Authentication in the web interface did not work on macOS (rdar://41444473)

cups/auth.c:
- cups_local_auth(): Don't check for AuthRef twice, log fopen errors for the
  root cert as well.

scheduler/client.c:
- Also allow local auth with AuthRef's.

diff --git a/CHANGES.md b/CHANGES.md
index 96e5ad854fc54b7d13ebd727925ecaf1c39a80ff..d04c0b92d9ee0755758b8e4ea5d61583a6553a48 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,4 @@
-CHANGES - 2.3b6 - 2018-06-18
+CHANGES - 2.3b6 - 2018-06-29
 ============================
 
 Changes in CUPS v2.3b6
@@ -17,6 +17,7 @@ Changes in CUPS v2.3b6
 - The web interface did not list the IPP Everywhere "driver" (Issue #5338)
 - The scheduler did not report all of the supported job options and values
   (Issue #5340)
+- Authentication in the web interface did not work on macOS (rdar://41444473)
 - Fixed a memory leak for some IPP (extension) syntaxes.
 
 

diff --git a/cups/auth.c b/cups/auth.c
index 172f55cfea44c3ebbfaf76d79b9368075839aa4f..291a1a55fc2885f9f3b9cc88c42dcf7936e9adc2 100644 (file)
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -1115,10 +1115,6 @@ cups_local_auth(http_t *http)            /* I - HTTP connection to server */
   if (cups_auth_find(www_auth, "Negotiate"))
     return (1);
 #  endif /* HAVE_GSSAPI */
-#  ifdef HAVE_AUTHORIZATION_H
-  if (cups_auth_find(www_auth, "AuthRef"))
-    return (1);
-#  endif /* HAVE_AUTHORIZATION_H */
 
 #  if defined(SO_PEERCRED) && defined(AF_LOCAL)
  /*
@@ -1168,7 +1164,7 @@ cups_local_auth(http_t *http)             /* I - HTTP connection to server */
     * No certificate for this PID; see if we can get the root certificate...
     */
 
-    DEBUG_printf(("9cups_local_auth: Unable to open file %s: %s", filename, strerror(errno)));
+    DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
 
     if (!cups_auth_param(schemedata, "trc", trc, sizeof(trc)))
     {
@@ -1180,7 +1176,8 @@ cups_local_auth(http_t *http)             /* I - HTTP connection to server */
     }
 
     snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir);
-    fp = fopen(filename, "r");
+    if ((fp = fopen(filename, "r")) == NULL)
+      DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
   }
 
   if (fp)

diff --git a/scheduler/client.c b/scheduler/client.c
index 95b9db68074fe26adc549eafadc16b5c2c6397e1..cfb0e1b9bd0869be444563da88cb41dde5055061 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2155,7 +2155,7 @@ cupsdSendHeader(
 #ifdef HAVE_AUTHORIZATION_H
        if (!_cups_strncasecmp(name, "@AUTHKEY(", 9))
        {
-         snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", name + 9);
+         snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", name + 9);
          need_local = 0;
          /* end parenthesis is stripped in conf.c */
          break;
@@ -2166,11 +2166,10 @@ cupsdSendHeader(
        {
 #ifdef HAVE_AUTHORIZATION_H
          if (SystemGroupAuthKey)
-           snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", SystemGroupAuthKey);
+           snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", SystemGroupAuthKey);
           else
-#else
-         strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
 #endif /* HAVE_AUTHORIZATION_H */
+         strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
          need_local = 0;
          break;
        }