CUPS

The Common Unix Printing System (CUPS) is a modular computer printing system for Unix-like operating systems that allows a computer to act as a powerful print server. A computer running CUPS is a host which can accept print jobs from client computers, process them, and send them to the appropriate printer.

CUPS consists of a Unix print spooler and scheduler, a filter system that converts the print data to a format that the printer will understand, and a backend system that sends this data to the print device. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues. It also provides the traditional System V and Berkeley command line interfaces, along with limited support for the server message block protocol (SMB). The device drivers CUPS supplies can be configured by using text files in Adobe's PostScript Printer Description (PPD) format. There are a number of user interfaces for different platforms that can configure CUPS, and it has a built-in web-based interface. CUPS is provided under the GNU General Public License and GNU Lesser General Public License, Version 2.

History

CUPS was first created in the Fall of 1999^[1] by Michael Sweet and Andrew Senft, who own Easy Software Products, and remained in alpha and beta for two years prior to the first release. The first development efforts centered around using LPD, however due to vendor incompatibilities the Internet Printing Protocol (IPP) was also supplied as an alternative that might be better in some situations. It was quickly adopted as the default printing system for several Linux distributions, including Red Hat Linux. In March 2002 it was used as the default Mac OS X printing system by Apple Computer after initial attempts at developing a printing subsystem from scratch were shelved.^[2]

Overview

CUPS provides a mechanism that allows print jobs to be sent to printers in a standard fashion. The data is sent to a scheduler which sends jobs to a filter system that converts the print job into a format the printer will understand. The filter system then passes the data on to a backend—a special filter that sends print data to a device or network connection. The system makes extensive use of PostScript and rasterization of data to convert the data into a format that is suitable for the printer.

The primary advantage of CUPS is that it is a standard and modularised printing system that can process numerous data formats on the print server. Before CUPS, it was difficult to find a standard printer management system that would accommodate the very wide variety of printers on the market using their own printer languages and formats. For instance, the System V and Berkeley printing systems were largely incompatible with each other, and they required complicated scripts and workarounds to convert the program's data format to a printable format. They often could not detect the file format that was being sent to the printer and thus could not automatically and correctly convert the data stream. Additionally, data conversion was performed on individual workstations rather than a central server.

CUPS allows printer manufacturers and printer driver developers to more easily create drivers that work natively on the print server. Processing occurs on the server, allowing for easier network-based printing than with other Unix printing systems. When used with Samba, printers can be used on remote Windows computers and generic PostScript drivers can be used for printing across the network.

Scheduler

The CUPS scheduler can implement either IPP Internet Printing Protocol or LPD Line Printer Daemon protocol. It accepts HTTP/1.1 requests, and provides a web-based interface for managing print jobs, the configuration of the server, and for documentation about CUPS itself.

An authorization module controls which IPP and HTTP messages can pass through the system. Once the IPP/HTTP packets are authorised they are sent to the client module, which listens for and processes incoming connections. The client module is also responsible for executing external CGI programs as needed to support web-based printers, classes, and job status monitoring and administration. Once this module has processed its requests, it sends them to the IPP module which performs Uniform Resource Identifier (URI) validation to prevent a client from sidestepping any access controls or authentication on the HTTP server. The URI is a text string that indicates a name or address that can be used to refer to an abstract or physical resource on a network.

The scheduler allows for classes of printers; applications can send requests to groups of printers in a class, allowing the scheduler to direct the job to the first available printer in that class. A jobs module manages print jobs, sending them to the filter and backend processes for final conversion and printing, and monitoring the status messages from those processes.

The CUPS scheduler utilizes a configuration module, this parses configuration files, initializes CUPS data structures, and start and stops the CUPS program. The configuration module will stop CUPS services during configuration file processing and then restarting the service when processing is complete.

A logging module handles scheduler event logging for access, error, and page log files, whilst the main module handles timeouts and dispatch of I/O requests for client connections; watching for signals;handling child process errors and exits; and reloading the server configuration files as needed.

Other modules used by the scheduler are: the MIME module, which handles a Multipurpose Internet Mail Extensions (MIME) type and conversion database that is used in the filtering process that converts print data to a format suitable for a print device; a PPD module that handles a list of Postscript Printer Description (PPD) files; a devices module that manages a list of devices that are available in the system; and a printers module that handles printers and PPDs within CUPS.

Filter system

CUPS allows different data to be sent to the CUPS server and have that data converted into a format the printer will understand and be able to print.

One of CUPS' main advantages is that it can process a variety of data formats on the print server. It converts the print job data into the final language/format of the printer via a series of filters. It does this using Multipart Internet Mail Extensions (MIME) types. MIME is an Internet Standard for the format of e-mail but is commonly used in other systems to determine the type of file that is being processed.

MIME databases

After the print job has been assigned to the scheduler, it is passed to the CUPS filter system. This converts the data to a format suitable for the printer. During start-up, the CUPS daemon loads two MIME databases: mime.types that defines the known file types that CUPS can accept data for, and mime.convs that defines the programs that process each particular MIME type.

The mime.types file has the syntax:

mimetype      { [file-extensions] | [pattern-match] }

For example, to detect an HTML file, the following entry would be applicable:

text/html       html htm \
      printable(0,1024) + (string(0,"<HTML>") string(0,"<!DOCTYPE"))

The second line matches the file contents to the specified MIME type by determining that the first kilobyte of text in the file holds printable characters and that those characters include html markup. If the pattern above is matched the filter system would mark the file as the MIME type text/html.

The mime.convs file has the syntax:

source destination cost program

The source field is the MIME type that is determined by looking up the mime.types file, while the destination field lists the type of output requested and determines what program should be used. This is also retrieved from mime.types. The cost field assists in the selection of sets of filters when converting a file. The last field, program, determines which filter program to use to perform the data conversion.

Some examples:

text/plain application/postscript 50 texttops
application/vnd.cups-postscript application/vnd.cups-raster 50 pstoraster
image/* application/vnd.cups-postscript 50 imagetops
image/* application/vnd.cups-raster 50 imagetoraster

Further information on these databases can be found at http://www.cups.org/sam.html#FILE_TYPING_FILTERING

Filtering process

The filtering process works by taking input data preformatted with six arguments: the name of the printer queue or print filter, the job ID of the print job, the user-name, the job-name, the number of copies to print, any print options, and the filename (though this is unnecessary if it is has been redirected from standard input). It then determines the type of data that is being input and the filter to be used through the use of the MIME databases, for instance image data will be detected and processed through a particular filter and HTML data detected and processed through another filter.

This data can then be either converted into PostScript data or directly into raster data. If it is converted into postscript data an additional filter is applied called a prefilter, which runs the PostScript data through another PostScript converter so that it can add printer specific options like selecting page ranges to print, setting n-up mode and other device specific things.

After the pre-filtering is done, the data is sent directly to a CUPS backend (if using a PostScript printer), is passed to another filter (like Foomatic by linuxprinting.org), or is passed to Ghostscript, which coverts the PostScript into an intermediary CUPS-raster format (the MIME type is application/vnd.cups-raster).

The intermediary raster format is then passed onto a final filter which coverts the raster data to a printer specific format. The default filters that are included with CUPS are: raster to PCL, raster to ESC/P or ESC/P2 (an Epson printer language, now largely superseded by their new ESC/P-Raster format) and raster to Dymo (another printer company).

However, there are several other alternatives that can be used with CUPS. Easy Software Products (ESP), the creators of CUPS, have released their own CUPS filters; Gimp-Print is a range of high-quality printer drivers for (mostly) inkjet printers, and Turbo-Print for Linux has another range of quality printer drivers for a wide range of printers.

Backends

The backends are the ways in which data is sent to the printer. There are several different backends available for CUPS: parallel, serial, and USB ports, as well as network backends that operate via the IPP, JetDirect (AppSocket), Line Printer Daemon ("LPD") and SMB protocols.

Compatibility

CUPS provides both the System V and Berkeley printing commands so the traditional commands for printing can be used for CUPS. CUPS listens on port 515, which is the traditional LPD port (it treats this as a 'backend'). When CUPS is installed the lp System V printing system command and the lpr Berkeley printing system commands are installed as compatible programs. This allows a standard interface to CUPS and allows maximum compatibility with existing applications that rely on these printing systems.

Apple Computer is using CUPS as printing system in their operating system Mac OS X from Version 10.2 (Jaguar) on.

User Interface tools

There are several tools created to help setup CUPS. The CUPS server itself runs a webserver administration interface on port 631.^[3] There are several interfaces for KDE, Red Hat Linux/Fedora and other platforms.

GNOME

CUPS can be managed under GNOME

The GNOME CUPS Manager can be used to add new CUPS printers, and to manage CUPS printers and queues. (In Debian, FreeBSD and Ubuntu, gnome-cups-manager is the relevant package.) There are other third-party applications to manage printing, for example GtkLP and its associate tool GtkLPQ, or GtkPSproc.

The widget toolkit GTK+, on which GNOME is based, included integrated printing support based on CUPS on its version 2.10, which was released in 2006.

KDE

KDEPrint features a CUPS server configuration module.

KDEPrint, for KDE, is a framework containing various GUI-tools that act as CUPS front-ends and allows the administration of classes, print queues and print jobs; it includes a printer wizard to assist with adding new printers amongst other features. It was added in KDE 2.2.

KDEPrint supports several different printing platforms, amongst which CUPS is one of the best supported. It replaced a previous version of printing support in KDE, qtcups and is backwards compatible with this module of KDE. kprinter, a dialogue box program, is now the main tool for sending jobs to the print device; it can also be started from the command line. KDEPrint includes a system to pre-filter any jobs before they are handed over to CUPS, or to handle jobs all on itself (such as converting files to PDF); these filters are described by a pair of Desktop/XML files.

KDEPrint's main components are a Print Dialog box, which allows printer properties to be modified, a Print Manager, which allows management of printers (adding and removing printers), an Add Printer Wizard, and a Job Viewer/Manager, which manages printer jobs (such as hold/release, cancel, move to another printer). There is also a CUPS configuration module that is integrated into KDE.

Before KDE 2.2, KDE used Kups, a GUI-tool that was a CUPS front-end and allowed the administration of classes, print queues and print jobs; it had a printer wizard to assist with adding new printers amongst other features.

Mandrake Linux

CUPS can be managed in the Mandrake Linux Control Center.

In Mandrake Linux 10.1 a GUI for printing has been created. It is basically an interface for CUPS and allows users to add, remove and update printers, as well as the control of print jobs. This is done from a centralised configuration program that allows for CUPS server configuration in a centralised set of screens.

Red Hat Linux/Fedora

Fedora provides a print manager that can modify CUPS based printers.

Starting with Red Hat Linux 9, an integrated print manager based on CUPS and integrated into GNOME was provided. This allowed adding printers via a similar user interface to Microsoft Windows, where a new printer could be added using an add new printer wizard, along with changing default printer properties in a window containing a list of installed printers. Jobs could also be started and stopped using a print manager and the printer could be paused using a context menu that pops up when the printer icon is right-clicked.

This system was criticised by Eric Raymond in his piece The Luxury of Ignorance. Raymond had attempted to install CUPS using the Fedora Core 1 print manager and found it non-intuitive and criticised the interface designers for not designing with the user's point of view in mind. He found the idea of printer queues was not obvious because users create queues on their local computer but these queues are actually created on the CUPS server.

He also found the plethora of queue type options confusing as he could choose from between networked CUPS (IPP), networked Unix (LPD), networked Windows (SMB), networked Novell (NCP) or networked JetDirect. He found the help file singularly unhelpful and largely irrelevant to a user's needs. Raymond used CUPS as a general topic to show that user interface design on Linux desktops needs rethinking and more careful design. He stated:

The meta-problem here is that the configuration wizard does all the approved rituals (GUI with standardized clicky buttons, help popping up in a browser, etc. etc.) but doesn't have the central attribute these are supposed to achieve: discoverability. That is, the quality that every point in the interface has prompts and actions attached to it from which you can learn what to do next. Does your project have this quality?
—"The Luxury of Ignorance: An Open-Source Horror Story"

ESP Print Pro

File:ESP-print-manager.png

ESP Print Pro's printer manager allows you to manage printers, printer classes, and jobs on any server in a given network.

Easy Software Products, the original creators of CUPS, have created a GUI, support for many printers and have implemented a PostScript RIP. Their software solution runs on Windows, UNIX and Linux.

ESP Print Pro is a complete printing solution that prints international text, Adobe PostScript, PDF, HP-GL/2, GIF(SM), TIFF, PNG, JPEG/JFIF, SGI RGB, Sun Raster, PhotoCD, PBM, PGM, and PPM files transparently to over 5400 printers via serial, parallel, and network connections. ESP Print Pro is based on the Common UNIX Printing System and provides PostScript and image file RIPs to support non-PostScript printers.

CUPS web-based administration interface

CUPS 1.2 has a web-based interface which can be used to administer printers.

CUPS has a web-based administration interface that runs on port 631. It is extremely useful in organisations that need to monitor print jobs and add print queues and printers remotely.

CUPS 1.0 provided a simple class, job, and printer monitoring interface for web browsers. CUPS 1.1 replaced this interface with an enhanced administration interface that allows you to add, modify, delete, configure, and control classes, jobs, and printers.

CUPS 1.2 provides a revamped web interface, which features improved readability and design, support for automatically discovered printers and a better access to system logs and advanced setting.

Vulnerabilities

As of November 2005, the current release of CUPS does not contain any known vulnerabilities.

The latest vulnerability is a denial of service exploit in the way that CUPS processes HTTP GET requests on the server. If CUPS receives a GET request with the string '/..'. then it can cause an error that can be remotely exploited. This issue was introduced in the 1.1.21 release.^[4]

On December 23, 2002, security firm iDefense found a security vulnerability in CUPS version 1.1.14-5 (or more specifically, xpdf 2.01). It involved passing an integer larger than 32 bits to CUPS in a PDF file, which is then processed by the pdftops filter (which comes with xpdf). This causes an integer overflow in the pdftops program and could cause CUPS to crash as pdftops tries to access an invalid memory address. An attacker could exploit this to create a denial of service attack. The security advisory also noted that if enough data was sent to CUPS then a buffer overflow attack could be exploited. iDefense successfully created a proof of concept program that exploited the vulnerability.^[5] The organisation SecuriTeam also created several proof of concept programs that exploited the bug. They also provided the lines of code that were exploitable in their security advisory.^[6]

See also

• Berkeley printing system
• Computer printer
• Internet Printing Protocol
• PostScript
• Postscript Printer Description (PPD)
• Spooling
• System V printing system
• Xprint

Notes & references

Notes

1. ^ Michael Sweet (June 9, 1999), "A Bright New Future for Printing on Linux", Linux Today & followup from Michael Sweet (June 11, 1999), "The Future Brightens for Linux Printing", Linux Today.
2. ^ Easy Software Products, CUPS Licensed for Use in Apple Operating Systems! (press release), March 1, 2002.
3. ^ CUPS Software Administrators Manual, "Managing Printers from the Web"
4. ^ iDefense vulnerability notification
5. ^ Multiple Security Vulnerabilities in Common UNIX Printing System (CUPS), SecuriTeam notification
6. ^ CUPS HTTP GET Denial Of Service Vulnerability, packetAlarm.de & Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability, SecuriTeam

References

• Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability (January 13, 2005). SecurityFocus.
• Multiple security vulnerabilities in Common UNIX Printing System (CUPS) (December 19, 2002). SecuriTeam.
• ThreatAlert > CUPS HTTP GET Denial Of Service Vulnerability (January 8, 2005). PacketAlarm.
• Sweet, Michael (July 10, 2000). CUPS overview. Easy Software Products.
• CUPS software administration manual : Managing printers from the web (version 1.1.21, 2004). Easy Software Products. Retrieved January 5, 2005.
• http://www.cups.org/articles.php How-to articles and FAQs about using CUPS
• Design of CUPS Filtering System — including the context for Mac OS X ("Jaguar"). LinuxPrinting.org. Retrieved January 5, 2005.
• KDE. KDEPrint information. KDE-printing website. Retrieved January 14, 2005.
• Raymond, Eric (July 3, 2004). The luxury of ignorance: an Open-Source horror story. Eric S. Raymond's Home Page. Essay.

External links

• Official website
• UNIX Print Spooling Software - Unix to Windows
• Easy Software Products (creator of CUPS)
• Freshmeat.net entry on CUPS
• LinuxPrinting.org
• Universal Plug and Play - Printer Device V 1.0 and Printer Basic Service V 1.0
• Setting up CUPS under Debian GNU/Linux