Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for foreign authentication #2268

Closed
michaelrsweet opened this issue Mar 1, 2007 · 1 comment
Closed

Add support for foreign authentication #2268

michaelrsweet opened this issue Mar 1, 2007 · 1 comment
Labels
Milestone

Comments

@michaelrsweet
Copy link
Collaborator

@michaelrsweet michaelrsweet commented Mar 1, 2007

Version: 1.3-feature
CUPS.org User: mike

Since remote jobs may be queued on systems with foreign authentication systems (i.e. not the same one as used for the local system), we need to add support for passing this information to the backend.

This can be done by adding the following new attributes:

auth-info (1setOf name(MAX))

This job template attribute specifies the authentication information to use for the job, and must be passed in the same order and amount as specified by the auth-info-required attribute.

auth-info-required (1setOf Type3 keyword)

This printer attribute describes the type of authentication information that is required when submitting or authorizing a print job. The current implementation will support the following four values: "none", "domain", "username", and "password". Only "none", "username,password" (2 values), and "domain,username,password" (3 values) are accepted at this time.

auth-info-supported (1setOf Type3 keyword)

This printer attribute lists the locally-supported auth-info value types: "none", "domain", "username", and "password".

....

SCHEDULER CHANGES

The Create-Job, Print-Job, Set-Job-Attributes, and CUPS-Authenticate-Job operations will be updated to accept the auth-info attribute. When present, the auth-info value will be cached instead of the HTTP authentication data. However, if the auth-info value is passed without encryption over a network channel, a 426 (upgrade required) status will be returned to force the client to re-send with encryption.

The CUPS-Add-Modify-Printer and CUPS-Add-Modify-Class operations will be updated to support setting of the auth-info-required attribute.

The Get-Printer-Attributes, CUPS-Get-Printers, CUPS-Get-Classes, and CUPS-Get-Default operations will be updated to return the auth-info-supported and auth-info-required values (mostly in cupsdSetPrinterAttributes and cupsdCreateCommonData, with a hook for -supported in create_requested_array)

A new AuthRequired directive will be added to printers.conf and classes.conf, and int num_auth_required and char **auth_required members will be added to the cupsd_printers_t structure.

The directory service code will be updated to include the auth-info-required value in all advertisements and to parse that value into the corresponding local attribute.

Setting auth-info-required to anything other than "none" sets the "need authentication" bit in the printer-type value.

....

CUPS API

The cupsDoRequest() and cupsDoFileRequest() functions will be modified to look for the auth-info attribute and upgrade to an encrypted connection if they are present and the connection is networked.

cupsGetDests will be updated to include the auth-info-required attribute.

_ippFindOption will be updated to return the appropriate values for the auth-info attributes.

....

BACKENDS

Backends will continue to get the authentication information from the cache file (aNNNNN in the spool directory, where NNNNN is the job ID). The format of this file is one authentication value per line, with each value Base64-encoded.

When the authentication fails, backends can send an "ATTR: auth-info-required=..." message to stderr to reconfigure the auth-info-required attribute on the queue, and then exit with code 2 to indicate that authentication is required.

@michaelrsweet
Copy link
Collaborator Author

@michaelrsweet michaelrsweet commented Mar 23, 2007

CUPS.org User: mike

Fixed in Subversion repository.

@michaelrsweet michaelrsweet added this to the Stable milestone Mar 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.