aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2005-04-25 21:39:48 +0000
committerDaniel Stenberg <daniel@haxx.se>2005-04-25 21:39:48 +0000
commit01165e08e0d131b399fba2190f17af67e66f0888 (patch)
treeedabecf2359b409ed1e10f450ace39e859a31807 /lib
parent6e1633a6c5f88479998a1e0675818c9d97d9ed90 (diff)
Fred New reported a bug where we used Basic auth and user name and password in
.netrc, and when following a Location: the subsequent requests didn't properly use the auth as found in the netrc file. Added test case 257 to verify my fix.
Diffstat (limited to 'lib')
-rw-r--r--lib/http.c1
-rw-r--r--lib/netrc.c8
-rw-r--r--lib/url.c12
-rw-r--r--lib/urldata.h1
4 files changed, 16 insertions, 6 deletions
diff --git a/lib/http.c b/lib/http.c
index c3c805956..f61ce42c4 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -465,6 +465,7 @@ Curl_http_output_auth(struct connectdata *conn,
/* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow ||
+ conn->bits.netrc ||
!data->state.first_host ||
curl_strequal(data->state.first_host, conn->host.name) ||
data->set.http_disable_hostname_check_before_authentication) {
diff --git a/lib/netrc.c b/lib/netrc.c
index e43140ac3..9b56dd4a2 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -103,7 +103,7 @@ int Curl_parsenetrc(char *host,
char *override = curl_getenv("CURL_DEBUG_NETRC");
if (override) {
- printf("NETRC: overridden " NETRC " file: %s\n", home);
+ fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override);
netrcfile = override;
netrc_alloc = TRUE;
}
@@ -171,7 +171,7 @@ int Curl_parsenetrc(char *host,
/* and yes, this is our host! */
state=HOSTVALID;
#ifdef _NETRC_DEBUG
- printf("HOST: %s\n", tok);
+ fprintf(stderr, "HOST: %s\n", tok);
#endif
retcode=0; /* we did find our host */
}
@@ -188,7 +188,7 @@ int Curl_parsenetrc(char *host,
else {
strncpy(login, tok, LOGINSIZE-1);
#ifdef _NETRC_DEBUG
- printf("LOGIN: %s\n", login);
+ fprintf(stderr, "LOGIN: %s\n", login);
#endif
}
state_login=0;
@@ -197,7 +197,7 @@ int Curl_parsenetrc(char *host,
if (state_our_login || !specific_login) {
strncpy(password, tok, PASSWORDSIZE-1);
#ifdef _NETRC_DEBUG
- printf("PASSWORD: %s\n", password);
+ fprintf(stderr, "PASSWORD: %s\n", password);
#endif
}
state_password=0;
diff --git a/lib/url.c b/lib/url.c
index e75c29043..fb9c5905d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3147,15 +3147,23 @@ static CURLcode CreateConnection(struct SessionHandle *data,
user, passwd);
}
+ conn->bits.netrc = FALSE;
if (data->set.use_netrc != CURL_NETRC_IGNORED) {
if(Curl_parsenetrc(conn->host.name,
user, passwd,
data->set.netrc_file)) {
- infof(data, "Couldn't find host %s in the " DOT_CHAR "netrc file, using defaults\n",
+ infof(data, "Couldn't find host %s in the " DOT_CHAR
+ "netrc file, using defaults\n",
conn->host.name);
}
- else
+ else {
+ /* set bits.netrc TRUE to remember that we got the name from a .netrc
+ file, so that it is safe to use even if we followed a Location: to a
+ different host or similar. */
+ conn->bits.netrc = TRUE;
+
conn->bits.user_passwd = 1; /* enable user+password */
+ }
}
/* If our protocol needs a password and we have none, use the defaults */
diff --git a/lib/urldata.h b/lib/urldata.h
index a3b2c25ff..9bd245980 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -420,6 +420,7 @@ struct ConnectBits {
bool ftp_use_lprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
LPRT doesn't work we disable it for the forthcoming
requests */
+ bool netrc; /* name+password provided by netrc */
};
struct hostname {