diff options
| author | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-10-15 17:34:21 -0400 |
|---|---|---|
| committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-10-15 17:34:21 -0400 |
| commit | ec8beb8952388a3ce650cc1477cd386546ed7318 (patch) | |
| tree | d0e46ac82a57ee6890f80ba74b7fd705abb8e4ad /cups | |
| parent | 4c793ee9ce18bf6315de14fea3ccb9d2a66c76b2 (diff) | |
| download | cups-ec8beb8952388a3ce650cc1477cd386546ed7318.tar.gz | |
Add support for DigestOptions directive in client.conf (Issue #5647)
Diffstat (limited to 'cups')
| -rw-r--r-- | cups/auth.c | 2 | ||||
| -rw-r--r-- | cups/cups-private.h | 7 | ||||
| -rw-r--r-- | cups/http-support.c | 9 | ||||
| -rw-r--r-- | cups/usersys.c | 33 |
4 files changed, 46 insertions, 5 deletions
diff --git a/cups/auth.c b/cups/auth.c index 634ed1fba..db45bbba6 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -289,7 +289,7 @@ cupsDoAuthentication( if (_httpSetDigestAuthString(http, nonce, method, resource)) { - DEBUG_puts("2cupsDoAuthentication: Using Basic."); + DEBUG_puts("2cupsDoAuthentication: Using Digest."); break; } } diff --git a/cups/cups-private.h b/cups/cups-private.h index f1b052a30..aeba7176b 100644 --- a/cups/cups-private.h +++ b/cups/cups-private.h @@ -57,6 +57,12 @@ typedef struct _cups_raster_error_s /**** Error buffer structure ****/ *end; /* End of buffer */ } _cups_raster_error_t; +typedef enum _cups_digestoptions_e /**** Digest Options values */ +{ + _CUPS_DIGESTOPTIONS_NONE, /* No Digest authentication options */ + _CUPS_DIGESTOPTIONS_DENYMD5 /* Do not use MD5 hashes for digest */ +} _cups_digestoptions_t; + typedef enum _cups_uatokens_e /**** UserAgentTokens values */ { _CUPS_UATOKENS_NONE, /* Do not send User-Agent */ @@ -157,6 +163,7 @@ typedef struct _cups_globals_s /**** CUPS global state data ****/ char tempfile[1024]; /* cupsTempFd/File buffer */ /* usersys.c */ + _cups_digestoptions_t digestoptions; /* DigestOptions setting */ _cups_uatokens_t uatokens; /* UserAgentTokens setting */ http_encryption_t encryption; /* Encryption setting */ char user[65], /* User name */ diff --git a/cups/http-support.c b/cups/http-support.c index 6d8607140..824b8dcf1 100644 --- a/cups/http-support.c +++ b/cups/http-support.c @@ -1,7 +1,7 @@ /* * HTTP support routines for CUPS. * - * Copyright 2007-2018 by Apple Inc. + * Copyright 2007-2019 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -1321,6 +1321,7 @@ _httpSetDigestAuthString( digest[1024]; /* Digest auth data */ unsigned char hash[32]; /* Hash buffer */ size_t hashsize; /* Size of hash */ + _cups_globals_t *cg = _cupsGlobals(); /* Per-thread globals */ DEBUG_printf(("2_httpSetDigestAuthString(http=%p, nonce=\"%s\", method=\"%s\", resource=\"%s\")", (void *)http, nonce, method, resource)); @@ -1363,6 +1364,12 @@ _httpSetDigestAuthString( * RFC 2617 Digest with MD5 */ + if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5) + { + DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled."); + return (0); + } + hashalg = "md5"; } else if (!_cups_strcasecmp(http->algorithm, "SHA-256")) diff --git a/cups/usersys.c b/cups/usersys.c index 497681e27..3acfd2bd9 100644 --- a/cups/usersys.c +++ b/cups/usersys.c @@ -40,6 +40,8 @@ # define kCUPSPrintingPrefs CFSTR(".GlobalPreferences") # define kPREFIX "AirPrint" # endif /* TARGET_OS_OSX */ +# define kDigestOptionsKey CFSTR(kPREFIX "DigestOptions") +# define kUserKey CFSTR(kPREFIX "User") # define kUserAgentTokensKey CFSTR(kPREFIX "UserAgentTokens") # define kAllowAnyRootKey CFSTR(kPREFIX "AllowAnyRoot") # define kAllowExpiredCertsKey CFSTR(kPREFIX "AllowExpiredCerts") @@ -63,6 +65,7 @@ typedef struct _cups_client_conf_s /**** client.conf config data ****/ { + _cups_digestoptions_t digestoptions; /* DigestOptions values */ _cups_uatokens_t uatokens; /* UserAgentTokens values */ #ifdef HAVE_SSL int ssl_options, /* SSLOptions values */ @@ -97,6 +100,7 @@ static void cups_finalize_client_conf(_cups_client_conf_t *cc); static void cups_init_client_conf(_cups_client_conf_t *cc); static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc); static void cups_set_default_ipp_port(_cups_globals_t *cg); +static void cups_set_digestoptions(_cups_client_conf_t *cc, const char *value); static void cups_set_encryption(_cups_client_conf_t *cc, const char *value); #ifdef HAVE_GSSAPI static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value); @@ -1324,10 +1328,14 @@ cups_init_client_conf( cc->validate_certs = bval; # endif /* HAVE_SSL */ + if (cups_apple_get_string(kDigestOptionsKey, sval, sizeof(sval))) + cups_set_digestoptions(cc, sval); + + if (cups_apple_get_string(kUserKey, sval, sizeof(sval))) + strlcpy(cc->user, sval, sizeof(cc->user)); + if (cups_apple_get_string(kUserAgentTokensKey, sval, sizeof(sval))) - { cups_set_uatokens(cc, sval); - } #endif /* __APPLE__ */ } @@ -1353,7 +1361,9 @@ cups_read_client_conf( linenum = 0; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) { - if (!_cups_strcasecmp(line, "Encryption") && value) + if (!_cups_strcasecmp(line, "DigestOptions") && value) + cups_set_digestoptions(cc, value); + else if (!_cups_strcasecmp(line, "Encryption") && value) cups_set_encryption(cc, value); #ifndef __APPLE__ /* @@ -1408,6 +1418,23 @@ cups_set_default_ipp_port( cg->ipp_port = CUPS_DEFAULT_IPP_PORT; } + +/* + * 'cups_set_digestoptions()' - Set the DigestOptions value. + */ + +static void +cups_set_digestoptions( + _cups_client_conf_t *cc, /* I - client.conf values */ + const char *value) /* I - Value */ +{ + if (!_cups_strcasecmp(value, "DenyMD5")) + cc->digestoptions = _CUPS_DIGESTOPTIONS_DENYMD5; + else if (!_cups_strcasecmp(value, "None")) + cc->digestoptions = _CUPS_DIGESTOPTIONS_NONE; +} + + /* * 'cups_set_encryption()' - Set the Encryption value. */ |