Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add support for foreign authentication #2268
Since remote jobs may be queued on systems with foreign authentication systems (i.e. not the same one as used for the local system), we need to add support for passing this information to the backend.
This can be done by adding the following new attributes:
auth-info (1setOf name(MAX))
This job template attribute specifies the authentication information to use for the job, and must be passed in the same order and amount as specified by the auth-info-required attribute.
auth-info-required (1setOf Type3 keyword)
This printer attribute describes the type of authentication information that is required when submitting or authorizing a print job. The current implementation will support the following four values: "none", "domain", "username", and "password". Only "none", "username,password" (2 values), and "domain,username,password" (3 values) are accepted at this time.
auth-info-supported (1setOf Type3 keyword)
This printer attribute lists the locally-supported auth-info value types: "none", "domain", "username", and "password".
The Create-Job, Print-Job, Set-Job-Attributes, and CUPS-Authenticate-Job operations will be updated to accept the auth-info attribute. When present, the auth-info value will be cached instead of the HTTP authentication data. However, if the auth-info value is passed without encryption over a network channel, a 426 (upgrade required) status will be returned to force the client to re-send with encryption.
The CUPS-Add-Modify-Printer and CUPS-Add-Modify-Class operations will be updated to support setting of the auth-info-required attribute.
The Get-Printer-Attributes, CUPS-Get-Printers, CUPS-Get-Classes, and CUPS-Get-Default operations will be updated to return the auth-info-supported and auth-info-required values (mostly in cupsdSetPrinterAttributes and cupsdCreateCommonData, with a hook for -supported in create_requested_array)
A new AuthRequired directive will be added to printers.conf and classes.conf, and int num_auth_required and char **auth_required members will be added to the cupsd_printers_t structure.
The directory service code will be updated to include the auth-info-required value in all advertisements and to parse that value into the corresponding local attribute.
Setting auth-info-required to anything other than "none" sets the "need authentication" bit in the printer-type value.
The cupsDoRequest() and cupsDoFileRequest() functions will be modified to look for the auth-info attribute and upgrade to an encrypted connection if they are present and the connection is networked.
cupsGetDests will be updated to include the auth-info-required attribute.
_ippFindOption will be updated to return the appropriate values for the auth-info attributes.
Backends will continue to get the authentication information from the cache file (aNNNNN in the spool directory, where NNNNN is the job ID). The format of this file is one authentication value per line, with each value Base64-encoded.
When the authentication fails, backends can send an "ATTR: auth-info-required=..." message to stderr to reconfigure the auth-info-required attribute on the queue, and then exit with code 2 to indicate that authentication is required.