From 586aec19b11a97ce3a13d97470df136d36f6dda7 Mon Sep 17 00:00:00 2001 From: Vitezslav Crhonek Date: Wed, 20 Jul 2022 08:37:49 +0200 Subject: [PATCH] Improve handling of HTTP 401 Unauthorized Signed-off-by: Vitezslav Crhonek --- ...sman-2.7.1-http-unauthorized-improve.patch | 56 +++++++++++++++++++ openwsman.spec | 7 ++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 openwsman-2.7.1-http-unauthorized-improve.patch diff --git a/openwsman-2.7.1-http-unauthorized-improve.patch b/openwsman-2.7.1-http-unauthorized-improve.patch new file mode 100644 index 0000000..2351ada --- /dev/null +++ b/openwsman-2.7.1-http-unauthorized-improve.patch @@ -0,0 +1,56 @@ +diff -up openwsman-2.7.1/src/lib/wsman-curl-client-transport.c.orig openwsman-2.7.1/src/lib/wsman-curl-client-transport.c +--- openwsman-2.7.1/src/lib/wsman-curl-client-transport.c.orig 2021-04-07 17:25:55.000000000 +0200 ++++ openwsman-2.7.1/src/lib/wsman-curl-client-transport.c 2022-07-19 09:25:22.435355610 +0200 +@@ -459,6 +459,7 @@ wsmc_handler( WsManClient *cl, + long http_code; + long auth_avail = 0; + char *_user = NULL, *_pass = NULL; ++ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */ + u_buf_t *response = NULL; + //char *soapaction; + char *tmp_str = NULL; +@@ -564,6 +565,7 @@ wsmc_handler( WsManClient *cl, + _user = wsmc_get_user(cl); + _pass = wsmc_get_password(cl); + if (_user && _pass && cl->data.auth_set) { ++ _no_auth = 0; + r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set); + if (r != CURLE_OK) { + cl->fault_string = u_strdup(curl_easy_strerror(r)); +@@ -584,6 +586,11 @@ wsmc_handler( WsManClient *cl, + curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed"); + goto DONE; + } ++ } else { ++ /* request without user credentials, remember this for ++ * later use when it might become necessary to print an error message ++ */ ++ _no_auth = 1; + } + + if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) { +@@ -616,6 +623,24 @@ wsmc_handler( WsManClient *cl, + break; + case 401: + // The server requires authentication. ++ /* RFC 2616 states: ++ * ++ * If the request already included Authorization credentials, then the 401 ++ * response indicates that authorization has been refused for those ++ * credentials. If the 401 response contains the same challenge as the ++ * prior response, and the user agent has already attempted ++ * authentication at least once, then the user SHOULD be presented the ++ * entity that was given in the response, since that entity might ++ * include relevant diagnostic information. ++ */ ++ if (_no_auth == 0) { ++ /* no authentication credentials were used. It is only ++ * possible to write a message about the current situation. There ++ * is no information about the last attempt to access the resource. ++ * Maybe at a later point in time I will implement more state information. ++ */ ++ fprintf(stdout,"Authentication failed, please retry\n"); ++ } + break; + default: + // The status code does not indicate success. diff --git a/openwsman.spec b/openwsman.spec index b5bd85d..04da9cf 100644 --- a/openwsman.spec +++ b/openwsman.spec @@ -25,7 +25,7 @@ Name: openwsman Version: 2.7.1 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Open source Implementation of WS-Management License: BSD @@ -49,6 +49,7 @@ Patch2: openwsman-2.4.12-ruby-binding-build.patch Patch3: openwsman-2.6.2-openssl-1.1-fix.patch Patch4: openwsman-2.6.5-http-status-line.patch Patch5: openwsman-2.6.8-update-ssleay-conf.patch +Patch6: openwsman-2.7.1-http-unauthorized-improve.patch BuildRequires: make BuildRequires: swig BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel @@ -191,6 +192,7 @@ Custom SELinux policy module %patch3 -p1 -b .openssl-1.1-fix %patch4 -p1 -b .http-status-line %patch5 -p1 -b .update-ssleay-conf +%patch6 -p1 -b .http-unauthorized-improve %build # Removing executable permissions on .c and .h files to fix rpmlint warnings. @@ -412,6 +414,9 @@ fi %endif %changelog +* Wed Jul 20 2022 Vitezslav Crhonek - 2.7.1-6 +- Improve handling of HTTP 401 Unauthorized + * Wed Jun 15 2022 Python Maint - 2.7.1-5 - Rebuilt for Python 3.11