username for smb printer is not shown on printer properties

I can confirm this.
The userfield is empty and the password field shows only 4 stars instead of 8.
The authentication is ok.
So it seems that only the GUI has a bug to show the right values.

I see this behaviour even if I initially enter the username into the correct
textbox. Next time I open up the printer properties, the username textbox is
blank and the password textbox has the wrong number of *'s in it.

(My system was dist-upgraded today).

(In reply to comment #0)
> While configuring a smb printer, I entered the username as "DOMAIN\\user".
> I now know that this is not the proper way to do it but the configuration worked
> and I can print
> The problem is tht when I go to the printer's properties the username textbox is
> empty.

Could you please be more descriptive with regards to your system configuration?
Are you using a domain controller? are trying to configure printing to the
printer from windows to a ubuntu system hosting the printer?

Thanks!

For the record, I can reproduce the bug and I'm at debugging it.

*** Bug 13005 has been marked as a duplicate of this bug. ***

I have seen this same problem. I have more problems. My printer share name is
TheLaserPrinter.
When looking in the /etc/cups/printers.conf file, this name is truncated to
TheLaserPri
Also any User/password information I entered are NOT recorded in this file.

I can use smbclient //vaio/TheLaserPrinter and I can successfull connect to the
printer.
Even after making changes to the /etc/cups/printers.conf file, I still am not
able to print to the known working shared printer.

While the Username is blank the password in the gui is replaced by the share
name of the printer (albeit obscured with *s). This can be proved by visiting
the connection tab and typing something in the blank username field and click
close. Then the entry in /etc/cups/printers.conf will contain whatever you typed
for the username and the sharename as the password.

It seems that this is a bug with populating the values in the GUI form as
whatever you type gets saved into /etc/cups/printers.conf correctly. It's just
wrong when you go and see it in the GUI, and wrong if you subsequently cause the
GUI to save the wrong thing.

I meant to say I saw this in an up-to-date Breezy this morning so it's still an
annoying bug.

Changing status to confirmed, as the developer responsible has acknowledged the bug and can reproduce it, and it is still a problem with breezy.

I've located the problem. It stems from cups not sending back the full DeviceURI, but rather a sanitized version (read: with all the authentication stuff removed).

I've got a patch on my system that makes cups only remove the password. We need to evaluate whether or not this poses a security risk in any way to send the auth username back to the client. Optimally, returning the username would depend on whether or not the user would be allowed to change it, ie. has some sort of administrative rights.

I'll see what I can whip up and whether we consider it safe for inclusion in the release.

Oh, and I've got a fix for the password thing too. :-)

Soren, thanks for your work! Would you mind sharing your patch so that we can actually apply it? :) How much is it, two beer? :-P

Hehe.. You'll have plenty of chances to buy me beer at UDS in Paris. :-)

This attachment is the really simple one that just makes gnome-cups-manager NOT insert nonsense stuff into the password field. It will rather be left blank.

The other patch is for cupsys... I'm not sure how to handle this in Launchpad? Should I just attach it to this bug?

Soren, thanks for the patch. It indeed looks quite simple and mysterious, I'll check it.

As for the cupsys patch, attaching it here will do just fine, since it's related to this bug.

This is a patch against cupsys to make it expose the username in the DeviceURI. I'm not 100% certain this is sensible (securitywise), but it certainly fixes this bug.

I uploaded the bogus password fix, thanks Soren!

 gnome-cups-manager (0.31-1.1ubuntu11) dapper; urgency=low
 .
   * Cleaned up the 'foo.diff and foo.diff.patch' mess.
   * Add debian/patches/password_field_garbage.patch:
     - When editing SMB connection attributes, do not set the password input
       field to the value of 'resource' (which is 'smb'). We do not get the
       password in cleartext, so just leave the field blank.
     - Thanks to Soren Hansen for debugging this.
     - See LP#8125 (this bug is mentioned there as a side discussion).

However, the cupsys change is more intrusive, and exposing samba user names is not something I'd like to introduce at this stage of the release. At least g-c-m works in a sensible way now, both username and password are empty, but can be used for changing the credentials.

Devoting the bug to the cups issue now (not sending the user name). This has to be discussed with upstream and is nothing for dapper.

The sanitization of the device URI (not showing username and/or password in log files or other places where device URIs show up for mortal users to see) is in fact a *feature* that was introduced some time ago (it was different before), in order to increase security.

Chances are pretty low that you will get acceptance at CUPS.org to revert that again.

Security is low in any case when printing to an smb://-connected printer that needs authentication, but there is not much CUPS can do about that.

On Tue, Jun 27, 2006 at 09:02:08PM -0000, Kurt Pfeifle wrote:
> The sanitization of the device URI (not showing username and/or password
> in log files or other places where device URIs show up for mortal users
> to see) is in fact a *feature* that was introduced some time ago (it was
> different before), in order to increase security.

I wasn't aware of the chronology of it, but it was quite clear that the
removal was intentional.

We have three options:

1. Change cups to send the username (not the password of course)

2. Change the UI so that it won't be as surprising that the fields are
blank. (e.g. a text telling that it won't be shown but can be used for
changing the info)

3. Ditch gnome-cups-manager and go with that new one which I don't
remember the name of.

As a result of the printing BoF's at the Ubuntu Developer Summit my
money is on no. 3. :-)

Cheers, Søren.

I guess 3. will be :)

This bug was reported almost two years ago. Is it still an issue?

I believe this is still a problem.

I have an entry in my printers.conf file which has:
DeviceURI smb://Guest@SONYVAIO/hpcolorL

but the printer property screen has a blank username and password (the
host and printer fields are correct).

 -Hal

On Tue, Aug 29, 2006 at 01:16:01AM -0000, Rocco Stanzione wrote:
> This bug was reported almost two years ago. Is it still an issue?

Yes, it is. For security reasons, CUPS doesn't include the username and
password in the info it sends back to a client (in this case
gnome-cups-manager). There are two solutions to the problem:
1. Change the GUI so that the user doesn't expect the info to be there.

2. Make CUPS just send the username (and still leave out the password)
and just put gibberish in the password field.

One of the patches attached to this bug makes CUPS send the username, so
it's a pretty easy fix, but clearly no. 1 is the safer choice. However,
as I've pointed out previously, there's a good chance we'll be ditching
gnome-cups-manager in Edgy in favour of some other tool.

I think as soon as the patched version of the gnome-cups-manager is in Edgy we can close this bug. Patching CUPS wouls not only expose sensible data but also make CUPS too much patched, so that incompatibilities with other tools can happen.

So I reject it for CUPS and leave it open only for the gnome-cups-manager.

This bug still plagues Ubuntu Feisty.

When I fill in username and password in the printer manager, they are properly written to the SMB URL in /etc/cups/printers.conf

However, when I reopen the printer properties window, GUI fields are not properly populated and stay blank.

As reiterated a few times, this happens because CUPS for security reasons does not return neither username nor password, so gnome-cups-manager has no way of showing them. The "solution" is either to change the GUI of gnome-cups-manager to make the user not expect to see neither username nor password or to drop gnome-cups-manager. Hopefully, we'll manage the latter for Gutsy (replacing g-c-m with system-config-printers).

In Gutsy gnome-cups-manager is replaced by system-config-printer. So please check the GUI of system-config-printer. gnome-cups-manager has been demoted to Universe.

Confirmed to work in system-config-printer. This can be closed for Gutsy,

We will ignore this now, since system-config-printer is our printer configuration UI now.