[CalendarServer-users] CURL-request to Calendarserver via HTTPS

Andre LaBranche dre at apple.com
Tue Jul 3 12:01:27 PDT 2012 

Hi,

This looks like the 'curl hates kerberos' bug. Disable Kerberos auth on your server and retry. Curl does not honor the specified auth mech, even if you tell it specifically not to use kerberos.

-dre

On Jul 3, 2012, at 11:56 AM, emport wrote:

> 
> hello,
> 
> while juggling with several challenges regarding a remote calenderserver, i
> wanted to use CURL to send a simple request to the remote calendarserver:
> 
> curl --request PROPFIND \
>    --header 'Content-Type: text/xml; charset="utf-8"' \
>    --header "Depth: 0" \
>    --data-ascii '<?xml version="1.0" encoding="utf-8" ?><D:propfind
> xmlns:D="DAV:"><D:prop><D:displayname/></D:prop></D:propfind>' \
>    --anyauth \
>    -u username:password \
>    --insecure \
>    --sslv3 \
>    --trace-ascii trace.txt
>    --include \
>    --show-error \
>    https://host:port/pathtocalendar/calendar/
> 
> but the result is always: You are not authorized to access this resource.
> 
> i appended the full trace but did not have any clue what's wrong or what i'm
> doing wrong.
> [maybe the line: gss_init_sec_context() failed: : Credentials cache file
> '/tmp/krb5cc_1001' not found is the key?]
> if i do this PROPFIND-request "manually" (via php and fput/fgets) by
> requesting the auth-line, processing the answer and creating all necessary
> credentials (nonce, ...) and resend the request then everything works well.
> 
> maybe someone has heard of this behavior before and could give my some
> advise.
> 
> thanks a lot,
> emport
> 
> 
> ----------------
> this is the trace:
> 
> == Info: About to connect() to HOST port PORT (#0)
> == Info:   Trying IP... == Info: connected
> == Info: Connected to HOST (IP) port PORT (#0)
> == Info: successfully set certificate verify locations:
> == Info:   CAfile: none
>  CApath: /etc/ssl/certs
> == Info: SSLv3, TLS handshake, Client hello (1):
> => Send SSL data [...]
> == Info: SSLv3, TLS handshake, Server hello (2):
> <= Recv SSL data [...]
> == Info: SSLv3, TLS handshake, CERT (11):
> <= Recv SSL data [...]
> == Info: SSLv3, TLS handshake, Server finished (14):
> <= Recv SSL data [...]
> == Info: SSLv3, TLS handshake, Client key exchange (16):
> => Send SSL data [...]
> == Info: SSLv3, TLS change cipher, Client hello (1):
> => Send SSL data [...]
> == Info: SSLv3, TLS handshake, Finished (20):
> => Send SSL data [...]
> == Info: SSLv3, TLS change cipher, Client hello (1):
> <= Recv SSL data [...]
> == Info: SSLv3, TLS handshake, Finished (20):
> <= Recv SSL data [...]
> => Send header, 350 bytes (0x15e)
> 0000: PROPFIND "PATH_TO_CALENDAR" HTTP/1.1
> 0072: User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 Ope
> 00b2: nSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> 00e4: Host: HOST:PORT
> 0107: Accept: */*
> 0114: Content-Type: text/xml; charset="utf-8"
> 013d: Depth: 0
> 0147: Content-Length: 112
> 015c: 
> => Send data, 112 bytes (0x70)
> 0000: <?xml version="1.0" encoding="utf-8" ?><D:propfind xmlns:D="DAV:
> 0040: "><D:prop><D:displayname/></D:prop></D:propfind>
> <= Recv header, 27 bytes (0x1b)
> 0000: HTTP/1.1 401 Unauthorized
> <= Recv header, 21 bytes (0x15)
> 0000: Content-Length: 141
> <= Recv header, 82 bytes (0x52)
> 0000: Server: Twisted/8.2.0 TwistedWeb/8.2.0 TwistedCalDAV/2.5 (iCal S
> 0040: erver v12.73.11)
> <= Recv header, 249 bytes (0xf9)
> 0000: DAV: 1, access-control, calendar-access, calendar-schedule, cale
> 0040: ndar-auto-schedule, calendar-availability, inbox-availability, c
> 0080: alendar-proxy, calendarserver-private-events, calendarserver-pri
> 00c0: vate-comments, calendarserver-principal-property-search
> <= Recv header, 37 bytes (0x25)
> 0000: Date: Tue, 03 Jul 2012 18:34:48 GMT
> <= Recv header, 25 bytes (0x19)
> 0000: Content-Type: text/html
> == Info: gss_init_sec_context() failed: : Credentials cache file
> '/tmp/krb5cc_1001' not found
> <= Recv header, 30 bytes (0x1e)
> 0000: WWW-Authenticate: negotiate 
> <= Recv header, 126 bytes (0x7e)
> 0000: WWW-Authenticate: digest nonce="NONCE", realm="/REALM",
> algorithm="md5"
> <= Recv header, 2 bytes (0x2)
> 0000: 
> <= Recv data, 141 bytes (0x8d)
> 0000: <html><head><title>Unauthorized</title></head><body><h1>Unauthor
> 0040: ized</h1><p>You are not authorized to access this resource.</p><
> 0080: /body></html>
> == Info: Connection #0 to host HOST left intact
> == Info: Closing connection #0
> == Info: SSLv3, TLS alert, Client hello (1):
> => Send SSL data, 2 bytes (0x2)
> 0000: ..
> -- 
> View this message in context: http://old.nabble.com/CURL-request-to-Calendarserver-via-HTTPS-tp34109386p34109386.html
> Sent from the Calendar Server - Users mailing list archive at Nabble.com.
> 
> _______________________________________________
> calendarserver-users mailing list
> calendarserver-users at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users

More information about the calendarserver-users mailing list