Index: ipp.c =================================================================== --- ipp.c (revision 7037) +++ ipp.c (working copy) @@ -964,7 +964,7 @@ else if (pclass->type & CUPS_PRINTER_IMPLICIT) { /* - * Check the default policy, then tename the implicit class to "AnyClass" + * Check the default policy, then rename the implicit class to "AnyClass" * or remove it... */ @@ -1014,7 +1014,7 @@ else if ((status = cupsdCheckPolicy(pclass->op_policy_ptr, con, NULL)) != HTTP_OK) { - send_http_error(con, status, NULL); + send_http_error(con, status, pclass); return; } else @@ -2303,7 +2303,7 @@ else if ((status = cupsdCheckPolicy(printer->op_policy_ptr, con, NULL)) != HTTP_OK) { - send_http_error(con, status, NULL); + send_http_error(con, status, printer); return; } else @@ -2968,7 +2968,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -3285,7 +3285,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -6341,7 +6341,7 @@ if ((status = cupsdCheckPolicy(dest->op_policy_ptr, con, NULL)) != HTTP_OK) { - send_http_error(con, status, NULL); + send_http_error(con, status, dest); return; } @@ -7078,7 +7078,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -7336,7 +7336,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -8082,7 +8082,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -8324,7 +8324,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -8696,7 +8696,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } @@ -8988,6 +8988,23 @@ printer && printer->num_auth_info_required > 0 && !strcmp(printer->auth_info_required[0], "negotiate")) cupsdSendError(con, status, AUTH_NEGOTIATE); + else if (printer) + { + char resource[HTTP_MAX_URI]; /* Resource portion of URI */ + cupsd_location_t *auth; /* Pointer to authentication element */ + + + if (printer->type & CUPS_PRINTER_CLASS) + snprintf(resource, sizeof(resource), "/classes/%s", printer->name); + else + snprintf(resource, sizeof(resource), "/printers/%s", printer->name); + + if ((auth = cupsdFindBest(resource, HTTP_POST)) == NULL || + auth->type == AUTH_NONE) + auth = cupsdFindPolicyOp(printer->op_policy_ptr, IPP_PRINT_JOB); + + cupsdSendError(con, status, auth ? auth->type : AUTH_NONE); + } else cupsdSendError(con, status, AUTH_NONE); @@ -9215,7 +9232,7 @@ if (!validate_user(job, con, job->username, username, sizeof(username))) { - send_http_error(con, HTTP_UNAUTHORIZED, NULL); + send_http_error(con, HTTP_UNAUTHORIZED, cupsdFindDest(job->dest)); return; } Index: auth.c =================================================================== --- auth.c (revision 7038) +++ auth.c (working copy) @@ -1787,7 +1787,8 @@ const char *owner)/* I - Owner of object */ { int i, j, /* Looping vars */ - auth; /* Authorization status */ + auth, /* Authorization status */ + type; /* Type of authentication */ unsigned address[4]; /* Authorization address */ cupsd_location_t *best; /* Best match for location so far */ int hostlen; /* Length of hostname */ @@ -1836,10 +1837,13 @@ best = con->best; + if ((type = best->type) == AUTH_DEFAULT) + type = DefaultAuthType; + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdIsAuthorized: level=AUTH_%s, type=%s, " "satisfy=AUTH_SATISFY_%s, num_names=%d", - levels[best->level], types[best->type], + levels[best->level], types[type], best->satisfy ? "ANY" : "ALL", best->num_names); if (best->limit == AUTH_LIMIT_IPP) @@ -1940,8 +1944,8 @@ if ((best->encryption >= HTTP_ENCRYPT_REQUIRED && !con->http.tls && strcasecmp(con->http.hostname, "localhost") && best->satisfy == AUTH_SATISFY_ALL) && - !(best->type == AUTH_NEGOTIATE || - (best->type == AUTH_NONE && DefaultAuthType == AUTH_NEGOTIATE))) + !(type == AUTH_NEGOTIATE || + (type == AUTH_NONE && DefaultAuthType == AUTH_NEGOTIATE))) { cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdIsAuthorized: Need upgrade to TLS..."); @@ -1954,10 +1958,10 @@ */ if (best->level == AUTH_ANON || /* Anonymous access - allow it */ - (best->type == AUTH_NONE && best->num_names == 0)) + (type == AUTH_NONE && best->num_names == 0)) return (HTTP_OK); - if (!con->username[0] && best->type == AUTH_NONE && + if (!con->username[0] && type == AUTH_NONE && best->limit == AUTH_LIMIT_IPP) { /* @@ -1997,11 +2001,11 @@ return (HTTP_OK); /* unless overridden with Satisfy */ } - if (con->type != best->type && - (con->type != AUTH_BASIC || best->type != AUTH_BASICDIGEST)) + if (con->type != type && type != AUTH_NONE && + (con->type != AUTH_BASIC || type != AUTH_BASICDIGEST)) { cupsdLogMessage(CUPSD_LOG_ERROR, "Authorized using %s, expected %s!", - types[con->type], types[best->type]); + types[con->type], types[type]); return (HTTP_UNAUTHORIZED); }