From a3d2e647f4608983498faf218f22596958915c93 Mon Sep 17 00:00:00 2001 From: Vitezslav Crhonek Date: Mon, 28 Nov 2022 10:37:53 +0100 Subject: [PATCH] Improve handling of HTTP 401 Unauthorized, add gating.yaml Resolves: #2127416 --- gating.yaml | 6 ++ http-unauthorized-improve.patch | 127 ++++++++++++++++++++++++++++++++ wsmancli.spec | 8 +- 3 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 gating.yaml create mode 100644 http-unauthorized-improve.patch diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..c190bde --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/http-unauthorized-improve.patch b/http-unauthorized-improve.patch new file mode 100644 index 0000000..d3f9153 --- /dev/null +++ b/http-unauthorized-improve.patch @@ -0,0 +1,127 @@ +diff -up wsmancli-2.6.0/src/wsman.c.orig wsmancli-2.6.0/src/wsman.c +--- wsmancli-2.6.0/src/wsman.c.orig 2015-06-11 10:50:04.000000000 +0200 ++++ wsmancli-2.6.0/src/wsman.c 2022-11-28 10:29:08.644509669 +0100 +@@ -63,7 +63,11 @@ static char *cert = NULL; + static char *sslkey = NULL; + static char *endpoint = NULL; + static char *username = NULL; ++static char *username_given = NULL; /* copy of either the username from env or cmdline*/ ++static char *username_prev = NULL; /* input username to request_usr_pwd() when called last time */ + static char *password = NULL; ++static char *password_given = NULL; /* copy of either the password from env or cmdline */ ++static char *password_prev = NULL; /* input password to request_usr_pwd() when called last time */ + static char *server = "localhost"; + static char *agent = NULL; + static char *url_path = NULL; +@@ -495,28 +499,79 @@ request_usr_pwd( WsManClient *client, ws + char user[21]; + char *p; + +- fprintf(stdout,"Authentication failed, please retry\n"); +- /* +- fprintf(stdout, "%s authentication is used\n", +- wsmc_transport_get_auth_name( auth)); +- */ +- printf("User name: "); +- fflush(stdout); +- if ( (p = fgets(user, 20, stdin) ) != NULL ) +- { +- +- if (strchr(user, '\n')) +- (*(strchr(user, '\n'))) = '\0'; +- *username = u_strdup_printf ("%s", user); +- } else { +- *username = NULL; ++ /* ++ * fprintf(stdout,"Authentication failed, please retry\n"); ++ * ++ * this message shall not be printed by this function as it cannot decide on the ++ * reason it was called for. It does not control the authentication process. ++ * wsmc_handler is better suited for such a decision making. ++ */ ++ ++ if (username_given) { ++ if (password_given) { ++ /* Initially provided combination of password and username is not valid. ++ * Request user to type both. Here I assume, that wsmc_handler called back to ++ * this function after trying a first authentication using these credentials. ++ */ ++ } else { ++ /* Initially no password was provided => no authentication tried during first ++ * iteration of while loop in wsmc_handler. Check previously typed credentials ++ */ ++ if (username_prev) { ++ /* This is a second call of this function, assuming only wsmc_handler is using it ++ * as a callback function. Therefore, there must have been a previous attempt to ++ * authenticate, but this previous combination of username and password did not ++ * lead to a successful authentication. Request new credentials, username_prev will ++ * be set each time after user has provided a username. ++ */ ++ } else { ++ /* First time wsmc_handler calls back to this function. No password given on the ++ * command line or via the environment variable. Therefore wsmc_handler cannot ++ * have tried http authentication. A username was given on the command line or ++ * via an environment variable. And the user wants us to try this name at least ++ * at first. So, let's do him a favour and use it. When we are called back again, ++ * we will ask the user to provide a new name or the same, but a different password. ++ */ ++ *username = u_strdup(username_given); ++ } ++ } ++ } ++ ++ if (*username == NULL) { ++ printf("User name: "); ++ fflush(stdout); ++ if ( (p = fgets(user, 20, stdin) ) != NULL ) ++ { ++ if (strchr(user, '\n')) ++ (*(strchr(user, '\n'))) = '\0'; ++ *username = u_strdup_printf ("%s", user); ++ } else { ++ *username = NULL; ++ } ++ } ++ ++ /* after successfull receipt of a new username, store a copy at username_prev */ ++ if (*username) { ++ if ( username_prev ) { ++ u_free(username_prev); ++ username_prev = NULL; ++ } ++ username_prev = u_strdup(*username); + } + ++ /* but always ask for the password !? */ + pw = (char *)getpass("Password: "); + *password = u_strdup_printf ("%s", pw); +-} +- + ++ /* make backup, *password will become free'd when next try of http-auth fails */ ++ if (*password) { ++ if (password_prev) { ++ u_free(password_prev); ++ password_prev = NULL; ++ } ++ password_prev = u_strdup(*password); ++ } ++} + + static void + wsman_options_set_properties(client_opt_t *options) +@@ -647,6 +702,14 @@ int main(int argc, char **argv) + exit(EXIT_FAILURE); + } + ++ /* save copies of username or password when given on the command line or via environment variables */ ++ if ( username != NULL ) { ++ username_given = u_strdup(username); ++ } ++ if ( password != NULL ) { ++ password_given = u_strdup(password); ++ } ++ + filename = (char *) config_file; + + if (filename) { diff --git a/wsmancli.spec b/wsmancli.spec index 85408cd..2b01f4e 100644 --- a/wsmancli.spec +++ b/wsmancli.spec @@ -1,6 +1,6 @@ Name: wsmancli Version: 2.6.0 -Release: 15%{?dist} +Release: 16%{?dist} License: BSD Url: http://www.openwsman.org/ # You can get this tarball here: @@ -14,6 +14,7 @@ BuildRequires: openwsman-devel >= 2.1.0 pkgconfig curl-devel BuildRequires: autoconf automake libtool Requires: openwsman curl Patch0: missing-pthread-symbols.patch +Patch1: http-unauthorized-improve.patch Summary: WS-Management-Command line Interface %description @@ -23,6 +24,7 @@ systems using Web Services Management protocol. %prep %setup -q %patch0 -p1 +%patch1 -p1 -b .http-unauthorized-improve cp -fp %SOURCE1 %SOURCE2 %SOURCE3 .; %build @@ -41,6 +43,10 @@ make DESTDIR=%{buildroot} install %doc COPYING README AUTHORS %changelog +* Mon Nov 28 2022 Vitezslav Crhonek - 2.6.0-16 +- Improve handling of HTTP 401 Unauthorized + Resolves: #2127416 + * Tue Aug 10 2021 Mohan Boddu - 2.6.0-15 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688