diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2021-04-05 15:57:50 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2021-04-05 15:57:50 -0400 |
commit | 064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6 (patch) | |
tree | 45145c8db9a634af861cb1ed87a7378837e72763 /cups/tls-sspi.c | |
parent | 6918883fba4942931dc455b32545d6edf18dec5c (diff) | |
download | cups-064e50fb06e83e6c1756e2a81c2fcbd4d6fca8e6.tar.gz |
Import all of the bug fixes from the OpenPrinting CUPS repository.
Import the improvements to ippeveprinter from OpenPrinting/ippsample.
Import the improvements to ippfind and ipptool from OpenPrinting/ippsample.
Diffstat (limited to 'cups/tls-sspi.c')
-rw-r--r-- | cups/tls-sspi.c | 91 |
1 files changed, 42 insertions, 49 deletions
diff --git a/cups/tls-sspi.c b/cups/tls-sspi.c index ccbdf8aaf..52ded5f21 100644 --- a/cups/tls-sspi.c +++ b/cups/tls-sspi.c @@ -1332,8 +1332,6 @@ http_sspi_client(http_t *http, /* I - Client connection */ SecBufferDesc outBuffer; /* Array of SecBuffer structs */ SecBuffer outBuffers[1]; /* Security package buffer */ int ret = 0; /* Return value */ - char username[1024], /* Current username */ - common_name[1024]; /* CN=username */ DEBUG_printf(("4http_sspi_client(http=%p, hostname=\"%s\")", http, hostname)); @@ -1349,16 +1347,11 @@ http_sspi_client(http_t *http, /* I - Client connection */ * Lookup the client certificate... */ - dwSize = sizeof(username); - GetUserNameA(username, &dwSize); - snprintf(common_name, sizeof(common_name), "CN=%s", username); - - if (!http_sspi_find_credentials(http, L"ClientContainer", common_name)) - if (!http_sspi_make_credentials(http->tls, L"ClientContainer", common_name, _HTTP_MODE_CLIENT, 10)) - { - DEBUG_puts("5http_sspi_client: Unable to get client credentials."); - return (-1); - } + if (!http_sspi_find_credentials(http, L"ClientContainer", NULL)) + { + DEBUG_puts("5http_sspi_client: Unable to get client credentials."); + return (-1); + } /* * Initiate a ClientHello message and generate a token. @@ -1711,48 +1704,55 @@ http_sspi_find_credentials( goto cleanup; } - dwSize = 0; - - if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL)) + if (common_name) { - DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); - ok = FALSE; - goto cleanup; - } + dwSize = 0; - p = (PBYTE)malloc(dwSize); + if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL)) + { + DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + ok = FALSE; + goto cleanup; + } - if (!p) - { - DEBUG_printf(("5http_sspi_find_credentials: malloc failed for %d bytes.", dwSize)); - ok = FALSE; - goto cleanup; - } + p = (PBYTE)malloc(dwSize); - if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL)) - { - DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); - ok = FALSE; - goto cleanup; - } + if (!p) + { + DEBUG_printf(("5http_sspi_find_credentials: malloc failed for %d bytes.", dwSize)); + ok = FALSE; + goto cleanup; + } - sib.cbData = dwSize; - sib.pbData = p; + if (!CertStrToNameA(X509_ASN_ENCODING, common_name, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL)) + { + DEBUG_printf(("5http_sspi_find_credentials: CertStrToName failed: %s", http_sspi_strerror(sspi->error, sizeof(sspi->error), GetLastError()))); + ok = FALSE; + goto cleanup; + } - storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &sib, NULL); + sib.cbData = dwSize; + sib.pbData = p; - if (!storedContext) - { - DEBUG_printf(("5http_sspi_find_credentials: Unable to find credentials for \"%s\".", common_name)); - ok = FALSE; - goto cleanup; + storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &sib, NULL); + + if (!storedContext) + { + DEBUG_printf(("5http_sspi_find_credentials: Unable to find credentials for \"%s\".", common_name)); + ok = FALSE; + goto cleanup; + } } ZeroMemory(&SchannelCred, sizeof(SchannelCred)); SchannelCred.dwVersion = SCHANNEL_CRED_VERSION; - SchannelCred.cCreds = 1; - SchannelCred.paCred = &storedContext; + + if (common_name) + { + SchannelCred.cCreds = 1; + SchannelCred.paCred = &storedContext; + } /* * Set supported protocols (can also be overriden in the registry...) @@ -2018,13 +2018,6 @@ http_sspi_make_credentials( SchannelCred.paCred = &storedContext; /* - * SSPI doesn't seem to like it if grbitEnabledProtocols is set for a client. - */ - - if (mode == _HTTP_MODE_SERVER) - SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1; - - /* * Create an SSPI credential. */ |