[cups/f16] The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)
Jiří Popelka
jpopelka at fedoraproject.org
Tue Apr 17 16:30:37 UTC 2012
commit cd75cf840527a94241db874cf6ed9d8ec5e38f9b
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Tue Apr 17 18:19:22 2012 +0200
The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)
Detect authentication errors for all requests. (bug #810007, upstream commit revision10277)
cups-revision10277.patch | 43 ++++++++++++++++++++++++++
cups-str3985.patch | 74 ++++++++++++++++++++++++++++++++++++++++++++++
cups.spec | 16 +++++++++-
3 files changed, 132 insertions(+), 1 deletions(-)
---
diff --git a/cups-revision10277.patch b/cups-revision10277.patch
new file mode 100644
index 0000000..4c6e418
--- /dev/null
+++ b/cups-revision10277.patch
@@ -0,0 +1,43 @@
+From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001
+From: mike <mike at 7a7537e8-13f0-0310-91df-b6672ffda945>
+Date: Mon, 13 Feb 2012 23:43:07 +0000
+Subject: [PATCH] Detect authentication errors for all requests.
+
+git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945
+---
+ backend/ipp.c | 9 ++++++---
+ 1 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/backend/ipp.c b/backend/ipp.c
+index bcaab37..d4719e4 100644
+--- a/backend/ipp.c
++++ b/backend/ipp.c
+@@ -898,7 +898,9 @@ main(int argc, /* I - Number of command-line args */
+
+ return (CUPS_BACKEND_STOP);
+ }
+- else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
++ else if (ipp_status == IPP_NOT_AUTHORIZED ||
++ ipp_status == IPP_FORBIDDEN ||
++ ipp_status == IPP_AUTHENTICATION_CANCELED)
+ {
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ /* WWW-Authenticate field value */
+@@ -1472,11 +1474,12 @@ main(int argc, /* I - Number of command-line args */
+ _cupsLangPrintFilter(stderr, "ERROR",
+ _("Print file was not accepted."));
+
+- if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
++ if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
++ ipp_status == IPP_AUTHENTICATION_CANCELED)
+ {
+ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ /* WWW-Authenticate field value */
+-
++
+ if (!strncmp(www_auth, "Negotiate", 9))
+ auth_info_required = "negotiate";
+ else if (www_auth[0])
+--
+1.7.7.6
+
diff --git a/cups-str3985.patch b/cups-str3985.patch
new file mode 100644
index 0000000..4c7da14
--- /dev/null
+++ b/cups-str3985.patch
@@ -0,0 +1,74 @@
+diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
+--- cups-1.5.2/backend/ipp.c.str3985 2012-04-05 10:28:12.568898781 +0200
++++ cups-1.5.2/backend/ipp.c 2012-04-05 10:32:07.165612536 +0200
+@@ -957,9 +957,13 @@ main(int argc, /* I - Number of comm
+ }
+ else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ {
+- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+- "Negotiate", 9))
++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++ /* WWW-Authenticate field value */
++
++ if (!strncmp(www_auth, "Negotiate", 9))
+ auth_info_required = "negotiate";
++ else if (www_auth[0])
++ auth_info_required = "username,password";
+
+ fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
+ return (CUPS_BACKEND_AUTH_REQUIRED);
+@@ -1315,23 +1319,13 @@ main(int argc, /* I - Number of comm
+ else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
+ ipp_status == IPP_AUTHENTICATION_CANCELED)
+ {
+- /*
+- * Update auth-info-required as needed...
+- */
+-
+- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+- /*
+- * Normal authentication goes through the password callback, which sets
+- * auth_info_required to "username,password". Kerberos goes directly
+- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+- * here and set auth_info_required as needed...
+- */
++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++ /* WWW-Authenticate field value */
+
+- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+- "Negotiate", 9))
++ if (!strncmp(www_auth, "Negotiate", 9))
+ auth_info_required = "negotiate";
++ else if (www_auth[0])
++ auth_info_required = "username,password";
+
+ goto cleanup;
+ }
+@@ -1486,19 +1480,13 @@ main(int argc, /* I - Number of comm
+
+ if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ {
+- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+- /*
+- * Normal authentication goes through the password callback, which sets
+- * auth_info_required to "username,password". Kerberos goes directly
+- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+- * here and set auth_info_required as needed...
+- */
+-
+- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+- "Negotiate", 9))
++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++ /* WWW-Authenticate field value */
++
++ if (!strncmp(www_auth, "Negotiate", 9))
+ auth_info_required = "negotiate";
++ else if (www_auth[0])
++ auth_info_required = "username,password";
+ }
+ else
+ sleep(10);
diff --git a/cups.spec b/cups.spec
index 0976bb5..cda80a1 100644
--- a/cups.spec
+++ b/cups.spec
@@ -19,7 +19,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.5.2
-Release: 8.1%{?dist}
+Release: 9%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -79,6 +79,8 @@ Patch36: cups-systemd-socket.patch
Patch37: cups-str4014.patch
Patch38: cups-polld-reconnect.patch
Patch39: cups-translation.patch
+Patch40: cups-str3985.patch
+Patch41: cups-revision10277.patch
Patch100: cups-lspp.patch
@@ -307,6 +309,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
# If the translated message is empty return the original message (bug #797570, STR #4033).
%patch39 -p1 -b .translation
+# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985)
+%patch40 -p1 -b .str3985
+
+# Detect authentication errors for all requests.
+%patch41 -p1 -b .revision10277
+
%if %lspp
# LSPP support.
%patch100 -p1 -b .lspp
@@ -666,6 +674,12 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/ipptool.1.gz
%changelog
+* Tue Apr 17 2012 Jiri Popelka <jpopelka at redhat.com> 1:1.5.2-9
+- The IPP backend did not always setup username/password authentication
+ for printers (bug #810007, STR #3985)
+- Detect authentication errors for all requests.
+ (bug #810007, upstream commit revision10277)
+
* Thu Mar 29 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.2-8.1
- Removed PrivateTmp from service file altogether (bug #807672).
More information about the scm-commits
mailing list