Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

aad-auth segfault when in debug mode #277

Open
bdaileyumich opened this issue Jun 27, 2023 · 0 comments
Open

aad-auth segfault when in debug mode #277

bdaileyumich opened this issue Jun 27, 2023 · 0 comments
Labels
bug Something isn't working medium

Comments

@bdaileyumich
Copy link

Description

We have a test server running Ubuntu 23.0.4, running CUPS (in Basic authentication mode) which uses aad-auth to authenticate users. During our testing of this setup, I was noticing that periodically the CUPS service would crash and restart itself.

It looks like this behavior is the result of the AAD PAM module segfaulting when in debug mode. Removing 'debug' from the /etc/pam.d/common-auth file for the AAD module appears to resolve the issue.

Reproduction

Set up CUPS on an Ubuntu machine, with DefaultAuthType set to Basic in cupsd.conf. Install aad-auth and set the module to 'debug' mode in /etc/pam.d/common-auth. Install print queues on a client machine that are hosted on the Ubuntu server. Send a number of print jobs. CUPS will crash with a core-dump.

This issue does seem to be somewhat intermittent - CUPS does not crash after every print job. But it does crash regularly enough that it should not be too difficult to reproduce.

Environment

Ubuntu 23.0.4
CUPS 2.4.2

Ubuntu-Bug Report output

ProblemType: Bug
.etc.adduser.conf:
 # /etc/adduser.conf: `adduser' configuration.
 # See adduser(8) and adduser.conf(5) for full documentation.
 
 # A commented out setting indicates that this is the default in the
 # code. If you need to change those settings, remove the comment and
 # make your intended change.
 
 # The DSHELL variable specifies the default login shell on your
 # system.
 # Default: DSHELL=/bin/bash
 #DSHELL=/bin/bash
 
 # The DHOME variable specifies the directory containing users' home
 # directories.
 # Default: DHOME=/home
 #DHOME=/home
 
 # If GROUPHOMES is "yes", then the home directories will be created as
 # /home/groupname/user.
 # Default: GROUPHOMES=no
 #GROUPHOMES=no
 
 # If LETTERHOMES is "yes", then the created home directories will have
 # an extra directory - the first letter of the user name. For example:
 # /home/u/user.
 # Default: LETTERHOMES=no
 #LETTERHOMES=no
 
 # The SKEL variable specifies the directory containing "skeletal" user
 # files; in other words, files such as a sample .profile that will be
 # copied to the new user's home directory when it is created.
 # Default: SKEL=/etc/skel
 #SKEL=/etc/skel
 
 # FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs
 # for dynamically allocated administrative and system accounts/groups.
 # Please note that system software, such as the users allocated by the
 # base-passwd package, may assume that UIDs less than 100 are unallocated.
 # Default: FIRST_SYSTEM_UID=100, LAST_SYSTEM_UID=999
 #FIRST_SYSTEM_UID=100
 #LAST_SYSTEM_UID=999
 
 # Default: FIRST_SYSTEM_GID=100, LAST_SYSTEM_GID=999
 #FIRST_SYSTEM_GID=100
 #LAST_SYSTEM_GID=999
 
 # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
 # allocated user accounts/groups.
 # Default: FIRST_UID=1000, LAST_UID=59999
 #FIRST_UID=1000
 #LAST_UID=59999
 
 # Default: FIRST_GID=1000, LAST_GID=59999
 #FIRST_GID=1000
 #LAST_GID=59999
 
 # The USERGROUPS variable can be either "yes" or "no".  If "yes" each
 # created user will be given their own group to use as a default.  If
 # "no", each created user get the primary group defined below as
 # USERS_GROUP or USERS_GID.
 # Default: USERGROUPS=yes
 #USERGROUPS=yes
# Newly created users get this group as primary group if USERGROUPS
 # "no", and as a supplemental group if USERGROUPS is "yes".
 # Set one of the variables to reference the group. Don't set both.
 # Default: USERS_GID=undefined, USERS_GROUP=undefined
 #USERS_GID=100
 #USERS_GROUP=users
 
 # If DIR_MODE is set, directories will be created with the specified
 # mode. Otherwise the default mode 0750 will be used.
 # Default: DIR_MODE=0750
 #DIR_MODE=0750
 
 # When creating system accounts: if SYS_DIR_MODE is set (and a home 
 # location is specified), the directories will be created with the 
 # specified mode.  Otherwise the default mode 0750 will be used.
 # Default: SYS_DIR_MODE=0750
 #SYS_DIR_MODE=0750
 
 # If SETGID_HOME is "yes" home directories for users with their own
 # group the setgid bit will be set. This was the default for
 # versions << 3.13 of adduser. Because it has some bad side effects we
 # no longer do this per default. If you want it nevertheless you can
 # still set it here.  Note: this feature is DEPRECATED and will be
 # removed in a future version of adduser; please use the DIR_MODE
 # settings above instead.
 # Default: SETGID_HOME=no
 #SETGID_HOME=no
 
 # If QUOTAUSER is set, a default quota will be set from that user with
 # `edquota -p QUOTAUSER newuser'
 # Default: QUOTAUSER=""
 #QUOTAUSER=""
 
 # If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this
 # regular expression when creating a new home directory
 # Default: SKEL_IGNORE_REGEX="(dpkg|ucf)-(old|new|dist|save)"
 #SKEL_IGNORE_REGEX="(dpkg|ucf)-(old|new|dist|save)"
 
 # Set this if you want the --add-extra-groups option to adduser to add
 # new users to other groups.
 # This is the list of groups that new non-system users will be added to
 # Default: EXTRA_GROUPS="users"
 #EXTRA_GROUPS="users"
 
 # If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS
 # option above will be default behavior for adding new, non-system users
 # Default: ADD_EXTRA_GROUPS=0
 #ADD_EXTRA_GROUPS=0
 
 # check user and group names also against this regular expression.
 # Default: NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
 #NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
 
 # check system user and group names also against this regular expression.
 # Default: SYS_NAME_REGEX="^[A-Za-z_][-A-Za-z0-9_]*\$?$"
 #SYS_NAME_REGEX="^[A-Za-z_][-A-Za-z0-9_]*\$?$"
 
 # use extrausers by default
 #USE_EXTRAUSERS=1
.etc.pam.d.common-auth:
#
 # /etc/pam.d/common-auth - authentication settings common to all services
 #
 # This file is included from other service-specific PAM config files,
 # and should contain a list of the authentication modules that define
 # the central authentication scheme for use on the system
 # (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
 # traditional Unix authentication mechanisms.
 #
 # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
 # To take advantage of this, it is recommended that you configure any
 # local modules either before or after the default block, and use
 # pam-auth-update to manage selection of other modules.  See
 # pam-auth-update(8) for details.
 
 # here are the per-package modules (the "Primary" block)
 auth   [success=2 default=ignore]      pam_unix.so nullok
 auth   [success=1 default=ignore]      pam_aad.so debug
 # here's the fallback if no module succeeds
 auth   requisite                       pam_deny.so
 # prime the stack with a positive return value if there isn't one already;
 # this avoids us returning an error just because nothing sets a success code
 # since the modules above will each just jump around
 auth   required                        pam_permit.so
 # and here are more per-package modules (the "Additional" block)
 auth   optional                        pam_cap.so 
 # end of pam-auth-update config
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
AzureImageoffer: 0001-com-ubuntu-server-jammy
AzureImagepublisher: canonical
AzureImagesku: 22_04-lts-gen2
AzureImageversion: 22.04.202306160
AzureVmsize: Standard_D2s_v3
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudBuildName: server
CloudID: azure
CloudName: azure
CloudPlatform: azure
CloudRegion: northcentralus
CloudSerial: 20230616
CloudSubPlatform: seed-dir (/var/lib/waagent)
Date: Tue Jun 27 12:19:15 2023
Dependencies:
 aad-common 0.4
 apt 2.6.0
 apt-utils 2.6.0
 base-passwd 3.6.1
 ca-certificates 20230311ubuntu0.23.04.1
 debconf 1.5.82
 debconf-i18n 1.5.82
 dpkg 1.21.21ubuntu1
 gcc-13-base 13-20230320-1ubuntu1
 gpgv 2.2.40-1.1ubuntu1
 libacl1 2.3.1-3
 libapt-pkg6.0 2.6.0
 libaudit-common 1:3.0.9-1
 libaudit1 1:3.0.9-1
 libbz2-1.0 1.0.8-5build1
 libc6 2.37-0ubuntu2
 libcap-ng0 0.8.3-1build2
 libcap2 1:2.66-3ubuntu2.1
 libcrypt1 1:4.4.33-2
 libdb5.3 5.3.28+dfsg2-1
 libdebconfclient0 0.267ubuntu1
 libffi8 3.4.4-1
 libgcc-s1 13-20230320-1ubuntu1
 libgcrypt20 1.10.1-3ubuntu1
 libgmp10 2:6.2.1+dfsg1-1.1ubuntu1
 libgnutls30 3.7.8-5ubuntu1
 libgpg-error0 1.46-1
 libhogweed6 3.8.1-2
 libidn2-0 2.3.3-1build1
 liblocale-gettext-perl 1.07-5
 liblz4-1 1.9.4-1
 liblzma5 5.4.1-0.2
 libmd0 1.0.4-2
 libnettle8 3.8.1-2
 libp11-kit0 0.24.1-2ubuntu1
 libpam0g 1.5.2-5ubuntu1
 libpcre2-8-0 10.42-1
 libseccomp2 2.5.4-1ubuntu3
 libselinux1 3.4-1build4
 libssl3 3.0.8-1ubuntu1.2
 libstdc++6 13-20230320-1ubuntu1
 libsystemd0 252.5-2ubuntu3
 libtasn1-6 4.19.0-2
 libtext-charwidth-perl 0.04-11
 libtext-iconv-perl 1.7-8
 libtext-wrapi18n-perl 0.06-10
 libudev1 252.5-2ubuntu3
 libunistring2 1.0-2
 libxxhash0 0.8.1-1
 libzstd1 1.5.4+dfsg2-4
 openssl 3.0.8-1ubuntu1.2
 perl-base 5.36.0-7ubuntu0.23.04.1
 tar 1.34+dfsg-1.2ubuntu0.1
 ubuntu-keyring 2021.03.26
 zlib1g 1:1.2.13.dfsg-1ubuntu4
DistroRelease: Ubuntu 23.04
Package: libpam-aad 0.4
PackageArchitecture: amd64
ProcCpuinfoMinimal:
 processor      : 1
 vendor_id      : GenuineIntel
 cpu family     : 6
 model          : 79
 model name     : Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz
 stepping       : 1
 microcode      : 0xffffffff
 cpu MHz                : 2294.686
 cache size     : 51200 KB
 physical id    : 0
 siblings       : 2
 core id                : 0
 cpu cores      : 1
 apicid         : 1
 initial apicid : 1
 fpu            : yes
 fpu_exception  : yes
 cpuid level    : 20
 wp             : yes
 flags          : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arch_capabilities
 bugs           : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa mmio_stale_data
 bogomips       : 4589.37
 clflush size   : 64
 cache_alignment        : 64
 address sizes  : 46 bits physical, 48 bits virtual
 power management:
ProcEnviron:
 LANG=C.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
ProcVersionSignature: User Name 6.2.0-1003.3-azure 6.2.6
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
 libpam-runtime 1.5.2-5ubuntu1
 libpam0g       1.5.2-5ubuntu1
SourcePackage: aad-auth
Tags:  cloud-image lunar
Uname: Linux 6.2.0-1003-azure x86_64
UpgradeStatus: Upgraded to lunar on 2023-06-20 (7 days ago)
_MarkForUpload: True

Relevant Information

Here is a snippet from journalctl showing a successful AAD authentication, followed by the segfault and crash. You'll note mentions of the debug logger in the runtime stack:

Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): PAM AAD DEBUG enabled
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): Loading configuration from /etc/aad.conf
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): Connecting to "https://login.microsoftonline.com/<TENET ID REMOVED>", with clientID "<CLIENT ID REMOVED>"
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): Authentication successful with user/password
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): Reusing existing opened cache
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): getting user information from cache for "bdailey@umich.edu"
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): encrypt password for user "bdailey@umich.edu"
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): updating from last online login information for user "bdailey@umich.edu"
Jun 27 11:32:55 print-ipp-everywhere-test cupsd[42221]: pam_aad(cups:auth): Close database request
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: fatal error: unexpected signal during runtime execution
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x5580b4ce5c0d pc=0x7f6e2797c5dd]
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime stack:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.throw({0x7f6e24fb2070?, 0x0?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/panic.go:1047 +0x5f fp=0x7f6df37fd168 sp=0x7f6df37fd138 pc=0x7f6e24b13a1f
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.sigpanic()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/signal_unix.go:821 +0x3e9 fp=0x7f6df37fd1c8 sp=0x7f6df37fd168 pc=0x7f6e24b29ae9
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 15 [syscall]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.cgocall(0x7f6e24ec0f30, 0xc0000425f0)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/cgocall.go:157 +0x5c fp=0xc0000425c8 sp=0xc000042590 pc=0x7f6e24ae29dc
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/pam._Cfunc_pam_syslog_no_variadic(0x5585ec9ad1e0, 0x7, 0x7f6de8000b70)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         _cgo_gotypes.go:114 +0x48 fp=0xc0000425f0 sp=0xc0000425c8 pc=0x7f6e24ebdfa8
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/pam.pamSyslog.func2(0x5585ec9ad1e0, 0x28?, 0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/pam/logger_c.go:110 +0x5a fp=0xc000042630 sp=0xc0000425f0 pc=0x7f6e24ebe75a
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/pam.pamSyslog(0xc0000426c0?, 0x7, {0xc0004a8a20?, 0x7f6e250f71a0?}, {0x0?, 0x1?, 0xc000012018?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/pam/logger_c.go:110 +0x85 fp=0xc000042688 sp=0xc000042630 pc=0x7f6e24ebe685
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/pam.Logger.Debug(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/pam/logger_c.go:74
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/pam.(*Logger).Debug(0xc00007e060?, {0xc0004a8a20?, 0xc000012018?}, {0x0?, 0x0?, 0xc000042720?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         <autogenerated>:1 +0x63 fp=0xc0000426d0 sp=0xc000042688 pc=0x7f6e24ebee03
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/logger.Debug({0x7f6e2514c738, 0xc00007e060}, {0x7f6e24faff16?, 0x0?}, {0x0?, 0x0?, 0x0?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/logger/logger.go:58 +0xaa fp=0xc000042730 sp=0xc0000426d0 pc=0x7f6e24e78c6a
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/cache.(*Cache).Close.func1()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/cache/cache.go:276 +0x1bc fp=0xc0000427e0 sp=0xc000042730 pc=0x7f6e24eb76dc
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000427e8 sp=0xc0000427e0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by github.com/ubuntu/aad-auth/internal/cache.(*Cache).Close
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/cache/cache.go:259 +0x15e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 2 [force gc (idle)]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000044fb0 sp=0xc000044f90 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goparkunlock(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:387
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.forcegchelper()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:305 +0xb0 fp=0xc000044fe0 sp=0xc000044fb0 pc=0x7f6e24b16590
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000044fe8 sp=0xc000044fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.init.6
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:293 +0x25
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 18 [GC sweep wait]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000040780 sp=0xc000040760 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goparkunlock(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:387
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.bgsweep(0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgcsweep.go:319 +0xde fp=0xc0000407c8 sp=0xc000040780 pc=0x7f6e24b0285e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gcenable.func1()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:178 +0x26 fp=0xc0000407e0 sp=0xc0000407c8 pc=0x7f6e24af7ae6
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000407e8 sp=0xc0000407e0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.gcenable
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:178 +0x6b
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 19 [GC scavenge wait]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0xc000080000?, 0x7f6e25045140?, 0x0?, 0x0?, 0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000040f70 sp=0xc000040f50 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goparkunlock(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:387
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.(*scavengerState).park(0x7f6e253e4340)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc000040fa0 sp=0xc000040f70 pc=0x7f6e24b00753
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.bgscavenge(0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgcscavenge.go:633 +0x65 fp=0xc000040fc8 sp=0xc000040fa0 pc=0x7f6e24b00d45
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gcenable.func2()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:179 +0x26 fp=0xc000040fe0 sp=0xc000040fc8 pc=0x7f6e24af7a86
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000040fe8 sp=0xc000040fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.gcenable
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:179 +0xaa
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 20 [finalizer wait]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0x1a0?, 0x7f6e253e4aa0?, 0x20?, 0x48?, 0xc000044770?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000044628 sp=0xc000044608 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.runfinq()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mfinal.go:193 +0x107 fp=0xc0000447e0 sp=0xc000044628 pc=0x7f6e24af6b07
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000447e8 sp=0xc0000447e0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.createfing
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mfinal.go:163 +0x45
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 12 [select]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0xc000058f88?, 0x2?, 0x28?, 0xc1?, 0xc000058f84?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000058e10 sp=0xc000058df0 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.selectgo(0xc000058f88, 0xc000058f80, 0x0?, 0x0, 0x0?, 0x1)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/select.go:327 +0x7be fp=0xc000058f50 sp=0xc000058e10 pc=0x7f6e24b25f3e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: database/sql.(*DB).connectionOpener(0xc00019be10, {0x7f6e2514c690, 0xc0001765a0})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/database/sql/sql.go:1218 +0x8d fp=0xc000058fb8 sp=0xc000058f50 pc=0x7f6e24e8360d
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: database/sql.OpenDB.func1()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/database/sql/sql.go:791 +0x2e fp=0xc000058fe0 sp=0xc000058fb8 pc=0x7f6e24e8198e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000058fe8 sp=0xc000058fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by database/sql.OpenDB
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/database/sql/sql.go:791 +0x18d
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 10 [IO wait]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0xc42260610d6bb1ec?, 0xb?, 0x0?, 0x0?, 0x26?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000054600 sp=0xc0000545e0 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.netpollblock(0x7f6e24b59465?, 0x24ae206f?, 0x6e?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/netpoll.go:527 +0xf7 fp=0xc000054638 sp=0xc000054600 pc=0x7f6e24b0ef77
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: internal/poll.runtime_pollWait(0x7f6e2542df08, 0x72)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/netpoll.go:306 +0x89 fp=0xc000054658 sp=0xc000054638 pc=0x7f6e24b40109
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: internal/poll.(*pollDesc).wait(0xc0001d4b00?, 0xc0004b6000?, 0x0)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/internal/poll/fd_poll_runtime.go:84 +0x32 fp=0xc000054680 sp=0xc000054658 pc=0x7f6e24bb6112
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: internal/poll.(*pollDesc).waitRead(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/internal/poll/fd_poll_runtime.go:89
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: internal/poll.(*FD).Read(0xc0001d4b00, {0xc0004b6000, 0x2600, 0x2600})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/internal/poll/fd_unix.go:167 +0x299 fp=0xc000054718 sp=0xc000054680 pc=0x7f6e24bb74f9
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net.(*netFD).Read(0xc0001d4b00, {0xc0004b6000?, 0xc0004b600d?, 0x1484?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/fd_posix.go:55 +0x29 fp=0xc000054760 sp=0xc000054718 pc=0x7f6e24ca5149
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net.(*conn).Read(0xc0000b2070, {0xc0004b6000?, 0x25f3?, 0xc0004b6005?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/net.go:183 +0x45 fp=0xc0000547a8 sp=0xc000054760 pc=0x7f6e24cb34e5
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net.(*TCPConn).Read(0xc000054840?, {0xc0004b6000?, 0xc000202d98?, 0x18?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         <autogenerated>:1 +0x29 fp=0xc0000547d8 sp=0xc0000547a8 pc=0x7f6e24cc5809
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: crypto/tls.(*atLeastReader).Read(0xc000202d98, {0xc0004b6000?, 0xc000202d98?, 0x0?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/crypto/tls/conn.go:788 +0x3d fp=0xc000054820 sp=0xc0000547d8 pc=0x7f6e24d0319d
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: bytes.(*Buffer).ReadFrom(0xc0000fa610, {0x7f6e25148f28, 0xc000202d98})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/bytes/buffer.go:202 +0x98 fp=0xc000054878 sp=0xc000054820 pc=0x7f6e24be1b18
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: crypto/tls.(*Conn).readFromUntil(0xc0000fa380, {0x7f6e251494a8?, 0xc0000b2070}, 0x7f6e24af3c30?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/crypto/tls/conn.go:810 +0xe5 fp=0xc0000548b8 sp=0xc000054878 pc=0x7f6e24d03385
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: crypto/tls.(*Conn).readRecordOrCCS(0xc0000fa380, 0x0)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/crypto/tls/conn.go:617 +0x116 fp=0xc000054c18 sp=0xc0000548b8 pc=0x7f6e24d00876
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: crypto/tls.(*Conn).readRecord(...)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/crypto/tls/conn.go:583
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: crypto/tls.(*Conn).Read(0xc0000fa380, {0xc0001f6000, 0x1000, 0x1d?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/crypto/tls/conn.go:1316 +0x16f fp=0xc000054c88 sp=0xc000054c18 pc=0x7f6e24d0676f
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net/http.(*persistConn).Read(0xc00018c6c0, {0xc0001f6000?, 0xc0000980c0?, 0xc000054d30?})
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:1943 +0x4e fp=0xc000054ce8 sp=0xc000054c88 pc=0x7f6e24dc7d6e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: bufio.(*Reader).fill(0xc000131c20)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/bufio/bufio.go:106 +0xff fp=0xc000054d20 sp=0xc000054ce8 pc=0x7f6e24d3d99f
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: bufio.(*Reader).Peek(0xc000131c20, 0x1)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/bufio/bufio.go:144 +0x5d fp=0xc000054d40 sp=0xc000054d20 pc=0x7f6e24d3dafd
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net/http.(*persistConn).readLoop(0xc00018c6c0)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:2107 +0x1ac fp=0xc000054fc8 sp=0xc000054d40 pc=0x7f6e24dc8b8c
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net/http.(*Transport).dialConn.func5()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:1765 +0x26 fp=0xc000054fe0 sp=0xc000054fc8 pc=0x7f6e24dc7326
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000054fe8 sp=0xc000054fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by net/http.(*Transport).dialConn
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:1765 +0x16ea
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 23 [GC worker (idle)]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0x4a27d972613d?, 0xc000098120?, 0xa0?, 0x82?, 0xc000045720?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000045750 sp=0xc000045730 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gcBgMarkWorker()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:1275 +0xf1 fp=0xc0000457e0 sp=0xc000045750 pc=0x7f6e24af9851
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000457e8 sp=0xc0000457e0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.gcBgMarkStartWorkers
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:1199 +0x25
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 11 [select]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0xc000055f90?, 0x2?, 0xf8?, 0x5d?, 0xc000055f34?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000055db0 sp=0xc000055d90 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.selectgo(0xc000055f90, 0xc000055f30, 0xc00007a680?, 0x0, 0x0?, 0x1)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/select.go:327 +0x7be fp=0xc000055ef0 sp=0xc000055db0 pc=0x7f6e24b25f3e
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net/http.(*persistConn).writeLoop(0xc00018c6c0)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:2410 +0xf2 fp=0xc000055fc8 sp=0xc000055ef0 pc=0x7f6e24dca852
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: net/http.(*Transport).dialConn.func6()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:1766 +0x26 fp=0xc000055fe0 sp=0xc000055fc8 pc=0x7f6e24dc72c6
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000055fe8 sp=0xc000055fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by net/http.(*Transport).dialConn
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/net/http/transport.go:1766 +0x173d
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 9 [GC worker (idle)]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0x4a27d9748b26?, 0x0?, 0x0?, 0x0?, 0x0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000046750 sp=0xc000046730 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gcBgMarkWorker()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:1275 +0xf1 fp=0xc0000467e0 sp=0xc000046750 pc=0x7f6e24af9851
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000467e8 sp=0xc0000467e0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by runtime.gcBgMarkStartWorkers
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/mgc.go:1199 +0x25
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: goroutine 25 [chan receive]:
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.gopark(0xc000084ea0?, 0xc000056ec8?, 0xef?, 0x2a?, 0xc000032000?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/proc.go:381 +0xd6 fp=0xc000056e78 sp=0xc000056e58 pc=0x7f6e24b16756
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.chanrecv(0xc000282180, 0x0, 0x1)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/chan.go:583 +0x49d fp=0xc000056f08 sp=0xc000056e78 pc=0x7f6e24ae57dd
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.chanrecv1(0x7f6e24d074a0?, 0xc0000fa4f0?)
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/chan.go:442 +0x18 fp=0xc000056f30 sp=0xc000056f08 pc=0x7f6e24ae52d8
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: github.com/ubuntu/aad-auth/internal/cache.(*Cache).Close.func1()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/cache/cache.go:260 +0x65 fp=0xc000056fe0 sp=0xc000056f30 pc=0x7f6e24eb7585
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: runtime.goexit()
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /usr/lib/go-1.20/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000056fe8 sp=0xc000056fe0 pc=0x7f6e24b459e1
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]: created by github.com/ubuntu/aad-auth/internal/cache.(*Cache).Close
Jun 27 11:33:24 print-ipp-everywhere-test cupsd[42221]:         /build/aad-auth-9e7ezC/aad-auth-0.4/internal/cache/cache.go:259 +0x15e
Jun 27 11:33:24 print-ipp-everywhere-test systemd[1]: cups.service: Main process exited, code=dumped, status=6/ABRT

CUPS Configuration

LogLevel info
Port 631
ServerName print-ipp-everywhere-test
Listen /run/cups/cups.sock
Listen /var/run/cups/cups.sock
ServerAlias *
Browsing On
WebInterface yes
KeepAlive On
KeepAliveTimeout 60
MaxClients 600
MaxClientsPerHost 0
MaxLogSize 25165824
MaxRequestSize 0
Timeout 300
PreserveJobHistory No
MaxJobs 1500
JobRetryInterval 60
JobRetryLimit 240
# we can use Basic auth here because the server uses AAD for auth
DefaultAuthType Basic

<Location />
  Order allow,deny
  Allow all
  AuthType Default
  Require valid-user
</Location>
<Location /admin>
  Order allow,deny
  AuthType Default
  Allow all
  Require user print-admin
</Location>
<Location /admin/conf>
  Order allow,deny
  AuthType Default
  Allow all
  Require user print-admin
</Location>

<Policy default>
  JobPrivateAccess @OWNER @SYSTEM print-admin
  JobPrivateValues default
  SubscriptionPrivateAccess @OWNER @SYSTEM print-admin
  SubscriptionPrivateValues default
  <Limit CUPS-Get-Printers Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
    AuthType Default
    Require valid-user
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM print-admin
    Order deny,allow
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM print-admin
    Require group lp
    Satisfy any
    Order deny,allow
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM print-admin
    Order deny,allow
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM print-admin
    Order deny,allow
  </Limit>
  <Limit All>
    Order deny,allow
  </Limit>
</Policy>
@denisonbarbosa denisonbarbosa added bug Something isn't working jira Sync to jira medium labels Jun 28, 2023
@jibel jibel removed the jira Sync to jira label Oct 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bdaileyumich @jibel @denisonbarbosa