Detect authentication errors for all requests. (bug #810007, upstream commit revision10277)
This commit is contained in:
parent
0d80ee5d8f
commit
30ec41f994
43
cups-revision10277.patch
Normal file
43
cups-revision10277.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001
|
||||||
|
From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
|
||||||
|
Date: Mon, 13 Feb 2012 23:43:07 +0000
|
||||||
|
Subject: [PATCH] Detect authentication errors for all requests.
|
||||||
|
|
||||||
|
git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945
|
||||||
|
---
|
||||||
|
backend/ipp.c | 9 ++++++---
|
||||||
|
1 files changed, 6 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/backend/ipp.c b/backend/ipp.c
|
||||||
|
index bcaab37..d4719e4 100644
|
||||||
|
--- a/backend/ipp.c
|
||||||
|
+++ b/backend/ipp.c
|
||||||
|
@@ -898,7 +898,9 @@ main(int argc, /* I - Number of command-line args */
|
||||||
|
|
||||||
|
return (CUPS_BACKEND_STOP);
|
||||||
|
}
|
||||||
|
- else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
|
||||||
|
+ else if (ipp_status == IPP_NOT_AUTHORIZED ||
|
||||||
|
+ ipp_status == IPP_FORBIDDEN ||
|
||||||
|
+ ipp_status == IPP_AUTHENTICATION_CANCELED)
|
||||||
|
{
|
||||||
|
const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
|
||||||
|
/* WWW-Authenticate field value */
|
||||||
|
@@ -1472,11 +1474,12 @@ main(int argc, /* I - Number of command-line args */
|
||||||
|
_cupsLangPrintFilter(stderr, "ERROR",
|
||||||
|
_("Print file was not accepted."));
|
||||||
|
|
||||||
|
- if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
|
||||||
|
+ if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
|
||||||
|
+ ipp_status == IPP_AUTHENTICATION_CANCELED)
|
||||||
|
{
|
||||||
|
const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
|
||||||
|
/* WWW-Authenticate field value */
|
||||||
|
-
|
||||||
|
+
|
||||||
|
if (!strncmp(www_auth, "Negotiate", 9))
|
||||||
|
auth_info_required = "negotiate";
|
||||||
|
else if (www_auth[0])
|
||||||
|
--
|
||||||
|
1.7.7.6
|
||||||
|
|
74
cups-str3985.patch
Normal file
74
cups-str3985.patch
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
|
||||||
|
--- cups-1.5.2/backend/ipp.c.str3985 2012-04-05 10:28:12.568898781 +0200
|
||||||
|
+++ cups-1.5.2/backend/ipp.c 2012-04-05 10:32:07.165612536 +0200
|
||||||
|
@@ -957,9 +957,13 @@ main(int argc, /* I - Number of comm
|
||||||
|
}
|
||||||
|
else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
|
||||||
|
{
|
||||||
|
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
|
||||||
|
- "Negotiate", 9))
|
||||||
|
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
|
||||||
|
+ /* WWW-Authenticate field value */
|
||||||
|
+
|
||||||
|
+ if (!strncmp(www_auth, "Negotiate", 9))
|
||||||
|
auth_info_required = "negotiate";
|
||||||
|
+ else if (www_auth[0])
|
||||||
|
+ auth_info_required = "username,password";
|
||||||
|
|
||||||
|
fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
|
||||||
|
return (CUPS_BACKEND_AUTH_REQUIRED);
|
||||||
|
@@ -1315,23 +1319,13 @@ main(int argc, /* I - Number of comm
|
||||||
|
else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
|
||||||
|
ipp_status == IPP_AUTHENTICATION_CANCELED)
|
||||||
|
{
|
||||||
|
- /*
|
||||||
|
- * Update auth-info-required as needed...
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
|
||||||
|
- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Normal authentication goes through the password callback, which sets
|
||||||
|
- * auth_info_required to "username,password". Kerberos goes directly
|
||||||
|
- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
|
||||||
|
- * here and set auth_info_required as needed...
|
||||||
|
- */
|
||||||
|
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
|
||||||
|
+ /* WWW-Authenticate field value */
|
||||||
|
|
||||||
|
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
|
||||||
|
- "Negotiate", 9))
|
||||||
|
+ if (!strncmp(www_auth, "Negotiate", 9))
|
||||||
|
auth_info_required = "negotiate";
|
||||||
|
+ else if (www_auth[0])
|
||||||
|
+ auth_info_required = "username,password";
|
||||||
|
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
@@ -1486,19 +1480,13 @@ main(int argc, /* I - Number of comm
|
||||||
|
|
||||||
|
if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
|
||||||
|
{
|
||||||
|
- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
|
||||||
|
- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Normal authentication goes through the password callback, which sets
|
||||||
|
- * auth_info_required to "username,password". Kerberos goes directly
|
||||||
|
- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
|
||||||
|
- * here and set auth_info_required as needed...
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
|
||||||
|
- "Negotiate", 9))
|
||||||
|
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
|
||||||
|
+ /* WWW-Authenticate field value */
|
||||||
|
+
|
||||||
|
+ if (!strncmp(www_auth, "Negotiate", 9))
|
||||||
|
auth_info_required = "negotiate";
|
||||||
|
+ else if (www_auth[0])
|
||||||
|
+ auth_info_required = "username,password";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
sleep(10);
|
16
cups.spec
16
cups.spec
@ -12,7 +12,7 @@
|
|||||||
Summary: Common Unix Printing System
|
Summary: Common Unix Printing System
|
||||||
Name: cups
|
Name: cups
|
||||||
Version: 1.5.2
|
Version: 1.5.2
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
|
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
|
||||||
@ -72,6 +72,8 @@ Patch36: cups-systemd-socket.patch
|
|||||||
Patch37: cups-str4014.patch
|
Patch37: cups-str4014.patch
|
||||||
Patch38: cups-polld-reconnect.patch
|
Patch38: cups-polld-reconnect.patch
|
||||||
Patch39: cups-translation.patch
|
Patch39: cups-translation.patch
|
||||||
|
Patch40: cups-str3985.patch
|
||||||
|
Patch41: cups-revision10277.patch
|
||||||
|
|
||||||
Patch100: cups-lspp.patch
|
Patch100: cups-lspp.patch
|
||||||
|
|
||||||
@ -300,6 +302,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
|
|||||||
# If the translated message is empty return the original message (bug #797570, STR #4033).
|
# If the translated message is empty return the original message (bug #797570, STR #4033).
|
||||||
%patch39 -p1 -b .translation
|
%patch39 -p1 -b .translation
|
||||||
|
|
||||||
|
# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985)
|
||||||
|
%patch40 -p1 -b .str3985
|
||||||
|
|
||||||
|
# Detect authentication errors for all requests.
|
||||||
|
%patch41 -p1 -b .revision10277
|
||||||
|
|
||||||
%if %lspp
|
%if %lspp
|
||||||
# LSPP support.
|
# LSPP support.
|
||||||
%patch100 -p1 -b .lspp
|
%patch100 -p1 -b .lspp
|
||||||
@ -659,6 +667,12 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mandir}/man1/ipptool.1.gz
|
%{_mandir}/man1/ipptool.1.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 17 2012 Jiri Popelka <jpopelka@redhat.com> 1:1.5.2-11
|
||||||
|
- The IPP backend did not always setup username/password authentication
|
||||||
|
for printers (bug #810007, STR #3985)
|
||||||
|
- Detect authentication errors for all requests.
|
||||||
|
(bug #810007, upstream commit revision10277)
|
||||||
|
|
||||||
* Thu Mar 29 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.2-10
|
* Thu Mar 29 2012 Tim Waugh <twaugh@redhat.com> 1:1.5.2-10
|
||||||
- Removed private-shared-object-provides filter lines as they are not
|
- Removed private-shared-object-provides filter lines as they are not
|
||||||
necessary (see bug #807767 comment #3).
|
necessary (see bug #807767 comment #3).
|
||||||
|
Loading…
Reference in New Issue
Block a user