[PATCH] smbspool_krb5_wrapper needs to tell CUPS to do negotiation
Andreas Schneider
asn at samba.org
Fri Jul 7 12:35:07 UTC 2017
Hi,
the smbspool_krb5_wrapper cups backend needs to tell CUPS that we require
negotiation as authenticaton method.
Currently it doesn't do that and always fails (unless you set it manually in
the config file).
Review and push appreciated.
Thanks,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
>From d94c6d873fbac09bd28fcb7caf42913a3964e4ae Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 7 Jul 2017 14:08:49 +0200
Subject: [PATCH] s3:client: The smbspool krb5 wrapper needs negotiate for
authentication
If you create a new printer it doesn't have AuthInfoRequired set and so
cups calls the backend with:
AUTH_INFO_REQUIRED=none
In this case we need to return:
ATTR: auth-info-required=negotiate
and return an error that we require authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
index bf97d82115a..a72006a4c4f 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -95,17 +95,26 @@ int main(int argc, char *argv[])
/* If not set, then just call smbspool. */
if (env == NULL) {
- CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
- goto smbspool;
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
+ "execute smbspool");
+ goto smbspool;
} else {
- CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
- cmp = strcmp(env, "negotiate");
- /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
- if (cmp != 0) {
- CUPS_SMB_ERROR(
- "AUTH_INFO_REQUIRED is not set to negotiate");
- goto smbspool;
- }
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
+
+ cmp = strcmp(env, "username,password");
+ if (cmp == 0) {
+ CUPS_SMB_DEBUG("Authenticate using username/password - "
+ "execute smbspool");
+ goto smbspool;
+ }
+
+ /* if AUTH_INFO_REQUIRED=none */
+ cmp = strcmp(env, "negotiate");
+ if (cmp != 0) {
+ CUPS_SMB_ERROR("Authentication unsupported");
+ fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
+ return CUPS_BACKEND_AUTH_REQUIRED;
+ }
}
uid = getuid();
--
2.13.2
More information about the samba-technical
mailing list