Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
O
openwsman
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
staging
rpms
openwsman
Commits
8d866b34
Commit
8d866b34
authored
2 years ago
by
Rocky Automation
Browse files
Options
Downloads
Patches
Plain Diff
import openwsman-2.6.5-8.el8_6
parent
e73411a5
No related branches found
Branches containing commit
Tags
imports/r9/python3.11-3.11.7-1.el9_4.1
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch
+56
-0
56 additions, 0 deletions
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch
SPECS/openwsman.spec
+7
-1
7 additions, 1 deletion
SPECS/openwsman.spec
with
63 additions
and
1 deletion
SOURCES/openwsman-2.6.5-http-unauthorized-improve.patch
0 → 100644
+
56
−
0
View file @
8d866b34
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2022-09-08 10:36:46.265107915 +0200
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2022-09-08 10:36:46.273107919 +0200
@@ -452,6 +452,7 @@
wsmc_handler( WsManClient *cl,
long http_code;
long auth_avail = 0;
char *_user = NULL, *_pass = NULL;
+ int _no_auth = 0; /* 0 if authentication is used, 1 if no authentication was used */
u_buf_t *response = NULL;
//char *soapaction;
char *tmp_str = NULL;
@@ -551,6 +552,7 @@
wsmc_handler( WsManClient *cl,
_user = wsmc_get_user(cl);
_pass = wsmc_get_password(cl);
if (_user && _pass && cl->data.auth_set) {
+ _no_auth = 0;
r = curl_easy_setopt(curl, CURLOPT_HTTPAUTH, cl->data.auth_set);
if (r != CURLE_OK) {
cl->fault_string = u_strdup(curl_easy_strerror(r));
@@ -571,6 +573,11 @@
wsmc_handler( WsManClient *cl,
curl_err("curl_easy_setopt(curl, CURLOPT_USERPWD, ..) failed");
goto DONE;
}
+ } else {
+ /* request without user credentials, remember this for
+ * later use when it might become necessary to print an error message
+ */
+ _no_auth = 1;
}
if (wsman_debug_level_debugged(DEBUG_LEVEL_MESSAGE)) {
@@ -603,6 +610,24 @@
wsmc_handler( WsManClient *cl,
break;
case 401:
// The server requires authentication.
+ /* RFC 2616 states:
+ *
+ * If the request already included Authorization credentials, then the 401
+ * response indicates that authorization has been refused for those
+ * credentials. If the 401 response contains the same challenge as the
+ * prior response, and the user agent has already attempted
+ * authentication at least once, then the user SHOULD be presented the
+ * entity that was given in the response, since that entity might
+ * include relevant diagnostic information.
+ */
+ if (_no_auth == 0) {
+ /* no authentication credentials were used. It is only
+ * possible to write a message about the current situation. There
+ * is no information about the last attempt to access the resource.
+ * Maybe at a later point in time I will implement more state information.
+ */
+ fprintf(stdout,"Authentication failed, please retry\n");
+ }
break;
default:
// The status code does not indicate success.
This diff is collapsed.
Click to expand it.
SPECS/openwsman.spec
+
7
−
1
View file @
8d866b34
...
...
@@ -3,7 +3,7 @@
Name: openwsman
Version: 2.6.5
Release:
7
%{?dist}
Release:
8
%{?dist}
Summary: Open source Implementation of WS-Management
License: BSD
...
...
@@ -23,6 +23,7 @@ Patch5: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch
Patch6: openwsman-2.6.5-CVE-2019-3816.patch
# Patch7: fixes CVE-2019-3833, rhbz#1687865
Patch7: openwsman-2.6.5-CVE-2019-3833.patch
Patch8: openwsman-2.6.5-http-unauthorized-improve.patch
BuildRequires: swig
BuildRequires: libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel
BuildRequires: python3 python3-devel ruby ruby-devel rubygems-devel perl-interpreter
...
...
@@ -131,6 +132,7 @@ You can use it to send shell commands to a remote Windows hosts.
%patch5 -p1 -b .fix-set-cipher-list-retval-check
%patch6 -p1 -b .CVE-2019-3816
%patch7 -p1 -b .CVE-2019-3833
%patch8 -p1 -b .http-unauthorized-improve
%build
# Removing executable permissions on .c and .h files to fix rpmlint warnings.
...
...
@@ -287,6 +289,10 @@ rm -f /var/log/wsmand.log
%{_bindir}/winrs
%changelog
* Thu Sep 08 2022 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-8
- Improve handling of HTTP 401 Unauthorized
Resolves: #2124893
* Mon May 11 2020 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.5-7
- Fix CVE-2019-3833
Resolves: #1687865
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
