diff options
| author | Andreas Schneider <asn@samba.org> | 2019-01-04 09:21:24 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2019-03-26 07:49:18 +0000 |
| commit | f284a5c10f7c8df63f1303f8aa695ec09f7ea711 (patch) | |
| tree | 8038404362c5da875239f84d3f0ade4bf0cd7a20 | |
| parent | f0f56e7e84f44a6336dd9aef2d57bfbdb9c89347 (diff) | |
| download | samba-f284a5c10f7c8df63f1303f8aa695ec09f7ea711.tar.gz | |
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups
This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 5274b09fbaa5e45cc58f3301818d4e9f6a402845)
| -rw-r--r-- | source3/client/smbspool.c | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c index d6e944d547c..e94d5b33324 100644 --- a/source3/client/smbspool.c +++ b/source3/client/smbspool.c @@ -60,7 +60,7 @@ * Local functions... */ -static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status, bool use_kerberos); +static int get_exit_code(struct cli_state * cli, NTSTATUS nt_status); static void list_devices(void); static struct cli_state *smb_complete_connection(const char *, const char *, int, const char *, const char *, const char *, const char *, int, bool *need_auth); @@ -72,6 +72,8 @@ static char *uri_unescape_alloc(const char *); static bool smb_encrypt; #endif +static const char *auth_info_required; + /* * 'main()' - Main entry for SMB backend. */ @@ -94,7 +96,7 @@ main(int argc, /* I - Number of command-line arguments */ FILE *fp; /* File to print */ int status = 1; /* Status of LPD job */ struct cli_state *cli; /* SMB interface */ - char null_str[1]; + char empty_str[] = ""; int tries = 0; bool need_auth = true; const char *dev_uri; @@ -106,8 +108,6 @@ main(int argc, /* I - Number of command-line arguments */ int cmp; int len; - null_str[0] = '\0'; - if (argc == 1) { /* * NEW! In CUPS 1.1 the backends are run with no arguments @@ -187,6 +187,11 @@ main(int argc, /* I - Number of command-line arguments */ } } + auth_info_required = getenv("AUTH_INFO_REQUIRED"); + if (auth_info_required == NULL) { + auth_info_required = "none"; + } + cmp = strncmp(dev_uri, "smb://", 6); if (cmp != 0) { fprintf(stderr, @@ -220,21 +225,25 @@ main(int argc, /* I - Number of command-line arguments */ *tmp2++ = '\0'; password = uri_unescape_alloc(tmp2); } else { - password = null_str; + password = empty_str; } username = uri_unescape_alloc(tmp); } else { if ((username = getenv("AUTH_USERNAME")) == NULL) { - username = null_str; + username = empty_str; } if ((password = getenv("AUTH_PASSWORD")) == NULL) { - password = null_str; + password = empty_str; } server = uri + 6; } + if (password != empty_str) { + auth_info_required = "username,password"; + } + tmp = server; if ((sep = strchr_m(tmp, '/')) == NULL) { @@ -354,8 +363,7 @@ done: static int get_exit_code(struct cli_state * cli, - NTSTATUS nt_status, - bool use_kerberos) + NTSTATUS nt_status) { int i; @@ -382,10 +390,7 @@ get_exit_code(struct cli_state * cli, } if (cli) { - if (use_kerberos) - fputs("ATTR: auth-info-required=negotiate\n", stderr); - else - fputs("ATTR: auth-info-required=username,password\n", stderr); + fprintf(stderr, "ATTR: auth-info-required=%s\n", auth_info_required); } /* @@ -454,6 +459,7 @@ smb_complete_connection(const char *myname, } if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) { + auth_info_required = "negotiate"; use_kerberos = true; } @@ -476,7 +482,7 @@ smb_complete_connection(const char *myname, if (!NT_STATUS_IS_OK(nt_status)) { fprintf(stderr, "ERROR: Session setup failed: %s\n", nt_errstr(nt_status)); - if (get_exit_code(cli, nt_status, use_kerberos) == 2) { + if (get_exit_code(cli, nt_status) == 2) { *need_auth = true; } @@ -490,7 +496,7 @@ smb_complete_connection(const char *myname, fprintf(stderr, "ERROR: Tree connect failed (%s)\n", nt_errstr(nt_status)); - if (get_exit_code(cli, nt_status, use_kerberos) == 2) { + if (get_exit_code(cli, nt_status) == 2) { *need_auth = true; } @@ -679,7 +685,7 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ if (!NT_STATUS_IS_OK(nt_status)) { fprintf(stderr, "ERROR: %s opening remote spool %s\n", nt_errstr(nt_status), title); - return get_exit_code(cli, nt_status, false); + return get_exit_code(cli, nt_status); } /* @@ -697,7 +703,7 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ status = cli_writeall(cli, fnum, 0, (uint8_t *)buffer, tbytes, nbytes, NULL); if (!NT_STATUS_IS_OK(status)) { - int ret = get_exit_code(cli, status, false); + int ret = get_exit_code(cli, status); fprintf(stderr, "ERROR: Error writing spool: %s\n", nt_errstr(status)); fprintf(stderr, "DEBUG: Returning status %d...\n", @@ -713,7 +719,7 @@ smb_print(struct cli_state * cli, /* I - SMB connection */ if (!NT_STATUS_IS_OK(nt_status)) { fprintf(stderr, "ERROR: %s closing remote spool %s\n", nt_errstr(nt_status), title); - return get_exit_code(cli, nt_status, false); + return get_exit_code(cli, nt_status); } else { return (0); } |