generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

login options: remove the ;[options] support from CURLOPT_USERPWD

Browse Source 
To avoid the regression when users pass in passwords containing semi-
colons, we now drop the ability to set the login options with the same
options. Support for login options in CURLOPT_USERPWD was added in
7.31.0.

Test case 83 was modified to verify that colons and semi-colons can be
used as part of the password when using -u (CURLOPT_USERPWD).

Bug: http://curl.haxx.se/bug/view.cgi?id=1311
Reported-by: Petr Bahula
Assisted-by: Steve Holme
Signed-off-by: Daniel Stenberg <daniel@haxx.se>
This commit is contained in:
Daniel Stenberg 2013-12-14 22:39:27 +01:00
parent 32b9c30e67
commit 169fedbdce
12 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/libcurl/curl_easy_setopt.3
View File

@ -1165,22 +1165,22 @@ authentication. You should not use this option together with the (older)
CURLOPT_USERPWD option. CURLOPT_USERPWD option.
To specify the password and login options, along with the user name, use the To specify the password and login options, along with the user name, use the
\fICURLOPT_PASSWORD\fP and \fICURLOPT_OPTIONS\fP options or alternatively use \fICURLOPT_PASSWORD\fP and \fICURLOPT_LOGIN_OPTIONS\fP options. (Added in
the older \CURLOPT_USERPWD\fP option instead. (Added in 7.19.1) 7.19.1)
.IP CURLOPT_PASSWORD .IP CURLOPT_PASSWORD
Pass a char * as parameter, which should be pointing to the zero terminated Pass a char * as parameter, which should be pointing to the zero terminated
password to use for the transfer. password to use for the transfer.
The CURLOPT_PASSWORD option should be used in conjunction with the The CURLOPT_PASSWORD option should be used in conjunction with the
\fICURLOPT_USERNAME\fP option. (Added in 7.19.1) \fICURLOPT_USERNAME\fP option. (Added in 7.19.1)
.IP CURLOPT_OPTIONS .IP CURLOPT_LOGIN_OPTIONS
Pass a char * as parameter, which should be pointing to the zero terminated Pass a char * as parameter, which should be pointing to the zero terminated
options string to use for the transfer. options string to use for the transfer.
\CURLOPT_OPTIONS\fP can be used to set protocol specific authentication options, \CURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options,
such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", and such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*",
should be used in conjunction with the \fICURLOPT_USERNAME\fP option. (Added in and should be used in conjunction with the \fICURLOPT_USERNAME\fP option.
7.34.0) (Added in 7.34.0)
.IP CURLOPT_PROXYUSERNAME .IP CURLOPT_PROXYUSERNAME
Pass a char * as parameter, which should be pointing to the zero terminated Pass a char * as parameter, which should be pointing to the zero terminated
user name to use for the transfer while connecting to Proxy. user name to use for the transfer while connecting to Proxy.

2
docs/libcurl/symbols-in-versions
View File

@ -395,6 +395,7 @@ CURLOPT_KRB4LEVEL 7.3 7.17.0
CURLOPT_KRBLEVEL 7.16.4 CURLOPT_KRBLEVEL 7.16.4
CURLOPT_LOCALPORT 7.15.2 CURLOPT_LOCALPORT 7.15.2
CURLOPT_LOCALPORTRANGE 7.15.2 CURLOPT_LOCALPORTRANGE 7.15.2
CURLOPT_LOGIN_OPTIONS 7.34.0
CURLOPT_LOW_SPEED_LIMIT 7.1 CURLOPT_LOW_SPEED_LIMIT 7.1
CURLOPT_LOW_SPEED_TIME 7.1 CURLOPT_LOW_SPEED_TIME 7.1
CURLOPT_MAIL_AUTH 7.25.0 CURLOPT_MAIL_AUTH 7.25.0
@ -418,7 +419,6 @@ CURLOPT_NOSIGNAL 7.10
CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0 CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0
CURLOPT_OPENSOCKETDATA 7.17.1 CURLOPT_OPENSOCKETDATA 7.17.1
CURLOPT_OPENSOCKETFUNCTION 7.17.1 CURLOPT_OPENSOCKETFUNCTION 7.17.1
CURLOPT_OPTIONS 7.34.0
CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5 CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5 CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWORD 7.19.1 CURLOPT_PASSWORD 7.19.1

2
include/curl/curl.h
View File

@ -1569,7 +1569,7 @@ typedef enum {
CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223), CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
/* Set authentication options directly */ /* Set authentication options directly */
CINIT(OPTIONS, OBJECTPOINT, 224), CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
CURLOPT_LASTENTRY /* the last unused */ CURLOPT_LASTENTRY /* the last unused */
} CURLoption; } CURLoption;

4
include/curl/typecheck-gcc.h
View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -269,7 +269,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(option) == CURLOPT_DNS_INTERFACE || \ (option) == CURLOPT_DNS_INTERFACE || \
(option) == CURLOPT_DNS_LOCAL_IP4 || \ (option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \ (option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_OPTIONS || \ (option) == CURLOPT_LOGIN_OPTIONS || \
0) 0)
/* evaluates to true if option takes a curl_write_callback argument */ /* evaluates to true if option takes a curl_write_callback argument */

21
lib/url.c
View File

@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s)
return CURLE_OK; return CURLE_OK;
} }
static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
char **optionsp)
{ {
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
char *user = NULL; char *user = NULL;
char *passwd = NULL; char *passwd = NULL;
char *options = NULL;
/* Parse the login details if specified. It not then we treat NULL as a hint /* Parse the login details if specified. It not then we treat NULL as a hint
to clear the existing data */ to clear the existing data */
@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
result = parse_login_details(option, strlen(option), result = parse_login_details(option, strlen(option),
(userp ? &user : NULL), (userp ? &user : NULL),
(passwdp ? &passwd : NULL), (passwdp ? &passwd : NULL),
(optionsp ? &options : NULL)); NULL);
} }
if(!result) { if(!result) {
@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
Curl_safefree(*passwdp); Curl_safefree(*passwdp);
*passwdp = passwd; *passwdp = passwd;
} }
/* Store the options part of option if required */
if(optionsp) {
Curl_safefree(*optionsp);
*optionsp = options;
}
} }
return result; return result;
@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
case CURLOPT_USERPWD: case CURLOPT_USERPWD:
/* /*
* user:password;options to use in the operation * user:password to use in the operation
*/ */
result = setstropt_userpwd(va_arg(param, char *), result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_USERNAME], &data->set.str[STRING_USERNAME],
&data->set.str[STRING_PASSWORD], &data->set.str[STRING_PASSWORD]);
&data->set.str[STRING_OPTIONS]);
break; break;
case CURLOPT_USERNAME: case CURLOPT_USERNAME:
@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
va_arg(param, char *)); va_arg(param, char *));
break; break;
case CURLOPT_OPTIONS: case CURLOPT_LOGIN_OPTIONS:
/* /*
* authentication options to use in the operation * authentication options to use in the operation
*/ */
@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
*/ */
result = setstropt_userpwd(va_arg(param, char *), result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_PROXYUSERNAME], &data->set.str[STRING_PROXYUSERNAME],
&data->set.str[STRING_PROXYPASSWORD], NULL); &data->set.str[STRING_PROXYPASSWORD]);
break; break;
case CURLOPT_PROXYUSERNAME: case CURLOPT_PROXYUSERNAME:
/* /*

2
packages/OS400/README.OS400
View File

@ -85,11 +85,11 @@ options:
CURLOPT_ISSUERCERT CURLOPT_ISSUERCERT
CURLOPT_KEYPASSWD CURLOPT_KEYPASSWD
CURLOPT_KRBLEVEL CURLOPT_KRBLEVEL
CURLOPT_LOGIN_OPTIONS
CURLOPT_MAIL_FROM CURLOPT_MAIL_FROM
CURLOPT_MAIL_AUTH CURLOPT_MAIL_AUTH
CURLOPT_NETRC_FILE CURLOPT_NETRC_FILE
CURLOPT_NOPROXY CURLOPT_NOPROXY
CURLOPT_OPTIONS
CURLOPT_PASSWORD CURLOPT_PASSWORD
CURLOPT_PROXY CURLOPT_PROXY
CURLOPT_PROXYPASSWORD CURLOPT_PROXYPASSWORD

2
packages/OS400/ccsidcurl.c
View File

@ -1148,11 +1148,11 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
case CURLOPT_ISSUERCERT: case CURLOPT_ISSUERCERT:
case CURLOPT_KEYPASSWD: case CURLOPT_KEYPASSWD:
case CURLOPT_KRBLEVEL: case CURLOPT_KRBLEVEL:
case CURLOPT_LOGIN_OPTIONS:
case CURLOPT_MAIL_FROM: case CURLOPT_MAIL_FROM:
case CURLOPT_MAIL_AUTH: case CURLOPT_MAIL_AUTH:
case CURLOPT_NETRC_FILE: case CURLOPT_NETRC_FILE:
case CURLOPT_NOPROXY: case CURLOPT_NOPROXY:
case CURLOPT_OPTIONS:
case CURLOPT_PASSWORD: case CURLOPT_PASSWORD:
case CURLOPT_PROXY: case CURLOPT_PROXY:
case CURLOPT_PROXYPASSWORD: case CURLOPT_PROXYPASSWORD:

2
packages/OS400/curl.inc.in
View File

@ -1180,7 +1180,7 @@
d c 10222 d c 10222
d CURLOPT_DNS_LOCAL_IP6... d CURLOPT_DNS_LOCAL_IP6...
d c 10223 d c 10223
d CURLOPT_OPTIONS... d CURLOPT_LOGIN_OPTIONS...
d c 10224 d c 10224
* *
/if not defined(CURL_NO_OLDIES) /if not defined(CURL_NO_OLDIES)

1
src/tool_cfgable.h
View File

@ -74,6 +74,7 @@ struct Configurable {
0 => -s is used to NOT show errors 0 => -s is used to NOT show errors
1 => -S has been used to show errors */ 1 => -S has been used to show errors */
char *userpwd; char *userpwd;
char *login_options;
char *tls_username; char *tls_username;
char *tls_password; char *tls_password;
char *tls_authtype; char *tls_authtype;

10
src/tool_getparam.c
View File

@ -218,6 +218,7 @@ static const struct LongShort aliases[]= {
{"El", "tlspassword", TRUE}, {"El", "tlspassword", TRUE},
{"Em", "tlsauthtype", TRUE}, {"Em", "tlsauthtype", TRUE},
{"En", "ssl-allow-beast", FALSE}, {"En", "ssl-allow-beast", FALSE},
{"Eo", "login-options", TRUE},
{"f", "fail", FALSE}, {"f", "fail", FALSE},
{"F", "form", TRUE}, {"F", "form", TRUE},
{"Fs", "form-string", TRUE}, {"Fs", "form-string", TRUE},
@ -1366,10 +1367,15 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
else else
return PARAM_LIBCURL_DOESNT_SUPPORT; return PARAM_LIBCURL_DOESNT_SUPPORT;
break; break;
case 'n': /* no empty SSL fragments */ case 'n': /* no empty SSL fragments, --ssl-allow-beast */
if(curlinfo->features & CURL_VERSION_SSL) if(curlinfo->features & CURL_VERSION_SSL)
config->ssl_allow_beast = toggle; config->ssl_allow_beast = toggle;
break; break;
case 'o': /* --login-options */
GetStr(&config->login_options, nextarg);
break;
default: /* certificate file */ default: /* certificate file */
{ {
char *certname, *passphrase; char *certname, *passphrase;
@ -1687,7 +1693,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
} }
break; break;
case 'u': case 'u':
/* user:password;options */ /* user:password */
GetStr(&config->userpwd, nextarg); GetStr(&config->userpwd, nextarg);
cleanarg(nextarg); cleanarg(nextarg);
break; break;

2
src/tool_operate.c
View File

@ -1051,6 +1051,8 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
my_setopt(curl, CURLOPT_NETRC_FILE, config->netrc_file); my_setopt(curl, CURLOPT_NETRC_FILE, config->netrc_file);
my_setopt(curl, CURLOPT_TRANSFERTEXT, config->use_ascii?1L:0L); my_setopt(curl, CURLOPT_TRANSFERTEXT, config->use_ascii?1L:0L);
if(config->login_options)
my_setopt_str(curl, CURLOPT_LOGIN_OPTIONS, config->login_options);
my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd); my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd);
my_setopt_str(curl, CURLOPT_RANGE, config->range); my_setopt_str(curl, CURLOPT_RANGE, config->range);
my_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); my_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);

4
tests/data/test83
View File

@ -50,7 +50,7 @@ http-proxy
HTTP over proxy-tunnel with site authentication HTTP over proxy-tunnel with site authentication
</name> </name>
<command> <command>
http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user iam:myself http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user 'iam:my:;self'
</command> </command>
</client> </client>
@ -69,7 +69,7 @@ Proxy-Connection: Keep-Alive
</proxy> </proxy>
<protocol> <protocol>
GET /we/want/that/page/83 HTTP/1.1 GET /we/want/that/page/83 HTTP/1.1
Authorization: Basic aWFtOm15c2VsZg== Authorization: Basic aWFtOm15OjtzZWxm
User-Agent: curl/7.10.7-pre2 (i686-pc-linux-gnu) libcurl/7.10.7-pre2 OpenSSL/0.9.7a zlib/1.1.3 User-Agent: curl/7.10.7-pre2 (i686-pc-linux-gnu) libcurl/7.10.7-pre2 OpenSSL/0.9.7a zlib/1.1.3
Host: test.83:%HTTPPORT Host: test.83:%HTTPPORT
Accept: */* Accept: */*