import openwsman-2.6.5-9.el8
This commit is contained in:
parent
20363294d2
commit
41cec3662f
56
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch
Normal file
56
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
|
||||||
|
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2022-09-08 10:36:46.265107915 +0200
|
||||||
|
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2022-09-08 10:36:46.273107919 +0200
|
||||||
|
@@ -452,6 +452,7 @@ wsmc_handler( WsManClient *cl,
|
||||||
|
long http_code;
|
||||||
|
long auth_avail = 0;
|
||||||
|
char *_user = NULL, *_pass = NULL;
|
||||||
|
+ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */
|
||||||
|
u_buf_t *response = NULL;
|
||||||
|
//char *soapaction;
|
||||||
|
char *tmp_str = NULL;
|
||||||
|
@@ -551,6 +552,7 @@ wsmc_handler( WsManClient *cl,
|
||||||
|
_user = wsmc_get_user(cl);
|
||||||
|
_pass = wsmc_get_password(cl);
|
||||||
|
if (_user && _pass && cl->data.auth_set) {
|
||||||
|
+ _no_auth = 0;
|
||||||
|
r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
|
||||||
|
if (r != CURLE_OK) {
|
||||||
|
cl->fault_string = u_strdup(curl_easy_strerror(r));
|
||||||
|
@@ -571,6 +573,11 @@ wsmc_handler( WsManClient *cl,
|
||||||
|
curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
|
||||||
|
goto DONE;
|
||||||
|
}
|
||||||
|
+ } else {
|
||||||
|
+ /* request without user credentials, remember this for
|
||||||
|
+ * later use when it might become necessary to print an error message
|
||||||
|
+ */
|
||||||
|
+ _no_auth = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
|
||||||
|
@@ -603,6 +610,24 @@ wsmc_handler( WsManClient *cl,
|
||||||
|
break;
|
||||||
|
case 401:
|
||||||
|
// The server requires authentication.
|
||||||
|
+ /* RFC 2616 states:
|
||||||
|
+ *
|
||||||
|
+ * If the request already included Authorization credentials, then the 401
|
||||||
|
+ * response indicates that authorization has been refused for those
|
||||||
|
+ * credentials. If the 401 response contains the same challenge as the
|
||||||
|
+ * prior response, and the user agent has already attempted
|
||||||
|
+ * authentication at least once, then the user SHOULD be presented the
|
||||||
|
+ * entity that was given in the response, since that entity might
|
||||||
|
+ * include relevant diagnostic information.
|
||||||
|
+ */
|
||||||
|
+ if (_no_auth == 0) {
|
||||||
|
+ /* no authentication credentials were used. It is only
|
||||||
|
+ * possible to write a message about the current situation. There
|
||||||
|
+ * is no information about the last attempt to access the resource.
|
||||||
|
+ * Maybe at a later point in time I will implement more state information.
|
||||||
|
+ */
|
||||||
|
+ fprintf(stdout,"Authentication failed, please retry\n");
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
// The status code does not indicate success.
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: openwsman
|
Name: openwsman
|
||||||
Version: 2.6.5
|
Version: 2.6.5
|
||||||
Release: 7%{?dist}
|
Release: 9%{?dist}
|
||||||
Summary: Open source Implementation of WS-Management
|
Summary: Open source Implementation of WS-Management
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
@ -23,6 +23,7 @@ Patch5: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
|
|||||||
Patch6: openwsman-2.6.5-CVE-2019-3816.patch
|
Patch6: openwsman-2.6.5-CVE-2019-3816.patch
|
||||||
# Patch7: fixes CVE-2019-3833, rhbz#1687865
|
# Patch7: fixes CVE-2019-3833, rhbz#1687865
|
||||||
Patch7: openwsman-2.6.5-CVE-2019-3833.patch
|
Patch7: openwsman-2.6.5-CVE-2019-3833.patch
|
||||||
|
Patch8: openwsman-2.6.5-http-unauthorized-improve.patch
|
||||||
BuildRequires: swig
|
BuildRequires: swig
|
||||||
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
|
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
|
||||||
BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
|
BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
|
||||||
@ -131,6 +132,7 @@ You can use it to send shell commands to a remote Windows hosts.
|
|||||||
%patch5 -p1 -b .fix-set-cipher-list-retval-check
|
%patch5 -p1 -b .fix-set-cipher-list-retval-check
|
||||||
%patch6 -p1 -b .CVE-2019-3816
|
%patch6 -p1 -b .CVE-2019-3816
|
||||||
%patch7 -p1 -b .CVE-2019-3833
|
%patch7 -p1 -b .CVE-2019-3833
|
||||||
|
%patch8 -p1 -b .http-unauthorized-improve
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Removing executable permissions on .c and .h files to fix rpmlint warnings.
|
# Removing executable permissions on .c and .h files to fix rpmlint warnings.
|
||||||
@ -287,6 +289,14 @@ rm -f /var/log/wsmand.log
|
|||||||
%{_bindir}/winrs
|
%{_bindir}/winrs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 20 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-9
|
||||||
|
- Rebuild
|
||||||
|
Related: #2124894
|
||||||
|
|
||||||
|
* Thu Sep 08 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-8
|
||||||
|
- Improve handling of HTTP 401 Unauthorized
|
||||||
|
Resolves: #2124894
|
||||||
|
|
||||||
* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
|
* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
|
||||||
- Fix CVE-2019-3833
|
- Fix CVE-2019-3833
|
||||||
Resolves: #1687865
|
Resolves: #1687865
|
||||||
|
Loading…
Reference in New Issue
Block a user