import openwsman-2.6.8-23.el9

i9c changed/i9c/openwsman-2.6.8-23.el9
MSVSphere Packaging Team 2 years ago
parent 6e3ac96e91
commit 2bfba9dd3d

@ -0,0 +1,56 @@
diff -up openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.8/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.8/src/lib/wsman-curl-client-transport.c.orig 2022-11-24 10:02:08.114053046 +0100
+++ openwsman-2.6.8/src/lib/wsman-curl-client-transport.c 2022-11-24 10:02:08.119053046 +0100
@@ -455,6 +455,7 @@ wsmc_handler( WsManClient *cl,
long http_code;
long auth_avail = 0;
char *_user = NULL, *_pass = NULL;
+ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */
u_buf_t *response = NULL;
//char *soapaction;
char *tmp_str = NULL;
@@ -554,6 +555,7 @@ wsmc_handler( WsManClient *cl,
_user = wsmc_get_user(cl);
_pass = wsmc_get_password(cl);
if (_user && _pass && cl->data.auth_set) {
+ _no_auth = 0;
r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
if (r != CURLE_OK) {
cl->fault_string = u_strdup(curl_easy_strerror(r));
@@ -574,6 +576,11 @@ wsmc_handler( WsManClient *cl,
curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
goto DONE;
}
+ } else {
+ /* request without user credentials, remember this for
+ * later use when it might become necessary to print an error message
+ */
+ _no_auth = 1;
}
if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
@@ -606,6 +613,24 @@ wsmc_handler( WsManClient *cl,
break;
case 401:
// The server requires authentication.
+ /* RFC 2616 states:
+ *
+ * If the request already included Authorization credentials, then the 401
+ * response indicates that authorization has been refused for those
+ * credentials. If the 401 response contains the same challenge as the
+ * prior response, and the user agent has already attempted
+ * authentication at least once, then the user SHOULD be presented the
+ * entity that was given in the response, since that entity might
+ * include relevant diagnostic information.
+ */
+ if (_no_auth == 0) {
+ /* no authentication credentials were used. It is only
+ * possible to write a message about the current situation. There
+ * is no information about the last attempt to access the resource.
+ * Maybe at a later point in time I will implement more state information.
+ */
+ fprintf(stdout,"Authentication failed, please retry\n");
+ }
break;
default:
// The status code does not indicate success.

@ -3,7 +3,7 @@
Name: openwsman
Version: 2.6.8
Release: 22%{?dist}
Release: 23%{?dist}
Summary: Open source Implementation of WS-Management
License: BSD
@ -23,6 +23,7 @@ Patch5: openwsman-2.6.5-libcurl-error-codes-update.patch
Patch6: openwsman-2.6.8-CVE-2019-3816.patch
Patch7: openwsman-2.6.8-CVE-2019-3833.patch
Patch8: openwsman-2.6.8-update-ssleay-conf.patch
Patch9: openwsman-2.6.8-http-unauthorized-improve.patch
BuildRequires: make
BuildRequires: swig
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
@ -135,6 +136,7 @@ You can use it to send shell commands to a remote Windows hosts.
%patch6 -p1 -b .CVE-2019-3816
%patch7 -p1 -b .CVE-2019-3833
%patch8 -p1 -b .update-ssleay-conf
%patch9 -p1 -b .http-unauthorized-improve
%build
# Removing executable permissions on .c and .h files to fix rpmlint warnings.
@ -291,6 +293,10 @@ rm -f /var/log/wsmand.log
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.6.8-22
- Rebuilt for MSVSphere 9.1.
* Thu Nov 24 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.8-23
- Improve handling of HTTP 401 Unauthorized
Resolves: #2127415
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.8-22
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

Loading…
Cancel
Save