Description of problem: If I go to Server->Settings, I get the PolicyKit dialog. I enter my password (I'm in the desktop_admin_r group.) I then get: CUPS Server Error There was a HTTP error: status 1000 Traceback (most recent call last): File "/usr/share/system-config-printer/system-config-printer.py", line 1249, in on_server_settings_activate self.on_adv_server_settings_apply) File "/usr/share/system-config-printer/AdvancedServerSettings.py", line 65, in __init__ self.cupsconn.getFile (self.RESOURCE, file=f) File "/usr/share/system-config-printer/authconn.py", line 186, in <lambda> return lambda *args, **kwds: self._authloop (fname, fn, *args, **kwds) File "/usr/share/system-config-printer/authconn.py", line 204, in _authloop result = fn.__call__ (*args, **kwds) cups.HTTPError: 1000 I then select 'Server->Settings' again. It asks me for the root password (a non-policykit dialog). If I enter it correctly, it then works. Version-Release number of selected component (if applicable): system-config-printer-1.2.1-1.fc13.x86_64 How reproducible: 100% Steps to Reproduce: 1. See above.
So that's "User canceled authorization". I don't get this behaviour at all. Can you try running "system-config-printer --debug" from a terminal and paste the full output after you've seen this failure?
[notting@nostromo: ~]$ system-config-printer --debug Connected as user notting refresh Created subscription 10 <monitor.Monitor instance at 0x3730518>: printers and jobs lists provided update_jobs Authentication pass: 1 Authentication: password callback set Authentication pass: 1 Authentication: password callback set Authentication pass: 1 Authentication: password callback set get_notifications update_jobs Authentication pass: 1 Authentication: password callback set Authentication pass: 1 Authentication: password callback set PolicyKit call to FileGet did not work: unknown-ffffffff Authentication pass: 2 Forbidden: True Authentication: Try as root Connected as user root Got password callback Traceback (most recent call last): File "/usr/share/system-config-printer/system-config-printer.py", line 1249, in on_server_settings_activate self.on_adv_server_settings_apply) File "/usr/share/system-config-printer/AdvancedServerSettings.py", line 65, in __init__ self.cupsconn.getFile (self.RESOURCE, file=f) File "/usr/share/system-config-printer/authconn.py", line 186, in <lambda> return lambda *args, **kwds: self._authloop (fname, fn, *args, **kwds) File "/usr/share/system-config-printer/authconn.py", line 204, in _authloop result = fn.__call__ (*args, **kwds) cups.HTTPError: 1000 Authentication pass: 1 Authentication: password callback set Got password callback Authentication pass: 2 Forbidden: False Authentication: Reconnect Connected as user root Got password callback Authentication pass: 1 Authentication: password callback set Canceled subscription 10 <monitor.Monitor instance at 0x3730518> exited
(In reply to comment #2) > PolicyKit call to FileGet did not work: unknown-ffffffff That's weird. Do you have cups-pk-helper installed? Are you running system-config-printer from a console session? What's happened is that the cups-pk-helper call has failed and the fallback is to use pycups directly. The proper solution is to avoid using the old cupspk module and use asyncconn which (a) inherits the IPP authentication dialog correctly for the fallback case, and (b) works asynchronously. But still, the root cause of this problem is that the cups-pk-helper call failed, so it would be good to know why that is.
(In reply to comment #3) > (In reply to comment #2) > > PolicyKit call to FileGet did not work: unknown-ffffffff > > That's weird. Do you have cups-pk-helper installed? Are you running > system-config-printer from a console session? Yes to both. > What's happened is that the cups-pk-helper call has failed and the fallback is > to use pycups directly. The proper solution is to avoid using the old cupspk > module and use asyncconn which (a) inherits the IPP authentication dialog > correctly for the fallback case, and (b) works asynchronously. > > But still, the root cause of this problem is that the cups-pk-helper call > failed, so it would be good to know why that is. Is the fact that I'm in desktop_admin_r (and therefore authenticating to PK as myself, not root) relevant?
(In reply to comment #4) > > That's weird. Do you have cups-pk-helper installed? Are you running > > system-config-printer from a console session? > > Yes to both. What n-v-r of cups-pk-helper? > Is the fact that I'm in desktop_admin_r (and therefore authenticating to PK as > myself, not root) relevant? I have the same situation here and it all works fine. :-/
This looks relevant: commit 2d47f66d1a9c6ecfc9219909659e16fbf1dca971 Author: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945> Date: Thu Apr 30 22:15:05 2009 +0000 Add new HTTP_AUTHORIZATION_CANCELED status (internal to CUPS) to indicate wh authentication was canceled. Hmm, if it's meant to be internal to CUPS, I wonder why we're seeing it at all...
Oh, I get it: it's internal in that it isn't the actual HTTP status code that the server sends. So only libcups (and its clients) see this. I've committed a fix for this upstream.
system-config-printer-1.2.2-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/system-config-printer-1.2.2-1.fc13
system-config-printer-1.2.2-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-printer-1.2.2-1.fc13
With this test update, I get the PK dialog, it fails (?), then I get asked for root's password. This works.
OK, so the secondary problem (s-c-printer not handling cups-pk-helper failure well) is fixed. What does 'rpm -q cups-pk-helper' say? What about this?: cd /usr/share/system-config-printer python <<"EOF" import cups, cupspk c=cupspk.Connection(cups.getServer(),cups.getPort(),cups.getEncryption()) c.getFile("/admin/conf/cupsd.conf",file=file("/tmp/cupsd.conf","w")) EOF
cups-pk-helper-0.0.4-13.fc13.x86_64 In [3]: c.getFile("/admin/conf/cupsd.conf",file=file("/tmp/cupsd.conf","w")) --------------------------------------------------------------------------- HTTPError Traceback (most recent call last) /usr/share/system-config-printer/<ipython console> in <module>() /usr/share/system-config-printer/cupspk.pyc in getFile(self, *args, **kwds) 393 'FileGet', pk_args, 394 self._connection.getFile, --> 395 *args, **kwds) 396 397 tmpfd = os.open (tmpfname, os.O_RDONLY) /usr/share/system-config-printer/cupspk.pyc in _call_with_pk_and_fallback(self, use_fallback, pk_function_name, pk_args, fallback_function, *args, **kwds) 144 debugprint ('PolicyKit call to %s did not work: %s' % 145 (pk_function_name, pk_retval)) --> 146 return fallback_function(*args, **kwds) 147 148 HTTPError: 403
OK, we need to see what cups-pk-helper-mechanism is up to and why it's failing. Start the Python snippet from comment #11 once so that the cups-pk-helper-mechanism process will start up and stay around for a little while. When you know its PID, start running 'strace -s2000 -p ...' on it and then run the Python snippet again.
Oh, HAH. ---- time->Wed May 12 13:00:45 2010 type=SYSCALL msg=audit(1273683645.099:1081): arch=c000003e syscall=2 success=no exit=-13 a0=1b81180 a1=281 a2=1b81180 a3=f0 items=0 ppid=1 pid=31063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-pk-helper-" exe="/usr/libexec/cups-pk-helper-mechanism" subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273683645.099:1081): avc: denied { write } for pid=31063 comm="cups-pk-helper-" name="tmp1y8Rjv" dev=dm-0 ino=362595 scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file ---- time->Wed May 12 13:00:45 2010 type=SYSCALL msg=audit(1273683645.100:1082): arch=c000003e syscall=2 success=no exit=-13 a0=1b81180 a1=40 a2=180 a3=7fff29820b74 items=0 ppid=1 pid=31063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-pk-helper-" exe="/usr/libexec/cups-pk-helper-mechanism" subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273683645.100:1082): avc: denied { read } for pid=31063 comm="cups-pk-helper-" name="tmp1y8Rjv" dev=dm-0 ino=362595 scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file ---- time->Wed May 12 13:00:45 2010 type=SYSCALL msg=audit(1273683645.100:1083): arch=c000003e syscall=92 success=no exit=-13 a0=1b81180 a1=876 a2=877 a3=7fff29820b74 items=0 ppid=1 pid=31063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-pk-helper-" exe="/usr/libexec/cups-pk-helper-mechanism" subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273683645.100:1083): avc: denied { setattr } for pid=31063 comm="cups-pk-helper-" name="tmp1y8Rjv" dev=dm-0 ino=362595 scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file ---- time->Wed May 12 13:00:45 2010 type=SYSCALL msg=audit(1273683645.100:1084): arch=c000003e syscall=2 success=no exit=-13 a0=1b81180 a1=281 a2=1b81180 a3=7fff29820b74 items=0 ppid=1 pid=31063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cups-pk-helper-" exe="/usr/libexec/cups-pk-helper-mechanism" subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273683645.100:1084): avc: denied { write } for pid=31063 comm="cups-pk-helper-" name="tmp1y8Rjv" dev=dm-0 ino=362595 scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file I have TMPDIR=~/tmp; if I unset TMPDIR, it works.
Ah, OK. So the problem is that the cups-pk-helper interface requires me to pass in a filename, but it must be a file in a path that I can read and that cups-pk-helper can write to. Let's try hard-wiring it to "/tmp", which is about the only directory we can be sure fits the bill. Fixed in system-config-printer-1.2.2-2.fc13.
system-config-printer-1.2.2-2.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-printer-1.2.2-2.fc13
Works for me.
system-config-printer-1.1.19-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/system-config-printer-1.1.19-1.fc11
system-config-printer-1.1.19-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/system-config-printer-1.1.19-1.fc12
system-config-printer-1.1.19-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-printer-1.1.19-1.fc11
system-config-printer-1.1.19-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-printer-1.1.19-1.fc12
Isn't it insecure to use the hardcoded path /tmp/cupsd.conf in the world-writable /tmp?
It would be -- so instead we use mkstemp() and pass that filename to cups-pk-helper.
system-config-printer-1.2.2-4.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-printer-1.2.2-4.fc13
system-config-printer-1.2.2-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
system-config-printer-1.1.19-3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.