*
* Authentication functions for the Common UNIX Printing System (CUPS).
*
- * Copyright 2007 by Apple Inc.
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products.
*
* This file contains Kerberos support code, copyright 2006 by
/*
* 'cupsDoAuthentication()' - Authenticate a request.
*
- * This function should be called in response to a HTTP_UNAUTHORIZED
+ * This function should be called in response to a @code HTTP_UNAUTHORIZED@
* status, prior to resubmitting your request.
*
* @since CUPS 1.1.20@
int /* O - 0 on success, -1 on error */
cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */
- const char *method,/* I - Request method (GET, POST, PUT) */
+ const char *method,/* I - Request method ("GET", "POST", "PUT") */
const char *resource)
/* I - Resource path */
{
const char *password; /* Password string */
char prompt[1024], /* Prompt for user */
realm[HTTP_MAX_VALUE], /* realm="xyz" string */
- nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */
- encode[4096]; /* Encoded username:password */
+ nonce[HTTP_MAX_VALUE]; /* nonce="xyz" string */
int localauth; /* Local authentication result */
_cups_globals_t *cg; /* Global data */
if (major_status == GSS_S_CONTINUE_NEEDED)
DEBUG_gss_printf(major_status, minor_status, "Continuation needed!");
- if (output_token.length)
+ if (output_token.length > 0 && output_token.length <= 65536)
{
- httpEncode64_2(encode, sizeof(encode), output_token.value,
+ /*
+ * Allocate the authorization string since Windows KDCs can have
+ * arbitrarily large credentials...
+ */
+
+ int authsize = 10 + /* "Negotiate " */
+ output_token.length * 4 / 3 + 1 + /* Base64 */
+ 1; /* nul */
+
+ httpSetAuthString(http, NULL, NULL);
+
+ if ((http->authstring = malloc(authsize)) == NULL)
+ {
+ http->authstring = http->_authstring;
+ authsize = sizeof(http->_authstring);
+ }
+
+ strcpy(http->authstring, "Negotiate ");
+ httpEncode64_2(http->authstring + 10, authsize - 10, output_token.value,
output_token.length);
- httpSetAuthString(http, "Negotiate", encode);
major_status = gss_release_buffer(&minor_status, &output_token);
}
+ else
+ {
+ DEBUG_printf(("cupsDoAuthentication: Kerberos credentials too large - "
+ "%d bytes!\n", output_token.length));
+
+ major_status = gss_release_buffer(&minor_status, &output_token);
+
+ return (-1);
+ }
#endif /* HAVE_GSSAPI */
}
else if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6))
* Basic authentication...
*/
+ char encode[256]; /* Base64 buffer */
+
+
httpEncode64_2(encode, sizeof(encode), http->userpass,
(int)strlen(http->userpass));
httpSetAuthString(http, "Basic", encode);
* Digest authentication...
*/
- char digest[1024]; /* Digest auth data */
+ char encode[33], /* MD5 buffer */
+ digest[1024]; /* Digest auth data */
httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm);