[PATCH] smbspool_krb5_wrapper needs to tell CUPS to do negotiation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[PATCH] smbspool_krb5_wrapper needs to tell CUPS to do negotiation

Samba - samba-technical mailing list
Hi,

the smbspool_krb5_wrapper cups backend needs to tell CUPS that we require
negotiation as authenticaton method.

Currently it doesn't do that and always fails (unless you set it manually in
the config file).


Review and push appreciated.


Thanks,


        Andreas

--
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             [hidden email]
www.samba.org

smbspool-krb5-wrapper-needs-negotiate.patch.txt (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [PATCH] smbspool_krb5_wrapper needs to tell CUPS to do negotiation

Samba - samba-technical mailing list
On Fri, Jul 07, 2017 at 02:35:07PM +0200, Andreas Schneider via samba-technical wrote:

> Hi,
>
> the smbspool_krb5_wrapper cups backend needs to tell CUPS that we require
> negotiation as authenticaton method.
>
> Currently it doesn't do that and always fails (unless you set it manually in
> the config file).
>
>
> Review and push appreciated.

LGTM. Pushed !

> Thanks,
>
>
> Andreas
>
> --
> Andreas Schneider                   GPG-ID: CC014E3D
> Samba Team                             [hidden email]
> www.samba.org

> From d94c6d873fbac09bd28fcb7caf42913a3964e4ae Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <[hidden email]>
> Date: Fri, 7 Jul 2017 14:08:49 +0200
> Subject: [PATCH] s3:client: The smbspool krb5 wrapper needs negotiate for
>  authentication
>
> If you create a new printer it doesn't have AuthInfoRequired set and so
> cups calls the backend with:
>
>   AUTH_INFO_REQUIRED=none
>
> In this case we need to return:
>
>   ATTR: auth-info-required=negotiate
>
> and return an error that we require authentication.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
>
> Signed-off-by: Andreas Schneider <[hidden email]>
> ---
>  source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
>  1 file changed, 19 insertions(+), 10 deletions(-)
>
> diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
> index bf97d82115a..a72006a4c4f 100644
> --- a/source3/client/smbspool_krb5_wrapper.c
> +++ b/source3/client/smbspool_krb5_wrapper.c
> @@ -95,17 +95,26 @@ int main(int argc, char *argv[])
>  
>          /* If not set, then just call smbspool. */
>   if (env == NULL) {
> - CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
> -                goto smbspool;
> + CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
> +       "execute smbspool");
> + goto smbspool;
>   } else {
> -                CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
> -                cmp = strcmp(env, "negotiate");
> -                /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
> -                if (cmp != 0) {
> -                          CUPS_SMB_ERROR(
> -                            "AUTH_INFO_REQUIRED is not set to negotiate");
> -                          goto smbspool;
> -                }
> + CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
> +
> + cmp = strcmp(env, "username,password");
> + if (cmp == 0) {
> + CUPS_SMB_DEBUG("Authenticate using username/password - "
> +       "execute smbspool");
> + goto smbspool;
> + }
> +
> + /* if AUTH_INFO_REQUIRED=none */
> + cmp = strcmp(env, "negotiate");
> + if (cmp != 0) {
> + CUPS_SMB_ERROR("Authentication unsupported");
> + fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
> + return CUPS_BACKEND_AUTH_REQUIRED;
> + }
>   }
>  
>   uid = getuid();
> --
> 2.13.2
>


Loading...