From 1fcb556ed8b14f6f13144df0102ea2b86eaea884 Mon Sep 17 00:00:00 2001 From: Matěj Cepl Date: Sat, 29 Apr 2023 19:35:30 +0200 Subject: Add RH patches --- TODO.txt | 14 +++++ allow_client_apps_to_configure_loggers.patch | 29 ++++++++++ dont-panick-if-we-succeed.patch | 79 ++++++++++++++++++++++++++++ multiple-auth-headers.patch | 38 +++++++++++++ port-to-python-2.4.patch | 32 +++++++++++ 5 files changed, 192 insertions(+) create mode 100644 TODO.txt create mode 100644 allow_client_apps_to_configure_loggers.patch create mode 100644 dont-panick-if-we-succeed.patch create mode 100644 multiple-auth-headers.patch create mode 100644 port-to-python-2.4.patch diff --git a/TODO.txt b/TODO.txt new file mode 100644 index 0000000..434d129 --- /dev/null +++ b/TODO.txt @@ -0,0 +1,14 @@ +See patches from +https://build.opensuse.org/package/show/isv:perlur:epel/python-urllib2_kerberos +(or https://src.fedoraproject.org/rpms/python-urllib2_kerberos, I guess) + +# From https://bitbucket.org/tolsen/urllib2_kerberos/issue/1/ +Patch0: multiple-auth-headers.patch +# From https://bitbucket.org/tolsen/urllib2_kerberos/pull-request/2/ +# UNUSED breaks debugging ... RHBZ #1185370 +Patch1: allow_client_apps_to_configure_loggers.patch +# From https://github.com/mcepl/urllib2_kerberos/commit/7b52c4c749 +# also https://bugzilla.redhat.com/show_bug.cgi?id=1065576 +Patch2: dont-panick-if-we-succeed.patch +# From https://bugzilla.redhat.com/show_bug.cgi?id=578711 +Patch3: port-to-python-2.4.patch diff --git a/allow_client_apps_to_configure_loggers.patch b/allow_client_apps_to_configure_loggers.patch new file mode 100644 index 0000000..92ce752 --- /dev/null +++ b/allow_client_apps_to_configure_loggers.patch @@ -0,0 +1,29 @@ +--- a/urllib2_kerberos.py ++++ b/urllib2_kerberos.py +@@ -24,15 +24,7 @@ import urllib2 as u2 + + import kerberos as k + +-def getLogger(): +- log = logging.getLogger("http_kerberos_auth_handler") +- handler = logging.StreamHandler() +- formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') +- handler.setFormatter(formatter) +- log.addHandler(handler) +- return log +- +-log = getLogger() ++log = logging.getLogger("http_kerberos_auth_handler") + + class AbstractKerberosAuthHandler: + """auth handler for urllib2 that does Kerberos HTTP Negotiate Authentication +@@ -179,7 +171,8 @@ class HTTPKerberosAuthHandler(u2.BaseHan + return retry + + def test(): +- log.setLevel(logging.DEBUG) ++ logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s', ++ level=logging.DEBUG) + log.info("starting test") + opener = u2.build_opener() + opener.add_handler(HTTPKerberosAuthHandler()) diff --git a/dont-panick-if-we-succeed.patch b/dont-panick-if-we-succeed.patch new file mode 100644 index 0000000..050a023 --- /dev/null +++ b/dont-panick-if-we-succeed.patch @@ -0,0 +1,79 @@ +--- a/urllib2_kerberos.py ++++ b/urllib2_kerberos.py +@@ -42,6 +42,7 @@ class AbstractKerberosAuthHandler: + """checks for "Negotiate" in proper auth header + """ + authreqs = headers.getheaders(self.auth_header) ++ log.debug('authreqs = %s', authreqs) + + if authreqs: + +@@ -51,10 +52,10 @@ class AbstractKerberosAuthHandler: + if mo: + return mo.group(1) + else: +- log.debug("regex failed on: %s" % authreq) ++ log.debug("regex failed on: %s", authreq) + + else: +- log.debug("%s header not found" % self.auth_header) ++ log.debug("%s header not found", self.auth_header) + + return None + +@@ -64,10 +65,10 @@ class AbstractKerberosAuthHandler: + + def generate_request_header(self, req, headers, neg_value): + self.retried += 1 +- log.debug("retry count: %d" % self.retried) ++ log.debug("retry count: %d", self.retried) + + host = req.get_host() +- log.debug("req.get_host() returned %s" % host) ++ log.debug("req.get_host() returned %s", host) + + tail, sep, head = host.rpartition(':') + domain = tail if tail else head +@@ -75,7 +76,7 @@ class AbstractKerberosAuthHandler: + result, self.context = k.authGSSClientInit("HTTP@%s" % domain) + + if result < 1: +- log.warning("authGSSClientInit returned result %d" % result) ++ log.warning("authGSSClientInit returned result %d", result) + return None + + log.debug("authGSSClientInit() succeeded") +@@ -83,7 +84,7 @@ class AbstractKerberosAuthHandler: + result = k.authGSSClientStep(self.context, neg_value) + + if result < 0: +- log.warning("authGSSClientStep returned result %d" % result) ++ log.warning("authGSSClientStep returned result %d", result) + return None + + log.debug("authGSSClientStep() succeeded") +@@ -104,7 +105,7 @@ class AbstractKerberosAuthHandler: + if result < 1: + # this is a critical security warning + # should change to a raise --Tim +- log.critical("mutual auth failed: authGSSClientStep returned result %d" % result) ++ log.critical("mutual auth failed: authGSSClientStep returned result %d", result) + pass + + def clean_context(self): +@@ -134,12 +135,13 @@ class AbstractKerberosAuthHandler: + req.add_unredirected_header(self.authz_header, neg_hdr) + resp = self.parent.open(req) + +- self.authenticate_server(resp.info()) ++ if resp.getcode() != 200: ++ self.authenticate_server(resp.info()) + + return resp + + except k.GSSError, e: +- log.critical("GSSAPI Error: %s/%s" % (e[0][0], e[1][0])) ++ log.critical("GSSAPI Error: %s/%s", (e[0][0], e[1][0])) + return None + + finally: diff --git a/multiple-auth-headers.patch b/multiple-auth-headers.patch new file mode 100644 index 0000000..bb597e2 --- /dev/null +++ b/multiple-auth-headers.patch @@ -0,0 +1,38 @@ +# HG changeset patch +# User Wagner Bruna +# Date 1338402998 10800 +# Node ID 5e53d94fdf9cb73304790a38ba24b19415de73ea +# Parent 08f4f4f83058d9896a0debc2ff3899a9a358f942 +deal with multiple WWW-Authenticate headers + +A server supporting both Negotiate and Basic authentication methods +could send both headers at once, but the get() method returns only +the last one. + +--- a/urllib2_kerberos.py ++++ b/urllib2_kerberos.py +@@ -41,15 +41,17 @@ class AbstractKerberosAuthHandler: + def negotiate_value(self, headers): + """checks for "Negotiate" in proper auth header + """ +- authreq = headers.get(self.auth_header, None) ++ authreqs = headers.getheaders(self.auth_header) ++ ++ if authreqs: + +- if authreq: + rx = re.compile('(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I) +- mo = rx.search(authreq) +- if mo: +- return mo.group(1) +- else: +- log.debug("regex failed on: %s" % authreq) ++ for authreq in authreqs: ++ mo = rx.search(authreq) ++ if mo: ++ return mo.group(1) ++ else: ++ log.debug("regex failed on: %s" % authreq) + + else: + log.debug("%s header not found" % self.auth_header) diff --git a/port-to-python-2.4.patch b/port-to-python-2.4.patch new file mode 100644 index 0000000..7586a10 --- /dev/null +++ b/port-to-python-2.4.patch @@ -0,0 +1,32 @@ +--- a/urllib2_kerberos.py ++++ b/urllib2_kerberos.py +@@ -62,8 +62,8 @@ class AbstractKerberosAuthHandler: + host = req.get_host() + log.debug("req.get_host() returned %s" % host) + +- tail, sep, head = host.rpartition(':') +- domain = tail if tail else head ++ cindex = host.rfind(':') ++ domain = (cindex == -1) and host or host[:cindex] + + result, self.context = k.authGSSClientInit("HTTP@%s" % domain) + +@@ -130,15 +130,15 @@ class AbstractKerberosAuthHandler: + if resp.getcode() != 200: + self.authenticate_server(resp.info()) + ++ self.clean_context() ++ self.retried = 0 + return resp + + except k.GSSError, e: + log.critical("GSSAPI Error: %s/%s" % (e[0][0], e[1][0])) +- return None +- +- finally: + self.clean_context() + self.retried = 0 ++ return None + + class ProxyKerberosAuthHandler(u2.BaseHandler, AbstractKerberosAuthHandler): + """Kerberos Negotiation handler for HTTP proxy auth -- cgit