Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Embedded libcurl library does not support SPPI/SPNEGO/KERBEROS on v0.9.1 #212

Closed
adolfocorreia opened this issue Mar 7, 2024 · 2 comments
Closed

Embedded libcurl library does not support SPPI/SPNEGO/KERBEROS on v0.9.1 #212

adolfocorreia opened this issue Mar 7, 2024 · 2 comments
Labels
bug

Comments

@adolfocorreia
Copy link

When I updated px from version 0.8.3 to 0.9.1 (via scoop), I could not get it to work because of authentication errors:

❯ px --test
Serving at 127.0.0.1:3128 proc MainProcess

Testing GET http://httpbin.org/get

HTTP/1.1 401 Proxy authentication failed: single sign-on failed, user/password might be required;
Server: BaseHTTP/0.6 Python/3.12.2
Date: Thu, 07 Mar 2024 22:01:52 GMT
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 419

Response length: 419
Failed: response does not contain http://httpbin.org/get:
<!DOCTYPE HTML>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>Error response</title>
    </head>
    <body>
        <h1>Error response</h1>
        <p>Error code: 401</p>
        <p>Message: Proxy authentication failed: single sign-on failed, user/password might be required; .</p>
        <p>Error code explanation: 401 - No permission -- see authorization schemes.</p>
    </body>
</html>

After some debugging, something caught my attention about the libcurl version info:

❯ px --test --log=4
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: libcurl/8.6.0 LibreSSL/3.8.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.5 WinIDN libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.59.0 ngtcp2/1.2.0 nghttp3/1.1.0
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_SSL: True
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_SSPI: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_SPNEGO: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_GSSAPI: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_GSSNEGOTIATE: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_KERBEROS5: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_NTLM: True
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: CURL_VERSION_NTLM_WB: False
MainProcess: MainThread: 1709849099: /__init__/print_curl_version/dprint: Host: x86_64-w64-mingw32

Compare the previous listing with the following one obtained by my working px version 0.8.3 setup:

❯ px --test --log=1
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: libcurl/7.83.1 OpenSSL/3.0.2 (Schannel) zlib/1.2.12 brotli/1.0.9 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0 ngtcp2/0.5.0 nghttp3/0.4.1 libgsasl/1.10.0
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_SSL: True
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_SSPI: True
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_SPNEGO: True
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_GSSAPI: False
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_GSSNEGOTIATE: False
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_KERBEROS5: True
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_NTLM: True
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: CURL_VERSION_NTLM_WB: False
MainProcess: MainThread: 1709846987: /parse_config/__init__/print_curl_version: Host: x86_64-pc-win32

My guess was that the SSPI, SPNEGO and/or KERBEROS features should be enabled. After some more debugging, I eventually downloaded curl from https://curl.se/windows/dl-8.6.0_4/curl-8.6.0_4-win64-mingw.zip and extracted the libcurl-x64.dll file into the px installation folder (%SCOOP%\apps\px\current\Lib\site-packages\px\libcurl). With this new DLL, I finally managed px to work on my machine.

❯ px --test
Serving at 127.0.0.1:3128 proc MainProcess

Testing GET http://httpbin.org/get

HTTP/1.1 200 OK
Via: Proxy
Date: Thu, 07 Mar 2024 22:21:41 GMT
Server: gunicorn/19.9.0
X-Cache: MISS from 172.17.29.11
Content-Type: application/json
Content-Length: 256
Proxy-Connection: Keep-Alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

Response length: 256

Please evaluate the possibility of embedding a version of libcurl with the SSPI, SPNEGO and/or KERBEROS features enabled.
@genotrance genotrance added the bug label Mar 8, 2024
@genotrance
Copy link
Owner

genotrance commented Mar 8, 2024
edited
Loading

Looks like the Windows libcurl build switched from schannel to libressl and lost SSPI in the process. They shipped 8.6.0_1 without it which is what got included in Px. It was fixed in 8.6.0_4 which came out 2 days ago.

I'll get a new release out as soon as possible.

cc @badger @vszakats

Ref:
curl/curl-for-win@50861b0
curl/curl-for-win@d2d1481

@genotrance
Copy link
Owner

Just posted v0.9.2 with fixed Windows binaries. Scoop should get auto-updated soon.

@genotrance genotrance mentioned this issue Apr 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@genotrance @adolfocorreia