diff --git a/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch b/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch new file mode 100644 index 0000000..c9cdc45 --- /dev/null +++ b/SOURCES/openwsman-2.6.8-http-unauthorized-improve.patch @@ -0,0 +1,56 @@ +diff -up openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.8/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig 2022-11-24 10:02:08.114053046 +0100 ++++ openwsman-2.6.8/src/lib/wsman-curl-client-transport.c 2022-11-24 10:02:08.119053046 +0100 +@@ -455,6 +455,7 @@ wsmc_handler( WsManClient *cl, + long http_code; + long auth_avail = 0; + char *_user = NULL, *_pass = NULL; ++ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */ + u_buf_t *response = NULL; + //char *soapaction; + char *tmp_str = NULL; +@@ -554,6 +555,7 @@ wsmc_handler( WsManClient *cl, + _user = wsmc_get_user(cl); + _pass = wsmc_get_password(cl); + if (_user && _pass && cl->data.auth_set) { ++ _no_auth = 0; + r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set); + if (r != CURLE_OK) { + cl->fault_string = u_strdup(curl_easy_strerror(r)); +@@ -574,6 +576,11 @@ wsmc_handler( WsManClient *cl, + curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed"); + goto DONE; + } ++ } else { ++ /* request without user credentials, remember this for ++ * later use when it might become necessary to print an error message ++ */ ++ _no_auth = 1; + } + + if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) { +@@ -606,6 +613,24 @@ wsmc_handler( WsManClient *cl, + break; + case 401: + // The server requires authentication. ++ /* RFC 2616 states: ++ * ++ * If the request already included Authorization credentials, then the 401 ++ * response indicates that authorization has been refused for those ++ * credentials. If the 401 response contains the same challenge as the ++ * prior response, and the user agent has already attempted ++ * authentication at least once, then the user SHOULD be presented the ++ * entity that was given in the response, since that entity might ++ * include relevant diagnostic information. ++ */ ++ if (_no_auth == 0) { ++ /* no authentication credentials were used. It is only ++ * possible to write a message about the current situation. There ++ * is no information about the last attempt to access the resource. ++ * Maybe at a later point in time I will implement more state information. ++ */ ++ fprintf(stdout,"Authentication failed, please retry\n"); ++ } + break; + default: + // The status code does not indicate success. diff --git a/SPECS/openwsman.spec b/SPECS/openwsman.spec index fa2c089..6ce9b34 100644 --- a/SPECS/openwsman.spec +++ b/SPECS/openwsman.spec @@ -3,7 +3,7 @@ Name: openwsman Version: 2.6.8 -Release: 22%{?dist} +Release: 23%{?dist} Summary: Open source Implementation of WS-Management License: BSD @@ -23,6 +23,7 @@ Patch5: openwsman-2.6.5-libcurl-error-codes-update.patch Patch6: openwsman-2.6.8-CVE-2019-3816.patch Patch7: openwsman-2.6.8-CVE-2019-3833.patch Patch8: openwsman-2.6.8-update-ssleay-conf.patch +Patch9: openwsman-2.6.8-http-unauthorized-improve.patch BuildRequires: make BuildRequires: swig BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel @@ -135,6 +136,7 @@ You can use it to send shell commands to a remote Windows hosts. %patch6 -p1 -b .CVE-2019-3816 %patch7 -p1 -b .CVE-2019-3833 %patch8 -p1 -b .update-ssleay-conf +%patch9 -p1 -b .http-unauthorized-improve %build # Removing executable permissions on .c and .h files to fix rpmlint warnings. @@ -288,6 +290,10 @@ rm -f /var/log/wsmand.log %{_bindir}/winrs %changelog +* Thu Nov 24 2022 Vitezslav Crhonek - 2.6.8-23 +- Improve handling of HTTP 401 Unauthorized + Resolves: #2127415 + * Mon Aug 09 2021 Mohan Boddu - 2.6.8-22 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688