From: Michael R Sweet Date: Mon, 16 Apr 2018 21:16:31 +0000 (-0400) Subject: - Added a workaround for certain web browsers that do not support multiple X-Git-Tag: v2.3b5~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4feb1fe2e5bb9f418f51f5f517f70b451159baa2;p=thirdparty%2Fcups.git - Added a workaround for certain web browsers that do not support multiple authentication schemes in a single response header (Issue #5289) --- diff --git a/CHANGES.md b/CHANGES.md index 8fb9d6cfdd..3d0f4f1239 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -CHANGES - 2.3rc1 - 2018-04-11 +CHANGES - 2.3rc1 - 2018-04-16 ============================= Changes in CUPS v2.3rc1 @@ -10,6 +10,8 @@ Changes in CUPS v2.3rc1 the supplied HTTP connection (Issue #5288) - Fixed another crash in the scheduler when adding an IPP Everywhere printer (Issue #5290) +- Added a workaround for certain web browsers that do not support multiple + authentication schemes in a single response header (Issue #5289) - Fixed a parsing bug in the new authentication code. diff --git a/scheduler/client.c b/scheduler/client.c index f388499dcf..95c34877d4 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1,13 +1,14 @@ /* * Client routines for the CUPS scheduler. * - * Copyright 2007-2017 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by * Jelmer Vernooij. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -813,6 +814,18 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (status == HTTP_STATUS_OK) { + /* + * Record whether the client is a web browser. "Mozilla" was the original + * and it seems that every web browser in existence now uses that as the + * prefix with additional information identifying *which* browser. + * + * Chrome (at least) has problems with multiple WWW-Authenticate values in + * a single header, so we only report Basic or Negotiate to web browsers and + * leave the multiple choices to the native CUPS client... + */ + + con->is_browser = !strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), "Mozilla/", 8); + if (httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0]) { /* @@ -2103,8 +2116,7 @@ cupsdSendHeader( strlcpy(auth_str, "Negotiate", sizeof(auth_str)); } - if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && - !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) + if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) { /* * Add a "trc" (try root certification) parameter for local non-Kerberos diff --git a/scheduler/client.h b/scheduler/client.h index aaca8279af..fc7af5400d 100644 --- a/scheduler/client.h +++ b/scheduler/client.h @@ -1,10 +1,11 @@ /* * Client definitions for the CUPS scheduler. * - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ #ifdef HAVE_AUTHORIZATION_H @@ -26,6 +27,7 @@ struct cupsd_client_s struct timeval start; /* Request start time */ http_state_t operation; /* Request operation */ off_t bytes; /* Bytes transferred for this request */ + int is_browser; /* Is the client a web browser? */ int type; /* AuthType for username */ char username[HTTP_MAX_VALUE], /* Username from Authorization: line */