The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)

Detect authentication errors for all requests. (bug #810007, upstream commit revision10277)
This commit is contained in:
Jiri Popelka 2012-04-17 18:19:22 +02:00
parent 0d80ee5d8f
commit 30ec41f994
3 changed files with 132 additions and 1 deletions

43
cups-revision10277.patch Normal file
View File

@ -0,0 +1,43 @@
From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001
From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Date: Mon, 13 Feb 2012 23:43:07 +0000
Subject: [PATCH] Detect authentication errors for all requests.
git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945
---
backend/ipp.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/backend/ipp.c b/backend/ipp.c
index bcaab37..d4719e4 100644
--- a/backend/ipp.c
+++ b/backend/ipp.c
@@ -898,7 +898,9 @@ main(int argc, /* I - Number of command-line args */
return (CUPS_BACKEND_STOP);
}
- else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ else if (ipp_status == IPP_NOT_AUTHORIZED ||
+ ipp_status == IPP_FORBIDDEN ||
+ ipp_status == IPP_AUTHENTICATION_CANCELED)
{
const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
/* WWW-Authenticate field value */
@@ -1472,11 +1474,12 @@ main(int argc, /* I - Number of command-line args */
_cupsLangPrintFilter(stderr, "ERROR",
_("Print file was not accepted."));
- if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
+ ipp_status == IPP_AUTHENTICATION_CANCELED)
{
const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
/* WWW-Authenticate field value */
-
+
if (!strncmp(www_auth, "Negotiate", 9))
auth_info_required = "negotiate";
else if (www_auth[0])
--
1.7.7.6

74
cups-str3985.patch Normal file
View File

@ -0,0 +1,74 @@
diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
--- cups-1.5.2/backend/ipp.c.str3985 2012-04-05 10:28:12.568898781 +0200
+++ cups-1.5.2/backend/ipp.c 2012-04-05 10:32:07.165612536 +0200
@@ -957,9 +957,13 @@ main(int argc, /* I - Number of comm
}
else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
{
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
- "Negotiate", 9))
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ /* WWW-Authenticate field value */
+
+ if (!strncmp(www_auth, "Negotiate", 9))
auth_info_required = "negotiate";
+ else if (www_auth[0])
+ auth_info_required = "username,password";
fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
return (CUPS_BACKEND_AUTH_REQUIRED);
@@ -1315,23 +1319,13 @@ main(int argc, /* I - Number of comm
else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
ipp_status == IPP_AUTHENTICATION_CANCELED)
{
- /*
- * Update auth-info-required as needed...
- */
-
- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
-
- /*
- * Normal authentication goes through the password callback, which sets
- * auth_info_required to "username,password". Kerberos goes directly
- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
- * here and set auth_info_required as needed...
- */
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ /* WWW-Authenticate field value */
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
- "Negotiate", 9))
+ if (!strncmp(www_auth, "Negotiate", 9))
auth_info_required = "negotiate";
+ else if (www_auth[0])
+ auth_info_required = "username,password";
goto cleanup;
}
@@ -1486,19 +1480,13 @@ main(int argc, /* I - Number of comm
if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
{
- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
-
- /*
- * Normal authentication goes through the password callback, which sets
- * auth_info_required to "username,password". Kerberos goes directly
- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
- * here and set auth_info_required as needed...
- */
-
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
- "Negotiate", 9))
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ /* WWW-Authenticate field value */
+
+ if (!strncmp(www_auth, "Negotiate", 9))
auth_info_required = "negotiate";
+ else if (www_auth[0])
+ auth_info_required = "username,password";
}
else
sleep(10);

View File

@ -12,7 +12,7 @@
Summary: Common Unix Printing System Summary: Common Unix Printing System
Name: cups Name: cups
Version: 1.5.2 Version: 1.5.2
Release: 10%{?dist} Release: 11%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Daemons Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -72,6 +72,8 @@ Patch36: cups-systemd-socket.patch
Patch37: cups-str4014.patch Patch37: cups-str4014.patch
Patch38: cups-polld-reconnect.patch Patch38: cups-polld-reconnect.patch
Patch39: cups-translation.patch Patch39: cups-translation.patch
Patch40: cups-str3985.patch
Patch41: cups-revision10277.patch
Patch100: cups-lspp.patch Patch100: cups-lspp.patch
@ -300,6 +302,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
# If the translated message is empty return the original message (bug #797570, STR #4033). # If the translated message is empty return the original message (bug #797570, STR #4033).
%patch39 -p1 -b .translation %patch39 -p1 -b .translation
# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985)
%patch40 -p1 -b .str3985
# Detect authentication errors for all requests.
%patch41 -p1 -b .revision10277
%if %lspp %if %lspp
# LSPP support. # LSPP support.
%patch100 -p1 -b .lspp %patch100 -p1 -b .lspp
@ -659,6 +667,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/ipptool.1.gz %{_mandir}/man1/ipptool.1.gz
%changelog %changelog
* Tue Apr 17 2012 Jiri Popelka <jpopelka@redhat.com> 1:1.5.2-11
- The IPP backend did not always setup username/password authentication
for printers (bug #810007, STR #3985)
- Detect authentication errors for all requests.
(bug #810007, upstream commit revision10277)
* Thu Mar 29 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.2-10 * Thu Mar 29 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.2-10
- Removed private-shared-object-provides filter lines as they are not - Removed private-shared-object-provides filter lines as they are not
necessary (see bug #807767 comment #3). necessary (see bug #807767 comment #3).