[curl/f12/master] fix kerberos proxy authentication for https (#625676)

Kamil Dudka kdudka at fedoraproject.org
Mon Aug 23 14:42:38 UTC 2010 

commit 790feed932cf4e295943ab60a0d319bb7aaf8522
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Mon Aug 23 16:42:58 2010 +0200

    fix kerberos proxy authentication for https (#625676)

 curl-7.19.7-ssl-timeout.patch |    4 +-
 curl-7.21.1-13b8fc4.patch     |   67 +++++++++++++++++++++++++++++++++++++++++
 curl.spec                     |    9 +++++-
 3 files changed, 77 insertions(+), 3 deletions(-)
---
diff --git a/curl-7.19.7-ssl-timeout.patch b/curl-7.19.7-ssl-timeout.patch
index bbe92d6..185b9de 100644
--- a/curl-7.19.7-ssl-timeout.patch
+++ b/curl-7.19.7-ssl-timeout.patch
@@ -5,7 +5,7 @@ diff --git a/lib/nss.c b/lib/nss.c
 index a20efdc..ca52458 100644
 --- a/lib/nss.c
 +++ b/lib/nss.c
-@@ -1359,8 +1359,8 @@ int Curl_nss_send(struct connectdata *conn,  /* connection data */
+@@ -1381,8 +1381,8 @@ int Curl_nss_send(struct connectdata *conn,  /* connection data */
      err = PR_GetError();
  
      if(err == PR_IO_TIMEOUT_ERROR) {
@@ -16,7 +16,7 @@ index a20efdc..ca52458 100644
      }
  
      failf(conn->data, "SSL write: error %d", err);
-@@ -1400,8 +1400,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
+@@ -1422,8 +1422,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
        return -1; /* basically EWOULDBLOCK */
      }
      if(err == PR_IO_TIMEOUT_ERROR) {
diff --git a/curl-7.21.1-13b8fc4.patch b/curl-7.21.1-13b8fc4.patch
new file mode 100644
index 0000000..d047c28
--- /dev/null
+++ b/curl-7.21.1-13b8fc4.patch
@@ -0,0 +1,67 @@
+ CHANGES              |   10 ++++++++++
+ lib/http_negotiate.c |   15 ++++++++++-----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 4952675..5e8c131 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -6,6 +6,16 @@
+ 
+                                   Changelog
+ 
++Daniel Stenberg (16 Aug 2010)
++- negotiation: Wrong proxy authorization
++  
++  There's an error in http_negotiation.c where a mistake is using only
++  userpwd even for proxy requests. Ludek provided a patch, but I decided
++  to write the fix slightly different using his patch as inspiration.
++  
++  Reported by: Ludek Finstrle
++  Bug: http://curl.haxx.se/bug/view.cgi?id=3046066
++
+ Kamil Dudka (30 Jun 2010)
+ - http_ntlm: add support for NSS
+   
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index dedaf6f..fa918cf 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel at haxx.se>, et al.
++ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel at haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -278,6 +278,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+     &conn->data->state.negotiate;
+   char *encoded = NULL;
+   size_t len;
++  char *userp;
+ 
+ #ifdef HAVE_SPNEGO /* Handle SPNEGO */
+   if(checkprefix("Negotiate", neg_ctx->protocol)) {
+@@ -325,12 +326,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+   if(len == 0)
+     return CURLE_OUT_OF_MEMORY;
+ 
+-  conn->allocptr.userpwd =
+-    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+-            neg_ctx->protocol, encoded);
++  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
++                  neg_ctx->protocol, encoded);
++
++  if(proxy)
++    conn->allocptr.proxyuserpwd = userp;
++  else
++    conn->allocptr.userpwd = userp;
+   free(encoded);
+   Curl_cleanup_negotiate (conn->data);
+-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
++  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+ 
+ static void cleanup(struct negotiatedata *neg_ctx)
diff --git a/curl.spec b/curl.spec
index 353a7a5..da3ef3c 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.7
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -25,6 +25,9 @@ Patch12: curl-7.19.7-bz589132.patch
 # patch adding support for NTLM authentication (#603783)
 Patch13: curl-7.21.0-f3b77e5.patch
 
+# fix kerberos proxy authentication for https (#625676)
+Patch14: curl-7.21.1-13b8fc4.patch
+
 Patch101: curl-7.15.3-multilib.patch
 Patch102: curl-7.16.0-privlibs.patch
 Patch103: curl-7.19.4-debug.patch
@@ -113,6 +116,7 @@ done
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 # other patches
 %patch4 -p1
@@ -220,6 +224,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Mon Aug 23 2010 Kamil Dudka <kdudka at redhat.com> 7.19.7-12
+- fix kerberos proxy authentication for https (#625676)
+
 * Wed Jun 30 2010 Kamil Dudka <kdudka at redhat.com> 7.19.7-12
 - add support for NTLM authentication (#603783)

More information about the scm-commits mailing list