diff options
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 5 | ||||
-rw-r--r-- | include/curl/curl.h | 7 | ||||
-rw-r--r-- | lib/http.c | 3 | ||||
-rw-r--r-- | lib/url.c | 8 | ||||
-rw-r--r-- | lib/urldata.h | 1 |
5 files changed, 22 insertions, 2 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index a1bb2c6df..4763c871a 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -349,6 +349,11 @@ new location and follow new Location: headers all the way until no more such headers are returned. \fICURLOPT_MAXREDIRS\fP can be used to limit the number of redirects libcurl will follow. .TP +.B CURLOPT_UNRESTRICTED_AUTH +A non-zero parameter tells the library it can continue to send authentication +(user+password) when following locations, even when hostname changed. Note +that this is meaningful only when setting \fICURLOPT_FOLLOWLOCATION\fP. +.TP .B CURLOPT_MAXREDIRS Pass a long. The set number will be the redirection limit. If that many redirections have been followed, the next redirect will cause an error diff --git a/include/curl/curl.h b/include/curl/curl.h index e9c8c1dbd..e7f5d5fd9 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -619,6 +619,11 @@ typedef enum { /* Set aliases for HTTP 200 in the HTTP Response header */ CINIT(HTTP200ALIASES, OBJECTPOINT, 104), + /* Continue to send authentication (user+password) when following locations, + even when hostname changed. This can potentionally send off the name + and password to whatever host the server decides. */ + CINIT(UNRESTRICTED_AUTH, LONG, 105), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -809,7 +814,7 @@ CURLcode curl_global_init(long flags); void curl_global_cleanup(void); /* This is the version number */ -#define LIBCURL_VERSION "7.10.4-pre2" +#define LIBCURL_VERSION "7.10.4-pre5" #define LIBCURL_VERSION_NUM 0x070a04 /* linked-list structure for the CURLOPT_QUOTE option (and other) */ diff --git a/lib/http.c b/lib/http.c index 850731ce3..1a9bd2a1d 100644 --- a/lib/http.c +++ b/lib/http.c @@ -663,7 +663,8 @@ CURLcode Curl_http(struct connectdata *conn) host due to a location-follow, we do some weirdo checks here */ if(!data->state.this_is_a_follow || !data->state.auth_host || - curl_strequal(data->state.auth_host, conn->hostname)) { + curl_strequal(data->state.auth_host, conn->hostname) || + data->set.http_disable_hostname_check_before_authentication) { sprintf(data->state.buffer, "%s:%s", data->state.user, data->state.passwd); if(Curl_base64_encode(data->state.buffer, strlen(data->state.buffer), @@ -503,6 +503,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) */ data->set.http_follow_location = va_arg(param, long)?TRUE:FALSE; break; + case CURLOPT_UNRESTRICTED_AUTH: + /* + * Send authentication (user+password) when following locations, even when + * hostname changed. + */ + data->set.http_disable_hostname_check_before_authentication = + va_arg(param, long)?TRUE:FALSE; + break; case CURLOPT_HTTP_VERSION: /* * This sets a requested HTTP version to be used. The value is one of diff --git a/lib/urldata.h b/lib/urldata.h index 93ad35b60..eb5952174 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -736,6 +736,7 @@ struct UserDefined { bool hide_progress; bool http_fail_on_error; bool http_follow_location; + bool http_disable_hostname_check_before_authentication; bool include_header; #define http_include_header include_header /* former name */ |