Bug 2006987

Summary: Unauthenticated users can't move print jobs in Web UI
Product: Red Hat Enterprise Linux 8 Reporter: Bryan Mason <bmason>
Component: cupsAssignee: Zdenek Dohnal <zdohnal>
Status: CLOSED ERRATA QA Contact: Petr Dancak <pdancak>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.4CC: pdancak, psklenar
Target Milestone: rcKeywords: AutoVerified, Patch, TestCaseProvided, Triaged
Target Release: ---Flags: pdancak: needinfo+
pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: cups-2.2.6-41.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2018948 (view as bug list) Environment:
Last Closed: 2022-05-10 15:21:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bryan Mason 2021-09-22 18:58:56 UTC 
Description of problem:

  If an administrator wants to allow unfettered access to allow
  unauthenticated users to perform administration functions, they can do
  this by removing Require user entries from cupsd.conf.  This works for
  everything but the "Move Job" operation in the "Jobs" page. Because
  cgiMoveJob() returns 401 when REMOTE_USER is not supplied, it is
  impossible to move the job using the Web UI.

Version-Release number of selected component (if applicable):

  cups-2.2.6-38.el8

How reproducible:

  100%

Steps to Reproduce:

 1. Remove all "Require user" entries in cupsd.conf
 
 2. Submit a print job "lp -d test -H Hold /etc/fstab"
 
 3. Go to https://localhost/jobs and press the "Move Job" button
    to move the print job.

Actual results:

  Unauthorized

  Enter your username and password or the root username and password to
  access this page. If you are using Kerberos authentication, make sure
  you have a valid Kerberos ticket.

Expected results:

  The unauthenticated user should be able to move the job.

Additional info:

  Upstream PR, currently pending review:
    https://github.com/OpenPrinting/cups/pull/257

  I'll work up a test package shortly.
Comment 1 Bryan Mason 2021-09-22 19:00:12 UTC 
Created attachment 1825411 [details]
Proposed patch
Comment 18 errata-xmlrpc 2022-05-10 15:21:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cups bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2032