29.10.2019 10:29, Andreas Schneider пишет:
> On Monday, 28 October 2019 20:38:08 CET Mikhail Novosyolov wrote:
>> 28.10.2019 11:47, Andreas Schneider пишет:
>>> On Monday, 28 October 2019 08:58:26 CET Mikhail Novosyolov via
>>> samba-technical>
>>> wrote:
>>>> 28.10.2019 10:44, Mikhail Novosyolov пишет:
>>>>> <...>
>>>>> There are 2 possible solutions:
>>>>>
>>>>> 1) either patch source3/client/smbspool_krb5_wrapper.c to "goto
>>>>> smbspool;" if env does not contain "negotiate" instead of chekcing to
>>>>> be either null or 0 - how correct will this be?
>>>> I mean this:
>>>>
>>>> diff --git a/source3/client/smbspool_krb5_wrapper.c
>>>> b/source3/client/smbspool_krb5_wrapper.c
>>>> index bff1df417e8..000a613291e 100644
>>>> --- a/source3/client/smbspool_krb5_wrapper.c
>>>> +++ b/source3/client/smbspool_krb5_wrapper.c
>>>> @@ -149,7 +149,7 @@ int main(int argc, char *argv[])
>>>>
>>>> env = getenv("AUTH_INFO_REQUIRED");
>>>>
>>>> /* If not set, then just call smbspool. */
>>>>
>>>> - if (env == NULL || env[0] == 0) {
>>>> + if (env == NULL || env == "none" || env[0] == 0) {
>>>>
>>>> CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
>>>>
>>>> "execute smbspool");
>>>>
>>>> goto smbspool;
>>> This is obviously wrong :-)
>>>
>>> Did you see the code below? The question is if we should map
>>>
>>> AUTH_INFO_REQUIRED=none
>>>
>>> to anonymous. I've created a patchset you can find here:
>>>
>>> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-smbs
>>> pool
>>>
>>>
>>> However you need to try all combinations, username/password, kerberos and
>>> none for anonymous.
>> Thank you! I did not test these patches yet, first tried to understand
>> how it works.
>>
>> Could you please explain a bit how it works?
> That's a good question as documentation from CUPS side is missing. So we need
> to find out what CUPS does and then try to write tests for it if possible.
> This allows us to make sure we work correctly. The repo above shows you where
> the test is in the samba source code. I've tried to add more tests in the past
> to avoid regressions and verify we work correctly. This needs to be extended
> as much as possible.
>
>
> The two patches were just a quick shot.
CUPS developer has clearified documentation:
* https://github.com/apple/cups/issues/5674
* https://github.com/apple/cups/commit/025b8ce8f637009f0df7a5bb5fa0a460dbb32b10
"'negotiate': Kerberos is required - this keyword can only appear by
itself and causes cupsd to collect the UID of the printing user."
I've switched smbspool_krb5_wrapper from failing if value of
AUTH_INFO_REQUIRED is something not known to just ignoring that and
passing the task to smbspool. smbspool will fail itself. Added a test
for that. Patches on top of asn/samba.git/master-smbspool are attached.
I've not tested those changes yet, just checked buildability. Testing
will require making a complex set up, I will try.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-s3-smbspool_krb5_wrapper-ignore-unknown-values-of-AU.patch
Type: text/x-patch
Size: 4979 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20191103/7633990f/0003-s3-smbspool_krb5_wrapper-ignore-unknown-values-of-AU.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-smbspool-print-a-hint-about-smbspool_krb5_wrapper.patch
Type: text/x-patch
Size: 1209 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20191103/7633990f/0004-smbspool-print-a-hint-about-smbspool_krb5_wrapper.bin>