From f39a71fd57e8ed6378a548abdc22bccfa56d87ca Mon Sep 17 00:00:00 2001 From: mike Date: Mon, 30 Apr 2007 21:44:43 +0000 Subject: [PATCH] Fix Mac OS X AuthRef authorization (STR #2375) git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@6499 7a7537e8-13f0-0310-91df-b6672ffda945 --- cups/auth.c | 12 ++++++------ cups/globals.c | 5 ----- cups/globals.h | 9 --------- cups/http-private.h | 7 +++++++ cups/http.c | 11 +++++++++-- cups/request.c | 15 --------------- 6 files changed, 22 insertions(+), 37 deletions(-) diff --git a/cups/auth.c b/cups/auth.c index 8ac768852d..001ba153d9 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -468,17 +468,17 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ * Delete any previous authorization reference... */ - if (cg->auth_ref) + if (http->auth_ref) { - AuthorizationFree(cg->auth_ref, kAuthorizationFlagDefaults); - cg->auth_ref = NULL; + AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults); + http->auth_ref = NULL; } if (httpGetSubField2(http, HTTP_FIELD_WWW_AUTHENTICATE, "authkey", auth_key, sizeof(auth_key))) { status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, - kAuthorizationFlagDefaults, &cg->auth_ref); + kAuthorizationFlagDefaults, &http->auth_ref); if (status != errAuthorizationSuccess) { DEBUG_printf(("cups_local_auth: AuthorizationCreate() returned %d (%s)\n", @@ -499,11 +499,11 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */ kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights; - status = AuthorizationCopyRights(cg->auth_ref, &auth_rights, + status = AuthorizationCopyRights(http->auth_ref, &auth_rights, kAuthorizationEmptyEnvironment, auth_flags, NULL); if (status == errAuthorizationSuccess) - status = AuthorizationMakeExternalForm(cg->auth_ref, &auth_extrn); + status = AuthorizationMakeExternalForm(http->auth_ref, &auth_extrn); if (status == errAuthorizationSuccess) { diff --git a/cups/globals.c b/cups/globals.c index 661321f373..95f305e512 100644 --- a/cups/globals.c +++ b/cups/globals.c @@ -180,11 +180,6 @@ globals_destructor(void *value) /* I - Data to free */ cupsFreeOptions(cg->cupsd_num_settings, cg->cupsd_settings); -#ifdef HAVE_AUTHORIZATION_H - if (cg->auth_ref) - AuthorizationFree(cg->auth_ref, kAuthorizationFlagDefaults); -#endif /* HAVE_AUTHORIZATION_H */ - free(value); } diff --git a/cups/globals.h b/cups/globals.h index 0b605e999e..542070b884 100644 --- a/cups/globals.h +++ b/cups/globals.h @@ -40,10 +40,6 @@ # include # endif /* HAVE_PTHREAD_H */ -# ifdef HAVE_AUTHORIZATION_H -# include -# endif /* HAVE_AUTHORIZATION_H */ - /* * C++ magic... @@ -130,11 +126,6 @@ typedef struct _cups_globals_s /**** CUPS global state data ****/ /* Default printer */ char ppd_filename[HTTP_MAX_URI]; /* PPD filename */ - -#ifdef HAVE_AUTHORIZATION_H - /* auth.c */ - AuthorizationRef auth_ref; /* Authorization ref */ -#endif /* HAVE_AUTHORIZATION_H */ } _cups_globals_t; diff --git a/cups/http-private.h b/cups/http-private.h index 60178e2ad0..b3f0717b1b 100644 --- a/cups/http-private.h +++ b/cups/http-private.h @@ -73,6 +73,10 @@ # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */ # endif /* HAVE_GSSAPI */ +# ifdef HAVE_AUTHORIZATION_H +# include +# endif /* HAVE_AUTHORIZATION_H */ + # if defined(__sgi) || (defined(__APPLE__) && !defined(_SOCKLEN_T)) /* * IRIX and MacOS X 10.2.x do not define socklen_t, and in fact use an int instead of @@ -193,6 +197,9 @@ struct _http_s /**** HTTP connection structure. ****/ gss_ctx_id_t gssctx; /* Authentication context @since CUPS 1.3@ */ gss_name_t gssname; /* Authentication server name @since CUPS 1.3@ */ # endif /* HAVE_GSSAPI */ +# ifdef HAVE_AUTHORIZATION_H + AuthorizationRef auth_ref; /* Authorization ref */ +# endif /* HAVE_AUTHORIZATION_H */ }; diff --git a/cups/http.c b/cups/http.c index 21849d4174..09e9b5fa7e 100644 --- a/cups/http.c +++ b/cups/http.c @@ -335,6 +335,11 @@ httpClose(http_t *http) /* I - HTTP connection */ major_status = gss_release_name(&minor_status, &http->gssname); #endif /* HAVE_GSSAPI */ +#ifdef HAVE_AUTHORIZATION_H + if (http->auth_ref) + AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults); +#endif /* HAVE_AUTHORIZATION_H */ + httpClearFields(http); if (http->authstring && http->authstring != http->_authstring) @@ -2574,10 +2579,12 @@ http_send(http_t *http, /* I - HTTP connection */ httpClearFields(http); /* - * The Kerberos authentication string can only be used once... + * The Kerberos and AuthRef authentication strings can only be used once... */ - if (http->authstring && !strncmp(http->authstring, "Negotiate", 9)) + if (http->authstring && + (!strncmp(http->authstring, "Negotiate", 9) || + !strncmp(http->authstring, "AuthRef", 7))) { http->_authstring[0] = '\0'; diff --git a/cups/request.c b/cups/request.c index 7b1c86759d..55ebe76dab 100644 --- a/cups/request.c +++ b/cups/request.c @@ -71,9 +71,6 @@ cupsDoFileRequest(http_t *http, /* I - HTTP connection to server */ int bytes; /* Number of bytes read/written */ char buffer[32768]; /* Output buffer */ http_status_t expect; /* Expect: header to use */ -#ifdef HAVE_AUTHORIZATION_H - _cups_globals_t *cg = _cupsGlobals(); /* Global data */ -#endif /* HAVE_AUTHORIZATION_H */ DEBUG_printf(("cupsDoFileRequest(%p, %p, \'%s\', \'%s\')\n", @@ -450,18 +447,6 @@ cupsDoFileRequest(http_t *http, /* I - HTTP connection to server */ } } -#ifdef HAVE_AUTHORIZATION_H - /* - * Delete any authorization reference created for this request... - */ - - if (cg->auth_ref) - { - AuthorizationFree(cg->auth_ref, kAuthorizationFlagDefaults); - cg->auth_ref = NULL; - } -#endif /* HAVE_AUTHORIZATION_H */ - return (response); } -- 2.47.2