-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"algorithm" field is not supported in the WWW-Authenticate header of a 401 response #4862
Comments
The algorithm field is brand new in the latest HTTP Digest update and is not supported by any version of CUPS right now (and very little client software at all). I'll use this bug to track adding support in a future release (but not 2.2...) |
We will also use this bug to track supporting multiple WWW-Authenticate header values so that we can choose among the supported ways to authenticate. |
) Also deprecates all httpMD5* functions. - cgi-bin/var.c: Use cupsHashData to compute SID hash. - cups/auth.c: Rewrite WWW-Authenticate parser to support multiple auth schemes and the new RFC 7616 version of HTTP Digest. - cups/cups.h: Add cupsHashString function to get a hex version of a hash. - cups/hash.c: Add MD5 support. - cups/http.c: Track WWW-Authenticate in a long string, concatenate new set values. - cups/http.h: Deprecate httpMD5* and recommend cupsDoAuth and cupsHash*. - cups/http-private.h: Pull MD5 stuff, nonce_count is unsigned, track WWW-Authenticate header as a potentially long string. - cups/http-support.c: Use cupsHashData to compute UUID hash. - cups/md5.c: Comment everything out if we have an OS-supplied MD5 hash function. - cups/md5passwd.c: Use cupsHash* functions. - cups/tls-*.c: Use cupsHash* functions. - cups/versioning.h: Add CUPS_API_2_3 definition. - scheduler/client.c: Update WWW-Authenticate header to include AuthRef, Local, and PeerCred schemes with parameters as needed.
Quite the substantial set of changes, but I think we've ended up in a happy place... [master 2b4f6f21a] Support the latest HTTP Digest authentication specification (Issue #4862) |
- Fixed a compile issue when PAM is not available (Issue #5253) - Documentation fixes (Issue #5252) - Star Micronics printers need the "unidir" USB quirk rule (Issue #5251) - The scheduler now supports using temporary print queues for older IPP/1.1 print queues like those shared by CUPS 1.3 and earlier (Issue #5241) - The `cupsRasterWritePixels` function did not correctly swap bytes for some formats (Issue #5225) - Added a USB quirk rule for Canon MP280 series printers (Issue #5221) - The `ppdInstallableConflict` tested too many constraints (Issue #5213) - More fixes for printing to old CUPS servers (Issue #5211) - The `cupsCopyDest` function now correctly copies the `is_default` value (Issue #5208) - The scheduler did not work with older versions of uClibc (Issue #5188) - The scheduler now substitutes default values for invalid job attributes when running in "relaxed conformance" mode (Issue #5186) - Fixed PAM module detection and added support for the common PAM definitions (Issue #5185) - Fixed a journald support bug in the scheduler (Issue #5181) - The cups-driverd program incorrectly stopped scanning PPDs as soon as a loop was seen (Issue #5170) - Fixed group validation on OpenBSD (Issue #5166) - Fixed the `ippserver` sample code when threading is disabled or unavailable (Issue #5154) - The `cupsEnumDests` function did not include options from the lpoptions files (Issue #5144) - The `SSLOptions` directive now supports `MinTLS` and `MaxTLS` options to control the minimum and maximum TLS versions that will be allowed, respectively (Issue #5119) - The scheduler did not write out dirty configuration and state files if there were open client connections (Issue #5118) - The `lpadmin` command now provides a better error message when an unsupported System V interface script is used (Issue #5111) - The `lp` and `lpr` commands now provide better error messages when the default printer cannot be found (Issue #5096) - No longer support backslash, question mark, or quotes in printer names (Issue #4966) - The CUPS library now supports the latest HTTP Digest authentication specification including support for SHA-256 (Issue #4862) - The `lpstat` command now reports when new jobs are being held (Issue #4761) - The `lpoptions` command incorrectly saved default options (Issue #4717) - The `ppdLocalizeIPPReason` function incorrectly returned a localized version of "none" (rdar:https://36566269) - TLS connections now properly timeout (rdar:https://34938533) - The IPP backend did not properly detect failed PDF prints (rdar:https://34055474)
When the printer responds with a 401 and states in the response header that it supports sha256 and md5, the response sent back does not contain the algorithm to be used and hence the printer uses md5. Is there a way to configure the use of sha256 when the printer supports it? We're using
cupsDoIORequest
to make the request with CUPS version 1.6.3. Thank youThe text was updated successfully, but these errors were encountered: