git.ipfire.org Git - thirdparty/cups.git/commit

author	Samuel Cabrero <scabrero@suse.de>
	Tue, 27 Oct 2020 15:18:03 +0000 (16:18 +0100)
committer	Samuel Cabrero <scabrero@suse.de>
	Tue, 27 Oct 2020 16:30:33 +0000 (17:30 +0100)
commit	0563a28b18b21d5574a5e0e38b74246146074bbf
tree	fbbf71655ce096506cee8443321e5a71ab787ea0	tree
parent	f629d079750a86b1b605c285f99c0dea3933ca50	commit \| diff

Allow Local authentication for Negotiate

PeerCred is also possible if address family is AF_LOCAL. This will allow
the CGI programs to generate the authorization from the local
certificates based on PID also when Negotiate is used for local
connections:

Client                       CGI
Browser <- Remote conn -> admin.cgi <--- Localhost conn --->  Scheduler
  |                           |                                    |
  + --- HTTP/POST /admin/ --> |                                    |
  |                           + --- CUPS-Get-Devices ------------> |
  |                           |                                    |
  |                           | <-- 401 Unauthorized --------------+
  |                           |     WWW-Authenticate:              |
  |                           |       Negotiate, (PeerCred,) Local |
  |                           |                                    |
  | <-- 401 Unauthorized -----+                                    |
  |     WWW-Authenticate:     |                                    |
  |       Negotiate           |                                    |
  |                           |                                    |
  | --- HTTP/POST /admin/ --> |                                    |
  |     Authorization:        + --- IPP CUPS-GetDevices ---------> |
  |       Negotiate           |     Authorization: Local <cert>    |
  |                           |                                    |

Fixes: #5596
Signed-off-by: Samuel Cabrero <scabrero@suse.de>

cups/auth.c		diff \| blob \| blame \| history
scheduler/client.c		diff \| blob \| blame \| history