HPLIP

hp-toolbox: Use of deprecated Qt API causes infinite authentication loop

Bug #1880275 reported by M. Vefa Bicakci
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
HPLIP
New
Undecided
Unassigned

Bug Description

Hello,

I discovered on a Fedora 31 installation that the hp-toolbox uses a deprecated Qt API function for QGridLayout named setMargin(). This causes an exception to be thrown by Qt when hp-toolbox is attempting to authenticate the user by asking for the user's username and password. Due to the exception, the password dialog creation fails, and hp-toolbox enters and infinite loop with the CUPS daemon, which spams the system journal...

Here is the problematic code in question:

=== /usr/share/hplip/ui5/devmgr5.py ===
class PasswordDialog(QDialog):
    def __init__(self, prompt, parent=None, name=None, modal=0, fl=0):
        QDialog.__init__(self, parent)
        self.prompt = prompt

        Layout= QGridLayout(self)
        Layout.setMargin(11)

The setMargin API function has been deprecated according to "https://doc.qt.io/qt-5/qlayout-obsolete.html". This causes an exception to be thrown by Qt.

Here are the log messages in the system journal indicating the infinite loop:

May 23 08:35:48 cupsd[12123]: [Client 3742370] Empty Basic password.
May 23 08:35:48 cupsd[12123]: REQUEST localhost - - "POST /admin/ HTTP/1.1" 401 121 CUPS-Set-Default successful-ok
May 23 08:35:48 cupsd[12123]: [Client 3742373] Empty Basic password.
May 23 08:35:48 cupsd[12123]: REQUEST localhost - - "POST /admin/ HTTP/1.1" 401 121 CUPS-Set-Default successful-ok
May 23 08:35:48 cupsd[12123]: [Client 3742376] Empty Basic password.
May 23 08:35:48 cupsd[12123]: REQUEST localhost - - "POST /admin/ HTTP/1.1" 401 121 CUPS-Set-Default successful-ok

When I modify the code to catch the exception in showPasswordUI as follows:

=== /usr/share/hplip/ui5/devmgr5.py ===
def showPasswordUI(prompt):
    try:
        dlg = PasswordDialog(prompt, None)

        if dlg.exec_() == QDialog.Accepted:
            return (dlg.getUsername(), dlg.getPassword())

    except Exception as e:
        log.error("Exception in password dialog: {}".format(e))
        log.error("Traceback: {}".format(traceback.format_exc()))
    finally:
        pass

    return ("", "")

Then, I encounter the following output from hp-toolbox:

error: Exception in password dialog: 'QGridLayout' object has no attribute 'setMargin'
error: Traceback: Traceback (most recent call last):
  File "/usr/share/hplip/ui5/devmgr5.py", line 2306, in showPasswordUI
    dlg = PasswordDialog(prompt, None)
  File "/usr/share/hplip/ui5/devmgr5.py", line 2251, in __init__
    Layout.setMargin(11)
AttributeError: 'QGridLayout' object has no attribute 'setMargin'

error: Start/Stop printer queue operation fails. Error : client-error-not-authenticated

All this to say, would it be possible to update the code so that the setMargin(11) call is replaced with the non-obsolete API call setContentsMargins(11, 11, 11, 11) to avoid this error?

In addition, would it be possible to catch exceptions in showPasswordUI so that similar problems would be easier to debug in the future?

Thanks!

See original description
M. Vefa Bicakci (mvb)
description: updated
Revision history for this message
zdohnal (zdohnal) wrote :

Hi ~mvb,

I'm Zdenek, RHEL/Fedora/CentOS hplip maintainer - I would like to provide a patch to hplip upstream for fixing the issue you found out and proposed the fix.

I understand what needs to be fixed because of your comment, but I'm not familiar with hp-toolbox so much so I'm not sure how to trigger the issue. I thought it will show up when I create a new print queue in hp-toolbox, but it wasn't the case.

Would you mind telling the exact steps leading to trigger the issue?

Creating a bugzilla ticket at bugzilla.redhat.com would help me too :) .

Thank you in advance!

Revision history for this message
M. Vefa Bicakci (mvb) wrote :

Hello Zdenek,

Thank you for your response! After reading your comment, I realized that I did not mention how to reproduce this issue; I am sorry about this!

Assuming that a print queue already exists (i.e., hp-toolbox already displays at least one HP printer), one can reproduce this issue as follows:

1) Ensure that the user you are testing with is not part of any system groups that allow the user to administer CUPS without entering the root password. (On my system, my username is "user", and the only group it is a member of is "user".)

2) Start hp-toolbox

3) Select a printer on the left side of the hp-toolbox window

4) On the right side of the window, click on the "Printer Control" tab

5) Make sure that your printer is selected by the drop-down menu labelled "Printer Name" in this tab

6) Click on any one of the following buttons:
   * Stop printer (this could read "Start printer")
   * Reject jobs (this could read "Accept jobs")
   * Set as default (this could be grayed out if the printer is already the default)

Expected behaviour: hp-toolbox requests the user's password and handles the request associated with the button that was clicked.

Actual behaviour: system journal is flooded with the messages mentioned in the bug description, and hp-toolbox hangs.

Note: To the best of my knowledge, this bug is not specific to Fedora. grep'ing for "setMargin" shows that the file "systemtray.py" was patched (either by HPLIP or by Fedora) due to the same issue:

/usr/share/hplip/ui5/systemtray.py:450: # layout.setMargin(3)
/usr/share/hplip/ui5/systemtray.py-451- layout.setContentsMargins(3, 3, 3, 3)

If you could open a bug report at "https://bugzilla.redhat.com" for me, I would appreciate it.

Thanks!

information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
M. Vefa Bicakci (mvb) wrote :

Sorry regarding the change of the bug's type to "Public Security" and back to "Public". I accidentally clicked on the wrong part of the screen.

Revision history for this message
zdohnal (zdohnal) wrote :

The following patch is based on your investigation and it works.

I'll add it to Fedora for now.

HPLIP project maintainers, please add it to HPLIP project in the next release.

Thank you in advance!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.