment by adding this Xsession.d dropin: cat /etc/X11/Xsession.d/91qt_suppress_default-debug_logging # -*- sh -*- # Xsession.d script to set the env variables to stop Qt from logging in debug mode. # # This file is sourced by Xsession(5), not executed. QT_LOGGING_RULES="default.debug=false" export QT_LOGGING_RULES if [ -x "/usr/bin/dbus-update-activation-environment" ]; then dbus-update-activation-environment --verbose --systemd QT_LOGGING_RULES fi Background: print-manager-21.12.3/add-printer/ChooseSamba.cpp uses lines like these qDebug() << 1 << url; to log it's output (without any logging category, which means logging is done to "default" category). And the above setting ensures that default.debug no more produces logging output in the complete plasma-Session.
`print-manager-21.12.3/add-printer/ChooseSamba.cpp` doesn't exist anymore as of [1]. The new print manager kcm [2] doesn't seem to be affected by the bug on first sight. I haven't verified it though. --- [1] https://invent.kde.org/plasma/print-manager/-/commit/c41cb06aa8c2f63391281883598988328355eb7d > Remove the legacy app: add-printer > add-printer features has been superceded by the print manager kcm [2] https://invent.kde.org/plasma/print-manager/-/blob/master/src/kcm/printermanager.cpp