Bug#960916: cups-daemon: cuspd fails to detect local host name
Package: cups-daemon
Version: 2.2.10-6+deb10u3
Severity: normal
Apparantly, there is something fishy in cups around server host names.
I found several issues:
(1) When the client is configured to connect to the server using a host name
unknown to the server (the name is sent in the "Host:" header), the server
responds with status code 400 (Bad Request). By the HTTP standard, this is
the correct response if the Host header is missing, present multiple times,
or malformed. But I seriously doubt that 400 applies when the Host header
matches no host name of the server.
(2) If lpstat (and probably other clients, too) receives the status code 400,
it gives a misleading error message "Error - add '/version=1.1' to server name".
Adding that does not help the above issue and the message is given even if
the version string is already present.
... let's move on to why the server's opinion on its own host name is wrong:
(3) cupsd uses gethostname() to get the host name. By Debian Reference, section
3.2.1 (https://www.debian.org/doc/manuals/debian-reference/ch03.en.html#_the_hostname),
this should be only the system hostname, not a FQDN. Still, cupsd boldly compares
this to the value in the Host header, which usually is a FQDN.
(4) cupsd is willing to use gethostbyname() to obtain additional host aliases
from /etc/hosts, but only if the HostNameLookups switch is on. This does not
match the documentation (both the man page and https://www.cups.org/doc/man-cupsd.conf.html),
which explicitly tells that HostNameLookups affects only reverse lookups of connecting
clients.
(5) cupsd also matches the Host header against the list of network interfaces
(function valid_host() in scheduler/client.c) in the NetIFList. However, the
function cupsdNetIFUpdate (scheduler/network.c) which populates this list
seems to be never called, at least in the default configuration. Also,
local IP addresses of interfaces are resolved to host names only if HostNameLookups
is turned on.
(6) HostNameLookups is not turned on in default configuration, so cupsd knows
only the unqualified hostname. (Still, it's probably a good idea to have it
turned off since resolving all client IPs slows the server down. It is really
unfortunate that HostNameLookups controls two unrelated things.)
All this put together, cupsd in Debian Buster works with non-local clients
only if they refer to the server by its unqualified hostname. If they want to
use the FQDN, cupsd configuration must include either HostNameLookups or
explicit ServerName/ServerAlias with the FQDN.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cups-daemon depends on:
ii adduser 3.118
ii bc 1.07.1-2+b1
ii libavahi-client3 0.7-4+b1
ii libavahi-common3 0.7-4+b1
ii libc6 2.28-10
ii libcups2 2.2.10-6+deb10u3
ii libdbus-1-3 1.12.16-1
ii libgssapi-krb5-2 1.17-3
ii libpam0g 1.3.1-5
ii libpaper1 1.1.28
ii libsystemd0 241-7~deb10u4
ii lsb-base 10.2019051400
ii procps 2:3.3.15-2
ii ssl-cert 1.0.39
Versions of packages cups-daemon recommends:
ii avahi-daemon 0.7-4+b1
ii colord 1.4.3-4
ii cups-browsed 1.21.6-5
Versions of packages cups-daemon suggests:
ii cups 2.2.10-6+deb10u3
ii cups-bsd 2.2.10-6+deb10u3
ii cups-client 2.2.10-6+deb10u3
ii cups-common 2.2.10-6+deb10u3
ii cups-filters [foomatic-filters] 1.21.6-5
pn cups-pdf <none>
ii cups-ppdc 2.2.10-6+deb10u3
ii cups-server-common 2.2.10-6+deb10u3
ii foomatic-db 20181217-2
ii ghostscript 9.27~dfsg-2+deb10u3
pn hplip <none>
ii poppler-utils 0.71.0-5
pn printer-driver-gutenprint <none>
pn printer-driver-hpcups <none>
ii smbclient 2:4.9.5+dfsg-5+deb10u1
ii udev 241-7~deb10u4
-- no debconf information
Reply to: