/*
* Get/put file functions for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products.
*
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
*/
#include "cups-private.h"
+#include "debug-internal.h"
#include <fcntl.h>
#include <sys/stat.h>
-#if defined(WIN32) || defined(__EMX__)
+#if defined(_WIN32) || defined(__EMX__)
# include <io.h>
#else
# include <unistd.h>
-#endif /* WIN32 || __EMX__ */
+#endif /* _WIN32 || __EMX__ */
/*
http_status_t status; /* HTTP status from server */
char if_modified_since[HTTP_MAX_VALUE];
/* If-Modified-Since header */
+ int new_auth = 0; /* Using new auth information? */
+ int digest; /* Are we using Digest authentication? */
/*
}
httpClearFields(http);
- httpSetField(http, HTTP_FIELD_AUTHORIZATION, http->authstring);
httpSetField(http, HTTP_FIELD_IF_MODIFIED_SINCE, if_modified_since);
+ digest = http->authstring && !strncmp(http->authstring, "Digest ", 7);
+
+ if (digest && !new_auth)
+ {
+ /*
+ * Update the Digest authentication string...
+ */
+
+ _httpSetDigestAuthString(http, http->nextnonce, "GET", resource);
+ }
+
+#ifdef HAVE_GSSAPI
+ if (http->authstring && !strncmp(http->authstring, "Negotiate", 9) && !new_auth)
+ {
+ /*
+ * Do not use cached Kerberos credentials since they will look like a
+ * "replay" attack...
+ */
+
+ _cupsSetNegotiateAuthString(http, "GET", resource);
+ }
+#endif /* HAVE_GSSAPI */
+
+ httpSetField(http, HTTP_FIELD_AUTHORIZATION, http->authstring);
+
if (httpGet(http, resource))
{
if (httpReconnect2(http, 30000, NULL))
}
}
+ new_auth = 0;
+
while ((status = httpUpdate(http)) == HTTP_STATUS_CONTINUE);
if (status == HTTP_STATUS_UNAUTHORIZED)
* See if we can do authentication...
*/
+ new_auth = 1;
+
if (cupsDoAuthentication(http, "GET", resource))
{
status = HTTP_STATUS_CUPS_AUTHORIZATION_CANCELED;
int retries; /* Number of retries */
char buffer[8192]; /* Buffer for file */
http_status_t status; /* HTTP status from server */
+ int new_auth = 0; /* Using new auth information? */
+ int digest; /* Are we using Digest authentication? */
/*
http->authstring));
httpClearFields(http);
- httpSetField(http, HTTP_FIELD_AUTHORIZATION, http->authstring);
httpSetField(http, HTTP_FIELD_TRANSFER_ENCODING, "chunked");
httpSetExpect(http, HTTP_STATUS_CONTINUE);
+ digest = http->authstring && !strncmp(http->authstring, "Digest ", 7);
+
+ if (digest && !new_auth)
+ {
+ /*
+ * Update the Digest authentication string...
+ */
+
+ _httpSetDigestAuthString(http, http->nextnonce, "PUT", resource);
+ }
+
+#ifdef HAVE_GSSAPI
+ if (http->authstring && !strncmp(http->authstring, "Negotiate", 9) && !new_auth)
+ {
+ /*
+ * Do not use cached Kerberos credentials since they will look like a
+ * "replay" attack...
+ */
+
+ _cupsSetNegotiateAuthString(http, "PUT", resource);
+ }
+#endif /* HAVE_GSSAPI */
+
+ httpSetField(http, HTTP_FIELD_AUTHORIZATION, http->authstring);
+
if (httpPut(http, resource))
{
if (httpReconnect2(http, 30000, NULL))
DEBUG_printf(("2cupsPutFd: status=%d", status));
+ new_auth = 0;
+
if (status == HTTP_STATUS_UNAUTHORIZED)
{
/*
* See if we can do authentication...
*/
+ new_auth = 1;
+
if (cupsDoAuthentication(http, "PUT", resource))
{
status = HTTP_STATUS_CUPS_AUTHORIZATION_CANCELED;
projects / thirdparty / cups.git / blobdiff