[prev in list] [next in list] [prev in thread] [next in thread]
List: cups-commit
Subject: [cups.commit] [CUPS] r8685 - in trunk: . scheduler
From: cups-dev () easysw ! com
Date: 2009-05-26 22:01:25
Message-ID: 9454-cups.commit () news ! easysw ! com
[Download RAW message or body]
Author: mike
Date: 2009-05-26 15:01:23 -0700 (Tue, 26 May 2009)
New Revision: 8685
Log:
Don't copy Kerberos credentials unless we have them in the Authenticate header.
Modified:
trunk/CHANGES.txt
trunk/scheduler/auth.c
trunk/scheduler/client.c
trunk/scheduler/client.h
trunk/scheduler/ipp.c
Modified: trunk/CHANGES.txt
===================================================================
--- trunk/CHANGES.txt 2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/CHANGES.txt 2009-05-26 22:01:23 UTC (rev 8685)
@@ -3,6 +3,8 @@
CHANGES IN CUPS V1.4rc1
+ - The scheduler incorrectly always tried to copy Kerberos credentials
+ for print jobs.
- Updated the Spanish localization (STR #3204)
- The scheduler crashed when getting the default paper size from
libpaper (STR #3205, STR #3206)
Modified: trunk/scheduler/auth.c
===================================================================
--- trunk/scheduler/auth.c 2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/auth.c 2009-05-26 22:01:23 UTC (rev 8685)
@@ -1046,6 +1046,8 @@
return;
}
+ con->have_gss = 1;
+
/*
* Get the username associated with the client's credentials...
*/
Modified: trunk/scheduler/client.c
===================================================================
--- trunk/scheduler/client.c 2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/client.c 2009-05-26 22:01:23 UTC (rev 8685)
@@ -895,6 +895,9 @@
}
#ifdef HAVE_GSSAPI
+ con->have_gss = 0;
+
+ if (con->gss_creds)
{
OM_uint32 minor_status;
gss_release_cred(&minor_status, &con->gss_creds);
Modified: trunk/scheduler/client.h
===================================================================
--- trunk/scheduler/client.h 2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/client.h 2009-05-26 22:01:23 UTC (rev 8685)
@@ -55,7 +55,8 @@
char servername[256];/* Server name for connection */
int serverport; /* Server port for connection */
#ifdef HAVE_GSSAPI
- gss_cred_id_t gss_creds; /* Credentials from client header */
+ int have_gss; /* Have GSS credentials? */
+ gss_cred_id_t gss_creds; /* Delegated credentials from client */
unsigned gss_flags; /* Credential flags */
gss_buffer_desc gss_output_token;
/* Output token for Negotiate header */
Modified: trunk/scheduler/ipp.c
===================================================================
--- trunk/scheduler/ipp.c 2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/ipp.c 2009-05-26 22:01:23 UTC (rev 8685)
@@ -9613,9 +9613,10 @@
#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5_H)
# ifdef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID
- if (con->http.hostaddr->addr.sa_family == AF_LOCAL || con->gss_creds)
+ if (con->have_gss &&
+ (con->http.hostaddr->addr.sa_family == AF_LOCAL || con->gss_creds))
# else
- if (con->gss_creds)
+ if (con->have_gss && con->gss_creds)
# endif /* HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */
save_krb5_creds(con, job);
else if (job->ccname)
_______________________________________________
cups-commit mailing list
cups-commit@easysw.com
http://lists.easysw.com/mailman/listinfo/cups-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic