|
Bugzilla – Full Text Bug Listing |
| Summary: | yast2-printer doesn't allow to set remote access when no value changed | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.1 | Reporter: | Wolfgang Rosenauer <wolfgang> |
| Component: | YaST2 | Assignee: | Johannes Meixner <jsmeix> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P2 - High | ||
| Version: | Factory | ||
| Target Milestone: | RC 1 | ||
| Hardware: | All | ||
| OS: | openSUSE 11.0 | ||
| Whiteboard: | |||
| Found By: | Beta-Customer | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
y2log
cupsd.conf |
||
|
Description
Wolfgang Rosenauer
2008-11-04 09:24:22 UTC
Did you actually change any setting in the "Allow Remote Access" section of the dialogs or were the settings already there? See /usr/share/YaST2/include/printer/sharing.ycp "Only if all the above was successfully set, Listen is set too" According to your y2log there was no change in the "Allow Remote Access" section of the dialogs (I would expect some "Executing bash commandline" lines which show in y2log which show the actual changes). In this case it leaves the cupsd.conf file untouched. It seems you have for whatever reason a somewhat strange cupsd.conf (having some kind of "allow from remote" settings but without a matching "Listen" setting). Without a real need YaST respects your settings in cupsd.conf. I will not implement whatever automated change in cupsd.conf without having a real change request from the user. For me it looks as if it works exactly as it should. (In reply to comment #1 from Johannes Meixner) > Did you actually change any setting in the > "Allow Remote Access" section of the dialogs > or were the settings already there? They were not there. It was set to Deny remote access and I changed it to allow it. Switching the different dialogs and returning to the access dialog it always is back to Deny... > According to your y2log there was no change in the > "Allow Remote Access" section of the dialogs > (I would expect some "Executing bash commandline" lines > which show in y2log which show the actual changes). > In this case it leaves the cupsd.conf file untouched. Probably there were messages before I didn't paste. I'll create a complete log of such a session asap. > It seems you have for whatever reason a somewhat strange cupsd.conf > (having some kind of "allow from remote" settings but without > a matching "Listen" setting). I'll attach the cupsd.conf later too. > Without a real need YaST respects your settings in cupsd.conf. > I will not implement whatever automated change in cupsd.conf > without having a real change request from the user. I really tried to make a change ;-) Check if there is a value "none" in the "optional specific IP adresses" input filed. Such a value would overrule anything else (i.e. it forces a secure fallback not to allow any access). Created attachment 249751 [details]
y2log
This is the full y2log of the yast session (w/o Y2DEBUG though, please let me know if you would need that).
Created attachment 249752 [details]
cupsd.conf
cupsd.conf (as before and after the yast session since there is no change)
I can reproduce it with your cupsd.conf. My assumption in comment #1 was correct because you have in your cupsd.conf ------------------------------------------------------ Allow From @LOCAL ... BrowseAddress @LOCAL ------------------------------------------------------ without a matching Listen entry, you have only ------------------------------------------------------ Listen localhost:631 Listen /var/run/cups/cups.sock ------------------------------------------------------ Your settings in your cupsd.conf are not wrong but they are inconsistent. Therefore in the YaST Share Printers dialog there is the checkbox for "Allow From @LOCAL" which is "[X] For computers within the local network" and the checkbox for "BrowseAddress @LOCAL" which is "[X] Publish printers by default within the local network" preselected. But because it listens only on localhost the "(*) Deny Remote Access" radio button is preset, see the initSharing function in /usr/share/YaST2/include/printer/sharing.ycp how "listen_remote" is set and below the "if( listen_remote ..." condition. All what you do is to activate the radio button "(*) Allow Remote Access" but unfortunately this change alone is not tested in /usr/share/YaST2/include/printer/sharing.ycp because in its ApplySharingSettings() function it checks in the "Any kind of allow_remote_access" section only if real values have changed. I do such a restrictive check because I want to avoid useless changes of cupsd.conf and subsequent useless restarts of the cupsd as much as I can. As a workaround change any real value too. E.g. add a safe IP like '127.0.0.1' from which access is allowed. Do not use '127.0.0.2' which is another special case in /usr/lib/YaST2/bin/modify_cupsd_conf which leads to a bug which I will fix too. I will add another restrictive check for the special case like yours: When initially YaST finds out it is "Deny Remote Access" and the user changed it to "Allow Remote Access" but nothing else changed, then it must also change cupsd.conf and do a cusd restart if there is at least one real value set from which remote hosts access should be allowed. Very many thanks for testing it! Only real tests on real systems out there in the real world help me so that I can fix even such special case bugs. BTW: I could reproduce how I got this inconsistent cupsd.conf since it wasn't my own doing ;-) Just replace Listen localhost:631 with Listen *:631 (which should lead to a consistent cupsd.conf) and then run yast2 printer afterwards and change to the "Share printers" dialog. First it displays that "Deny..." is enabled and then asks you if the cups server should be restarted (no idea why). So answer yes and the display jumps to "Allow...". So all looks good again in theory. Now leave the module immediately with "Verwerfen" (Abort/Cancel/whatever) and check your cupsd.conf. It has been changed to Listen localhost:631 :-( Very very many thanks for testing it! I will fix the issue in comment #7 too. A cupsd must mandatoty listen on the localhost interface (e.g. listen only on /var/run/cups/cups.sock is a broken config) but this does not mean that there must be a line Listen localhost:631 in cupsd.conf because Listen *:631 lets it also listen on the localhost interface. Currently YaST falsely assumes that a missing Listen localhost:631 line is a broken config and this gets fixed by setting this as (the only) default Listen entry which leads to the cupsd restart, see the "listen_local" stuff in the initSharing function in /usr/share/YaST2/include/printer/sharing.ycp By the way: Why did you change the secure default "Order allow,deny" to an insecure "Order Deny,Allow" in your cupsd.conf in attachment #249752 [details] See http://www.cups.org/documentation.php/doc-1.4/ref-cupsd-conf.html ------------------------------------------------------------------------- allow,deny - Deny requests by default, then check the Allow lines followed by the Deny lines deny,allow - Allow requests by default, then check the Deny lines followed by the Allow lines ------------------------------------------------------------------------- yast2-printer resets it to the secure default. Found another bug: In modify_cupsd_conf only "Listen localhost:631" was detected. The alternative "Listen 127.0.0.1:631" was not detected as "cupsd does listen on the localhost interface". Now modify_cupsd_conf unifies a localhost (ignore case) or 127.00*.00*.0*1 value to "localhost". Fixed in yast2-printer 2.17.32: ---------------------------------------------------------- - Fixed bugs in the Share Printers dialog: Apply settings when the user only changed "deny remote access" to "allow remote access" if there is at least one real allow value. Having only "Listen *:631" in cupsd.conf is sufficient that the initSharing function sets listen_local to true. The modify_cupsd_conf tool works with 'Allow 127.0.0.2' and it logs its changes as comments in cupsd.conf. - Fixed dialog layout of the Share Printers dialog and of the Printing via Network dialog that both dialogs work also o.k. in ncurses mode. ---------------------------------------------------------- I submitted yast2-printer 2.17.32 STABLE/FACTORY and to the openSUSE build service where its RPMs should hopefully appear soon under http://download.opensuse.org/repositories/home:/jsmeix/ for openSUSE 10.3 and 11.0 and FACTORY. (In reply to comment #9 from Johannes Meixner) > Why did you change the secure default "Order allow,deny" > to an insecure "Order Deny,Allow" in your cupsd.conf > in attachment #249752 [details] > > See > http://www.cups.org/documentation.php/doc-1.4/ref-cupsd-conf.html > ------------------------------------------------------------------------- > allow,deny - Deny requests by default, then check the Allow lines > followed by the Deny lines > deny,allow - Allow requests by default, then check the Deny lines > followed by the Allow lines > ------------------------------------------------------------------------- > > yast2-printer resets it to the secure default. I'm not sure why and if at all I changed that at some point but if yast2-printer corrects it I'm fine with it. Thanks for fixing the issues. I'll try the latest package. |