The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)

Detect authentication errors for all requests. (bug #810007, upstream commit revision10277)
2012-04-17 18:19:22 +02:00 · 2012-04-17 18:19:22 +02:00 · 30ec41f994
commit 30ec41f994
parent 0d80ee5d8f
3 changed files with 132 additions and 1 deletions
--- a/cups-revision10277.patch
+++ b/cups-revision10277.patch
@ -0,0 +1,43 @@
+From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001
+From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
+Date: Mon, 13 Feb 2012 23:43:07 +0000
+Subject: [PATCH] Detect authentication errors for all requests.
+
+git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945
+---
+ backend/ipp.c |    9 ++++++---
+ 1 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/backend/ipp.c b/backend/ipp.c
+index bcaab37..d4719e4 100644
+--- a/backend/ipp.c
+++ b/backend/ipp.c
+@@ -898,7 +898,9 @@ main(int  argc,				/* I - Number of command-line args */
+ 
+ 	return (CUPS_BACKEND_STOP);
+       }
+-      else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+      else if (ipp_status == IPP_NOT_AUTHORIZED ||
+               ipp_status == IPP_FORBIDDEN ||
+               ipp_status == IPP_AUTHENTICATION_CANCELED)
+       {
+         const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+         				/* WWW-Authenticate field value */
+@@ -1472,11 +1474,12 @@ main(int  argc,				/* I - Number of command-line args */
+         _cupsLangPrintFilter(stderr, "ERROR",
+ 	                     _("Print file was not accepted."));
+ 
+-	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
+	    ipp_status == IPP_AUTHENTICATION_CANCELED)
+ 	{
+ 	  const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ 					/* WWW-Authenticate field value */
+-  
+
+ 	  if (!strncmp(www_auth, "Negotiate", 9))
+ 	    auth_info_required = "negotiate";
+ 	  else if (www_auth[0])
+-- 
+1.7.7.6
+
--- a/cups-str3985.patch
+++ b/cups-str3985.patch
@ -0,0 +1,74 @@
+diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
+--- cups-1.5.2/backend/ipp.c.str3985	2012-04-05 10:28:12.568898781 +0200
+++ cups-1.5.2/backend/ipp.c	2012-04-05 10:32:07.165612536 +0200
+@@ -957,9 +957,13 @@ main(int  argc,				/* I - Number of comm
+       }
+       else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+       {
+-	if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		     "Negotiate", 9))
+        const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+        				/* WWW-Authenticate field value */
+
+	if (!strncmp(www_auth, "Negotiate", 9))
+ 	  auth_info_required = "negotiate";
+        else if (www_auth[0])
+          auth_info_required = "username,password";
+ 
+ 	fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
+ 	return (CUPS_BACKEND_AUTH_REQUIRED);
+@@ -1315,23 +1319,13 @@ main(int  argc,				/* I - Number of comm
+     else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
+ 	     ipp_status == IPP_AUTHENTICATION_CANCELED)
+     {
+-     /*
+-      * Update auth-info-required as needed...
+-      */
+-
+-      fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+-	      httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+-     /*
+-      * Normal authentication goes through the password callback, which sets
+-      * auth_info_required to "username,password".  Kerberos goes directly
+-      * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+-      * here and set auth_info_required as needed...
+-      */
+      const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+					/* WWW-Authenticate field value */
+ 
+-      if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		   "Negotiate", 9))
+      if (!strncmp(www_auth, "Negotiate", 9))
+ 	auth_info_required = "negotiate";
+      else if (www_auth[0])
+	auth_info_required = "username,password";
+ 
+       goto cleanup;
+     }
+@@ -1486,19 +1480,13 @@ main(int  argc,				/* I - Number of comm
+ 
+ 	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ 	{
+-	  fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+-		  httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+-         /*
+-	  * Normal authentication goes through the password callback, which sets
+-	  * auth_info_required to "username,password".  Kerberos goes directly
+-	  * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+-	  * here and set auth_info_required as needed...
+-	  */
+-
+-	  if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		       "Negotiate", 9))
+	  const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+					/* WWW-Authenticate field value */
+  
+	  if (!strncmp(www_auth, "Negotiate", 9))
+ 	    auth_info_required = "negotiate";
+	  else if (www_auth[0])
+	    auth_info_required = "username,password";
+ 	}
+ 	else
+ 	  sleep(10);
--- a/cups.spec
+++ b/cups.spec
@ -12,7 +12,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.5.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -72,6 +72,8 @@ Patch36: cups-systemd-socket.patch
 Patch37: cups-str4014.patch
 Patch38: cups-polld-reconnect.patch
 Patch39: cups-translation.patch
+Patch40: cups-str3985.patch
+Patch41: cups-revision10277.patch

 Patch100: cups-lspp.patch

@ -300,6 +302,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 # If the translated message is empty return the original message (bug #797570, STR #4033).
 %patch39 -p1 -b .translation

+# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985)
+%patch40 -p1 -b .str3985
+
+# Detect authentication errors for all requests.
+%patch41 -p1 -b .revision10277
+
 %if %lspp
 # LSPP support.
 %patch100 -p1 -b .lspp
@ -659,6 +667,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/ipptool.1.gz

 %changelog
+* Tue Apr 17 2012 Jiri Popelka <jpopelka@redhat.com> 1:1.5.2-11
+- The IPP backend did not always setup username/password authentication
+  for printers (bug #810007, STR #3985)
+- Detect authentication errors for all requests.
+  (bug #810007, upstream commit revision10277)
+
 * Thu Mar 29 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.2-10
 - Removed private-shared-object-provides filter lines as they are not
  necessary (see bug #807767 comment #3).