diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2018-04-16 17:16:31 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2018-04-16 17:16:31 -0400 |
commit | 4feb1fe2e5bb9f418f51f5f517f70b451159baa2 (patch) | |
tree | 2c7d8e597ffdfc37a509043042a4c2b865fdc55a /scheduler | |
parent | c944b62ba8ab81f60d8798f4f4005c54f6688c40 (diff) |
- Added a workaround for certain web browsers that do not support multiple
authentication schemes in a single response header (Issue #5289)
Diffstat (limited to 'scheduler')
-rw-r--r-- | scheduler/client.c | 22 | ||||
-rw-r--r-- | scheduler/client.h | 8 |
2 files changed, 22 insertions, 8 deletions
diff --git a/scheduler/client.c b/scheduler/client.c index f388499dc..95c34877d 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -1,13 +1,14 @@ /* * Client routines for the CUPS scheduler. * - * Copyright 2007-2017 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by * Jelmer Vernooij. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -813,6 +814,18 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ if (status == HTTP_STATUS_OK) { + /* + * Record whether the client is a web browser. "Mozilla" was the original + * and it seems that every web browser in existence now uses that as the + * prefix with additional information identifying *which* browser. + * + * Chrome (at least) has problems with multiple WWW-Authenticate values in + * a single header, so we only report Basic or Negotiate to web browsers and + * leave the multiple choices to the native CUPS client... + */ + + con->is_browser = !strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), "Mozilla/", 8); + if (httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0]) { /* @@ -2103,8 +2116,7 @@ cupsdSendHeader( strlcpy(auth_str, "Negotiate", sizeof(auth_str)); } - if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && - !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) + if (con->best && auth_type != CUPSD_AUTH_NEGOTIATE && !con->is_browser && !_cups_strcasecmp(httpGetHostname(con->http, NULL, 0), "localhost")) { /* * Add a "trc" (try root certification) parameter for local non-Kerberos diff --git a/scheduler/client.h b/scheduler/client.h index aaca8279a..fc7af5400 100644 --- a/scheduler/client.h +++ b/scheduler/client.h @@ -1,10 +1,11 @@ /* * Client definitions for the CUPS scheduler. * - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products, all rights reserved. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ #ifdef HAVE_AUTHORIZATION_H @@ -26,6 +27,7 @@ struct cupsd_client_s struct timeval start; /* Request start time */ http_state_t operation; /* Request operation */ off_t bytes; /* Bytes transferred for this request */ + int is_browser; /* Is the client a web browser? */ int type; /* AuthType for username */ char username[HTTP_MAX_VALUE], /* Username from Authorization: line */ |