Common Unix Printing System
|
The Common Unix Printing System (CUPS) is a modularised computer printing system for Unix-like operating systems that allows computers to act as powerful print servers. A computer running CUPS is a host which can accept print jobs from client computers, process them, and send them to the appropriate printer.
CUPS consists of a Unix print spooler and scheduler, a filter system that convert the print data to a format that the printer will understand, and a backend system that sends this data to the print device. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues. It also provides the traditional System V and Berkeley command line interfaces, along with limited support for the server message block protocol (SMB). The device drivers CUPS supplies are based on the PostScript Printer Description (PPD). There are a number of user interfaces for different platforms that can configure CUPS, and it has an inbuilt web-based interface.
Contents |
Overview
CUPS_process.PNG
CUPS provides a mechanism that allows print jobs to be sent to printers in a standard fashion. The data is sent to a scheduler which then sends jobs to a filter system that converts the print job into a format the printer will understand. The filter system then passes the data on to a backend—a special filter that sends print data to a device or network connection. The system makes extensive use of PostScript and rasterization of data in order to convert the data into a language that the printer will understand.
The primary advantage of CUPS is that it is a standard and modularised printing system that can process numerous data formats on the print server. Previously, it was difficult to find a solution that was standardised that would allow for the numerous printers that are on the market that use their own printer languages and formats. For instance, the System V and Berkeley printing systems were largely incompatible with each other, and they required setting up complicated scripts and workarounds to convert from the program's data format to a format the printer understood. They often didn't know how to detect the file format that was being sent to the printer and thus could not convert data correctly. They also did their data conversion on the workstation and not on the server.
With CUPS, it is far easier for printer manufacturers and printer driver developers to create drivers that work natively on the print server than they were able to previously with other Unix printing systems. As the processing is done on the server, it is also far easier to allow for network based printing than it was previously with other Unix printing systems. One advantage is that when used with Samba, printers can be used on remote Windows computers and in fact generic PostScript drivers can be used to print across the network.
Scheduler
The CUPS scheduler implements Internet Printing Protocol (IPP) printing, which is a printing protocol that utilises the HTTP protocol to manage print jobs and print queues. The scheduler accepts HTTP/1.1 requests, and provides a web-based interface for managing print jobs, the configuration of the server and also for maintaining documentation about CUPS itself.
The scheduler has an authorization module which controls what IPP and HTTP messages can pass through the system. Once the IPP/HTTP packets are authorized they are sent to the client module, which listens for and processes incoming connections. The client module is also responsible for executing the external CGI programs as needed to support web-based printers, classes, and job status monitoring and administration. Once the client module has processed the requests, it sends them to the IPP module to process these requests further. This module does Uniform Resource Identifier (URI) validation to prevent a client from sidestepping any access controls or authentication on the HTTP server. The URI is a text string that indicates a name or address that can be used to refer to an abstract or physical resource on a network.
The scheduler allows for classes of printers. This is a method of grouping printers together to allow applications to send jobs to the class, which then means the scheduler will pick the first available printer in the class and send the job to that printer. A jobs module then manages print jobs and sends them to the filter and backend processes so the jobs can be printed. It also monitors status messages from those filters and backends.
The scheduler has a configuration module that it uses to access CUPS configuration files. It parses configuration files as well as initiates CUPS data structures and the CUPS program state. The configuration module will stop the CUPS services while it processes the configuration files and then restarts the service when it has finished processing the files.
A logging module handles logging scheduler events for access, error, and page log files, whilst the main module handles timeouts and the dispatching of I/O requests for client connections; watches for signals and reloads the server configuration files as needed and handles child process errors and exits.
Other modules used by the scheduler are: the MIME module, which handles a Multipurpose Internet Mail Extensions (MIME) type and conversion database that is used in the filtering process of converting print data to a format that the print device will understand; a PPD module that handles a list of Postscript Printer Description (PPD) files, a devices module that manages a list of devices that are available in the system, and a printers module that handles printers and PPDs within CUPS.
Filter system
One of CUPS' main advantages is that it can process a variety of data formats on the print server. It converts the print job data into the final language/format of the printer via a series of filters. It does this using Multipart Internet Mail Extensions (MIME) types. MIME is an Internet Standard for the format of e-mail but is commonly used in other systems to determine the type of file that is being processed.
MIME databases
After the print job has been given to the scheduler, it is then passed to the CUPS filter system. This processes the print data and coverts it to a format that the printer will understand. When the CUPS daemon starts, it loads two MIME databases: mime.types
and mime.convs
. mime.types
defines the known file types that CUPS can accept data for, and mime.convs
defines the program that processes that particular MIME type.
The mime.types
file has the syntax:
mimetype { [file-extensions] | [pattern-match] }
For example, to detect an HTML file, you could use:
text/html html htm \ printable(0,1024) + (string(0,"<HTML>") string(0,"<!DOCTYPE"))
The second line matches the file contents to a MIME type by determining that the first kilobyte of text in the file holds printable characters and that those characters include html markup. If it determines that this matches it marks the file as of the MIME type text/html.
The mime.convs
file has the syntax:
source destination cost program
The source field is the MIME type that is determined by looking up the mime.types
file, while the destination field determines what output is requested and determines what program should be used. This is also looked up in mime.types
. The cost field helps determine between different sets of filters when converting a file. The last field, program, determines what filter program to use to do the data conversion.
Some examples follow:
text/plain application/postscript 50 texttops application/vnd.cups-postscript application/vnd.cups-raster 50 pstoraster image/* application/vnd.cups-postscript 50 imagetops image/* application/vnd.cups-raster 50 imagetoraster
Further information on these databases can be found at http://www.cups.org/sam.html#FILE_TYPING_FILTERING
Filtering process
The filtering process works by taking input data preformatted with six arguments: the name of the printer queue or print filter, the job ID of the print job, the user-name, the job-name, the number of copies to print, any print options, and the filename (though unnecessary if it is coming from standard input). It then determines the type of data that is being input and the filter to be used through the use of the MIME databases, for instance image data will be detected and processed through a particular filter and HTML data detected and processed through another filter.
This data can then be either converted into PostScript data or directly into raster data. If it is converted into postscript data an additional filter is applied called a prefilter, which basically runs the PostScript data through another PostScript converter so that it can add printer specific options like selecting page ranges to print, setting n-up mode and other device specific things.
After the pre-filtering is done, the data is sent directly to a CUPS backend (if using a PostScript printer), is passed to another filter (like Foomatic by linuxprinting.org), or is passed to Ghostscript, which coverts the PostScript into an intermediary CUPS-raster format (the MIME type is application/vnd.cups-raster).
The intermediary raster format is then passed onto a final filter which coverts the raster data to a printer specific format. The default filters that are included with CUPS are: raster to PCL, raster to ESC/P or ESC/P2 (an Epson printer language, now largely superseded by their new ESC/P-Raster format) and raster to Dymo (another printer company).
However, there are several other alternatives that can be used with CUPS. Easy Software Printing (ESP) Solutions, the creators of CUPS, have released their own CUPS filters: Gimp-Print is a range of high-quality printer drivers for (mostly) inkjet printers, and Turbo-Print for Linux has another range of quality printer drivers for a wide range of printers.
Backends
The backends are the ways in which data is sent to the printer. There are several different backends avaiable for CUPS: parallel, serial, and USB ports, as well as network backends that operate via the IPP, JetDirect (AppSocket), Line Printer Daemon ("LPD") and SMB protocols.
Compatibility
CUPS provides both the System V and Berkeley printing commands so the traditional methods of printing files can be used for CUPS. CUPS listens on port 515, which is the traditional LPD port (it treats this as a backend). When CUPS is installed the lp
System V printing system command and the lpr
Berkeley printing system commands as compatible programs. This allows a standard interface to CUPS and allows maximum compatibility with existing applications that rely on these printing systems.
User Interface tools
There are several tools created to help setup CUPS. The CUPS server itself runs a webserver administration interface on port 631 [1] (http://www.cups.org/sam.html#4_4). There are several interfaces for KDE, Red Hat/Fedora and other platforms.
KDE
KDE_Print_cups_config.png
Kups, for KDE, is a GUI-tool that is a CUPS front-end and allows the administration of classes, print queues and print jobs, and has a printer wizard to assist with adding new printers amongst other features [2] (http://cups.sourceforge.net/kups/features.htm). In KDE 3.3, CUPS support was integrated into the KDE printing subsystem, KDEPrint [3] (http://docs.kde.org/en/3.3/kdebase/kdeprint/cups-plugin.html). It is an intermediate layer between KDE (or other) applications, that want to print and the selected (and installed) print subystem of your OS (operating system).
KDEPrint supports several different printing platforms, amongst which CUPS is one of the best supported. It replaced a previous version of printing support in KDE, qtcups and is backwards compatible with this module of KDE. It was replaced with kprinter, a dialogue box program which can also be run on the command line. KDEPrint uses a filter-based system that is described in a pair of Desktop/XML files.
KDEPrint consists of a Print Dialog box, which shows allow printer properties to be modified, a Print Manager, which allows management of printers (adding and removing printers) as well as an add printer wizard, and a Job Viewer/Manager, which manages printer jobs (such as hold/release, cancel, move to another printer). There is also a CUPS configuration module that is integrated into KDE.
Mandrake Linux
Mandrake-cups-gui.png
In Mandrake Linux 10.1 a GUI for printing has been created. It is basically an interface for CUPS and allows users to add, remove and update printers, as well as the control of print jobs. This is done from a centralised configuration program that allows for CUPS server configuration in a centralised set of screens.
Red Hat/Fedora
Fedora-CUPS-gui.png
Starting with Red Hat 9, an integrated print manager based on CUPS and integrated into GNOME was provided. This allowed adding printers via a similar user interface to Microsoft Windows, where a new printer could be added using an add new printer wizard, along with changing default printer properties in a window containing a list of installed printers. Jobs could also be started and stopped using a print manager and the printer could be paused using a context menu that pops up when the printer icon is right-clicked.
This was criticised by Eric Raymond in his piece The Luxury of Ignorance. Raymond had attempted to install CUPS using the Fedora Core 1 print manager and found it non-intuitive and criticised the interface designers for not designing with the user's point of view in mind. He found the idea of printer queues was not obvious because users create queues on their local computer but these queues are actually created on the CUPS server.
He also found the plethora of queue type options confusing as he could choose from between networked CUPS (IPP), networked Unix (LPD), networked Windows (SMB), networked Novell (NCP) or networked JetDirect. He found the help file singularly unhelpful and largely irrelevant to a user's needs. Raymond used CUPS as a general topic to show that user interface design on Linux desktops needs rethinking and more careful design. He stated:
The meta-problem here is that the configuration wizard does all the approved rituals (GUI with standardized clicky buttons, help popping up in a browser, etc. etc.) but doesn't have the central attribute these are supposed to achieve: discoverability. That is, the quality that every point in the interface has prompts and actions attached to it from which you can learn what to do next. Does your project have this quality?
—"The Luxury of Ignorance: An Open-Source Horror Story" (http://www.catb.org/~esr/writings/cups-horror.html)
ESP Print Pro
Easy Software Products, the original creators of CUPS, have created a GUI, support for many printers and have implemented a PostScript RIP. Their software solution runs on Windows, UNIX and Linux.
ESP Print Pro is a complete printing solution that prints international text, Adobe PostScript, PDF, HP-GL/2, GIF(SM), TIFF, PNG, JPEG/JFIF, SGI RGB, Sun Raster, PhotoCD, PBM, PGM, and PPM files transparently to over 1600 printers via serial, parallel, and network connections. ESP Print Pro is based on the Common UNIX Printing System and provides PostScript and image file RIPs to support non-PostScript printers.
CUPS web-based administration interface
CUPS-web-interface-firefox.png
CUPS has a web-based administration interface that runs on port 631. CUPS 1.0 provided a simple class, job, and printer monitoring interface for web browsers. CUPS 1.1 replaces this interface with an enhanced administration interface that allows you to add, modify, delete, configure, and control classes, jobs, and printers. It is extremely useful in organisations that need to monitor print jobs and add print queues and printers remotely.
Vulnerabilities
On December 23, 2002, security firm iDefense found a security vulnerability in CUPS version 1.1.14-5 (or more specifically, xpdf 2.01). It involved passing an integer larger than 32-bits to CUPS in a PDF file, which is then processed by the pdfops filter (which comes with xpdf). This causes an integer overflow in the pdftops program and could cause CUPS to crash as pdftops tries to access an invalid memory address. An attacker could exploit this to create a denial of service attack. The security advisory also noted that if enough data was sent to CUPS then a buffer overflow attack could be exploited. iDefense successfully created an proof of concept program that exploited the vulnerability. [4] (http://lists.netsys.com/pipermail/full-disclosure/2002-December/003052.html) The organisation SecuriTeam also created several proof of concept programs that exploited the bug. They also provided the lines of code that were exploitable in their security advisory. [5] (http://www.derkeiler.com/Mailing-Lists/Securiteam/2002-12/0063.html)
The latest vulnerability is a denial of service exploit in the way that CUPS processes HTTP GET requests on the server. If CUPS receives a GET request with the string '/..'. then it can cause an error that can be remotely exploited. This issue was introduced in the 1.1.21 release. [6] (http://www.packetalarm.de/sec_notices/index.php?id=683&delimit=1#detail) [7] (http://www.securityfocus.com/bid/12200). The current release of CUPS (1.1.23) does not contain any known vulnerabilities.
See also
References
- Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability (http://www.securityfocus.com/bid/12200) (January 13, 2005). SecurityFocus.
- Mandrake Linux. Madrakelinux general features — printing (http://www.mandrakelinux.com/en/10.1/features/9.php3). Company webpage detailing Mandrake Linux features. Retrieved January 14, 2005.
- Multiple security vulnerabilities in Common UNIX Printing System (CUPS) (http://www.derkeiler.com/Mailing-Lists/Securiteam/2002-12/0063.html) (December 19, 2002). SecuriTeam.
- ThreatAlert > CUPS HTTP GET Denial Of Service Vulnerability (http://www.packetalarm.de/sec_notices/index.php?id=683&delimit=1#detail) (January 8, 2005). PacketAlarm.
- Sweet, Michael (July 10, 2000). CUPS overview (http://www.cups.org/overview.html). Easy Software Solutions.
- CUPS software administration manual : Managing printers from the web (http://www.cups.org/sam.html#4_4) (version 1.1.21, 2004). Easy Software Solutions. Retrieved January 5, 2005.
- Design of CUPS Filtering System — including the context for Mac OS X ("Jaguar") (http://www.linuxprinting.org/CUPS-Filter-Chart.html). LinuxPrinting.org. Retrieved January 5, 2005.
- KDE. KDEPrint information (http://printing.kde.org/info/). KDE-printing website. Retrieved January 14, 2005.
- Pfeifle, Kurt; Vizitiu, Ciprian; Vernooij, Jelmer R. (June 3, 2003) CUPS Printing Support : The CUPS Filtering Architecture (http://info.ccone.at/INFO/Samba/CUPS-printing.html#id2933709) from SAMBA Project Documentation (http://info.ccone.at/INFO/Samba/).
- Raymond, Eric (July 3, 2004). The luxury of ignorance: an Open-Source horror story (http://www.catb.org/~esr/writings/cups-horror.html). Eric S. Raymond's Home Page. Essay.
- "zen-parse" (December 23, 2002). iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops (http://lists.netsys.com/pipermail/full-disclosure/2002-December/003052.html). iDefense.
External links
- Official website (http://www.cups.org/)
- LinuxPrinting.org (http://www.linuxprinting.org/)
- Universal Plug and Play - Printer Device V 1.0 and Printer Basic Service V 1.0 (http://www.upnp.org/standardizeddcps/printer.asp)
- Setting up CUPS under Debian GNU/Linux (http://mumford1.dyndns.org/~bs7452/linuxhelp/cups.html)de:CUPS