aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/ftp.c6
-rw-r--r--lib/http.c3
-rw-r--r--lib/http_digest.c10
-rw-r--r--lib/http_ntlm.c15
-rw-r--r--lib/krb4.c2
-rw-r--r--lib/ldap.c4
-rw-r--r--lib/telnet.c2
-rw-r--r--lib/url.c77
8 files changed, 69 insertions, 50 deletions
diff --git a/lib/ftp.c b/lib/ftp.c
index cc9b2dbcf..118216c09 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -409,9 +409,9 @@ CURLcode Curl_ftp_connect(struct connectdata *conn)
/* get some initial data into the ftp struct */
ftp->bytecountp = &conn->bytecount;
- /* no need to duplicate them, the data struct won't change */
- ftp->user = data->state.user;
- ftp->passwd = data->state.passwd;
+ /* no need to duplicate them, this connectdata struct won't change */
+ ftp->user = conn->user;
+ ftp->passwd = conn->passwd;
ftp->response_time = 3600; /* set default response time-out */
if (data->set.tunnel_thru_httpproxy) {
diff --git a/lib/http.c b/lib/http.c
index d710ff5f4..661ccd7d6 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -650,8 +650,7 @@ static CURLcode Curl_output_basic(struct connectdata *conn)
char *authorization;
struct SessionHandle *data=conn->data;
- sprintf(data->state.buffer, "%s:%s",
- data->state.user, data->state.passwd);
+ sprintf(data->state.buffer, "%s:%s", conn->user, conn->passwd);
if(Curl_base64_encode(data->state.buffer, strlen(data->state.buffer),
&authorization) >= 0) {
if(conn->allocptr.userpwd)
diff --git a/lib/http_digest.c b/lib/http_digest.c
index 51bcb8450..1e1c6826d 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -154,18 +154,18 @@ CURLcode Curl_output_digest(struct connectdata *conn,
if(data->state.digest.algo == CURLDIGESTALGO_MD5SESS) {
md5this = (unsigned char *)
aprintf("%s:%s:%s:%s:%s",
- data->state.user,
+ conn->user,
data->state.digest.realm,
- data->state.passwd,
+ conn->passwd,
data->state.digest.nonce,
data->state.digest.cnonce);
}
else {
md5this = (unsigned char *)
aprintf("%s:%s:%s",
- data->state.user,
+ conn->user,
data->state.digest.realm,
- data->state.passwd);
+ conn->passwd);
}
Curl_md5it(md5buf, md5this);
free(md5this); /* free this again */
@@ -202,7 +202,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
"nonce=\"%s\", "
"uri=\"%s\", "
"response=\"%s\"\r\n",
- data->state.user,
+ conn->user,
data->state.digest.realm,
data->state.digest.nonce,
uripath, /* this is the PATH part of the URL */
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index c7c5c9eed..258e45101 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -271,7 +271,6 @@ static void mkhash(char *password,
/* this is for creating ntlm header output */
CURLcode Curl_output_ntlm(struct connectdata *conn)
{
- struct SessionHandle *data=conn->data;
const char *domain=""; /* empty */
const char *host=""; /* empty */
int domlen=strlen(domain);
@@ -339,6 +338,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
size = Curl_base64_encode(ntlm, size, &base64);
if(size >0 ) {
+ if(conn->allocptr.userpwd)
+ free(conn->allocptr.userpwd);
conn->allocptr.userpwd = aprintf("Authorization: NTLM %s\r\n",
base64);
free(base64);
@@ -377,20 +378,20 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
const char *user;
int userlen;
- user = strchr(data->state.user, '\\');
+ user = strchr(conn->user, '\\');
if(!user)
- user = strchr(data->state.user, '/');
+ user = strchr(conn->user, '/');
if (user) {
- domain = data->state.user;
+ domain = conn->user;
domlen = user - domain;
user++;
}
else
- user = data->state.user;
+ user = conn->user;
userlen = strlen(user);
- mkhash(data->state.passwd, &conn->ntlm.nonce[0], lmresp
+ mkhash(conn->passwd, &conn->ntlm.nonce[0], lmresp
#ifdef USE_NTRESPONSES
, ntresp
#endif
@@ -510,6 +511,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn)
size = Curl_base64_encode(ntlm, size, &base64);
if(size >0 ) {
+ if(conn->allocptr.userpwd)
+ free(conn->allocptr.userpwd);
conn->allocptr.userpwd = aprintf("Authorization: NTLM %s\r\n",
base64);
free(base64);
diff --git a/lib/krb4.c b/lib/krb4.c
index 6c91e2fb9..b80ea390e 100644
--- a/lib/krb4.c
+++ b/lib/krb4.c
@@ -322,7 +322,7 @@ CURLcode Curl_krb_kauth(struct connectdata *conn)
save = Curl_set_command_prot(conn, prot_private);
- result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->data->state.user);
+ result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->user);
if(result)
return result;
diff --git a/lib/ldap.c b/lib/ldap.c
index 011996734..2228d5bc7 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -178,8 +178,8 @@ CURLcode Curl_ldap(struct connectdata *conn)
status = CURLE_COULDNT_CONNECT;
} else {
rc = ldap_simple_bind_s(server,
- conn->bits.user_passwd?data->state.user:NULL,
- conn->bits.user_passwd?data->state.passwd:NULL);
+ conn->bits.user_passwd?conn->user:NULL,
+ conn->bits.user_passwd?conn->passwd:NULL);
if (rc != 0) {
failf(data, "LDAP: %s", ldap_err2string(rc));
status = CURLE_LDAP_CANNOT_BIND;
diff --git a/lib/telnet.c b/lib/telnet.c
index e345caaa3..cb6e3ed58 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -756,7 +756,7 @@ static int check_telnet_options(struct connectdata *conn)
if(conn->bits.user_passwd)
{
char *buf = malloc(256);
- sprintf(buf, "USER,%s", data->state.user);
+ sprintf(buf, "USER,%s", conn->user);
tn->telnet_vars = curl_slist_append(tn->telnet_vars, buf);
tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
diff --git a/lib/url.c b/lib/url.c
index 3b6a73b90..5a91b8c03 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1252,6 +1252,11 @@ CURLcode Curl_disconnect(struct connectdata *conn)
if(-1 != conn->firstsocket)
sclose(conn->firstsocket);
+ if(conn->user)
+ free(conn->user);
+ if(conn->passwd)
+ free(conn->passwd);
+
if(conn->allocptr.proxyuserpwd)
free(conn->allocptr.proxyuserpwd);
if(conn->allocptr.uagent)
@@ -1358,8 +1363,8 @@ ConnectionExists(struct SessionHandle *data,
if(needle->protocol & PROT_FTP) {
/* This is FTP, verify that we're using the same name and
password as well */
- if(!strequal(needle->data->state.user, check->proto.ftp->user) ||
- !strequal(needle->data->state.passwd, check->proto.ftp->passwd)) {
+ if(!strequal(needle->user, check->user) ||
+ !strequal(needle->passwd, check->passwd)) {
/* one of them was different */
continue;
}
@@ -1840,6 +1845,11 @@ static CURLcode CreateConnection(struct SessionHandle *data,
unsigned int prev_alarm=0;
#endif
char endbracket;
+ char user[MAX_CURL_USER_LENGTH];
+ char passwd[MAX_CURL_PASSWORD_LENGTH];
+ bool passwdgiven=FALSE; /* set TRUE if an application-provided password has
+ been set */
+
#ifdef HAVE_SIGACTION
struct sigaction keep_sigact; /* store the old struct here */
@@ -2590,8 +2600,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
*
* Outputs: (almost :- all currently undefined)
* conn->bits.user_passwd - non-zero if non-default passwords exist
- * conn->state.user - non-zero length if defined
- * conn->state.passwd - ditto
+ * conn->user - non-zero length if defined
+ * conn->passwd - ditto
* conn->hostname - remove user name and password
*/
@@ -2602,8 +2612,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
* We need somewhere to put the embedded details, so do that first.
*/
- data->state.user[0] =0; /* to make everything well-defined */
- data->state.passwd[0]=0;
+ user[0] =0; /* to make everything well-defined */
+ passwd[0]=0;
if (conn->protocol & (PROT_FTP|PROT_HTTP)) {
/* This is a FTP or HTTP URL, we will now try to extract the possible
@@ -2630,31 +2640,31 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*userpass != ':') {
/* the name is given, get user+password */
sscanf(userpass, "%127[^:@]:%127[^@]",
- data->state.user, data->state.passwd);
+ user, passwd);
}
else
/* no name given, get the password only */
- sscanf(userpass, ":%127[^@]", data->state.passwd);
+ sscanf(userpass, ":%127[^@]", passwd);
- if(data->state.user[0]) {
- char *newname=curl_unescape(data->state.user, 0);
- if(strlen(newname) < sizeof(data->state.user)) {
- strcpy(data->state.user, newname);
+ if(user[0]) {
+ char *newname=curl_unescape(user, 0);
+ if(strlen(newname) < sizeof(user)) {
+ strcpy(user, newname);
}
/* if the new name is longer than accepted, then just use
the unconverted name, it'll be wrong but what the heck */
free(newname);
}
- if (data->state.passwd[0]) {
+ if (passwd[0]) {
/* we have a password found in the URL, decode it! */
- char *newpasswd=curl_unescape(data->state.passwd, 0);
- if(strlen(newpasswd) < sizeof(data->state.passwd)) {
- strcpy(data->state.passwd, newpasswd);
+ char *newpasswd=curl_unescape(passwd, 0);
+ if(strlen(newpasswd) < sizeof(passwd)) {
+ strcpy(passwd, newpasswd);
}
free(newpasswd);
/* we have set the password */
- data->state.passwdgiven = TRUE;
+ passwdgiven = TRUE;
}
}
}
@@ -2673,35 +2683,35 @@ static CURLcode CreateConnection(struct SessionHandle *data,
if(*data->set.userpwd != ':') {
/* the name is given, get user+password */
sscanf(data->set.userpwd, "%127[^:]:%127[^\n]",
- data->state.user, data->state.passwd);
+ user, passwd);
if(strchr(data->set.userpwd, ':'))
/* a colon means the password was given, even if blank */
- data->state.passwdgiven = TRUE;
+ passwdgiven = TRUE;
}
else
/* no name given, starts with a colon, get the password only */
- sscanf(data->set.userpwd+1, "%127[^\n]", data->state.passwd);
+ sscanf(data->set.userpwd+1, "%127[^\n]", passwd);
}
if ((data->set.use_netrc != CURL_NETRC_IGNORED) &&
- !data->state.passwdgiven) { /* need passwd */
+ !passwdgiven) { /* need passwd */
if(Curl_parsenetrc(conn->hostname,
- data->state.user,
- data->state.passwd)) {
+ user,
+ passwd)) {
infof(data, "Couldn't find host %s in the .netrc file, using defaults",
conn->hostname);
}
else {
conn->bits.user_passwd = 1; /* enable user+password */
- data->state.passwdgiven = TRUE;
+ passwdgiven = TRUE;
}
}
/* if we have a user but no password, ask for one */
- if(conn->bits.user_passwd && !data->state.passwdgiven ) {
+ if(conn->bits.user_passwd && !passwdgiven ) {
if(data->set.fpasswd(data->set.passwd_client,
- "password:", data->state.passwd,
- sizeof(data->state.passwd)))
+ "password:", passwd,
+ sizeof(passwd)))
return CURLE_BAD_PASSWORD_ENTERED;
}
@@ -2710,14 +2720,18 @@ static CURLcode CreateConnection(struct SessionHandle *data,
/* If our protocol needs a password and we have none, use the defaults */
if ( (conn->protocol & (PROT_FTP|PROT_HTTP)) &&
!conn->bits.user_passwd &&
- !data->state.passwdgiven) {
+ !passwdgiven) {
- strcpy(data->state.user, CURL_DEFAULT_USER);
- strcpy(data->state.passwd, CURL_DEFAULT_PASSWORD);
+ strcpy(user, CURL_DEFAULT_USER);
+ strcpy(passwd, CURL_DEFAULT_PASSWORD);
/* This is the default password, so DON'T set conn->bits.user_passwd */
}
+ /* store user + password */
+ conn->user = strdup(user);
+ conn->passwd = strdup(passwd);
+
/*************************************************************
* Check the current list of connections to see if we can
* re-use an already existing one or if we have to create a
@@ -2777,6 +2791,9 @@ static CURLcode CreateConnection(struct SessionHandle *data,
otherwise */
conn->maxdownload = -1; /* might have been used previously! */
+ free(old_conn->user);
+ free(old_conn->passwd);
+
free(old_conn); /* we don't need this anymore */
/*