[PATCH] smbspool_krb5_wrapper needs to tell CUPS to do negotiation
Jeremy Allison
jra at samba.org
Fri Jul 14 21:13:46 UTC 2017
On Fri, Jul 07, 2017 at 02:35:07PM +0200, Andreas Schneider via samba-technical wrote:
> Hi,
>
> the smbspool_krb5_wrapper cups backend needs to tell CUPS that we require
> negotiation as authenticaton method.
>
> Currently it doesn't do that and always fails (unless you set it manually in
> the config file).
>
>
> Review and push appreciated.
LGTM. Pushed !
> Thanks,
>
>
> Andreas
>
> --
> Andreas Schneider GPG-ID: CC014E3D
> Samba Team asn at samba.org
> www.samba.org
> From d94c6d873fbac09bd28fcb7caf42913a3964e4ae Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Fri, 7 Jul 2017 14:08:49 +0200
> Subject: [PATCH] s3:client: The smbspool krb5 wrapper needs negotiate for
> authentication
>
> If you create a new printer it doesn't have AuthInfoRequired set and so
> cups calls the backend with:
>
> AUTH_INFO_REQUIRED=none
>
> In this case we need to return:
>
> ATTR: auth-info-required=negotiate
>
> and return an error that we require authentication.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
> 1 file changed, 19 insertions(+), 10 deletions(-)
>
> diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
> index bf97d82115a..a72006a4c4f 100644
> --- a/source3/client/smbspool_krb5_wrapper.c
> +++ b/source3/client/smbspool_krb5_wrapper.c
> @@ -95,17 +95,26 @@ int main(int argc, char *argv[])
>
> /* If not set, then just call smbspool. */
> if (env == NULL) {
> - CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
> - goto smbspool;
> + CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
> + "execute smbspool");
> + goto smbspool;
> } else {
> - CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
> - cmp = strcmp(env, "negotiate");
> - /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
> - if (cmp != 0) {
> - CUPS_SMB_ERROR(
> - "AUTH_INFO_REQUIRED is not set to negotiate");
> - goto smbspool;
> - }
> + CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
> +
> + cmp = strcmp(env, "username,password");
> + if (cmp == 0) {
> + CUPS_SMB_DEBUG("Authenticate using username/password - "
> + "execute smbspool");
> + goto smbspool;
> + }
> +
> + /* if AUTH_INFO_REQUIRED=none */
> + cmp = strcmp(env, "negotiate");
> + if (cmp != 0) {
> + CUPS_SMB_ERROR("Authentication unsupported");
> + fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
> + return CUPS_BACKEND_AUTH_REQUIRED;
> + }
> }
>
> uid = getuid();
> --
> 2.13.2
>
More information about the samba-technical
mailing list