From: Michael R Sweet Date: Wed, 14 May 2025 16:19:16 +0000 (-0400) Subject: Sanitize requesting-user-name as needed (Issue #1145) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d0963041c869968c65cf6a267257fdd7ff8d050;p=thirdparty%2Fcups.git Sanitize requesting-user-name as needed (Issue #1145) --- diff --git a/CHANGES.md b/CHANGES.md index 3d5d9e8609..c261dea50a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -5,6 +5,8 @@ CHANGES - OpenPrinting CUPS Changes in CUPS v2.4.13 (YYYY-MM-DD) ------------------------------------ +- Updated IPP backend to try a sanitized user name if the printer/server does + not like the value (Issue #1145) - Updated the scheduler to send the "printer-added" or "printer-modified" events whenever an IPP Everywhere PPD is installed (Issue #1244) - Updated the scheduler to send the "printer-modified" event whenever the system diff --git a/backend/ipp.c b/backend/ipp.c index 80f5d12581..6fff9bde20 100644 --- a/backend/ipp.c +++ b/backend/ipp.c @@ -198,6 +198,7 @@ main(int argc, /* I - Number of command-line args */ hostname[1024], /* Hostname */ resource[1024], /* Resource info (printer name) */ addrname[256], /* Address name */ + username[IPP_MAX_NAME], /* Requesting user name */ *optptr, /* Pointer to URI options */ *name, /* Name of option */ *value, /* Value of option */ @@ -326,6 +327,8 @@ main(int argc, /* I - Number of command-line args */ return (CUPS_BACKEND_STOP); } + strlcpy(username, argv[2], sizeof(username)); + /* * Get the device URI... */ @@ -1461,7 +1464,7 @@ main(int argc, /* I - Number of command-line args */ monitor.uri = uri; monitor.hostname = hostname; - monitor.user = argv[2]; + monitor.user = username; monitor.resource = resource; monitor.port = port; monitor.version = version; @@ -1498,7 +1501,7 @@ main(int argc, /* I - Number of command-line args */ while (!job_canceled && validate_job) { - request = new_request(IPP_OP_VALIDATE_JOB, version, uri, argv[2], + request = new_request(IPP_OP_VALIDATE_JOB, version, uri, username, monitor.job_name, num_options, options, compression, copies_sup ? copies : 1, document_format, pc, ppd, media_col_sup, doc_handling_sup, print_color_mode_sup, print_scaling_sup); @@ -1538,6 +1541,26 @@ main(int argc, /* I - Number of command-line args */ } } } + else if ((ipp_status == IPP_STATUS_ERROR_BAD_REQUEST || ipp_status == IPP_STATUS_ERROR_INTERNAL) && !strcmp(username, argv[2])) + { + /* + * Issue #1145: Some printers have trouble with valid character in the + * requesting-user-name attribute. Sanitize the username and try again + * if so... + */ + + char *argptr = argv[2], /* Pointer into local username */ + *userptr = username; /* Pointer into requesting-user-name value */ + + while (*argptr && userptr < (username + sizeof(username) - 1)) + { + if (isalnum(*argptr & 255)) + *userptr++ = *argptr; + argptr ++; + } + + *userptr = '\0'; + } ippDelete(response); @@ -1621,7 +1644,7 @@ main(int argc, /* I - Number of command-line args */ request = new_request((num_files > 1 || create_job) ? IPP_OP_CREATE_JOB : IPP_OP_PRINT_JOB, - version, uri, argv[2], monitor.job_name, num_options, + version, uri, username, monitor.job_name, num_options, options, compression, copies_sup ? copies : 1, document_format, pc, ppd, media_col_sup, doc_handling_sup, print_color_mode_sup, print_scaling_sup); @@ -1833,9 +1856,9 @@ main(int argc, /* I - Number of command-line args */ ippAddInteger(request, IPP_TAG_OPERATION, IPP_TAG_INTEGER, "job-id", job_id); - if (argv[2][0]) + if (username[0]) ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, - "requesting-user-name", NULL, argv[2]); + "requesting-user-name", NULL, username); ippAddBoolean(request, IPP_TAG_OPERATION, "last-document", (i + 1) >= num_files); @@ -1953,7 +1976,7 @@ main(int argc, /* I - Number of command-line args */ fputs("JOBSTATE: cups-retry-as-raster\n", stderr); if (job_id > 0) - cancel_job(http, uri, job_id, resource, argv[2], version); + cancel_job(http, uri, job_id, resource, username, version); goto cleanup; } @@ -1969,7 +1992,7 @@ main(int argc, /* I - Number of command-line args */ */ if (job_id > 0) - cancel_job(http, uri, job_id, resource, argv[2], version); + cancel_job(http, uri, job_id, resource, username, version); goto cleanup; } @@ -2008,7 +2031,7 @@ main(int argc, /* I - Number of command-line args */ ipp_status = IPP_STATUS_ERROR_INTERNAL; if (job_id > 0) - cancel_job(http, uri, job_id, resource, argv[2], version); + cancel_job(http, uri, job_id, resource, username, version); goto cleanup; } @@ -2056,7 +2079,7 @@ main(int argc, /* I - Number of command-line args */ * Check printer state... */ - check_printer_state(http, uri, resource, argv[2], version); + check_printer_state(http, uri, resource, username, version); if (cupsLastError() <= IPP_STATUS_OK_CONFLICTING) password_tries = 0; @@ -2074,9 +2097,9 @@ main(int argc, /* I - Number of command-line args */ ippAddInteger(request, IPP_TAG_OPERATION, IPP_TAG_INTEGER, "job-id", job_id); - if (argv[2][0]) + if (username[0]) ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, - "requesting-user-name", NULL, argv[2]); + "requesting-user-name", NULL, username); ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", sizeof(jattrs) / sizeof(jattrs[0]), @@ -2203,7 +2226,7 @@ main(int argc, /* I - Number of command-line args */ if (job_canceled > 0 && job_id > 0) { - cancel_job(http, uri, job_id, resource, argv[2], version); + cancel_job(http, uri, job_id, resource, username, version); if (cupsLastError() > IPP_STATUS_OK_CONFLICTING) _cupsLangPrintFilter(stderr, "ERROR", _("Unable to cancel print job.")); @@ -2213,7 +2236,7 @@ main(int argc, /* I - Number of command-line args */ * Check the printer state and report it if necessary... */ - check_printer_state(http, uri, resource, argv[2], version); + check_printer_state(http, uri, resource, username, version); if (cupsLastError() <= IPP_STATUS_OK_CONFLICTING) password_tries = 0;