From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Fri, 29 Jun 2018 17:42:38 +0000 (-0400)
Subject: Authentication in the web interface did not work on macOS (rdar://41444473)
X-Git-Tag: v2.3b6~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf265b3aa9e0f1f32c831000a114ecec4bfebc76;p=thirdparty%2Fcups.git

Authentication in the web interface did not work on macOS (rdar://41444473)

cups/auth.c:
- cups_local_auth(): Don't check for AuthRef twice, log fopen errors for the
  root cert as well.

scheduler/client.c:
- Also allow local auth with AuthRef's.
---

diff --git a/CHANGES.md b/CHANGES.md
index 96e5ad854f..d04c0b92d9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,4 @@
-CHANGES - 2.3b6 - 2018-06-18
+CHANGES - 2.3b6 - 2018-06-29
 ============================
 
 Changes in CUPS v2.3b6
@@ -17,6 +17,7 @@ Changes in CUPS v2.3b6
 - The web interface did not list the IPP Everywhere "driver" (Issue #5338)
 - The scheduler did not report all of the supported job options and values
   (Issue #5340)
+- Authentication in the web interface did not work on macOS (rdar://41444473)
 - Fixed a memory leak for some IPP (extension) syntaxes.
 
 
diff --git a/cups/auth.c b/cups/auth.c
index 172f55cfea..291a1a55fc 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -1115,10 +1115,6 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
   if (cups_auth_find(www_auth, "Negotiate"))
     return (1);
 #  endif /* HAVE_GSSAPI */
-#  ifdef HAVE_AUTHORIZATION_H
-  if (cups_auth_find(www_auth, "AuthRef"))
-    return (1);
-#  endif /* HAVE_AUTHORIZATION_H */
 
 #  if defined(SO_PEERCRED) && defined(AF_LOCAL)
  /*
@@ -1168,7 +1164,7 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
     * No certificate for this PID; see if we can get the root certificate...
     */
 
-    DEBUG_printf(("9cups_local_auth: Unable to open file %s: %s", filename, strerror(errno)));
+    DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
 
     if (!cups_auth_param(schemedata, "trc", trc, sizeof(trc)))
     {
@@ -1180,7 +1176,8 @@ cups_local_auth(http_t *http)		/* I - HTTP connection to server */
     }
 
     snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir);
-    fp = fopen(filename, "r");
+    if ((fp = fopen(filename, "r")) == NULL)
+      DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
   }
 
   if (fp)
diff --git a/scheduler/client.c b/scheduler/client.c
index 95b9db6807..cfb0e1b9bd 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2155,7 +2155,7 @@ cupsdSendHeader(
 #ifdef HAVE_AUTHORIZATION_H
 	if (!_cups_strncasecmp(name, "@AUTHKEY(", 9))
 	{
-	  snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", name + 9);
+	  snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", name + 9);
 	  need_local = 0;
 	  /* end parenthesis is stripped in conf.c */
 	  break;
@@ -2166,11 +2166,10 @@ cupsdSendHeader(
 	{
 #ifdef HAVE_AUTHORIZATION_H
 	  if (SystemGroupAuthKey)
-	    snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", SystemGroupAuthKey);
+	    snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", SystemGroupAuthKey);
           else
-#else
-	  strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
 #endif /* HAVE_AUTHORIZATION_H */
+	  strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
 	  need_local = 0;
 	  break;
 	}