[PATCH] Evaluate the AUTH_INFO_REQUIRED variable set by cups in smbspool

Andreas Schneider asn at samba.org
Thu Feb 7 08:33:10 UTC 2019


Hi,

attached is a patch to fix an issue with smbspool as a CUPS backend configured 
to use Kerberos.

See details at https://bugzilla.redhat.com/show_bug.cgi?id=1662408


Review much appreciated.


Thanks,


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From 09e18eaa7e3c17579c47cf8ca4449f034b08d528 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Fri, 4 Jan 2019 09:21:24 +0100
Subject: [PATCH] s3:smbspoolss: Evaluate the AUTH_INFO_REQUIRED variable set
 by cups

This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source3/client/smbspool.c | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 4f312a6d294..ea91f68924c 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -61,7 +61,7 @@
  * Local functions...
  */
 
-static int      get_exit_code(struct cli_state * cli, NTSTATUS nt_status, bool use_kerberos);
+static int      get_exit_code(struct cli_state * cli, NTSTATUS nt_status);
 static void     list_devices(void);
 static struct cli_state *smb_complete_connection(const char *, const char *,
 	int, const char *, const char *, const char *, const char *, int, bool *need_auth);
@@ -73,6 +73,8 @@ static char    *uri_unescape_alloc(const char *);
 static bool     smb_encrypt;
 #endif
 
+static const char *auth_info_required;
+
 /*
  * 'main()' - Main entry for SMB backend.
  */
@@ -186,6 +188,11 @@ main(int argc,			/* I - Number of command-line arguments */
 		}
 	}
 
+	auth_info_required = getenv("AUTH_INFO_REQUIRED");
+	if (auth_info_required == NULL) {
+		auth_info_required = "none";
+	}
+
 	cmp = strncmp(dev_uri, "smb://", 6);
 	if (cmp != 0) {
 		fprintf(stderr,
@@ -234,6 +241,10 @@ main(int argc,			/* I - Number of command-line arguments */
 		server = uri + 6;
 	}
 
+	if (password != empty_str) {
+		auth_info_required = "username,password";
+	}
+
 	tmp = server;
 
 	if ((sep = strchr_m(tmp, '/')) == NULL) {
@@ -353,8 +364,7 @@ done:
 
 static int
 get_exit_code(struct cli_state * cli,
-	      NTSTATUS nt_status,
-	      bool use_kerberos)
+	      NTSTATUS nt_status)
 {
 	int i;
 
@@ -381,10 +391,7 @@ get_exit_code(struct cli_state * cli,
 		}
 
 		if (cli) {
-			if (use_kerberos)
-				fputs("ATTR: auth-info-required=negotiate\n", stderr);
-			else
-				fputs("ATTR: auth-info-required=username,password\n", stderr);
+			fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required);
 		}
 
 		/*
@@ -453,6 +460,7 @@ smb_complete_connection(const char *myname,
 	}
 
 	if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) {
+		auth_info_required = "negotiate";
 		use_kerberos = true;
 	}
 
@@ -475,7 +483,7 @@ smb_complete_connection(const char *myname,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		fprintf(stderr, "ERROR: Session setup failed: %s\n", nt_errstr(nt_status));
 
-		if (get_exit_code(cli, nt_status, use_kerberos) == 2) {
+		if (get_exit_code(cli, nt_status) == 2) {
 			*need_auth = true;
 		}
 
@@ -489,7 +497,7 @@ smb_complete_connection(const char *myname,
 		fprintf(stderr, "ERROR: Tree connect failed (%s)\n",
 			nt_errstr(nt_status));
 
-		if (get_exit_code(cli, nt_status, use_kerberos) == 2) {
+		if (get_exit_code(cli, nt_status) == 2) {
 			*need_auth = true;
 		}
 
@@ -681,7 +689,7 @@ smb_print(struct cli_state * cli,	/* I - SMB connection */
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		fprintf(stderr, "ERROR: %s opening remote spool %s\n",
 			nt_errstr(nt_status), title);
-		return get_exit_code(cli, nt_status, false);
+		return get_exit_code(cli, nt_status);
 	}
 
 	/*
@@ -699,7 +707,7 @@ smb_print(struct cli_state * cli,	/* I - SMB connection */
 		status = cli_writeall(cli, fnum, 0, (uint8_t *)buffer,
 				      tbytes, nbytes, NULL);
 		if (!NT_STATUS_IS_OK(status)) {
-			int ret = get_exit_code(cli, status, false);
+			int ret = get_exit_code(cli, status);
 			fprintf(stderr, "ERROR: Error writing spool: %s\n",
 				nt_errstr(status));
 			fprintf(stderr, "DEBUG: Returning status %d...\n",
@@ -715,7 +723,7 @@ smb_print(struct cli_state * cli,	/* I - SMB connection */
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		fprintf(stderr, "ERROR: %s closing remote spool %s\n",
 			nt_errstr(nt_status), title);
-		return get_exit_code(cli, nt_status, false);
+		return get_exit_code(cli, nt_status);
 	} else {
 		return (0);
 	}
-- 
2.20.1



More information about the samba-technical mailing list