[cups.bugs] [MOD] STR #2045: Miscellaneous Kerberos fixes/improvements
jlovell.apple
jlovell at apple.com
Fri Oct 20 17:03:37 PDT 2006
[STR New]
Miscellaneous Kerberos fixes/improvements
Attached is a patch with some Kerberos fixes/improvements...
config-scripts/cups-gssapi.m4:
config.h.in:
scheduler/conf.c:
scheduler/conf.h:
- Support configurable kerberos service name.
p.s. I'd argue "IPP" should be the default service name rather than
"HTTP".
cups/http.c:
httpConnectEncrypt(): Initialize the gss context and name.
httpClose(): Free the gss context and name.
http_send(): Clear the kerberos authentication string since it can only
be sent once.
http_upgrade(): Clear the copy of the field_authorization pointer to
avoid a double free later.
cups/http-support.c:
httpEncode64_2(): Could reference a byte beyond the end of the input
string.
cups/auth.c:
cupsDoAuthentication():
- Support a configurable kerberos service name.
- Clear gsssec context to avoid kerberos "request is a replay" errors.
- Free allocated input_token and output_token.
- Fix token length.
- Don't memset 'token' since it's only a pointer.
scheduler/auth.c:
cupsdAuthorize():
- Support configurable kerberos service name.
- Free gss context and name in the right places.
cupsdIsAuthorized():
- Don't require tls upgrade when using kerberos.
- Fix token length.
scheduler/ipp.c:
save_krb5_creds() doesn't yet work so just return for now...
cgi-bin/Makefile:
scheduler/Makefile:
- Add LIBGSSAPI to test targets.
scheduler/main.c:
- main(): Limit MaxFDs to FD_SETSIZE (from 1.2 branch).
With these changes I'm able to use kerberos authentication without any
noticeable memory leaks.
There's more to be done for cross-realm authentication and proxying TGTs
to cupsd but the kerberos support is looking very good....
Thanks!
Link: http://www.cups.org/str.php?L2045
Version: 1.3-current
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kerberos.patch
URL: <https://lists.cups.org/pipermail/cups/attachments/20061020/55049aeb/attachment.ksh>
More information about the cups
mailing list