From: Samuel Cabrero Date: Tue, 27 Oct 2020 15:23:30 +0000 (+0100) Subject: Try local kerberos ccache credentials only for remote servers X-Git-Tag: v2.4b1~212^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f629d079750a86b1b605c285f99c0dea3933ca50;p=thirdparty%2Fcups.git Try local kerberos ccache credentials only for remote servers If connecting to localhost then proceed to ask the client for the authorization using cupsGetPassword2. The get password callback will return 401 to the client with WWW-Authenticate: Negotiate. Fixes: #5596 Signed-off-by: Samuel Cabrero --- diff --git a/cups/auth.c b/cups/auth.c index d2956438de..9661657fc7 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -175,10 +175,10 @@ cupsDoAuthentication( DEBUG_printf(("2cupsDoAuthentication: Trying scheme \"%s\"...", scheme)); #ifdef HAVE_GSSAPI - if (!_cups_strcasecmp(scheme, "Negotiate")) + if (!_cups_strcasecmp(scheme, "Negotiate") && !cups_is_local_connection(http)) { /* - * Kerberos authentication... + * Kerberos authentication to remote server... */ int gss_status; /* Auth status */ @@ -202,7 +202,9 @@ cupsDoAuthentication( } else #endif /* HAVE_GSSAPI */ - if (_cups_strcasecmp(scheme, "Basic") && _cups_strcasecmp(scheme, "Digest")) + if (_cups_strcasecmp(scheme, "Basic") && + _cups_strcasecmp(scheme, "Digest") && + _cups_strcasecmp(scheme, "Negotiate")) { /* * Other schemes not yet supported... @@ -216,7 +218,7 @@ cupsDoAuthentication( * See if we should retry the current username:password... */ - if ((http->digest_tries > 1 || !http->userpass[0]) && (!_cups_strcasecmp(scheme, "Basic") || (!_cups_strcasecmp(scheme, "Digest")))) + if (http->digest_tries > 1 || !http->userpass[0]) { /* * Nope - get a new password from the user...