From: Michael R Sweet <msweet@msweet.org>
Date: Tue, 15 Apr 2025 17:51:22 +0000 (-0400)
Subject: Update client code to issue proper Bearer response, potentially with an error
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=ea5f7598da8665351c99a032a00754bc9d79134d;p=thirdparty%2Fcups.git

Update client code to issue proper Bearer response, potentially with an error
message.  Still need to hook everything up...
---

diff --git a/scheduler/client.c b/scheduler/client.c
index 9028c75376..d10cce3652 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -2101,7 +2101,7 @@ cupsdSendHeader(
     char           *type,		/* I - MIME type of document */
     int            auth_type)		/* I - Type of authentication */
 {
-  char		auth_str[1024];		/* Authorization string */
+  char		auth_str[2048];		/* Authorization string */
 
 
   cupsdLogClient(con, CUPSD_LOG_DEBUG2, "cupsdSendHeader: code=%d, type=\"%s\", auth_type=%d", code, type, auth_type);
@@ -2139,6 +2139,26 @@ cupsdSendHeader(
     {
       cupsCopyString(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
     }
+    else if (auth_type == CUPSD_AUTH_BEARER)
+    {
+     /*
+      * OAuth/OpenID:
+      *
+      * Bearer realm="OAUTH-URI" [scope="SCOPES"] [error="invalid_token" error_description="ERROR"]
+      */
+
+      char	*auth_ptr;		/* Pointer into auth string */
+
+      snprintf(auth_str, sizeof(auth_str), "Bearer realm=\"%s\"", OAuthServer);
+      auth_ptr = auth_str + strlen(auth_str);
+      if (OAuthScopes)
+      {
+        snprintf(auth_ptr, sizeof(auth_str) - (size_t)(auth_ptr - auth_str), " scope=\"%s\"", OAuthScopes);
+        auth_ptr += strlen(auth_ptr);
+      }
+      if (con->autherror[0])
+        snprintf(auth_ptr, sizeof(auth_str) - (size_t)(auth_ptr - auth_str), " error=\"invalid_token\" error_description=\"%s\"", con->autherror);
+    }
     else if (auth_type == CUPSD_AUTH_NEGOTIATE)
     {
       cupsCopyString(auth_str, "Negotiate", sizeof(auth_str));
diff --git a/scheduler/client.h b/scheduler/client.h
index 0498c7e255..bd979bfc02 100644
--- a/scheduler/client.h
+++ b/scheduler/client.h
@@ -1,7 +1,7 @@
 /*
  * Client definitions for the CUPS scheduler.
  *
- * Copyright © 2020-2024 by OpenPrinting.
+ * Copyright © 2020-2025 by OpenPrinting.
  * Copyright © 2007-2018 by Apple Inc.
  * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
@@ -34,6 +34,12 @@ struct cupsd_client_s
 					/* Username from Authorization: line */
 			password[HTTP_MAX_VALUE],
 					/* Password from Authorization: line */
+			email[HTTP_MAX_VALUE],
+					/* EMail from OAuth Bearer token */
+			realname[HTTP_MAX_VALUE],
+					/* Real name from OAuth Bearer token */
+		      	autherror[HTTP_MAX_VALUE],
+					/* Authorization error, if any */
 			uri[HTTP_MAX_URI],
 					/* Localized URL/URI for GET/PUT */
 			*filename,	/* Filename of output file */