else
AC_MSG_RESULT(no)
fi
- AC_MSG_CHECKING(for GSS/gssapi_krb5.h presence)
- if test -f $gssdir/Headers/gssapi_krb5.h; then
- AC_DEFINE(HAVE_GSSAPI_KRB5_H)
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
- fi
AC_MSG_CHECKING(for GSS/gssapi_spi.h presence)
if test -f $gssdir/PrivateHeaders/gssapi_spi.h; then
AC_MSG_RESULT(yes)
else
AC_CHECK_HEADER(gssapi.h, AC_DEFINE(HAVE_GSSAPI_H))
AC_CHECK_HEADER(gssapi/gssapi.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_H))
- AC_CHECK_HEADER(gssapi/gssapi_generic.h, AC_DEFINE(HAVE_GSSAPI_GENERIC_H))
- AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_KRB5_H))
fi
SAVELIBS="$LIBS"
#undef HAVE_GSS_GSSAPI_H
#undef HAVE_GSS_GSSAPI_SPI_H
#undef HAVE_GSSAPI
-#undef HAVE_GSSAPI_GENERIC_H
#undef HAVE_GSSAPI_GSSAPI_H
#undef HAVE_GSSAPI_H
-#undef HAVE_GSSAPI_KRB5_H
-#undef HAVE_KRB5_H
/*
# ifdef HAVE_GSSAPI
# ifdef HAVE_GSS_GSSAPI_H
# include <GSS/gssapi.h>
-# ifdef HAVE_GSSAPI_GENERIC_H
-# include <GSS/gssapi_generic.h>
-# endif /* HAVE_GSSAPI_GENERIC_H */
-# ifdef HAVE_GSSAPI_KRB5_H
-# include <GSS/gssapi_krb5.h>
-# endif /* HAVE_GSSAPI_KRB5_H */
# elif defined(HAVE_GSSAPI_GSSAPI_H)
# include <gssapi/gssapi.h>
-# ifdef HAVE_GSSAPI_GENERIC_H
-# include <gssapi/gssapi_generic.h>
-# endif /* HAVE_GSSAPI_GENERIC_H */
-# ifdef HAVE_GSSAPI_KRB5_H
-# include <gssapi/gssapi_krb5.h>
-# endif /* HAVE_GSSAPI_KRB5_H */
# elif defined(HAVE_GSSAPI_H)
# include <gssapi.h>
# endif /* HAVE_GSS_GSSAPI_H */
# ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
# endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
-# ifdef HAVE_KRB5_H
-# include <krb5.h>
-# endif /* HAVE_KRB5_H */
# endif /* HAVE_GSSAPI */
# ifdef HAVE_AUTHORIZATION_H
# endif
# define CUPSD_UCRED_UID(c) (c).uid
#endif /* HAVE_SYS_UCRED_H */
-#ifdef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID
-/* Not in public headers... */
-extern void krb5_ipc_client_set_target_uid(uid_t);
-extern void krb5_ipc_client_clear_target(void);
-#endif /* HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */
/*
while (isspace(*authorization & 255))
authorization ++;
- if ((localuser = cupsdFindCert(authorization)) != NULL)
- {
- strlcpy(username, localuser->username, sizeof(username));
-
- cupsdLogMessage(CUPSD_LOG_DEBUG,
- "[Client %d] Authorized as %s using Local", con->http.fd,
- username);
- }
- else
+ if ((localuser = cupsdFindCert(authorization)) == NULL)
{
cupsdLogMessage(CUPSD_LOG_ERROR,
"[Client %d] Local authentication certificate not found.",
return;
}
-#ifdef HAVE_GSSAPI
- if (localuser->ccache)
- con->type = CUPSD_AUTH_NEGOTIATE;
- else
-#endif /* HAVE_GSSAPI */
- con->type = CUPSD_AUTH_BASIC;
+ strlcpy(username, localuser->username, sizeof(username));
+ con->type = localuser->type;
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
+ "[Client %d] Authorized as %s using Local", con->http.fd,
+ username);
}
else if (!strncmp(authorization, "Basic", 5))
{
*
* Authentication certificate routines for the CUPS scheduler.
*
- * Copyright 2007-2011 by Apple Inc.
+ * Copyright 2007-2012 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
void
cupsdAddCert(int pid, /* I - Process ID */
const char *username, /* I - Username */
- void *ccache) /* I - Kerberos credentials or NULL */
+ int type) /* I - AuthType for username */
{
int i; /* Looping var */
cupsd_cert_t *cert; /* Current certificate */
* Fill in the certificate information...
*/
- cert->pid = pid;
+ cert->pid = pid;
+ cert->type = type;
strlcpy(cert->username, username, sizeof(cert->username));
for (i = 0; i < 32; i ++)
write(fd, cert->certificate, strlen(cert->certificate));
close(fd);
- /*
- * Add Kerberos credentials as needed...
- */
-
-#ifdef HAVE_GSSAPI
- cert->ccache = (krb5_ccache)ccache;
-#else
- (void)ccache;
-#endif /* HAVE_GSSAPI */
-
/*
* Insert the certificate at the front of the list...
*/
else
prev->next = cert->next;
-#ifdef HAVE_GSSAPI
- /*
- * Release Kerberos credentials as needed...
- */
-
- if (cert->ccache)
- krb5_cc_destroy(KerberosContext, cert->ccache);
-#endif /* HAVE_GSSAPI */
-
free(cert);
/*
*/
if (!RunUser)
- cupsdAddCert(0, "root", NULL);
+ cupsdAddCert(0, "root", cupsdDefaultAuthType());
}
*
* Authentication certificate definitions for the CUPS scheduler.
*
- * Copyright 2007-2010 by Apple Inc.
+ * Copyright 2007-2012 by Apple Inc.
* Copyright 1997-2005 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
int pid; /* Process ID (0 for root certificate) */
char certificate[33]; /* 32 hex characters, or 128 bits */
char username[33]; /* Authenticated username */
-#ifdef HAVE_GSSAPI
- krb5_ccache ccache; /* Kerberos credential cache */
-#endif /* HAVE_GSSAPI */
+ int type; /* AuthType for username */
} cupsd_cert_t;
* Prototypes...
*/
-extern void cupsdAddCert(int pid, const char *username,
- void *ccache);
+extern void cupsdAddCert(int pid, const char *username, int type);
extern void cupsdDeleteCert(int pid);
extern void cupsdDeleteAllCerts(void);
extern cupsd_cert_t *cupsdFindCert(const char *certificate);
server_name[1024], /* SERVER_NAME environment variable */
server_port[1024]; /* SERVER_PORT environment variable */
ipp_attribute_t *attr; /* attributes-natural-language attribute */
- void *ccache = NULL; /* Kerberos credentials */
/*
*/
if (con->username[0])
- cupsdAddCert(pid, con->username, ccache);
+ cupsdAddCert(pid, con->username, con->type);
cupsdLogMessage(CUPSD_LOG_DEBUG, "[CGI] Started %s (PID %d)", command, pid);
VAR void *DefaultProfile VALUE(0);
/* Default security profile */
-#ifdef HAVE_GSSAPI
-VAR int KerberosInitialized VALUE(0);
- /* Has Kerberos been initialized? */
-VAR krb5_context KerberosContext VALUE(NULL);
- /* Kerberos context for credentials */
-#endif /* HAVE_GSSAPI */
-
#ifdef HAVE_LAUNCH_H
VAR int Launchd VALUE(0);
/* Running from launchd */
*/
cupsdDeleteCert(0);
- cupsdAddCert(0, "root", NULL);
+ cupsdAddCert(0, "root", DefaultAuthType);
}
#endif /* !HAVE_AUTHORIZATION_H */
cupsdStopSystemMonitor();
#endif /* __APPLE__ */
-#ifdef HAVE_GSSAPI
- /*
- * Free the scheduler's Kerberos context...
- */
-
-# ifdef __APPLE__
- /*
- * If the weak-linked GSSAPI/Kerberos library is not present, don't try
- * to use it...
- */
-
- if (krb5_init_context != NULL)
-# endif /* __APPLE__ */
- if (KerberosContext)
- krb5_free_context(KerberosContext);
-#endif /* HAVE_GSSAPI */
-
cupsdStopSelect();
return (!stop_scheduler);
projects / thirdparty / cups.git / commitdiff
