httpReconnect(http);
}
else
+ {
+ /*
+ * Update auth-info-required as needed...
+ */
+
_cupsLangPrintf(stderr, _("ERROR: Print file was not accepted (%s)!\n"),
cupsLastErrorString());
+
+ if (ipp_status == IPP_NOT_AUTHORIZED)
+ {
+ fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+ httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+
+ if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+ "Negotiate", 9))
+ fputs("ATTR: auth-info-required=negotiate\n", stderr);
+ else
+ fputs("ATTR: auth-info-required=username,password\n", stderr);
+ }
+ }
}
else if ((job_id_attr = ippFindAttribute(response, "job-id",
IPP_TAG_INTEGER)) == NULL)
page_count > start_count)
fprintf(stderr, "PAGE: total %d\n", page_count - start_count);
- /*
- * Update auth-info-required as needed...
- */
-
- if (ipp_status == IPP_NOT_AUTHORIZED)
- {
- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
- "Negotiate", 9))
- fputs("ATTR: auth-info-required=negotiate\n", stderr);
- else
- fputs("ATTR: auth-info-required=username,password\n", stderr);
- }
-
/*
* Free memory...
*/
if test x$default_gssservicename != xno; then
if test "x$default_gssservicename" = "xdefault"; then
- CUPS_DEFAULT_GSSSERVICENAME="ipp"
+ CUPS_DEFAULT_GSSSERVICENAME="host"
else
CUPS_DEFAULT_GSSSERVICENAME="$default_gssservicename"
fi
gss_display_status(&err_minor_status, minor_status, GSS_C_MECH_CODE,
GSS_C_NULL_OID, &msg_ctx, &minor_status_string);
- DEBUG_printf(("8%s: %s, %s", message, (char *)major_status_string.value,
+ DEBUG_printf(("1%s: %s, %s", message, (char *)major_status_string.value,
(char *)minor_status_string.value));
gss_release_buffer(&err_minor_status, &major_status_string);
* information...
*/
- if (http->hostaddr->addr.sa_family == AF_LOCAL &&
+# ifdef HAVE_GSSAPI
+ if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9) &&
+# else
+ if (
+# endif /* HAVE_GSSAPI */
+ http->hostaddr->addr.sa_family == AF_LOCAL &&
!getenv("GATEWAY_INTERFACE")) /* Not via CGI programs... */
{
/*
if (!con->gss_creds)
cupsdLogMessage(CUPSD_LOG_DEBUG,
- "cupsdAuthorize: No credentials!");
+ "cupsdAuthorize: No delegated credentials!");
if (major_status == GSS_S_CONTINUE_NEEDED)
cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
peersize = sizeof(peercred);
+# ifdef __APPLE__
+ if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize))
+# else
if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize))
+# endif /* __APPLE__ */
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get peer credentials - %s",
strerror(errno));
return (NULL);
}
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdCopyKrb5Creds: Copying credentials for UID %d...",
+ CUPSD_UCRED_UID(peercred));
+
krb5_ipc_client_set_target_uid(CUPSD_UCRED_UID(peercred));
if ((error = krb5_cc_default(KerberosContext, &peerccache)) != 0)
if (auth_str[0])
{
- cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSendHeader: WWW-Authenticate: %s",
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdSendHeader: %d WWW-Authenticate: %s", con->http.fd,
auth_str);
if (httpPrintf(HTTP(con), "WWW-Authenticate: %s\r\n", auth_str) < 0)
cupsFileClose(fp);
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5_H)
+# ifdef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID
+ if (con->http.hostaddr->addr.sa_family == AF_LOCAL || con->gss_creds)
+# else
if (con->gss_creds)
+# endif /* HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */
save_krb5_creds(con, job);
else if (job->ccname)
cupsdClearString(&(job->ccname));