moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 09:21:50 -05:00
Code Issues Releases Wiki Activity

login options: remove the ;[options] support from CURLOPT_USERPWD

Browse Source 
To avoid the regression when users pass in passwords containing semi-
colons, we now drop the ability to set the login options with the same
options. Support for login options in CURLOPT_USERPWD was added in
7.31.0.

Test case 83 was modified to verify that colons and semi-colons can be
used as part of the password when using -u (CURLOPT_USERPWD).

Bug: http://curl.haxx.se/bug/view.cgi?id=1311
Reported-by: Petr Bahula
Assisted-by: Steve Holme
Signed-off-by: Daniel Stenberg <daniel@haxx.se>
This commit is contained in:
Daniel Stenberg 2013-12-14 22:39:27 +01:00
parent 32b9c30e67
commit 169fedbdce
12 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/libcurl/curl_easy_setopt.3
View File

@ -1165,22 +1165,22 @@ authentication. You should not use this option together with the (older)
CURLOPT_USERPWD option.
To specify the password and login options, along with the user name, use the
\fICURLOPT_PASSWORD\fP and \fICURLOPT_OPTIONS\fP options or alternatively use
the older \CURLOPT_USERPWD\fP option instead. (Added in 7.19.1)
\fICURLOPT_PASSWORD\fP and \fICURLOPT_LOGIN_OPTIONS\fP options. (Added in
7.19.1)
.IP CURLOPT_PASSWORD
Pass a char * as parameter, which should be pointing to the zero terminated
password to use for the transfer.
The CURLOPT_PASSWORD option should be used in conjunction with the
\fICURLOPT_USERNAME\fP option. (Added in 7.19.1)
.IP CURLOPT_OPTIONS
.IP CURLOPT_LOGIN_OPTIONS
Pass a char * as parameter, which should be pointing to the zero terminated
options string to use for the transfer.
\CURLOPT_OPTIONS\fP can be used to set protocol specific authentication options,
such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", and
should be used in conjunction with the \fICURLOPT_USERNAME\fP option. (Added in
7.34.0)
\CURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options,
such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*",
and should be used in conjunction with the \fICURLOPT_USERNAME\fP option.
(Added in 7.34.0)
.IP CURLOPT_PROXYUSERNAME
Pass a char * as parameter, which should be pointing to the zero terminated
user name to use for the transfer while connecting to Proxy.

2
docs/libcurl/symbols-in-versions
View File

@ -395,6 +395,7 @@ CURLOPT_KRB4LEVEL 7.3 7.17.0
CURLOPT_KRBLEVEL 7.16.4
CURLOPT_LOCALPORT 7.15.2
CURLOPT_LOCALPORTRANGE 7.15.2
CURLOPT_LOGIN_OPTIONS 7.34.0
CURLOPT_LOW_SPEED_LIMIT 7.1
CURLOPT_LOW_SPEED_TIME 7.1
CURLOPT_MAIL_AUTH 7.25.0
@ -418,7 +419,6 @@ CURLOPT_NOSIGNAL 7.10
CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0
CURLOPT_OPENSOCKETDATA 7.17.1
CURLOPT_OPENSOCKETFUNCTION 7.17.1
CURLOPT_OPTIONS 7.34.0
CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWORD 7.19.1

2
include/curl/curl.h
View File

@ -1569,7 +1569,7 @@ typedef enum {
CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
/* Set authentication options directly */
CINIT(OPTIONS, OBJECTPOINT, 224),
CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;

4
include/curl/typecheck-gcc.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -269,7 +269,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(option) == CURLOPT_DNS_INTERFACE || \
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_OPTIONS || \
(option) == CURLOPT_LOGIN_OPTIONS || \
0)
/* evaluates to true if option takes a curl_write_callback argument */

21
lib/url.c
View File

@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s)
return CURLE_OK;
}
static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
char **optionsp)
static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
{
CURLcode result = CURLE_OK;
char *user = NULL;
char *passwd = NULL;
char *options = NULL;
/* Parse the login details if specified. It not then we treat NULL as a hint
to clear the existing data */
@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
result = parse_login_details(option, strlen(option),
(userp ? &user : NULL),
(passwdp ? &passwd : NULL),
(optionsp ? &options : NULL));
NULL);
}
if(!result) {
@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
Curl_safefree(*passwdp);
*passwdp = passwd;
}
/* Store the options part of option if required */
if(optionsp) {
Curl_safefree(*optionsp);
*optionsp = options;
}
}
return result;
@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
case CURLOPT_USERPWD:
/*
* user:password;options to use in the operation
* user:password to use in the operation
*/
result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_USERNAME],
&data->set.str[STRING_PASSWORD],
&data->set.str[STRING_OPTIONS]);
&data->set.str[STRING_PASSWORD]);
break;
case CURLOPT_USERNAME:
@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
va_arg(param, char *));
break;
case CURLOPT_OPTIONS:
case CURLOPT_LOGIN_OPTIONS:
/*
* authentication options to use in the operation
*/
@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
*/
result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_PROXYUSERNAME],
&data->set.str[STRING_PROXYPASSWORD], NULL);
&data->set.str[STRING_PROXYPASSWORD]);
break;
case CURLOPT_PROXYUSERNAME:
/*

2
packages/OS400/README.OS400
View File

@ -85,11 +85,11 @@ options:
CURLOPT_ISSUERCERT
CURLOPT_KEYPASSWD
CURLOPT_KRBLEVEL
CURLOPT_LOGIN_OPTIONS
CURLOPT_MAIL_FROM
CURLOPT_MAIL_AUTH
CURLOPT_NETRC_FILE
CURLOPT_NOPROXY
CURLOPT_OPTIONS
CURLOPT_PASSWORD
CURLOPT_PROXY
CURLOPT_PROXYPASSWORD

2
packages/OS400/ccsidcurl.c
View File

@ -1148,11 +1148,11 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
case CURLOPT_ISSUERCERT:
case CURLOPT_KEYPASSWD:
case CURLOPT_KRBLEVEL:
case CURLOPT_LOGIN_OPTIONS:
case CURLOPT_MAIL_FROM:
case CURLOPT_MAIL_AUTH:
case CURLOPT_NETRC_FILE:
case CURLOPT_NOPROXY:
case CURLOPT_OPTIONS:
case CURLOPT_PASSWORD:
case CURLOPT_PROXY:
case CURLOPT_PROXYPASSWORD:

2
packages/OS400/curl.inc.in
View File

@ -1180,7 +1180,7 @@
d c 10222
d CURLOPT_DNS_LOCAL_IP6...
d c 10223
d CURLOPT_OPTIONS...
d CURLOPT_LOGIN_OPTIONS...
d c 10224
*
/if not defined(CURL_NO_OLDIES)

1
src/tool_cfgable.h
View File

@ -74,6 +74,7 @@ struct Configurable {
0 => -s is used to NOT show errors
1 => -S has been used to show errors */
char *userpwd;
char *login_options;
char *tls_username;
char *tls_password;
char *tls_authtype;

10
src/tool_getparam.c
View File

@ -218,6 +218,7 @@ static const struct LongShort aliases[]= {
{"El", "tlspassword", TRUE},
{"Em", "tlsauthtype", TRUE},
{"En", "ssl-allow-beast", FALSE},
{"Eo", "login-options", TRUE},
{"f", "fail", FALSE},
{"F", "form", TRUE},
{"Fs", "form-string", TRUE},
@ -1366,10 +1367,15 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
case 'n': /* no empty SSL fragments */
case 'n': /* no empty SSL fragments, --ssl-allow-beast */
if(curlinfo->features & CURL_VERSION_SSL)
config->ssl_allow_beast = toggle;
break;
case 'o': /* --login-options */
GetStr(&config->login_options, nextarg);
break;
default: /* certificate file */
{
char *certname, *passphrase;
@ -1687,7 +1693,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
}
break;
case 'u':
/* user:password;options */
/* user:password */
GetStr(&config->userpwd, nextarg);
cleanarg(nextarg);
break;

2
src/tool_operate.c
View File

@ -1051,6 +1051,8 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
my_setopt(curl, CURLOPT_NETRC_FILE, config->netrc_file);
my_setopt(curl, CURLOPT_TRANSFERTEXT, config->use_ascii?1L:0L);
if(config->login_options)
my_setopt_str(curl, CURLOPT_LOGIN_OPTIONS, config->login_options);
my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd);
my_setopt_str(curl, CURLOPT_RANGE, config->range);
my_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);

4
tests/data/test83
View File

@ -50,7 +50,7 @@ http-proxy
HTTP over proxy-tunnel with site authentication
</name>
<command>
http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user iam:myself
http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user 'iam:my:;self'
</command>
</client>
@ -69,7 +69,7 @@ Proxy-Connection: Keep-Alive
</proxy>
<protocol>
GET /we/want/that/page/83 HTTP/1.1
Authorization: Basic aWFtOm15c2VsZg==
Authorization: Basic aWFtOm15OjtzZWxm
User-Agent: curl/7.10.7-pre2 (i686-pc-linux-gnu) libcurl/7.10.7-pre2 OpenSSL/0.9.7a zlib/1.1.3
Host: test.83:%HTTPPORT
Accept: */*