Some Kerberos cleanup...

author mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>

Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)

committer mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>

Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)
author mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)
committer mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)
diff --git a/cups/auth.c b/cups/auth.c

index b3a685a1646d4c9dd202f95390d77445fb8e9123..9c35129ca7aa26e0482f10a47b0124d1b0f1750d 100644 (file)
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -176,6 +176,13 @@ cupsDoAuthentication(http_t     *http,     /* I - HTTP connection to server */
  
    if (!strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9))
    {
+    if (http->status == HTTP_UNAUTHORIZED && http->digest_tries >= 3)
+    {
+      DEBUG_printf(("cupsDoAuthentication: too many Negotiate tries (%d)\n",
+                    http->digest_tries));
+  
+      return (-1);
+    }
  #ifdef HAVE_GSSAPI
     /*
      * Kerberos authentication...
@@ -234,14 +241,12 @@ cupsDoAuthentication(http_t     *http,    /* I - HTTP connection to server */
        * back into gss via input_token...
        */
      }
-    else
+
+    if (http->gssctx != GSS_C_NO_CONTEXT)
      {
-      if (http->gssctx != GSS_C_NO_CONTEXT)
-      {
-       major_status = gss_delete_sec_context(&minor_status, &http->gssctx,
-                                             GSS_C_NO_BUFFER);
-       http->gssctx = GSS_C_NO_CONTEXT;
-      }
+      major_status = gss_delete_sec_context(&minor_status, &http->gssctx,
+                                           GSS_C_NO_BUFFER);
+      http->gssctx = GSS_C_NO_CONTEXT;
      }
  
      major_status  = gss_init_sec_context(&minor_status, GSS_C_NO_CREDENTIAL,
@@ -377,19 +382,28 @@ cups_get_gss_creds(
  {
    gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
                                         /* Service token */
-  OM_uint32    major_status,           /* Major status code */
-               minor_status;           /* Minor status code */
-  gss_name_t   server_name;            /* Server name */
-  char         buf[1024],              /* Name buffer */
-               fqdn[HTTP_MAX_URI];     /* Server name buffer */
+  OM_uint32      major_status,         /* Major status code */
+                 minor_status;         /* Minor status code */
+  gss_name_t     server_name;          /* Server name */
+  char           buf[1024],            /* Name buffer */
+                 fqdn[HTTP_MAX_URI];   /* Server name buffer */
+  struct hostent  *host;               /* Host entry to get FQDN */
+
  
+ /*
+  * Get the hostname...
+  */
+
+  httpGetHostname(http, fqdn, sizeof(fqdn));
+
+  if (!strcmp(fqdn, "localhost"))
+    httpGetHostname(NULL, fqdn, sizeof(fqdn));
  
   /*
    * Get a server name we can use for authentication purposes...
    */
  
-  snprintf(buf, sizeof(buf), "%s@%s", service_name,
-          httpGetHostname(http, fqdn, sizeof(fqdn)));
+  snprintf(buf, sizeof(buf), "%s@%s", service_name, fqdn);
  
    token.value  = buf;
    token.length = strlen(buf);
@@ -449,11 +463,16 @@ cups_local_auth(http_t *http)             /* I - HTTP connection to server */
                  http, httpAddrString(http->hostaddr, filename, sizeof(filename)), http->hostname));
  
   /*
-  * See if we are accessing localhost...
+  * See if we are accessing localhost and the auth type is more than just
+  * Kerberos (Negotiate)...
    */
  
-  if (!httpAddrLocalhost(http->hostaddr) &&
-      strcasecmp(http->hostname, "localhost") != 0)
+  if ((!httpAddrLocalhost(http->hostaddr) &&
+       strcasecmp(http->hostname, "localhost") != 0)
+#ifdef HAVE_GSSAPI
+      || !strcmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate")
+#endif /* HAVE_GSSAPI */
+     )
    {
      DEBUG_puts("cups_local_auth: Not a local connection!");
      return (1);
diff --git a/cups/cups.h b/cups/cups.h

index cfc36ff9025c5ce0c061de5f79fffb1320b610bf..664c1dcd81bf13e802bc70d0ef47bbe16f6a0532 100644 (file)
--- a/cups/cups.h
+++ b/cups/cups.h
@@ -99,7 +99,7 @@ enum cups_ptype_e                     /* Not a typedef'd enum so we can OR */
    CUPS_PRINTER_AUTHENTICATED = 0x400000,/* Printer requires authentication @since CUPS 1.2@ */
    CUPS_PRINTER_COMMANDS = 0x800000,    /* Printer supports maintenance commands @since CUPS 1.2@ */
    CUPS_PRINTER_DISCOVERED = 0x1000000, /* Printer was automatically discovered and added @since CUPS 1.3@ */
-  CUPS_PRINTER_OPTIONS = 0xe6fffc      /* ~(CLASS | REMOTE | IMPLICIT) */
+  CUPS_PRINTER_OPTIONS = 0x6fffc       /* ~(CLASS | REMOTE | IMPLICIT | DEFAULT | FAX | REJECTING | DELETE | NOT_SHARED | AUTHENTICATED | COMMANDS | DISCOVERED) */
  };
  
  typedef const char *(*cups_password_cb_t)(const char *);
diff --git a/scheduler/printers.c b/scheduler/printers.c

index 80bf87801710012752a122a8f69de6faf07ab320..a993e335e24a653109e2f7bf6954b67e3b01fe8a 100644 (file)
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -1538,8 +1538,6 @@ cupsdSetAuthInfoRequired(
  
          p->auth_info_required[p->num_auth_info_required] = "negotiate";
         p->num_auth_info_required ++;
-
-       return (1);
        }
        else if ((end - values) == 6 && !strncmp(values, "domain", 6))
        {
author	mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
	Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)
committer	mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
	Fri, 13 Jul 2007 01:13:26 +0000 (01:13 +0000)
cups/auth.c		patch \| blob \| blame \| history
cups/cups.h		patch \| blob \| blame \| history
scheduler/printers.c		patch \| blob \| blame \| history