[curl/f12/master] fix kerberos proxy authentication for https (#625676)
Kamil Dudka
kdudka at fedoraproject.org
Mon Aug 23 14:42:38 UTC 2010
commit 790feed932cf4e295943ab60a0d319bb7aaf8522
Author: Kamil Dudka <kdudka at redhat.com>
Date: Mon Aug 23 16:42:58 2010 +0200
fix kerberos proxy authentication for https (#625676)
curl-7.19.7-ssl-timeout.patch | 4 +-
curl-7.21.1-13b8fc4.patch | 67 +++++++++++++++++++++++++++++++++++++++++
curl.spec | 9 +++++-
3 files changed, 77 insertions(+), 3 deletions(-)
---
diff --git a/curl-7.19.7-ssl-timeout.patch b/curl-7.19.7-ssl-timeout.patch
index bbe92d6..185b9de 100644
--- a/curl-7.19.7-ssl-timeout.patch
+++ b/curl-7.19.7-ssl-timeout.patch
@@ -5,7 +5,7 @@ diff --git a/lib/nss.c b/lib/nss.c
index a20efdc..ca52458 100644
--- a/lib/nss.c
+++ b/lib/nss.c
-@@ -1359,8 +1359,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
+@@ -1381,8 +1381,8 @@ int Curl_nss_send(struct connectdata *conn, /* connection data */
err = PR_GetError();
if(err == PR_IO_TIMEOUT_ERROR) {
@@ -16,7 +16,7 @@ index a20efdc..ca52458 100644
}
failf(conn->data, "SSL write: error %d", err);
-@@ -1400,8 +1400,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
+@@ -1422,8 +1422,8 @@ ssize_t Curl_nss_recv(struct connectdata * conn, /* connection data */
return -1; /* basically EWOULDBLOCK */
}
if(err == PR_IO_TIMEOUT_ERROR) {
diff --git a/curl-7.21.1-13b8fc4.patch b/curl-7.21.1-13b8fc4.patch
new file mode 100644
index 0000000..d047c28
--- /dev/null
+++ b/curl-7.21.1-13b8fc4.patch
@@ -0,0 +1,67 @@
+ CHANGES | 10 ++++++++++
+ lib/http_negotiate.c | 15 ++++++++++-----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 4952675..5e8c131 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -6,6 +6,16 @@
+
+ Changelog
+
++Daniel Stenberg (16 Aug 2010)
++- negotiation: Wrong proxy authorization
++
++ There's an error in http_negotiation.c where a mistake is using only
++ userpwd even for proxy requests. Ludek provided a patch, but I decided
++ to write the fix slightly different using his patch as inspiration.
++
++ Reported by: Ludek Finstrle
++ Bug: http://curl.haxx.se/bug/view.cgi?id=3046066
++
+ Kamil Dudka (30 Jun 2010)
+ - http_ntlm: add support for NSS
+
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index dedaf6f..fa918cf 100644
+--- a/lib/http_negotiate.c
++++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel at haxx.se>, et al.
++ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel at haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+@@ -278,6 +278,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+ &conn->data->state.negotiate;
+ char *encoded = NULL;
+ size_t len;
++ char *userp;
+
+ #ifdef HAVE_SPNEGO /* Handle SPNEGO */
+ if(checkprefix("Negotiate", neg_ctx->protocol)) {
+@@ -325,12 +326,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+ if(len == 0)
+ return CURLE_OUT_OF_MEMORY;
+
+- conn->allocptr.userpwd =
+- aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+- neg_ctx->protocol, encoded);
++ userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
++ neg_ctx->protocol, encoded);
++
++ if(proxy)
++ conn->allocptr.proxyuserpwd = userp;
++ else
++ conn->allocptr.userpwd = userp;
+ free(encoded);
+ Curl_cleanup_negotiate (conn->data);
+- return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
++ return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+
+ static void cleanup(struct negotiatedata *neg_ctx)
diff --git a/curl.spec b/curl.spec
index 353a7a5..da3ef3c 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.7
-Release: 12%{?dist}
+Release: 13%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -25,6 +25,9 @@ Patch12: curl-7.19.7-bz589132.patch
# patch adding support for NTLM authentication (#603783)
Patch13: curl-7.21.0-f3b77e5.patch
+# fix kerberos proxy authentication for https (#625676)
+Patch14: curl-7.21.1-13b8fc4.patch
+
Patch101: curl-7.15.3-multilib.patch
Patch102: curl-7.16.0-privlibs.patch
Patch103: curl-7.19.4-debug.patch
@@ -113,6 +116,7 @@ done
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
# other patches
%patch4 -p1
@@ -220,6 +224,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Mon Aug 23 2010 Kamil Dudka <kdudka at redhat.com> 7.19.7-12
+- fix kerberos proxy authentication for https (#625676)
+
* Wed Jun 30 2010 Kamil Dudka <kdudka at redhat.com> 7.19.7-12
- add support for NTLM authentication (#603783)
More information about the scm-commits
mailing list