Allow "Negotiate" as an AuthType/DefaultAuthType, even on systems tha…

…t don't have Kerberos support compiled in. The result will be a run-time access failure that gets logged instead of stopping cupsd (Issue #4947)
apple · Mar 9, 2017 · 42dc144 · 42dc144
1 parent a946858
commit 42dc144
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 9 deletions.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -17,6 +17,8 @@ CHANGES IN CUPS V2.2.3
 	  supported by the printer (Issue #4953)
 	- The IPP Everywhere PPD generator did not return useful error messages
 	  (Issue #4954)
+	- The default cupsd.conf file did not work on systems compiled without
+	  Kerberos support (Issue #4947)
 	- Fixed some localization issues on macOS (<rdar://problem/27245567>)
 
 

diff --git a/scheduler/client.c b/scheduler/client.c
@@ -2349,17 +2349,15 @@ cupsdSendHeader(
 
     if (auth_type == CUPSD_AUTH_BASIC)
       strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
-#ifdef HAVE_GSSAPI
     else if (auth_type == CUPSD_AUTH_NEGOTIATE)
     {
-#  ifdef AF_LOCAL
+#ifdef AF_LOCAL
       if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
         strlcpy(auth_str, "Basic realm=\"CUPS\"", sizeof(auth_str));
       else
-#  endif /* AF_LOCAL */
+#endif /* AF_LOCAL */
       strlcpy(auth_str, "Negotiate", sizeof(auth_str));
     }
-#endif /* HAVE_GSSAPI */
 
     if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE &&
         !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost"))

diff --git a/scheduler/conf.c b/scheduler/conf.c
@@ -1,7 +1,7 @@
 /*
  * Configuration routines for the CUPS scheduler.
  *
- * Copyright 2007-2016 by Apple Inc.
+ * Copyright 2007-2017 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
  * These coded instructions, statements, and computer programs are the
@@ -2233,15 +2233,13 @@ parse_aaa(cupsd_location_t *loc,	/* I - Location */
       if (loc->level == CUPSD_AUTH_ANON)
 	loc->level = CUPSD_AUTH_USER;
     }
-#ifdef HAVE_GSSAPI
     else if (!_cups_strcasecmp(value, "negotiate"))
     {
       loc->type = CUPSD_AUTH_NEGOTIATE;
 
       if (loc->level == CUPSD_AUTH_ANON)
 	loc->level = CUPSD_AUTH_USER;
     }
-#endif /* HAVE_GSSAPI */
     else
     {
       cupsdLogMessage(CUPSD_LOG_WARN,
@@ -3175,10 +3173,8 @@ read_cupsd_conf(cups_file_t *fp)	/* I - File to read from */
 	default_auth_type = CUPSD_AUTH_NONE;
       else if (!_cups_strcasecmp(value, "basic"))
 	default_auth_type = CUPSD_AUTH_BASIC;
-#ifdef HAVE_GSSAPI
       else if (!_cups_strcasecmp(value, "negotiate"))
         default_auth_type = CUPSD_AUTH_NEGOTIATE;
-#endif /* HAVE_GSSAPI */
       else if (!_cups_strcasecmp(value, "auto"))
         default_auth_type = CUPSD_AUTH_AUTO;
       else