/*
- * "$Id: auth.c 6758 2007-08-02 00:13:44Z mike $"
+ * "$Id: auth.c 6947 2007-09-12 21:09:49Z mike $"
*
* Authorization routines for the Common UNIX Printing System (CUPS).
*
- * Copyright 2007 by Apple Inc.
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
* cupsdAddName() - Add a name to a location...
* cupsdAllowHost() - Add a host name that is allowed to access the
* location.
- * cupsdAllowIP() - Add an IP address or network that is allowed
- * to access the location.
+ * cupsdAllowIP() - Add an IP address or network that is allowed to
+ * access the location.
* cupsdAuthorize() - Validate any authorization credentials.
+ * cupsdCheckAccess() - Check whether the given address is allowed to
+ * access a location.
* cupsdCheckAuth() - Check authorization masks.
* cupsdCheckGroup() - Check for a user's group membership.
* cupsdCopyLocation() - Make a copy of a location...
* cupsdIsAuthorized() - Check to see if the user is authorized...
* add_allow() - Add an allow mask to the location.
* add_deny() - Add a deny mask to the location.
+ * check_authref() - Check if an authorization services reference
+ * has the supplied right.
* compare_locations() - Compare two locations.
* cups_crypt() - Encrypt the password using the DES or MD5
* algorithms, as needed.
* get_md5_password() - Get an MD5 password.
* pam_func() - PAM conversation function.
* to64() - Base64-encode an integer value...
- * check_authref() - Check an authorization services reference.
*/
/*
extern const char *cssmErrorString(int error);
# endif /* HAVE_SECBASEPRIV_H */
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif /* HAVE_SYS_PARAM_H */
#ifdef HAVE_SYS_UCRED_H
# include <sys/ucred.h>
typedef struct xucred cupsd_ucred_t;
* Initialize the record and copy the name over...
*/
- temp->location = strdup(location);
- temp->length = strlen(temp->location);
+ if ((temp->location = strdup(location)) == NULL)
+ {
+ free(temp);
+ return (NULL);
+ }
+
+ temp->length = strlen(temp->location);
cupsArrayAdd(Locations, temp);
* Allow *interface*...
*/
- temp->type = AUTH_INTERFACE;
+ temp->type = CUPSD_AUTH_INTERFACE;
temp->mask.name.name = strdup("*");
temp->mask.name.length = 1;
}
*ifptr = '\0';
}
- temp->type = AUTH_INTERFACE;
+ temp->type = CUPSD_AUTH_INTERFACE;
temp->mask.name.name = strdup(ifname);
temp->mask.name.length = ifptr - ifname;
}
* Allow name...
*/
- temp->type = AUTH_NAME;
+ temp->type = CUPSD_AUTH_NAME;
temp->mask.name.name = strdup(name);
temp->mask.name.length = strlen(name);
}
*/
void
-cupsdAllowIP(cupsd_location_t *loc, /* I - Location to add to */
- unsigned address[4], /* I - IP address to add */
- unsigned netmask[4]) /* I - Netmask of address */
+cupsdAllowIP(
+ cupsd_location_t *loc, /* I - Location to add to */
+ const unsigned address[4], /* I - IP address to add */
+ const unsigned netmask[4]) /* I - Netmask of address */
{
cupsd_authmask_t *temp; /* New host/domain mask */
if ((temp = add_allow(loc)) == NULL)
return;
- temp->type = AUTH_IP;
+ temp->type = CUPSD_AUTH_IP;
memcpy(temp->mask.ip.address, address, sizeof(temp->mask.ip.address));
memcpy(temp->mask.ip.netmask, netmask, sizeof(temp->mask.ip.netmask));
}
int type; /* Authentication type */
const char *authorization; /* Pointer into Authorization string */
char *ptr, /* Pointer into string */
- username[65], /* Username string */
+ username[256], /* Username string */
password[33]; /* Password string */
const char *localuser; /* Certificate username */
char nonce[HTTP_MAX_VALUE], /* Nonce value from client */
*/
con->best = cupsdFindBest(con->uri, con->http.state);
+ con->type = CUPSD_AUTH_NONE;
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdAuthorize: con->uri=\"%s\", con->best=%p(%s)",
con->uri, con->best, con->best ? con->best->location : "");
- if (con->best && con->best->type != AUTH_NONE)
+ if (con->best && con->best->type != CUPSD_AUTH_NONE)
{
- if (con->best->type == AUTH_DEFAULT)
+ if (con->best->type == CUPSD_AUTH_DEFAULT)
type = DefaultAuthType;
else
type = con->best->type;
}
- else if (!strncmp(con->uri, "/printers/", 10) ||
- !strncmp(con->uri, "/classes/", 9))
- {
- /*
- * Lookup the printer or class and see what kind of authentication it
- * needs...
- */
-
- cupsd_printer_t *p; /* Printer or class */
-
-
- if (!strncmp(con->uri, "/printers/", 10))
- p = cupsdFindDest(con->uri + 10);
- else
- p = cupsdFindDest(con->uri + 9);
-
- if (p && p->num_auth_info_required > 0 &&
- !strcmp(p->auth_info_required[0], "negotiate"))
- type = AUTH_NEGOTIATE;
- else
- type = DefaultAuthType;
- }
else
type = DefaultAuthType;
}
#endif /* HAVE_AUTHORIZATION_H */
- if (type == AUTH_NONE)
- {
- /*
- * No authorization required, return early...
- */
-
- cupsdLogMessage(CUPSD_LOG_DEBUG,
- "cupsdAuthorize: No authentication required.");
- return;
- }
- else if (!*authorization)
+ if (!*authorization)
{
/*
* No authorization data provided, return early...
username);
AuthorizationFreeItemSet(authinfo);
+
+ con->type = CUPSD_AUTH_BASIC;
}
#endif /* HAVE_AUTHORIZATION_H */
#if defined(SO_PEERCRED) && defined(AF_LOCAL)
cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdAuthorize: Authorized as %s using PeerCred",
username);
+
+ con->type = CUPSD_AUTH_BASIC;
}
#endif /* SO_PEERCRED && AF_LOCAL */
else if (!strncmp(authorization, "Local", 5) &&
"found!");
return;
}
+
+ con->type = CUPSD_AUTH_BASIC;
}
- else if (!strncmp(authorization, "Basic", 5) &&
- (type == AUTH_BASIC || type == AUTH_BASICDIGEST))
+ else if (!strncmp(authorization, "Basic", 5))
{
/*
* Get the Basic authentication data...
switch (type)
{
- case AUTH_BASIC :
+ default :
+ case CUPSD_AUTH_BASIC :
{
#if HAVE_LIBPAM
/*
return;
}
+# if defined(HAVE_PAM_SET_ITEM) && defined(PAM_RHOST)
+ pamerr = pam_set_item(pamh, PAM_RHOST, con->http.hostname);
+ if (pamerr != PAM_SUCCESS)
+ cupsdLogMessage(CUPSD_LOG_WARN,
+ "cupsdAuthorize: pam_set_item() returned %d "
+ "(%s)!\n", pamerr, pam_strerror(pamh, pamerr));
+# endif /* HAVE_PAM_SET_ITEM && PAM_RHOST */
+
pamerr = pam_authenticate(pamh, PAM_SILENT);
if (pamerr != PAM_SUCCESS)
{
username);
break;
- case AUTH_BASICDIGEST :
+ case CUPSD_AUTH_BASICDIGEST :
/*
* Do Basic authentication with the Digest password file...
*/
username);
break;
}
+
+ con->type = type;
}
- else if (!strncmp(authorization, "Digest", 6) && type == AUTH_DIGEST)
+ else if (!strncmp(authorization, "Digest", 6))
{
/*
* Get the username, password, and nonce from the Digest attributes...
cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdAuthorize: Authorized as %s using Digest",
username);
+
+ con->type = CUPSD_AUTH_DIGEST;
}
#ifdef HAVE_GSSAPI
- else if (!strncmp(authorization, "Negotiate", 9) && type == AUTH_NEGOTIATE)
+ else if (!strncmp(authorization, "Negotiate", 9))
{
int len; /* Length of authorization string */
gss_cred_id_t server_creds; /* Server credentials */
if (context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER);
+
+ gss_release_cred(&minor_status, &server_creds);
return;
}
/*
- * Get the username associated with the credentials...
+ * Release our credentials...
+ */
+
+ gss_release_cred(&minor_status, &server_creds);
+
+ /*
+ * Get the username associated with the client's credentials...
*/
if (!con->gss_delegated_cred)
gss_release_name(&minor_status, &client_name);
strlcpy(username, output_token.value, sizeof(username));
- if ((ptr = strchr(username, '@')) != NULL)
- *ptr = '\0'; /* Strip @KDC from the username */
cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdAuthorize: Authorized as %s using Negotiate",
gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER);
con->gss_have_creds = 1;
+
+ con->type = CUPSD_AUTH_NEGOTIATE;
}
else
gss_release_name(&minor_status, &client_name);
}
#endif /* HAVE_GSSAPI */
- else if (type != AUTH_NONE)
+ else
{
char scheme[256]; /* Auth scheme... */
- static const char * const types[] = /* Auth types */
- {
- "None",
- "Basic",
- "Digest",
- "BasicDigest",
- "Negotiate"
- };
if (sscanf(authorization, "%255s", scheme) != 1)
strcpy(scheme, "UNKNOWN");
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Bad authentication data \"%s ...\", expected \"%s ...\"",
- scheme, types[type]);
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Bad authentication data \"%s ...\"",
+ scheme);
return;
}
}
+/*
+ * 'cupsdCheckAccess()' - Check whether the given address is allowed to
+ * access a location.
+ */
+
+int /* O - 1 if allowed, 0 otherwise */
+cupsdCheckAccess(
+ unsigned ip[4], /* I - Client address */
+ char *name, /* I - Client hostname */
+ int namelen, /* I - Length of hostname */
+ cupsd_location_t *loc) /* I - Location to check */
+{
+ int allow; /* 1 if allowed, 0 otherwise */
+
+
+ if (!strcasecmp(name, "localhost"))
+ {
+ /*
+ * Access from localhost (127.0.0.1 or ::1) is always allowed...
+ */
+
+ return (1);
+ }
+ else
+ {
+ /*
+ * Do authorization checks on the domain/address...
+ */
+
+ switch (loc->order_type)
+ {
+ default :
+ allow = 0; /* anti-compiler-warning-code */
+ break;
+
+ case CUPSD_AUTH_ALLOW : /* Order Deny,Allow */
+ allow = 1;
+
+ if (cupsdCheckAuth(ip, name, namelen, loc->num_deny, loc->deny))
+ allow = 0;
+
+ if (cupsdCheckAuth(ip, name, namelen, loc->num_allow, loc->allow))
+ allow = 1;
+ break;
+
+ case CUPSD_AUTH_DENY : /* Order Allow,Deny */
+ allow = 0;
+
+ if (cupsdCheckAuth(ip, name, namelen, loc->num_allow, loc->allow))
+ allow = 1;
+
+ if (cupsdCheckAuth(ip, name, namelen, loc->num_deny, loc->deny))
+ allow = 0;
+ break;
+ }
+ }
+
+ return (allow);
+}
+
+
/*
* 'cupsdCheckAuth()' - Check authorization masks.
*/
{
switch (masks->type)
{
- case AUTH_INTERFACE :
+ case CUPSD_AUTH_INTERFACE :
/*
* Check for a match with a network interface...
*/
}
break;
- case AUTH_NAME :
+ case CUPSD_AUTH_NAME :
/*
* Check for exact name match...
*/
return (1);
break;
- case AUTH_IP :
+ case CUPSD_AUTH_IP :
/*
* Check for IP/network address match...
*/
for (i = 0; i < temp->num_allow; i ++)
switch (temp->allow[i].type = (*loc)->allow[i].type)
{
- case AUTH_NAME :
+ case CUPSD_AUTH_NAME :
temp->allow[i].mask.name.length = (*loc)->allow[i].mask.name.length;
temp->allow[i].mask.name.name = strdup((*loc)->allow[i].mask.name.name);
return (NULL);
}
break;
- case AUTH_IP :
+ case CUPSD_AUTH_IP :
memcpy(&(temp->allow[i].mask.ip), &((*loc)->allow[i].mask.ip),
sizeof(cupsd_ipmask_t));
break;
for (i = 0; i < temp->num_deny; i ++)
switch (temp->deny[i].type = (*loc)->deny[i].type)
{
- case AUTH_NAME :
+ case CUPSD_AUTH_NAME :
temp->deny[i].mask.name.length = (*loc)->deny[i].mask.name.length;
temp->deny[i].mask.name.name = strdup((*loc)->deny[i].mask.name.name);
return (NULL);
}
break;
- case AUTH_IP :
+ case CUPSD_AUTH_IP :
memcpy(&(temp->deny[i].mask.ip), &((*loc)->deny[i].mask.ip),
sizeof(cupsd_ipmask_t));
break;
free(loc->names);
for (i = loc->num_allow, mask = loc->allow; i > 0; i --, mask ++)
- if (mask->type == AUTH_NAME || mask->type == AUTH_INTERFACE)
+ if (mask->type == CUPSD_AUTH_NAME || mask->type == CUPSD_AUTH_INTERFACE)
free(mask->mask.name.name);
if (loc->num_allow > 0)
free(loc->allow);
for (i = loc->num_deny, mask = loc->deny; i > 0; i --, mask ++)
- if (mask->type == AUTH_NAME || mask->type == AUTH_INTERFACE)
+ if (mask->type == CUPSD_AUTH_NAME || mask->type == CUPSD_AUTH_INTERFACE)
free(mask->mask.name.name);
if (loc->num_deny > 0)
* Deny *interface*...
*/
- temp->type = AUTH_INTERFACE;
+ temp->type = CUPSD_AUTH_INTERFACE;
temp->mask.name.name = strdup("*");
temp->mask.name.length = 1;
}
*ifptr = '\0';
}
- temp->type = AUTH_INTERFACE;
+ temp->type = CUPSD_AUTH_INTERFACE;
temp->mask.name.name = strdup(ifname);
temp->mask.name.length = ifptr - ifname;
}
* Deny name...
*/
- temp->type = AUTH_NAME;
+ temp->type = CUPSD_AUTH_NAME;
temp->mask.name.name = strdup(name);
temp->mask.name.length = strlen(name);
}
void
cupsdDenyIP(cupsd_location_t *loc, /* I - Location to add to */
- unsigned address[4],/* I - IP address to add */
- unsigned netmask[4])/* I - Netmask of address */
+ const unsigned address[4],/* I - IP address to add */
+ const unsigned netmask[4])/* I - Netmask of address */
{
cupsd_authmask_t *temp; /* New host/domain mask */
if ((temp = add_deny(loc)) == NULL)
return;
- temp->type = AUTH_IP;
+ temp->type = CUPSD_AUTH_IP;
memcpy(temp->mask.ip.address, address, sizeof(temp->mask.ip.address));
memcpy(temp->mask.ip.netmask, netmask, sizeof(temp->mask.ip.netmask));
}
*best; /* Best match for location so far */
int bestlen; /* Length of best match */
int limit; /* Limit field */
- static const int limits[] = /* Map http_status_t to AUTH_LIMIT_xyz */
+ static const int limits[] = /* Map http_status_t to CUPSD_AUTH_LIMIT_xyz */
{
- AUTH_LIMIT_ALL,
- AUTH_LIMIT_OPTIONS,
- AUTH_LIMIT_GET,
- AUTH_LIMIT_GET,
- AUTH_LIMIT_HEAD,
- AUTH_LIMIT_POST,
- AUTH_LIMIT_POST,
- AUTH_LIMIT_POST,
- AUTH_LIMIT_PUT,
- AUTH_LIMIT_PUT,
- AUTH_LIMIT_DELETE,
- AUTH_LIMIT_TRACE,
- AUTH_LIMIT_ALL,
- AUTH_LIMIT_ALL
+ CUPSD_AUTH_LIMIT_ALL,
+ CUPSD_AUTH_LIMIT_OPTIONS,
+ CUPSD_AUTH_LIMIT_GET,
+ CUPSD_AUTH_LIMIT_GET,
+ CUPSD_AUTH_LIMIT_HEAD,
+ CUPSD_AUTH_LIMIT_POST,
+ CUPSD_AUTH_LIMIT_POST,
+ CUPSD_AUTH_LIMIT_POST,
+ CUPSD_AUTH_LIMIT_PUT,
+ CUPSD_AUTH_LIMIT_PUT,
+ CUPSD_AUTH_LIMIT_DELETE,
+ CUPSD_AUTH_LIMIT_TRACE,
+ CUPSD_AUTH_LIMIT_ALL,
+ CUPSD_AUTH_LIMIT_ALL
};
const char *owner)/* I - Owner of object */
{
int i, j, /* Looping vars */
- auth; /* Authorization status */
+ auth, /* Authorization status */
+ type; /* Type of authentication */
unsigned address[4]; /* Authorization address */
cupsd_location_t *best; /* Best match for location so far */
int hostlen; /* Length of hostname */
- const char *username; /* Username to authorize */
+ char username[256], /* Username to authorize */
+ ownername[256], /* Owner name to authorize */
+ *ptr; /* Pointer into username */
struct passwd *pw; /* User password data */
static const char * const levels[] = /* Auth levels */
{
};
static const char * const types[] = /* Auth types */
{
- "NONE",
- "BASIC",
- "DIGEST",
- "BASICDIGEST",
- "KERBEROS"
+ "None",
+ "Basic",
+ "Digest",
+ "BasicDigest",
+ "Negotiate"
};
best = con->best;
+ if ((type = best->type) == CUPSD_AUTH_DEFAULT)
+ type = DefaultAuthType;
+
cupsdLogMessage(CUPSD_LOG_DEBUG2,
- "cupsdIsAuthorized: level=AUTH_%s, type=AUTH_%s, "
- "satisfy=AUTH_SATISFY_%s, num_names=%d",
- levels[best->level], types[best->type],
+ "cupsdIsAuthorized: level=CUPSD_AUTH_%s, type=%s, "
+ "satisfy=CUPSD_AUTH_SATISFY_%s, num_names=%d",
+ levels[best->level], types[type],
best->satisfy ? "ANY" : "ALL", best->num_names);
- if (best->limit == AUTH_LIMIT_IPP)
+ if (best->limit == CUPSD_AUTH_LIMIT_IPP)
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: op=%x(%s)",
best->op, ippOpString(best->op));
hostlen = strlen(con->http.hostname);
- if (!strcasecmp(con->http.hostname, "localhost"))
- {
- /*
- * Access from localhost (127.0.0.1 or ::1) is always allowed...
- */
+ auth = cupsdCheckAccess(address, con->http.hostname, hostlen, best)
+ ? CUPSD_AUTH_ALLOW : CUPSD_AUTH_DENY;
- auth = AUTH_ALLOW;
- }
- else
- {
- /*
- * Do authorization checks on the domain/address...
- */
-
- switch (best->order_type)
- {
- default :
- auth = AUTH_DENY; /* anti-compiler-warning-code */
- break;
-
- case AUTH_ALLOW : /* Order Deny,Allow */
- auth = AUTH_ALLOW;
-
- if (cupsdCheckAuth(address, con->http.hostname, hostlen,
- best->num_deny, best->deny))
- auth = AUTH_DENY;
-
- if (cupsdCheckAuth(address, con->http.hostname, hostlen,
- best->num_allow, best->allow))
- auth = AUTH_ALLOW;
- break;
-
- case AUTH_DENY : /* Order Allow,Deny */
- auth = AUTH_DENY;
-
- if (cupsdCheckAuth(address, con->http.hostname, hostlen,
- best->num_allow, best->allow))
- auth = AUTH_ALLOW;
-
- if (cupsdCheckAuth(address, con->http.hostname, hostlen,
- best->num_deny, best->deny))
- auth = AUTH_DENY;
- break;
- }
- }
-
- cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: auth=AUTH_%s...",
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: auth=CUPSD_AUTH_%s...",
auth ? "DENY" : "ALLOW");
- if (auth == AUTH_DENY && best->satisfy == AUTH_SATISFY_ALL)
+ if (auth == CUPSD_AUTH_DENY && best->satisfy == CUPSD_AUTH_SATISFY_ALL)
return (HTTP_FORBIDDEN);
#ifdef HAVE_SSL
if ((best->encryption >= HTTP_ENCRYPT_REQUIRED && !con->http.tls &&
strcasecmp(con->http.hostname, "localhost") &&
- best->satisfy == AUTH_SATISFY_ALL) &&
- !(best->type == AUTH_NEGOTIATE ||
- (best->type == AUTH_NONE && DefaultAuthType == AUTH_NEGOTIATE)))
+ best->satisfy == CUPSD_AUTH_SATISFY_ALL) &&
+ !(type == CUPSD_AUTH_NEGOTIATE ||
+ (type == CUPSD_AUTH_NONE && DefaultAuthType == CUPSD_AUTH_NEGOTIATE)))
{
cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdIsAuthorized: Need upgrade to TLS...");
* Now see what access level is required...
*/
- if (best->level == AUTH_ANON || /* Anonymous access - allow it */
- (best->type == AUTH_NONE && best->num_names == 0))
+ if (best->level == CUPSD_AUTH_ANON || /* Anonymous access - allow it */
+ (type == CUPSD_AUTH_NONE && best->num_names == 0))
return (HTTP_OK);
- if (!con->username[0] && best->type == AUTH_NONE &&
- best->limit == AUTH_LIMIT_IPP)
+ if (!con->username[0] && type == CUPSD_AUTH_NONE &&
+ best->limit == CUPSD_AUTH_LIMIT_IPP)
{
/*
* Check for unauthenticated username...
cupsdLogMessage(CUPSD_LOG_DEBUG,
"cupsdIsAuthorized: requesting-user-name=\"%s\"",
attr->values[0].string.text);
- username = attr->values[0].string.text;
+ strlcpy(username, attr->values[0].string.text, sizeof(username));
}
- else if (best->satisfy == AUTH_SATISFY_ALL || auth == AUTH_DENY)
+ else if (best->satisfy == CUPSD_AUTH_SATISFY_ALL || auth == CUPSD_AUTH_DENY)
return (HTTP_UNAUTHORIZED); /* Non-anonymous needs user/pass */
else
return (HTTP_OK); /* unless overridden with Satisfy */
if (!con->username[0])
#endif /* HAVE_AUTHORIZATION_H */
{
- if (best->satisfy == AUTH_SATISFY_ALL || auth == AUTH_DENY)
+ if (best->satisfy == CUPSD_AUTH_SATISFY_ALL || auth == CUPSD_AUTH_DENY)
return (HTTP_UNAUTHORIZED); /* Non-anonymous needs user/pass */
else
return (HTTP_OK); /* unless overridden with Satisfy */
}
- username = con->username;
+ if (con->type != type && type != CUPSD_AUTH_NONE &&
+ (con->type != CUPSD_AUTH_BASIC || type != CUPSD_AUTH_BASICDIGEST))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Authorized using %s, expected %s!",
+ types[con->type], types[type]);
+
+ return (HTTP_UNAUTHORIZED);
+ }
+
+ strlcpy(username, con->username, sizeof(username));
}
/*
if (!strcmp(username, "root"))
return (HTTP_OK);
+ /*
+ * Strip any @domain or @KDC from the username and owner...
+ */
+
+ if ((ptr = strchr(username, '@')) != NULL)
+ *ptr = '\0';
+
+ if (owner)
+ {
+ strlcpy(ownername, owner, sizeof(ownername));
+
+ if ((ptr = strchr(ownername, '@')) != NULL)
+ *ptr = '\0';
+ }
+ else
+ ownername[0] = '\0';
+
/*
* Get the user info...
*/
else
pw = NULL;
- if (best->level == AUTH_USER)
+ if (best->level == CUPSD_AUTH_USER)
{
/*
* If there are no names associated with this location, then
for (i = 0; i < best->num_names; i ++)
{
if (!strcasecmp(best->names[i], "@OWNER") && owner &&
- !strcasecmp(username, owner))
+ !strcasecmp(username, ownername))
return (HTTP_OK);
else if (!strcasecmp(best->names[i], "@SYSTEM"))
{
/*
- * End of "$Id: auth.c 6758 2007-08-02 00:13:44Z mike $".
+ * End of "$Id: auth.c 6947 2007-09-12 21:09:49Z mike $".
*/
projects / thirdparty / cups.git / blobdiff