Authentication in the web interface did not work on macOS (rdar:https://414…

…44473) cups/auth.c: - cups_local_auth(): Don't check for AuthRef twice, log fopen errors for the root cert as well. scheduler/client.c: - Also allow local auth with AuthRef's.
apple · Jun 29, 2018 · bf265b3 · bf265b3
1 parent 945c83b
commit bf265b3
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 11 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,4 +1,4 @@
-CHANGES - 2.3b6 - 2018-06-18
+CHANGES - 2.3b6 - 2018-06-29
 ============================
 
 Changes in CUPS v2.3b6
@@ -17,6 +17,7 @@ Changes in CUPS v2.3b6
 - The web interface did not list the IPP Everywhere "driver" (Issue #5338)
 - The scheduler did not report all of the supported job options and values
  (Issue #5340)
+- Authentication in the web interface did not work on macOS (rdar:https://41444473)
 - Fixed a memory leak for some IPP (extension) syntaxes.
 
 

diff --git a/cups/auth.c b/cups/auth.c
@@ -1115,10 +1115,6 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
  if (cups_auth_find(www_auth, "Negotiate"))
  return (1);
 # endif /* HAVE_GSSAPI */
-# ifdef HAVE_AUTHORIZATION_H
- if (cups_auth_find(www_auth, "AuthRef"))
- return (1);
-# endif /* HAVE_AUTHORIZATION_H */
 
 # if defined(SO_PEERCRED) && defined(AF_LOCAL)
  /*
@@ -1168,7 +1164,7 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
  * No certificate for this PID; see if we can get the root certificate...
  */
 
- DEBUG_printf(("9cups_local_auth: Unable to open file %s: %s", filename, strerror(errno)));
+ DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
 
  if (!cups_auth_param(schemedata, "trc", trc, sizeof(trc)))
  {
@@ -1180,7 +1176,8 @@ cups_local_auth(http_t *http) /* I - HTTP connection to server */
  }
 
  snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir);
- fp = fopen(filename, "r");
+ if ((fp = fopen(filename, "r")) == NULL)
+ DEBUG_printf(("9cups_local_auth: Unable to open file \"%s\": %s", filename, strerror(errno)));
  }
 
  if (fp)

diff --git a/scheduler/client.c b/scheduler/client.c
@@ -2155,7 +2155,7 @@ cupsdSendHeader(
 #ifdef HAVE_AUTHORIZATION_H
  if (!_cups_strncasecmp(name, "@AUTHKEY(", 9))
  {
- snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", name + 9);
+ snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", name + 9);
  need_local = 0;
  /* end parenthesis is stripped in conf.c */
  break;
@@ -2166,11 +2166,10 @@ cupsdSendHeader(
  {
 #ifdef HAVE_AUTHORIZATION_H
  if (SystemGroupAuthKey)
- snprintf(auth_key, auth_size, ", AuthRef key=\"%s\"", SystemGroupAuthKey);
+ snprintf(auth_key, auth_size, ", AuthRef key=\"%s\", Local trc=\"y\"", SystemGroupAuthKey);
  else
-#else
- strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
 #endif /* HAVE_AUTHORIZATION_H */
+ strlcpy(auth_key, ", Local trc=\"y\"", auth_size);
  need_local = 0;
  break;
  }