[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cups-commit
Subject:    [cups.commit] [CUPS] r8685 - in trunk: . scheduler
From:       cups-dev () easysw ! com
Date:       2009-05-26 22:01:25
Message-ID: 9454-cups.commit () news ! easysw ! com
[Download RAW message or body]

Author: mike
Date: 2009-05-26 15:01:23 -0700 (Tue, 26 May 2009)
New Revision: 8685
Log:
Don't copy Kerberos credentials unless we have them in the Authenticate header.


Modified:
   trunk/CHANGES.txt
   trunk/scheduler/auth.c
   trunk/scheduler/client.c
   trunk/scheduler/client.h
   trunk/scheduler/ipp.c

Modified: trunk/CHANGES.txt
===================================================================
--- trunk/CHANGES.txt	2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/CHANGES.txt	2009-05-26 22:01:23 UTC (rev 8685)
@@ -3,6 +3,8 @@
 
 CHANGES IN CUPS V1.4rc1
 
+	- The scheduler incorrectly always tried to copy Kerberos credentials
+	  for print jobs.
 	- Updated the Spanish localization (STR #3204)
 	- The scheduler crashed when getting the default paper size from
 	  libpaper (STR #3205, STR #3206)

Modified: trunk/scheduler/auth.c
===================================================================
--- trunk/scheduler/auth.c	2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/auth.c	2009-05-26 22:01:23 UTC (rev 8685)
@@ -1046,6 +1046,8 @@
       return;
     }
 
+    con->have_gss = 1;
+
    /*
     * Get the username associated with the client's credentials...
     */

Modified: trunk/scheduler/client.c
===================================================================
--- trunk/scheduler/client.c	2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/client.c	2009-05-26 22:01:23 UTC (rev 8685)
@@ -895,6 +895,9 @@
 	}
 
 #ifdef HAVE_GSSAPI
+        con->have_gss = 0;
+
+	if (con->gss_creds)
 	{
 	  OM_uint32 minor_status;
 	  gss_release_cred(&minor_status, &con->gss_creds);

Modified: trunk/scheduler/client.h
===================================================================
--- trunk/scheduler/client.h	2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/client.h	2009-05-26 22:01:23 UTC (rev 8685)
@@ -55,7 +55,8 @@
   char			servername[256];/* Server name for connection */
   int			serverport;	/* Server port for connection */
 #ifdef HAVE_GSSAPI
-  gss_cred_id_t 	gss_creds;	/* Credentials from client header */
+  int			have_gss;	/* Have GSS credentials? */
+  gss_cred_id_t 	gss_creds;	/* Delegated credentials from client */
   unsigned		gss_flags;	/* Credential flags */
   gss_buffer_desc 	gss_output_token;
 					/* Output token for Negotiate header */

Modified: trunk/scheduler/ipp.c
===================================================================
--- trunk/scheduler/ipp.c	2009-05-26 18:10:42 UTC (rev 8684)
+++ trunk/scheduler/ipp.c	2009-05-26 22:01:23 UTC (rev 8685)
@@ -9613,9 +9613,10 @@
 
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5_H)
 #  ifdef HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID
-  if (con->http.hostaddr->addr.sa_family == AF_LOCAL || con->gss_creds)
+  if (con->have_gss &&
+      (con->http.hostaddr->addr.sa_family == AF_LOCAL || con->gss_creds))
 #  else
-  if (con->gss_creds)
+  if (con->have_gss && con->gss_creds)
 #  endif /* HAVE_KRB5_IPC_CLIENT_SET_TARGET_UID */
     save_krb5_creds(con, job);
   else if (job->ccname)

_______________________________________________
cups-commit mailing list
cups-commit@easysw.com
http://lists.easysw.com/mailman/listinfo/cups-commit
[prev in list] [next in list] [prev in thread] [next in thread]