Fix #22242: Option to allow auths before challenged.

2024-07-03 16:38:41 -04:00 · 2008-02-10 17:31:27 -08:00 · 2008-02-10 17:31:27 -08:00 · 4c1a59ea48
commit 4c1a59ea48
parent 70d762c4a4
7 changed files with 45 additions and 8 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,8 @@
+2008-02-10  Micah Cowan  <micah@cowan.name>
+
+	* wget.texi <HTTP Options>: Added documentation of
+	--auth-no-challenge.
+
 2008-02-06  Micah Cowan  <micah@cowan.name>

 	* wget.ṫexi <Overview>: Remove references to no-longer-supported
--- a/doc/wget.texi
+++ b/doc/wget.texi
@ -1359,6 +1359,18 @@ This option is useful for some file-downloading CGI programs that use
@code{Content-Disposition} headers to describe what the name of a
 downloaded file should be.

+@cindex authentication
+@item --auth-no-challenge
+
+If this option is given, Wget will send Basic HTTP authentication
+information (plaintext username and password) for all requests, just
+like Wget 1.10.2 and prior did by default.
+
+Use of this option is not recommended, and is intended only to support
+some few obscure servers, which never send HTTP authentication
+challenges, but accept unsolicited auth info, say, in addition to
+form-based authentication.
+
@end table

@node HTTPS (SSL/TLS) Options
--- a/src/ChangeLog
+++ b/src/ChangeLog
@ -9,6 +9,9 @@
 	* progress.c (create_image): Add space for an extra column in
 	the "eta" portion of the progress bar image; to deal with
 	too-long Czech translation.
+	* main.c, http.c, init.c: Added --auth-no-challenge option, to
+	bring back 1.10.2 unsafe auth behavior when needed. This fixes
+	bug #22242.

 2008-02-07  Micah Cowan  <micah@cowan.name>

--- a/src/http.c
+++ b/src/http.c
@ -389,27 +389,35 @@ static struct hash_table *basic_authed_hosts;
 * it the username, password. A temporary measure until we can get
 * proper authentication in place. */

-static int
+static bool
 maybe_send_basic_creds (const char *hostname, const char *user,
                        const char *passwd, struct request *req)
 {
-  int did_challenge = 0;
+  bool do_challenge = false;

-  if (basic_authed_hosts
+  if (opt.auth_without_challenge)
+    {
+      DEBUGP(("Auth-without-challenge set, sending Basic credentials.\n"));
+      do_challenge = true;
+    }
+  else if (basic_authed_hosts
      && hash_table_contains(basic_authed_hosts, hostname))
    {
      DEBUGP(("Found `%s' in basic_authed_hosts.\n", hostname));
-      request_set_header (req, "Authorization",
-                          basic_authentication_encode (user, passwd),
-                          rel_value);
-      did_challenge = 1;
+      do_challenge = true;
    }
  else
    {
      DEBUGP(("Host `%s' has not issued a general basic challenge.\n",
              hostname));
    }
-  return did_challenge;
+  if (do_challenge)
+    {
+      request_set_header (req, "Authorization",
+                          basic_authentication_encode (user, passwd),
+                          rel_value);
+    }
+  return do_challenge;
 }

 static void
--- a/src/init.c
+++ b/src/init.c
@ -113,6 +113,8 @@ static const struct {
  { "accept",           &opt.accepts,           cmd_vector },
  { "addhostdir",       &opt.add_hostdir,       cmd_boolean },
  { "alwaysrest",       &opt.always_rest,       cmd_boolean }, /* deprecated */
+  { "authnochallenge",  &opt.auth_without_challenge,
+                                                cmd_boolean },
  { "background",       &opt.background,        cmd_boolean },
  { "backupconverted",  &opt.backup_converted,  cmd_boolean },
  { "backups",          &opt.backups,           cmd_number },
--- a/src/main.c
+++ b/src/main.c
@ -130,6 +130,7 @@ static struct cmdline_option option_data[] =
  {
    { "accept", 'A', OPT_VALUE, "accept", -1 },
    { "append-output", 'a', OPT__APPEND_OUTPUT, NULL, required_argument },
+    { "auth-no-challenge", 0, OPT_BOOLEAN, "authnochallenge", -1 },
    { "background", 'b', OPT_BOOLEAN, "background", -1 },
    { "backup-converted", 'K', OPT_BOOLEAN, "backupconverted", -1 },
    { "backups", 0, OPT_BOOLEAN, "backups", -1 },
@ -532,6 +533,10 @@ HTTP options:\n"),
    N_("\
       --content-disposition   honor the Content-Disposition header when\n\
                               choosing local file names (EXPERIMENTAL).\n"),
+    N_("\
+       --auth-no-challenge     Send Basic HTTP authentication information\n\
+                               without first waiting for the server's\n\
+                               challenge.\n"),
    "\n",

 #ifdef HAVE_SSL
--- a/src/options.h
+++ b/src/options.h
@ -234,6 +234,8 @@ struct options
 				   than one type is available */
  
  bool content_disposition;	/* Honor HTTP Content-Disposition header. */
+  bool auth_without_challenge;  /* Issue Basic authentication creds without
+                                   waiting for a challenge. */
 };

 extern struct options opt;