CURL-request to Calendarserver via HTTPS
hello, while juggling with several challenges regarding a remote calenderserver, i wanted to use CURL to send a simple request to the remote calendarserver: curl --request PROPFIND \ --header 'Content-Type: text/xml; charset="utf-8"' \ --header "Depth: 0" \ --data-ascii '<?xml version="1.0" encoding="utf-8" ?><D:propfind xmlns:D="DAV:"><D:prop><D:displayname/></D:prop></D:propfind>' \ --anyauth \ -u username:password \ --insecure \ --sslv3 \ --trace-ascii trace.txt --include \ --show-error \ https://host:port/pathtocalendar/calendar/ but the result is always: You are not authorized to access this resource. i appended the full trace but did not have any clue what's wrong or what i'm doing wrong. [maybe the line: gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1001' not found is the key?] if i do this PROPFIND-request "manually" (via php and fput/fgets) by requesting the auth-line, processing the answer and creating all necessary credentials (nonce, ...) and resend the request then everything works well. maybe someone has heard of this behavior before and could give my some advise. thanks a lot, emport ---------------- this is the trace: == Info: About to connect() to HOST port PORT (#0) == Info: Trying IP... == Info: connected == Info: Connected to HOST (IP) port PORT (#0) == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /etc/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): => Send SSL data [...] == Info: SSLv3, TLS handshake, Server hello (2): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, CERT (11): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Server finished (14): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Client key exchange (16): => Send SSL data [...] == Info: SSLv3, TLS change cipher, Client hello (1): => Send SSL data [...] == Info: SSLv3, TLS handshake, Finished (20): => Send SSL data [...] == Info: SSLv3, TLS change cipher, Client hello (1): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Finished (20): <= Recv SSL data [...] => Send header, 350 bytes (0x15e) 0000: PROPFIND "PATH_TO_CALENDAR" HTTP/1.1 0072: User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 Ope 00b2: nSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 00e4: Host: HOST:PORT 0107: Accept: */* 0114: Content-Type: text/xml; charset="utf-8" 013d: Depth: 0 0147: Content-Length: 112 015c: => Send data, 112 bytes (0x70) 0000: <?xml version="1.0" encoding="utf-8" ?><D:propfind xmlns:D="DAV: 0040: "><D:prop><D:displayname/></D:prop></D:propfind> <= Recv header, 27 bytes (0x1b) 0000: HTTP/1.1 401 Unauthorized <= Recv header, 21 bytes (0x15) 0000: Content-Length: 141 <= Recv header, 82 bytes (0x52) 0000: Server: Twisted/8.2.0 TwistedWeb/8.2.0 TwistedCalDAV/2.5 (iCal S 0040: erver v12.73.11) <= Recv header, 249 bytes (0xf9) 0000: DAV: 1, access-control, calendar-access, calendar-schedule, cale 0040: ndar-auto-schedule, calendar-availability, inbox-availability, c 0080: alendar-proxy, calendarserver-private-events, calendarserver-pri 00c0: vate-comments, calendarserver-principal-property-search <= Recv header, 37 bytes (0x25) 0000: Date: Tue, 03 Jul 2012 18:34:48 GMT <= Recv header, 25 bytes (0x19) 0000: Content-Type: text/html == Info: gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1001' not found <= Recv header, 30 bytes (0x1e) 0000: WWW-Authenticate: negotiate <= Recv header, 126 bytes (0x7e) 0000: WWW-Authenticate: digest nonce="NONCE", realm="/REALM", algorithm="md5" <= Recv header, 2 bytes (0x2) 0000: <= Recv data, 141 bytes (0x8d) 0000: <html><head><title>Unauthorized</title></head><body><h1>Unauthor 0040: ized</h1><p>You are not authorized to access this resource.</p>< 0080: /body></html> == Info: Connection #0 to host HOST left intact == Info: Closing connection #0 == Info: SSLv3, TLS alert, Client hello (1): => Send SSL data, 2 bytes (0x2) 0000: .. -- View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34... Sent from the Calendar Server - Users mailing list archive at Nabble.com.
Hi, This looks like the 'curl hates kerberos' bug. Disable Kerberos auth on your server and retry. Curl does not honor the specified auth mech, even if you tell it specifically not to use kerberos. -dre On Jul 3, 2012, at 11:56 AM, emport wrote:
hello,
while juggling with several challenges regarding a remote calenderserver, i wanted to use CURL to send a simple request to the remote calendarserver:
curl --request PROPFIND \ --header 'Content-Type: text/xml; charset="utf-8"' \ --header "Depth: 0" \ --data-ascii '<?xml version="1.0" encoding="utf-8" ?><D:propfind xmlns:D="DAV:"><D:prop><D:displayname/></D:prop></D:propfind>' \ --anyauth \ -u username:password \ --insecure \ --sslv3 \ --trace-ascii trace.txt --include \ --show-error \ https://host:port/pathtocalendar/calendar/
but the result is always: You are not authorized to access this resource.
i appended the full trace but did not have any clue what's wrong or what i'm doing wrong. [maybe the line: gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1001' not found is the key?] if i do this PROPFIND-request "manually" (via php and fput/fgets) by requesting the auth-line, processing the answer and creating all necessary credentials (nonce, ...) and resend the request then everything works well.
maybe someone has heard of this behavior before and could give my some advise.
thanks a lot, emport
---------------- this is the trace:
== Info: About to connect() to HOST port PORT (#0) == Info: Trying IP... == Info: connected == Info: Connected to HOST (IP) port PORT (#0) == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /etc/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): => Send SSL data [...] == Info: SSLv3, TLS handshake, Server hello (2): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, CERT (11): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Server finished (14): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Client key exchange (16): => Send SSL data [...] == Info: SSLv3, TLS change cipher, Client hello (1): => Send SSL data [...] == Info: SSLv3, TLS handshake, Finished (20): => Send SSL data [...] == Info: SSLv3, TLS change cipher, Client hello (1): <= Recv SSL data [...] == Info: SSLv3, TLS handshake, Finished (20): <= Recv SSL data [...] => Send header, 350 bytes (0x15e) 0000: PROPFIND "PATH_TO_CALENDAR" HTTP/1.1 0072: User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 Ope 00b2: nSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3 00e4: Host: HOST:PORT 0107: Accept: */* 0114: Content-Type: text/xml; charset="utf-8" 013d: Depth: 0 0147: Content-Length: 112 015c: => Send data, 112 bytes (0x70) 0000: <?xml version="1.0" encoding="utf-8" ?><D:propfind xmlns:D="DAV: 0040: "><D:prop><D:displayname/></D:prop></D:propfind> <= Recv header, 27 bytes (0x1b) 0000: HTTP/1.1 401 Unauthorized <= Recv header, 21 bytes (0x15) 0000: Content-Length: 141 <= Recv header, 82 bytes (0x52) 0000: Server: Twisted/8.2.0 TwistedWeb/8.2.0 TwistedCalDAV/2.5 (iCal S 0040: erver v12.73.11) <= Recv header, 249 bytes (0xf9) 0000: DAV: 1, access-control, calendar-access, calendar-schedule, cale 0040: ndar-auto-schedule, calendar-availability, inbox-availability, c 0080: alendar-proxy, calendarserver-private-events, calendarserver-pri 00c0: vate-comments, calendarserver-principal-property-search <= Recv header, 37 bytes (0x25) 0000: Date: Tue, 03 Jul 2012 18:34:48 GMT <= Recv header, 25 bytes (0x19) 0000: Content-Type: text/html == Info: gss_init_sec_context() failed: : Credentials cache file '/tmp/krb5cc_1001' not found <= Recv header, 30 bytes (0x1e) 0000: WWW-Authenticate: negotiate <= Recv header, 126 bytes (0x7e) 0000: WWW-Authenticate: digest nonce="NONCE", realm="/REALM", algorithm="md5" <= Recv header, 2 bytes (0x2) 0000: <= Recv data, 141 bytes (0x8d) 0000: <html><head><title>Unauthorized</title></head><body><h1>Unauthor 0040: ized</h1><p>You are not authorized to access this resource.</p>< 0080: /body></html> == Info: Connection #0 to host HOST left intact == Info: Closing connection #0 == Info: SSLv3, TLS alert, Client hello (1): => Send SSL data, 2 bytes (0x2) 0000: .. -- View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34... Sent from the Calendar Server - Users mailing list archive at Nabble.com.
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
hi, thank you for your quick reply. unfortunately, i am not allowed to modify the server configuration. :( kinds regards, emport Andre LaBranche-2 wrote:
Hi,
This looks like the 'curl hates kerberos' bug. Disable Kerberos auth on your server and retry. Curl does not honor the specified auth mech, even if you tell it specifically not to use kerberos.
-dre
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
-- View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34... Sent from the Calendar Server - Users mailing list archive at Nabble.com.
On Jul 3, 2012, at 12:08 PM, emport wrote:
hi,
thank you for your quick reply. unfortunately, i am not allowed to modify the server configuration. :(
In that case, use some other tool to send the request, such as wget or CalDAVClientLibrary (with the 'props' command) {24} andre@rune [trunk/CalDAVClientLibrary] % ./runshell.py --server=https://caldav.foo.com:8443 --user=dre Password: Found principal path: /principals/__uids__/letters and numbers which are obfuscated/calendar-proxy-write/ / > help acl - Manage the access privileges of a directory or file. addressbooks - Change working directory to address book home for current or specified principal. calendars - Change working directory to calendar home for current or specified principal. cat - Display contents of a file or directory. cd - Change working directory. exit - Terminates this session. help - Displays help about a command. history - Displays the history of all commands used in this session. import - Import data to a collection on the server. logging - Changes the current state of HTTP logging. ls - List the contents of a directory. mkadbk - Creates an address book collection. mkcal - Creates a calendar collection. mkdir - Creates a regular collection. more - Display contents of a file or directory. move - Moves a resource. mv - Moves a resource. principal - Get details on principals. props - List the properties of a directory or file. proxies - Displays the delegates for the chosen user. put - Write data to a file on the server. quit - Terminates this session. quota - Checks quota on the specified PATH. rm - Deletes one or more resources. server - Displays the current server. sync - Sync the contents of a directory. user - Allows changing the current server login id and password. whoami - Displays the current server login id. write - Write data to a file on the server. / > cd /calendars/users/me /calendars/users/me > props OK Properties: {DAV:}acl: <Element '{DAV:}acl' at 0x107125990> {DAV:}acl-restrictions: {DAV:}creationdate: 2012-01-03T23:12:41Z {DAV:}current-user-principal: URL: /principals/__uids__/yep still obfuscated/ {DAV:}current-user-privilege-set: <Element '{DAV:}current-user-privilege-set' at 0x1071299d0> {DAV:}displayname: Andre LaBranche {DAV:}getcontentlength: {DAV:}getcontenttype: httpd/unix-directory {DAV:}getetag: "b92f660dadcfb940f9520e3c82a72b35" {DAV:}getlastmodified: Sat, 16 Jun 2012 19:55:50 GMT {DAV:}inherited-acl-set: {DAV:}owner: URL: /principals/__uids__/heyo/ {DAV:}principal-collection-set: URL: /principals/ {DAV:}quota-available-bytes: 52324030 {DAV:}quota-used-bytes: 104770 {DAV:}resourcetype: <Element '{DAV:}resourcetype' at 0x10712e0d0> {DAV:}supported-privilege-set: <Element '{DAV:}supported-privilege-set' at 0x1071a1090> {DAV:}supported-report-set: <Element '{DAV:}supported-report-set' at 0x10719bb50> {DAV:}supportedlock: <Element '{DAV:}supportedlock' at 0x1071a1310> {DAV:}sync-token: data:,1_198272 {http://calendarserver.org/ns/}max-collections: 50 {http://calendarserver.org/ns/}push-transports: <Element '{http://calendarserver.org/ns/}push-transports' at 0x10712e490> {http://calendarserver.org/ns/}pushkey: /CalDAV/caldav.foo.com/B6D75AB6-63D9-433F-850D-A2FC447FF23C/ {http://twistedmatrix.com/xml_namespace/dav/}resource-class: DirectoryCalendarHomeResource {urn:ietf:params:xml:ns:caldav}default-alarm-vevent-date: {urn:ietf:params:xml:ns:caldav}default-alarm-vevent-datetime: {urn:ietf:params:xml:ns:caldav}supported-calendar-component-sets: <Element '{urn:ietf:params:xml:ns:caldav}supported-calendar-component-sets' at 0x10712e210> HTH, -dre
kinds regards, emport
Andre LaBranche-2 wrote:
Hi,
This looks like the 'curl hates kerberos' bug. Disable Kerberos auth on your server and retry. Curl does not honor the specified auth mech, even if you tell it specifically not to use kerberos.
-dre
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
-- View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34... Sent from the Calendar Server - Users mailing list archive at Nabble.com.
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
hi, yeah, this CalDAVClientLibrary is very nice. i used it before. but i need to address the server via php and i'm not allowed to call any shell based commands/programs out of php, so i will use my selfmade solution. it's not as quick as curl but its ok... :) thanks alot, emport Andre LaBranche-2 wrote:
In that case, use some other tool to send the request, such as wget or CalDAVClientLibrary (with the 'props' command) _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
-- View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34... Sent from the Calendar Server - Users mailing list archive at Nabble.com.
participants (2)
-
Andre LaBranche
-
emport