mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-11-21 01:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fred New reported a bug where we used Basic auth and user name and password in

Browse Source 
.netrc, and when following a Location: the subsequent requests didn't properly
use the auth as found in the netrc file. Added test case 257 to verify my fix.
This commit is contained in:
Daniel Stenberg 2005-04-25 21:39:48 +00:00
parent 6e1633a6c5
commit 01165e08e0
7 changed files with 130 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -8,6 +8,11 @@
Daniel (25 April 2005) Daniel (25 April 2005)
- Fred New reported a bug where we used Basic auth and user name and password
in .netrc, and when following a Location: the subsequent requests didn't
properly use the auth as found in the netrc file. Added test case 257 to
verify my fix.
- Based on feedback from Cory Nelson, I added some preprocessor magic in - Based on feedback from Cory Nelson, I added some preprocessor magic in
*/setup.h and */config-win32.h to build fine with VS2005 on x64. */setup.h and */config-win32.h to build fine with VS2005 on x64.

1
lib/http.c
View File

@ -465,6 +465,7 @@ Curl_http_output_auth(struct connectdata *conn,
/* To prevent the user+password to get sent to other than the original /* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */ host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow || if(!data->state.this_is_a_follow ||
conn->bits.netrc ||
!data->state.first_host || !data->state.first_host ||
curl_strequal(data->state.first_host, conn->host.name) || curl_strequal(data->state.first_host, conn->host.name) ||
data->set.http_disable_hostname_check_before_authentication) { data->set.http_disable_hostname_check_before_authentication) {

8
lib/netrc.c
View File

@ -103,7 +103,7 @@ int Curl_parsenetrc(char *host,
char *override = curl_getenv("CURL_DEBUG_NETRC"); char *override = curl_getenv("CURL_DEBUG_NETRC");
if (override) { if (override) {
printf("NETRC: overridden " NETRC " file: %s\n", home); fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override);
netrcfile = override; netrcfile = override;
netrc_alloc = TRUE; netrc_alloc = TRUE;
} }
@ -171,7 +171,7 @@ int Curl_parsenetrc(char *host,
/* and yes, this is our host! */ /* and yes, this is our host! */
state=HOSTVALID; state=HOSTVALID;
#ifdef _NETRC_DEBUG #ifdef _NETRC_DEBUG
printf("HOST: %s\n", tok); fprintf(stderr, "HOST: %s\n", tok);
#endif #endif
retcode=0; /* we did find our host */ retcode=0; /* we did find our host */
} }
@ -188,7 +188,7 @@ int Curl_parsenetrc(char *host,
else { else {
strncpy(login, tok, LOGINSIZE-1); strncpy(login, tok, LOGINSIZE-1);
#ifdef _NETRC_DEBUG #ifdef _NETRC_DEBUG
printf("LOGIN: %s\n", login); fprintf(stderr, "LOGIN: %s\n", login);
#endif #endif
} }
state_login=0; state_login=0;
@ -197,7 +197,7 @@ int Curl_parsenetrc(char *host,
if (state_our_login || !specific_login) { if (state_our_login || !specific_login) {
strncpy(password, tok, PASSWORDSIZE-1); strncpy(password, tok, PASSWORDSIZE-1);
#ifdef _NETRC_DEBUG #ifdef _NETRC_DEBUG
printf("PASSWORD: %s\n", password); fprintf(stderr, "PASSWORD: %s\n", password);
#endif #endif
} }
state_password=0; state_password=0;

12
lib/url.c
View File

@ -3147,15 +3147,23 @@ static CURLcode CreateConnection(struct SessionHandle *data,
user, passwd); user, passwd);
} }
conn->bits.netrc = FALSE;
if (data->set.use_netrc != CURL_NETRC_IGNORED) { if (data->set.use_netrc != CURL_NETRC_IGNORED) {
if(Curl_parsenetrc(conn->host.name, if(Curl_parsenetrc(conn->host.name,
user, passwd, user, passwd,
data->set.netrc_file)) { data->set.netrc_file)) {
infof(data, "Couldn't find host %s in the " DOT_CHAR "netrc file, using defaults\n", infof(data, "Couldn't find host %s in the " DOT_CHAR
"netrc file, using defaults\n",
conn->host.name); conn->host.name);
} }
else else {
/* set bits.netrc TRUE to remember that we got the name from a .netrc
file, so that it is safe to use even if we followed a Location: to a
different host or similar. */
conn->bits.netrc = TRUE;
conn->bits.user_passwd = 1; /* enable user+password */ conn->bits.user_passwd = 1; /* enable user+password */
}
} }
/* If our protocol needs a password and we have none, use the defaults */ /* If our protocol needs a password and we have none, use the defaults */

1
lib/urldata.h
View File

@ -420,6 +420,7 @@ struct ConnectBits {
bool ftp_use_lprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out bool ftp_use_lprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
LPRT doesn't work we disable it for the forthcoming LPRT doesn't work we disable it for the forthcoming
requests */ requests */
bool netrc; /* name+password provided by netrc */
}; };
struct hostname { struct hostname {

2
tests/data/Makefile.am
View File

@ -35,7 +35,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test229 test233 test234 test235 test236 test520 test237 test238 \ test229 test233 test234 test235 test236 test520 test237 test238 \
test239 test243 test245 test246 test247 test248 test249 test250 \ test239 test243 test245 test246 test247 test248 test249 test250 \
test251 test252 test253 test254 test255 test521 test522 test523 \ test251 test252 test253 test254 test255 test521 test522 test523 \
test256 test256 test257
# The following tests have been removed from the dist since they no longer # The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them # work. We need to fix the test suite's FTPS server first, then bring them

108
tests/data/test257 Normal file
View File

@ -0,0 +1,108 @@
<info>
<keywords>
HTTP
HTTP GET
followlocation
netrc
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 301 This is a weirdo text message swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Location: http://anotherone.com/2570002
Connection: close
This server reply is for testing a simple Location: following
</data>
<data2>
HTTP/1.1 302 Followed here fine swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Location: http://athird.com/2570003
If this is received, the location following worked
</data2>
<data3>
HTTP/1.1 200 Followed here fine swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
If this is received, the location following worked
</data3>
<datacheck>
HTTP/1.1 301 This is a weirdo text message swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Location: http://anotherone.com/2570002
Connection: close
HTTP/1.1 302 Followed here fine swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Location: http://athird.com/2570003
HTTP/1.1 200 Followed here fine swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
If this is received, the location following worked
</datacheck>
</reply>
# Client-side
<client>
<features>
netrc_debug
</features>
<server>
http
</server>
<name>
HTTP Location: following with --netrc-optional
</name>
<command>
http://supersite.com/want/257 -L -x http://%HOSTIP:%HTTPPORT --netrc-optional
</command>
# netrc auth for two out of three sites:
<file name="log/netrc">
machine supersite.com login user1 password passwd1
machine anotherone.com login user2 password passwd2
</file>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://supersite.com/want/257 HTTP/1.1
Authorization: Basic dXNlcjE6cGFzc3dkMQ==
User-Agent: curl/7.14.0-CVS (i686-pc-linux-gnu) libcurl/7.14.0-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
Host: supersite.com
Pragma: no-cache
Accept: */*
GET http://anotherone.com/2570002 HTTP/1.1
Authorization: Basic dXNlcjI6cGFzc3dkMg==
User-Agent: curl/7.14.0-CVS (i686-pc-linux-gnu) libcurl/7.14.0-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
Host: anotherone.com
Pragma: no-cache
Accept: */*
GET http://athird.com/2570003 HTTP/1.1
User-Agent: curl/7.14.0-CVS (i686-pc-linux-gnu) libcurl/7.14.0-CVS OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
Host: athird.com
Pragma: no-cache
Accept: */*
</protocol>
</verify>