[cups.bugs] [MOD] STR #2749: Wrong authentication header sent when AuthType Default set on Print-Job policy
Richard Fuller
rpfuller-cups at cs.york.ac.uk
Tue Mar 11 09:13:32 PDT 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
Using Negotiate authentication, with:
DefaultAuthType Negotiate
I've applied a policy to Get-Jobs (as an example) with:
<Limit Get-Jobs>
AuthType Default
Require user rpfuller
Order deny,allow
</Limit>
and that works fine, I can do an lpq provided I've got a valid Kerberos
ticket, and get an unauthorized error if I haven't.
If I then apply a policy to Print-Job with:
<Limit Print-Job>
AuthType Default
Require user rpfuller
Order deny,allow
</Limit>
lpq prompts me for a password, and basic authentication is attempted. This
does not happen if I set AuthType Negotiate on Print-Job, it then appears
to work fine, so that is a workaround.
What is happening is when I do an lpq the server is checking the policy
for Print-Job. This returns CUPSD_AUTH_DEFAULT, then client.c does:
if (code == HTTP_UNAUTHORIZED)
{
if (auth_type == CUPSD_AUTH_NONE)
{
if (!con->best || con->best->type <= CUPSD_AUTH_NONE)
auth_type = DefaultAuthType;
else
auth_type = con->best->type;
}
followed by sending out a header depending on the auth type. It doesn't
resolve default. One possible fix is to add:
if (auth_type == CUPSD_AUTH_DEFAULT)
auth_type = DefaultAuthType;
so the code becomes:
if (code == HTTP_UNAUTHORIZED)
{
if (auth_type == CUPSD_AUTH_DEFAULT)
auth_type = DefaultAuthType;
if (auth_type == CUPSD_AUTH_NONE)
{
if (!con->best || con->best->type <= CUPSD_AUTH_NONE)
auth_type = DefaultAuthType;
else
auth_type = con->best->type;
}
which solves it for me.
Link: http://www.cups.org/str.php?L2749
Version: 1.3.6
More information about the cups
mailing list