fix kerberos proxy authentization for https (#625676)

2010-08-23 14:45:15 +02:00 · 2010-08-23 14:45:15 +02:00 · 9a0cdd1368
commit 9a0cdd1368
parent 98764465be
3 changed files with 103 additions and 1 deletions
--- a/0003-curl-7.21.1-13b8fc4.patch
+++ b/0003-curl-7.21.1-13b8fc4.patch
@ -0,0 +1,67 @@
+ CHANGES              |   10 ++++++++++
+ lib/http_negotiate.c |   15 ++++++++++-----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index 1e3a501..c28b005 100644
+--- a/CHANGES
+++ b/CHANGES
+@@ -6,6 +6,16 @@
+ 
+                                   Changelog
+ 
+Daniel Stenberg (16 Aug 2010)
+- negotiation: Wrong proxy authorization
+  
+  There's an error in http_negotiation.c where a mistake is using only
+  userpwd even for proxy requests. Ludek provided a patch, but I decided
+  to write the fix slightly different using his patch as inspiration.
+  
+  Reported by: Ludek Finstrle
+  Bug: http://curl.haxx.se/bug/view.cgi?id=3046066
+
+ Kamil Dudka (15 Aug 2010)
+ - curl -T: ignore file size of special files
+   
+diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
+index ab1296e..80b0b50 100644
+--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
+@@ -5,7 +5,7 @@
+  *                            | (__| |_| |  _ <| |___
+  *                             \___|\___/|_| \_\_____|
+  *
+- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+  *
+  * This software is licensed as described in the file COPYING, which
+  * you should have received as part of this distribution. The terms
+@@ -277,6 +277,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+     &conn->data->state.negotiate;
+   char *encoded = NULL;
+   size_t len;
+  char *userp;
+ 
+ #ifdef HAVE_SPNEGO /* Handle SPNEGO */
+   if(checkprefix("Negotiate", neg_ctx->protocol)) {
+@@ -330,12 +331,16 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
+   if(len == 0)
+     return CURLE_OUT_OF_MEMORY;
+ 
+-  conn->allocptr.userpwd =
+-    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+-            neg_ctx->protocol, encoded);
+  userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
+                  neg_ctx->protocol, encoded);
+
+  if(proxy)
+    conn->allocptr.proxyuserpwd = userp;
+  else
+    conn->allocptr.userpwd = userp;
+   free(encoded);
+   Curl_cleanup_negotiate (conn->data);
+-  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+  return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
+ }
+ 
+ static void cleanup(struct negotiatedata *neg_ctx)
--- a/0004-curl-7.21.1-d0dea8f.patch
+++ b/0004-curl-7.21.1-d0dea8f.patch
@ -0,0 +1,26 @@
+From d0dea8f8699224ac1b6888bf6da7cfc71de213ca Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 19 Aug 2010 16:38:22 +0200
+Subject: [PATCH] AC_INIT: avoid a warning with autoconf 2.66
+
+It was complaining about the '=>' operator, introduced in e3fc0d5.
+---
+ configure.ac |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index db04447..a389cfd 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -24,7 +24,7 @@ dnl Process this file with autoconf to produce a configure script.
+ AC_PREREQ(2.57)
+ 
+ dnl We don't know the version number "statically" so we use a dash here
+-AC_INIT([curl], [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])
+AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])
+ 
+ CURL_OVERRIDE_AUTOCONF
+ 
+-- 
+1.7.2.1
+
--- a/curl.spec
+++ b/curl.spec
@ -14,6 +14,12 @@ Patch1: 0001-curl-7.21.1-a6e088e.patch
 # curl -T now ignores file size of special files (#622520)
 Patch2: 0002-curl-7.21.1-5907777.patch

+# fix kerberos proxy authentization for https (#625676)
+Patch3: 0003-curl-7.21.1-13b8fc4.patch
+
+# avoid a warning with autoconf 2.66
+Patch4: 0004-curl-7.21.1-d0dea8f.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch

@ -103,6 +109,8 @@ done
 # upstream patches (already applied)
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1

 # Fedora patches
 %patch101 -p1
@ -217,10 +225,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
-* Thu Aug 19 2010 Kamil Dudka <kdudka@redhat.com> 7.21.1-2
+* Mon Aug 23 2010 Kamil Dudka <kdudka@redhat.com> 7.21.1-2
 - re-enable test575 on s390(x), already fixed (upstream commit d63bdba)
 - modify system headers to work around gcc bug (#617757)
 - curl -T now ignores file size of special files (#622520)
+- fix kerberos proxy authentization for https (#625676)

 * Thu Aug 12 2010 Kamil Dudka <kdudka@redhat.com> 7.21.1-1
 - new upstream release