/*
- * "$Id: auth.c 6649 2007-07-11 21:46:42Z mike $"
+ * "$Id: auth.c 6732 2007-07-26 16:50:20Z mike $"
*
* Authorization routines for the Common UNIX Printing System (CUPS).
*
if (authinfo->count == 1)
strlcpy(username, authinfo->items[0].value, sizeof(username));
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using AuthRef",
+ username);
+
AuthorizationFreeItemSet(authinfo);
}
#endif /* HAVE_AUTHORIZATION_H */
}
strlcpy(username, authorization + 9, sizeof(username));
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using PeerCred",
+ username);
}
#endif /* SO_PEERCRED && AF_LOCAL */
else if (!strncmp(authorization, "Local", 5) &&
authorization ++;
if ((localuser = cupsdFindCert(authorization)) != NULL)
+ {
strlcpy(username, localuser, sizeof(username));
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using Local",
+ username);
+ }
else
{
cupsdLogMessage(CUPSD_LOG_ERROR,
}
#endif /* HAVE_LIBPAM */
}
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using Basic",
+ username);
break;
case AUTH_BASICDIGEST :
username);
return;
}
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using BasicDigest",
+ username);
break;
}
}
username);
return;
}
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using Digest",
+ username);
}
#ifdef HAVE_GSSAPI
else if (!strncmp(authorization, "Negotiate", 9) && type == AUTH_NEGOTIATE)
* Get the username associated with the credentials...
*/
- if (major_status == GSS_S_COMPLETE)
+ if (!con->gss_delegated_cred)
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: No delegated credentials!");
+
+ if (major_status == GSS_S_CONTINUE_NEEDED)
+ cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
+ "cupsdAuthorize: Credentials not complete");
+ else if (major_status == GSS_S_COMPLETE)
{
major_status = gss_display_name(&minor_status, client_name,
&output_token, NULL);
gss_release_name(&minor_status, &client_name);
strlcpy(username, output_token.value, sizeof(username));
+ if ((ptr = strchr(username, '@')) != NULL)
+ *ptr = '\0'; /* Strip @KDC from the username */
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "cupsdAuthorize: Authorized as %s using Negotiate",
+ username);
gss_release_buffer(&minor_status, &output_token);
gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER);
gss_release_name(&minor_status, &client_name);
}
#endif /* HAVE_GSSAPI */
- else
+ else if (type != AUTH_NONE)
{
- cupsdLogMessage(CUPSD_LOG_ERROR, "Bad authentication data.");
+ char scheme[256]; /* Auth scheme... */
+ static const char * const types[] = /* Auth types */
+ {
+ "None",
+ "Basic",
+ "Digest",
+ "BasicDigest",
+ "Negotiate"
+ };
+
+
+ if (sscanf(authorization, "%255s", scheme) != 1)
+ strcpy(scheme, "UNKNOWN");
+
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Bad authentication data \"%s ...\", expected \"%s ...\"",
+ scheme, types[type]);
return;
}
strlcpy(con->username, username, sizeof(con->username));
strlcpy(con->password, password, sizeof(con->password));
-
- cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAuthorize: username=\"%s\"",
- con->username);
}
!(best->type == AUTH_NEGOTIATE ||
(best->type == AUTH_NONE && DefaultAuthType == AUTH_NEGOTIATE)))
{
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdIsAuthorized: Need upgrade to TLS...");
return (HTTP_UPGRADE_REQUIRED);
}
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
if (attr)
{
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdIsAuthorized: requesting-user-name=\"%s\"",
attr->values[0].string.text);
username = attr->values[0].string.text;
}
else
{
- cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: username=\"%s\"",
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdIsAuthorized: username=\"%s\"",
con->username);
#ifdef HAVE_AUTHORIZATION_H
* The user isn't part of the specified group, so deny access...
*/
- cupsdLogMessage(CUPSD_LOG_DEBUG2,
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdIsAuthorized: User not in group(s)!");
return (HTTP_UNAUTHORIZED);
/*
- * End of "$Id: auth.c 6649 2007-07-11 21:46:42Z mike $".
+ * End of "$Id: auth.c 6732 2007-07-26 16:50:20Z mike $".
*/