Import all of the bug fixes from the OpenPrinting CUPS repository.

Import the improvements to ippeveprinter from OpenPrinting/ippsample. Import the improvements to ippfind and ipptool from OpenPrinting/ippsample.
author: Michael R Sweet <michael.r.sweet@gmail.com> 2021-04-05 15:57:50 -0400
committer: Michael R Sweet <michael.r.sweet@gmail.com> 2021-04-05 15:57:50 -0400
commit: 064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6 (patch)
tree: 45145c8db9a634af861cb1ed87a7378837e72763 /cups/tls-sspi.c
parent: 6918883fba4942931dc455b32545d6edf18dec5c (diff)
download: cups-064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6.tar.gz
1 files changed, 42 insertions, 49 deletions
diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c
index ccbdf8aaf..52ded5f21 100644
--- a/cups/tls-sspi.c
+++ b/cups/tls-sspi.c
@@ -1332,8 +1332,6 @@ http_sspi_client(http_t     *http,	/* I - Client connection */
   SecBufferDesc	outBuffer;		/* Array of SecBuffer structs */
   SecBuffer	outBuffers[1];		/* Security package buffer */
   int		ret = 0;		/* Return value */
-  char		username[1024],		/* Current username */
-		common_name[1024];	/* CN=username */
 
 
   DEBUG_printf(("4http_sspi_client(http=%p, hostname=\"%s\")", http, hostname));
@@ -1349,16 +1347,11 @@ http_sspi_client(http_t     *http,	/* I - Client connection */
   * Lookup the client certificate...
   */
 
-  dwSize = sizeof(username);
-  GetUserNameA(username, &dwSize);
-  snprintf(common_name, sizeof(common_name), "CN=%s", username);
-
-  if (!http_sspi_find_credentials(http, L"ClientContainer", common_name))
-    if (!http_sspi_make_credentials(http->tls, L"ClientContainer", common_name, _HTTP_MODE_CLIENT, 10))
-    {
-      DEBUG_puts("5http_sspi_client: Unable to get client credentials.");
-      return (-1);
-    }
+  if (!http_sspi_find_credentials(http, L"ClientContainer", NULL))
+  {
+    DEBUG_puts("5http_sspi_client: Unable to get client credentials.");
+    return (-1);
+  }
 
  /*
   * Initiate a ClientHello message and generate a token.
@@ -1711,48 +1704,55 @@ http_sspi_find_credentials(
     goto cleanup;
   }
 
-  dwSize = 0;
-
-  if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL))
+  if (common_name)
   {
-    DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
-    ok = FALSE;
-    goto cleanup;
-  }
+    dwSize = 0;
 
-  p = (PBYTE)malloc(dwSize);
+    if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL))
+    {
+      DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
+      ok = FALSE;
+      goto cleanup;
+    }
 
-  if (!p)
-  {
-    DEBUG_printf(("5http_sspi_find_credentials: malloc failed for %d bytes.", dwSize));
-    ok = FALSE;
-    goto cleanup;
-  }
+    p = (PBYTE)malloc(dwSize);
 
-  if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL))
-  {
-    DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
-    ok = FALSE;
-    goto cleanup;
-  }
+    if (!p)
+    {
+      DEBUG_printf(("5http_sspi_find_credentials: malloc failed for %d bytes.", dwSize));
+      ok = FALSE;
+      goto cleanup;
+    }
 
-  sib.cbData = dwSize;
-  sib.pbData = p;
+    if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL))
+    {
+      DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError())));
+      ok = FALSE;
+      goto cleanup;
+    }
 
-  storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &sib, NULL);
+    sib.cbData = dwSize;
+    sib.pbData = p;
 
-  if (!storedContext)
-  {
-    DEBUG_printf(("5http_sspi_find_credentials: Unable to find credentials for \"%s\".", common_name));
-    ok = FALSE;
-    goto cleanup;
+    storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &sib, NULL);
+
+    if (!storedContext)
+    {
+      DEBUG_printf(("5http_sspi_find_credentials: Unable to find credentials for \"%s\".", common_name));
+      ok = FALSE;
+      goto cleanup;
+    }
   }
 
   ZeroMemory(&SchannelCred, sizeof(SchannelCred));
 
   SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
-  SchannelCred.cCreds    = 1;
-  SchannelCred.paCred    = &storedContext;
+
+  if (common_name)
+  {
+    SchannelCred.cCreds = 1;
+    SchannelCred.paCred = &storedContext;
+  }
 
  /*
   * Set supported protocols (can also be overriden in the registry...)
@@ -2018,13 +2018,6 @@ http_sspi_make_credentials(
   SchannelCred.paCred    = &storedContext;
 
  /*
-  * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client.
-  */
-
-  if (mode == _HTTP_MODE_SERVER)
-    SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1;
-
- /*
   * Create an SSPI credential.
   */
author	Michael R Sweet <michael.r.sweet@gmail.com>	2021-04-05 15:57:50 -0400
committer	Michael R Sweet <michael.r.sweet@gmail.com>	2021-04-05 15:57:50 -0400
commit	064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6 (patch)
tree	45145c8db9a634af861cb1ed87a7378837e72763 /cups/tls-sspi.c
parent	6918883fba4942931dc455b32545d6edf18dec5c (diff)
download	cups-064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6.tar.gz