[cups/f16] The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)

Jiří Popelka jpopelka at fedoraproject.org
Tue Apr 17 16:30:37 UTC 2012 

commit cd75cf840527a94241db874cf6ed9d8ec5e38f9b
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Tue Apr 17 18:19:22 2012 +0200

    The IPP backend did not always setup username/password authentication. (bug #810007, STR #3985)
    
    Detect authentication errors for all requests. (bug #810007, upstream commit revision10277)

 cups-revision10277.patch |   43 ++++++++++++++++++++++++++
 cups-str3985.patch       |   74 ++++++++++++++++++++++++++++++++++++++++++++++
 cups.spec                |   16 +++++++++-
 3 files changed, 132 insertions(+), 1 deletions(-)
---
diff --git a/cups-revision10277.patch b/cups-revision10277.patch
new file mode 100644
index 0000000..4c6e418
--- /dev/null
+++ b/cups-revision10277.patch
@@ -0,0 +1,43 @@
+From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001
+From: mike <mike at 7a7537e8-13f0-0310-91df-b6672ffda945>
+Date: Mon, 13 Feb 2012 23:43:07 +0000
+Subject: [PATCH] Detect authentication errors for all requests.
+
+git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945
+---
+ backend/ipp.c |    9 ++++++---
+ 1 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/backend/ipp.c b/backend/ipp.c
+index bcaab37..d4719e4 100644
+--- a/backend/ipp.c
++++ b/backend/ipp.c
+@@ -898,7 +898,9 @@ main(int  argc,				/* I - Number of command-line args */
+ 
+ 	return (CUPS_BACKEND_STOP);
+       }
+-      else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
++      else if (ipp_status == IPP_NOT_AUTHORIZED ||
++               ipp_status == IPP_FORBIDDEN ||
++               ipp_status == IPP_AUTHENTICATION_CANCELED)
+       {
+         const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+         				/* WWW-Authenticate field value */
+@@ -1472,11 +1474,12 @@ main(int  argc,				/* I - Number of command-line args */
+         _cupsLangPrintFilter(stderr, "ERROR",
+ 	                     _("Print file was not accepted."));
+ 
+-	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
++	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
++	    ipp_status == IPP_AUTHENTICATION_CANCELED)
+ 	{
+ 	  const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
+ 					/* WWW-Authenticate field value */
+-  
++
+ 	  if (!strncmp(www_auth, "Negotiate", 9))
+ 	    auth_info_required = "negotiate";
+ 	  else if (www_auth[0])
+-- 
+1.7.7.6
+
diff --git a/cups-str3985.patch b/cups-str3985.patch
new file mode 100644
index 0000000..4c7da14
--- /dev/null
+++ b/cups-str3985.patch
@@ -0,0 +1,74 @@
+diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c
+--- cups-1.5.2/backend/ipp.c.str3985	2012-04-05 10:28:12.568898781 +0200
++++ cups-1.5.2/backend/ipp.c	2012-04-05 10:32:07.165612536 +0200
+@@ -957,9 +957,13 @@ main(int  argc,				/* I - Number of comm
+       }
+       else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+       {
+-	if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		     "Negotiate", 9))
++        const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++        				/* WWW-Authenticate field value */
++
++	if (!strncmp(www_auth, "Negotiate", 9))
+ 	  auth_info_required = "negotiate";
++        else if (www_auth[0])
++          auth_info_required = "username,password";
+ 
+ 	fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
+ 	return (CUPS_BACKEND_AUTH_REQUIRED);
+@@ -1315,23 +1319,13 @@ main(int  argc,				/* I - Number of comm
+     else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN ||
+ 	     ipp_status == IPP_AUTHENTICATION_CANCELED)
+     {
+-     /*
+-      * Update auth-info-required as needed...
+-      */
+-
+-      fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+-	      httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+-     /*
+-      * Normal authentication goes through the password callback, which sets
+-      * auth_info_required to "username,password".  Kerberos goes directly
+-      * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+-      * here and set auth_info_required as needed...
+-      */
++      const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++					/* WWW-Authenticate field value */
+ 
+-      if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		   "Negotiate", 9))
++      if (!strncmp(www_auth, "Negotiate", 9))
+ 	auth_info_required = "negotiate";
++      else if (www_auth[0])
++	auth_info_required = "username,password";
+ 
+       goto cleanup;
+     }
+@@ -1486,19 +1480,13 @@ main(int  argc,				/* I - Number of comm
+ 
+ 	if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN)
+ 	{
+-	  fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n",
+-		  httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE));
+-
+-         /*
+-	  * Normal authentication goes through the password callback, which sets
+-	  * auth_info_required to "username,password".  Kerberos goes directly
+-	  * through GSSAPI, so look for Negotiate in the WWW-Authenticate header
+-	  * here and set auth_info_required as needed...
+-	  */
+-
+-	  if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE),
+-		       "Negotiate", 9))
++	  const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE);
++					/* WWW-Authenticate field value */
++  
++	  if (!strncmp(www_auth, "Negotiate", 9))
+ 	    auth_info_required = "negotiate";
++	  else if (www_auth[0])
++	    auth_info_required = "username,password";
+ 	}
+ 	else
+ 	  sleep(10);
diff --git a/cups.spec b/cups.spec
index 0976bb5..cda80a1 100644
--- a/cups.spec
+++ b/cups.spec
@@ -19,7 +19,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.5.2
-Release: 8.1%{?dist}
+Release: 9%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -79,6 +79,8 @@ Patch36: cups-systemd-socket.patch
 Patch37: cups-str4014.patch
 Patch38: cups-polld-reconnect.patch
 Patch39: cups-translation.patch
+Patch40: cups-str3985.patch
+Patch41: cups-revision10277.patch
 
 Patch100: cups-lspp.patch
 
@@ -307,6 +309,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results.
 # If the translated message is empty return the original message (bug #797570, STR #4033).
 %patch39 -p1 -b .translation
 
+# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985)
+%patch40 -p1 -b .str3985
+
+# Detect authentication errors for all requests.
+%patch41 -p1 -b .revision10277
+
 %if %lspp
 # LSPP support.
 %patch100 -p1 -b .lspp
@@ -666,6 +674,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/ipptool.1.gz
 
 %changelog
+* Tue Apr 17 2012 Jiri Popelka <jpopelka at redhat.com> 1:1.5.2-9
+- The IPP backend did not always setup username/password authentication
+  for printers (bug #810007, STR #3985)
+- Detect authentication errors for all requests.
+  (bug #810007, upstream commit revision10277)
+
 * Thu Mar 29 2012 Tim Waugh <twaugh at redhat.com> 1:1.5.2-8.1
 - Removed PrivateTmp from service file altogether (bug #807672).

More information about the scm-commits mailing list