Automating usage of smbspool_krb5_wrapper
Andreas Schneider
asn at samba.org
Thu Nov 14 09:51:22 UTC 2019
On Sunday, 3 November 2019 01:03:43 CET Mikhail Novosyolov wrote:
> 29.10.2019 10:29, Andreas Schneider пишет:
> > On Monday, 28 October 2019 20:38:08 CET Mikhail Novosyolov wrote:
> >> 28.10.2019 11:47, Andreas Schneider пишет:
> >>> On Monday, 28 October 2019 08:58:26 CET Mikhail Novosyolov via
> >>> samba-technical>
> >>>
> >>> wrote:
> >>>> 28.10.2019 10:44, Mikhail Novosyolov пишет:
> >>>>> <...>
> >>>>> There are 2 possible solutions:
> >>>>>
> >>>>> 1) either patch source3/client/smbspool_krb5_wrapper.c to "goto
> >>>>> smbspool;" if env does not contain "negotiate" instead of chekcing to
> >>>>> be either null or 0 - how correct will this be?
> >>>>
> >>>> I mean this:
> >>>>
> >>>> diff --git a/source3/client/smbspool_krb5_wrapper.c
> >>>> b/source3/client/smbspool_krb5_wrapper.c
> >>>> index bff1df417e8..000a613291e 100644
> >>>> --- a/source3/client/smbspool_krb5_wrapper.c
> >>>> +++ b/source3/client/smbspool_krb5_wrapper.c
> >>>> @@ -149,7 +149,7 @@ int main(int argc, char *argv[])
> >>>>
> >>>> env = getenv("AUTH_INFO_REQUIRED");
> >>>>
> >>>> /* If not set, then just call smbspool. */
> >>>>
> >>>> - if (env == NULL || env[0] == 0) {
> >>>> + if (env == NULL || env == "none" || env[0] == 0) {
> >>>>
> >>>> CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
> >>>>
> >>>> "execute smbspool");
> >>>>
> >>>> goto smbspool;
> >>>
> >>> This is obviously wrong :-)
> >>>
> >>> Did you see the code below? The question is if we should map
> >>>
> >>> AUTH_INFO_REQUIRED=none
> >>>
> >>> to anonymous. I've created a patchset you can find here:
> >>>
> >>> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-sm
> >>> bs
> >>> pool
> >>>
> >>>
> >>> However you need to try all combinations, username/password, kerberos
> >>> and
> >>> none for anonymous.
> >>
> >> Thank you! I did not test these patches yet, first tried to understand
> >> how it works.
> >>
> >> Could you please explain a bit how it works?
> >
> > That's a good question as documentation from CUPS side is missing. So we
> > need to find out what CUPS does and then try to write tests for it if
> > possible. This allows us to make sure we work correctly. The repo above
> > shows you where the test is in the samba source code. I've tried to add
> > more tests in the past to avoid regressions and verify we work correctly.
> > This needs to be extended as much as possible.
> >
> >
> > The two patches were just a quick shot.
>
> CUPS developer has clearified documentation:
>
> * https://github.com/apple/cups/issues/5674
> *
> https://github.com/apple/cups/commit/025b8ce8f637009f0df7a5bb5fa0a460dbb32b
> 10
>
> "'negotiate': Kerberos is required - this keyword can only appear by
> itself and causes cupsd to collect the UID of the printing user."
>
> I've switched smbspool_krb5_wrapper from failing if value of
> AUTH_INFO_REQUIRED is something not known to just ignoring that and
> passing the task to smbspool. smbspool will fail itself. Added a test
> for that. Patches on top of asn/samba.git/master-smbspool are attached.
>
> I've not tested those changes yet, just checked buildability. Testing
> will require making a complex set up, I will try.
They look fine, let me know if it works!
Thanks.
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list