[prev in list] [next in list] [prev in thread] [next in thread]
List: cups-commit
Subject: [cups.commit] [CUPS] r9646 - in trunk: cups scheduler
From: cups-dev () easysw ! com
Date: 2011-03-25 5:53:02
Message-ID: 10417-cups.commit () news ! easysw ! com
[Download RAW message or body]
Author: mike
Date: 2011-03-24 22:53:01 -0700 (Thu, 24 Mar 2011)
New Revision: 9646
Log:
Don't use root certificates when we have authrefs.
Modified:
trunk/cups/auth.c
trunk/scheduler/auth.c
trunk/scheduler/client.c
trunk/scheduler/main.c
Modified: trunk/cups/auth.c
===================================================================
--- trunk/cups/auth.c 2011-03-23 23:49:35 UTC (rev 9645)
+++ trunk/cups/auth.c 2011-03-25 05:53:01 UTC (rev 9646)
@@ -628,7 +628,7 @@
DEBUG_printf(("9cups_local_auth: Unable to open file %s: %s",
filename, strerror(errno)));
-#ifdef HAVE_GSSAPI
+# ifdef HAVE_GSSAPI
if (!strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Negotiate", 9))
{
/*
@@ -637,8 +637,19 @@
return (1);
}
-#endif /* HAVE_GSSAPI */
+# endif /* HAVE_GSSAPI */
+# ifdef HAVE_AUTHORIZATION_H
+ if (httpGetSubField2(http, HTTP_FIELD_WWW_AUTHENTICATE, "authkey",
+ auth_key, sizeof(auth_key)))
+ {
+ /*
+ * Don't use the root certificate as a replacement for an authkey...
+ */
+
+ return (1);
+ }
+# endif /* HAVE_AUTHORIZATION_H */
if (!httpGetSubField2(http, HTTP_FIELD_WWW_AUTHENTICATE, "trc", trc,
sizeof(trc)))
{
Modified: trunk/scheduler/auth.c
===================================================================
--- trunk/scheduler/auth.c 2011-03-23 23:49:35 UTC (rev 9645)
+++ trunk/scheduler/auth.c 2011-03-25 05:53:01 UTC (rev 9646)
@@ -570,6 +570,20 @@
* Get Local certificate authentication data...
*/
+#ifdef HAVE_AUTHORIZATION_H
+ const char *name; /* Authorizing name */
+
+ for (name = (char *)cupsArrayFirst(con->best->names);
+ name;
+ name = (char *)cupsArrayNext(con->best->names))
+ if (!strncasecmp(name, "@AUTHKEY(", 9) || !strcasecmp(name, "@SYSTEM"))
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Local authentication not allowed for resource.");
+ return;
+ }
+#endif /* HAVE_AUTHORIZATION_H */
+
authorization += 5;
while (isspace(*authorization & 255))
authorization ++;
Modified: trunk/scheduler/client.c
===================================================================
--- trunk/scheduler/client.c 2011-03-23 23:49:35 UTC (rev 9645)
+++ trunk/scheduler/client.c 2011-03-25 05:53:01 UTC (rev 9646)
@@ -2660,7 +2660,7 @@
#ifdef HAVE_AUTHORIZATION_H
if (SystemGroupAuthKey)
snprintf(auth_key, auth_size,
- ", authkey=\"%s\", trc=\"y\"",
+ ", authkey=\"%s\"",
SystemGroupAuthKey);
else
#else
Modified: trunk/scheduler/main.c
===================================================================
--- trunk/scheduler/main.c 2011-03-23 23:49:35 UTC (rev 9645)
+++ trunk/scheduler/main.c 2011-03-25 05:53:01 UTC (rev 9646)
@@ -947,6 +947,7 @@
browse_time = current_time;
}
+#ifndef HAVE_AUTHORIZATION_H
/*
* Update the root certificate once every 5 minutes if we have client
* connections...
@@ -962,6 +963,7 @@
cupsdDeleteCert(0);
cupsdAddCert(0, "root", NULL);
}
+#endif /* !HAVE_AUTHORIZATION_H */
/*
* Check for new data on the client sockets...
_______________________________________________
cups-commit mailing list
cups-commit@easysw.com
http://lists.easysw.com/mailman/listinfo/cups-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic