From: mike Date: Wed, 18 May 2011 02:27:11 +0000 (+0000) Subject: Add support for providing exported Kerberos credentials via auth-info attribute. X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d5f60d19b82ccbd6f67f10c22b60eca33f1575f;p=thirdparty%2Fcups.git Add support for providing exported Kerberos credentials via auth-info attribute. git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@9778 7a7537e8-13f0-0310-91df-b6672ffda945 --- diff --git a/backend/ipp.c b/backend/ipp.c index 1189c05222..30f307f663 100644 --- a/backend/ipp.c +++ b/backend/ipp.c @@ -2545,6 +2545,7 @@ run_as_user(int argc, /* I - Number of command-line args */ const char *device_uri, /* I - Device URI */ int fd) /* I - File to print */ { + const char *auth_negotiate;/* AUTH_NEGOTIATE env var */ xpc_connection_t conn; /* Connection to XPC service */ xpc_object_t request; /* Request message dictionary */ __block xpc_object_t response; /* Response message dictionary */ @@ -2605,6 +2606,8 @@ run_as_user(int argc, /* I - Number of command-line args */ xpc_dictionary_set_string(request, "options", argv[5]); xpc_dictionary_set_string(request, "auth-info-required", getenv("AUTH_INFO_REQUIRED")); + if ((auth_negotiate = getenv("AUTH_NEGOTIATE")) != NULL) + xpc_dictionary_set_string(request, "auth-negotiate", auth_negotiate); xpc_dictionary_set_fd(request, "stdin", fd); xpc_dictionary_set_fd(request, "stderr", 2); xpc_dictionary_set_fd(request, "side-channel", CUPS_SC_FD); diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 289819f48e..0cfb1c7efe 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -10320,30 +10320,41 @@ save_auth_info( fchown(cupsFileNumber(fp), 0, 0); fchmod(cupsFileNumber(fp), 0400); + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) + cupsdClearString(job->auth_env + i); + if (auth_info && auth_info->num_values == dest->num_auth_info_required) { /* * Write 1 to 3 auth values... */ - cupsdClearString(&job->auth_username); - cupsdClearString(&job->auth_domain); - cupsdClearString(&job->auth_password); - - for (i = 0; i < auth_info->num_values; i ++) + for (i = 0; + i < auth_info->num_values && + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) { httpEncode64_2(line, sizeof(line), auth_info->values[i].string.text, strlen(auth_info->values[i].string.text)); cupsFilePrintf(fp, "%s\n", line); if (!strcmp(dest->auth_info_required[i], "username")) - cupsdSetStringf(&job->auth_username, "AUTH_USERNAME=%s", + cupsdSetStringf(job->auth_env + i, "AUTH_USERNAME=%s", auth_info->values[i].string.text); else if (!strcmp(dest->auth_info_required[i], "domain")) - cupsdSetStringf(&job->auth_domain, "AUTH_DOMAIN=%s", + cupsdSetStringf(job->auth_env + i, "AUTH_DOMAIN=%s", auth_info->values[i].string.text); else if (!strcmp(dest->auth_info_required[i], "password")) - cupsdSetStringf(&job->auth_password, "AUTH_PASSWORD=%s", + cupsdSetStringf(job->auth_env + i, "AUTH_PASSWORD=%s", + auth_info->values[i].string.text); + else if (!strcmp(dest->auth_info_required[i], "negotiate")) + cupsdSetStringf(job->auth_env + i, "AUTH_NEGOTIATE=%s", + auth_info->values[i].string.text); + else + cupsdSetStringf(job->auth_env + i, "AUTH_%s=%s", + dest->auth_info_required[i], auth_info->values[i].string.text); } } @@ -10356,8 +10367,7 @@ save_auth_info( httpEncode64_2(line, sizeof(line), con->username, strlen(con->username)); cupsFilePrintf(fp, "%s\n", line); - cupsdSetStringf(&job->auth_username, "AUTH_USERNAME=%s", con->username); - cupsdClearString(&job->auth_domain); + cupsdSetStringf(job->auth_env + 0, "AUTH_USERNAME=%s", con->username); /* * Write the authenticated password... @@ -10366,7 +10376,7 @@ save_auth_info( httpEncode64_2(line, sizeof(line), con->password, strlen(con->password)); cupsFilePrintf(fp, "%s\n", line); - cupsdSetStringf(&job->auth_password, "AUTH_PASSWORD=%s", con->password); + cupsdSetStringf(job->auth_env + 1, "AUTH_PASSWORD=%s", con->password); } #ifdef HAVE_GSSAPI diff --git a/scheduler/job.c b/scheduler/job.c index 00fa558cbb..c87a605e6f 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -997,12 +997,15 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ } envp[envc ++] = auth_info_required; - if (job->auth_username) - envp[envc ++] = job->auth_username; - if (job->auth_domain) - envp[envc ++] = job->auth_domain; - if (job->auth_password) - envp[envc ++] = job->auth_password; + + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) + if (job->auth_env[i]) + envp[envc ++] = job->auth_env[i]; + else + break; + if (job->auth_uid) envp[envc ++] = job->auth_uid; @@ -1297,6 +1300,7 @@ void cupsdDeleteJob(cupsd_job_t *job, /* I - Job */ cupsd_jobaction_t action)/* I - Action */ { + int i; /* Looping var */ char filename[1024]; /* Job filename */ @@ -1319,9 +1323,10 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */ cupsdClearString(&job->username); cupsdClearString(&job->dest); - cupsdClearString(&job->auth_username); - cupsdClearString(&job->auth_domain); - cupsdClearString(&job->auth_password); + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) + cupsdClearString(job->auth_env + i); cupsdClearString(&job->auth_uid); if (job->num_files > 0) @@ -1525,6 +1530,7 @@ cupsdLoadAllJobs(void) int /* O - 1 on success, 0 on failure */ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ { + int i; /* Looping var */ char jobfile[1024]; /* Job filename */ cups_file_t *fp; /* Job file */ int fileid; /* Current file ID */ @@ -1780,21 +1786,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ { snprintf(jobfile, sizeof(jobfile), "%s/a%05d", RequestRoot, job->id); - cupsdClearString(&job->auth_username); - cupsdClearString(&job->auth_domain); - cupsdClearString(&job->auth_password); + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) + cupsdClearString(job->auth_env + i); cupsdClearString(&job->auth_uid); if ((fp = cupsFileOpen(jobfile, "r")) != NULL) { - int i, /* Looping var */ - bytes; /* Size of auth data */ + int bytes; /* Size of auth data */ char line[255], /* Line from file */ data[255]; /* Decoded data */ for (i = 0; i < destptr->num_auth_info_required && + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])) && cupsFileGets(fp, line, sizeof(line)); i ++) { @@ -1802,14 +1809,13 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */ httpDecode64_2(data, &bytes, line); if (!strcmp(destptr->auth_info_required[i], "username")) - cupsdSetStringf(&job->auth_username, "AUTH_USERNAME=%s", data); + cupsdSetStringf(job->auth_env + i, "AUTH_USERNAME=%s", data); else if (!strcmp(destptr->auth_info_required[i], "domain")) - cupsdSetStringf(&job->auth_domain, "AUTH_DOMAIN=%s", data); + cupsdSetStringf(job->auth_env + i, "AUTH_DOMAIN=%s", data); else if (!strcmp(destptr->auth_info_required[i], "password")) - cupsdSetStringf(&job->auth_password, "AUTH_PASSWORD=%s", data); - else if (!strcmp(destptr->auth_info_required[i], "negotiate") && - isdigit(line[0] & 255)) - cupsdSetStringf(&job->auth_uid, "AUTH_UID=%s", line); + cupsdSetStringf(job->auth_env + i, "AUTH_PASSWORD=%s", data); + else if (!strcmp(destptr->auth_info_required[i], "negotiate")) + cupsdSetStringf(job->auth_env + i, "AUTH_NEGOTIATE=%s", line); } if (cupsFileGets(fp, line, sizeof(line)) && isdigit(line[0] & 255)) @@ -2477,9 +2483,11 @@ cupsdSetJobState( "Unable to remove authentication cache: %s", strerror(errno)); - cupsdClearString(&job->auth_username); - cupsdClearString(&job->auth_domain); - cupsdClearString(&job->auth_password); + for (i = 0; + i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0])); + i ++) + cupsdClearString(job->auth_env + i); + cupsdClearString(&job->auth_uid); /* diff --git a/scheduler/job.h b/scheduler/job.h index 33a112d4f7..22a6e2ef99 100644 --- a/scheduler/job.h +++ b/scheduler/job.h @@ -3,7 +3,7 @@ * * Print job definitions for the CUPS scheduler. * - * Copyright 2007-2010 by Apple Inc. + * Copyright 2007-2011 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * These coded instructions, statements, and computer programs are the @@ -70,14 +70,9 @@ struct cupsd_job_s /**** Job request ****/ int backend; /* Backend process ID */ int status; /* Status code from filters */ int tries; /* Number of tries for this job */ - char *auth_username, /* AUTH_USERNAME environment variable, + char *auth_env[3], /* AUTH_xxx environment variables, * if any */ - *auth_domain, /* AUTH_DOMAIN environment variable, - * if any */ - *auth_password, /* AUTH_PASSWORD environment variable, - * if any */ - *auth_uid; /* AUTH_UID environment variable, - * if any */ + *auth_uid; /* AUTH_UID environment variable */ void *profile; /* Security profile */ cups_array_t *history; /* Debug log history */ int progress; /* Printing progress */