diff --git a/cups-revision10277.patch b/cups-revision10277.patch new file mode 100644 index 0000000..4c6e418 --- /dev/null +++ b/cups-revision10277.patch @@ -0,0 +1,43 @@ +From 19e2adf8307c8a908da80ceef335517139e5bf64 Mon Sep 17 00:00:00 2001 +From: mike +Date: Mon, 13 Feb 2012 23:43:07 +0000 +Subject: [PATCH] Detect authentication errors for all requests. + +git-svn-id: http://svn.easysw.com/public/cups/trunk@10277 7a7537e8-13f0-0310-91df-b6672ffda945 +--- + backend/ipp.c | 9 ++++++--- + 1 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/backend/ipp.c b/backend/ipp.c +index bcaab37..d4719e4 100644 +--- a/backend/ipp.c ++++ b/backend/ipp.c +@@ -898,7 +898,9 @@ main(int argc, /* I - Number of command-line args */ + + return (CUPS_BACKEND_STOP); + } +- else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN) ++ else if (ipp_status == IPP_NOT_AUTHORIZED || ++ ipp_status == IPP_FORBIDDEN || ++ ipp_status == IPP_AUTHENTICATION_CANCELED) + { + const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE); + /* WWW-Authenticate field value */ +@@ -1472,11 +1474,12 @@ main(int argc, /* I - Number of command-line args */ + _cupsLangPrintFilter(stderr, "ERROR", + _("Print file was not accepted.")); + +- if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN) ++ if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN || ++ ipp_status == IPP_AUTHENTICATION_CANCELED) + { + const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE); + /* WWW-Authenticate field value */ +- ++ + if (!strncmp(www_auth, "Negotiate", 9)) + auth_info_required = "negotiate"; + else if (www_auth[0]) +-- +1.7.7.6 + diff --git a/cups-str3985.patch b/cups-str3985.patch new file mode 100644 index 0000000..4c7da14 --- /dev/null +++ b/cups-str3985.patch @@ -0,0 +1,74 @@ +diff -up cups-1.5.2/backend/ipp.c.str3985 cups-1.5.2/backend/ipp.c +--- cups-1.5.2/backend/ipp.c.str3985 2012-04-05 10:28:12.568898781 +0200 ++++ cups-1.5.2/backend/ipp.c 2012-04-05 10:32:07.165612536 +0200 +@@ -957,9 +957,13 @@ main(int argc, /* I - Number of comm + } + else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN) + { +- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE), +- "Negotiate", 9)) ++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE); ++ /* WWW-Authenticate field value */ ++ ++ if (!strncmp(www_auth, "Negotiate", 9)) + auth_info_required = "negotiate"; ++ else if (www_auth[0]) ++ auth_info_required = "username,password"; + + fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required); + return (CUPS_BACKEND_AUTH_REQUIRED); +@@ -1315,23 +1319,13 @@ main(int argc, /* I - Number of comm + else if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN || + ipp_status == IPP_AUTHENTICATION_CANCELED) + { +- /* +- * Update auth-info-required as needed... +- */ +- +- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n", +- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE)); +- +- /* +- * Normal authentication goes through the password callback, which sets +- * auth_info_required to "username,password". Kerberos goes directly +- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header +- * here and set auth_info_required as needed... +- */ ++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE); ++ /* WWW-Authenticate field value */ + +- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE), +- "Negotiate", 9)) ++ if (!strncmp(www_auth, "Negotiate", 9)) + auth_info_required = "negotiate"; ++ else if (www_auth[0]) ++ auth_info_required = "username,password"; + + goto cleanup; + } +@@ -1486,19 +1480,13 @@ main(int argc, /* I - Number of comm + + if (ipp_status == IPP_NOT_AUTHORIZED || ipp_status == IPP_FORBIDDEN) + { +- fprintf(stderr, "DEBUG: WWW-Authenticate=\"%s\"\n", +- httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE)); +- +- /* +- * Normal authentication goes through the password callback, which sets +- * auth_info_required to "username,password". Kerberos goes directly +- * through GSSAPI, so look for Negotiate in the WWW-Authenticate header +- * here and set auth_info_required as needed... +- */ +- +- if (!strncmp(httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE), +- "Negotiate", 9)) ++ const char *www_auth = httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE); ++ /* WWW-Authenticate field value */ ++ ++ if (!strncmp(www_auth, "Negotiate", 9)) + auth_info_required = "negotiate"; ++ else if (www_auth[0]) ++ auth_info_required = "username,password"; + } + else + sleep(10); diff --git a/cups.spec b/cups.spec index b1f9dbc..b40b111 100644 --- a/cups.spec +++ b/cups.spec @@ -12,7 +12,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.5.2 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -72,6 +72,8 @@ Patch36: cups-systemd-socket.patch Patch37: cups-str4014.patch Patch38: cups-polld-reconnect.patch Patch39: cups-translation.patch +Patch40: cups-str3985.patch +Patch41: cups-revision10277.patch Patch100: cups-lspp.patch @@ -300,6 +302,12 @@ Sends IPP requests to the specified URI and tests and/or displays the results. # If the translated message is empty return the original message (bug #797570, STR #4033). %patch39 -p1 -b .translation +# The IPP backend did not always setup username/password authentication for printers (bug #810007, STR #3985) +%patch40 -p1 -b .str3985 + +# Detect authentication errors for all requests. +%patch41 -p1 -b .revision10277 + %if %lspp # LSPP support. %patch100 -p1 -b .lspp @@ -659,6 +667,12 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/ipptool.1.gz %changelog +* Tue Apr 17 2012 Jiri Popelka 1:1.5.2-11 +- The IPP backend did not always setup username/password authentication + for printers (bug #810007, STR #3985) +- Detect authentication errors for all requests. + (bug #810007, upstream commit revision10277) + * Thu Mar 29 2012 Tim Waugh 1:1.5.2-10 - Removed private-shared-object-provides filter lines as they are not necessary (see bug #807767 comment #3).