From 169fedbdce93ecf14befb6e0e1ce6a2d480252a3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 14 Dec 2013 22:39:27 +0100 Subject: login options: remove the ;[options] support from CURLOPT_USERPWD To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg --- docs/libcurl/curl_easy_setopt.3 | 14 +++++++------- docs/libcurl/symbols-in-versions | 2 +- include/curl/curl.h | 2 +- include/curl/typecheck-gcc.h | 4 ++-- lib/url.c | 21 ++++++--------------- packages/OS400/README.OS400 | 2 +- packages/OS400/ccsidcurl.c | 2 +- packages/OS400/curl.inc.in | 2 +- src/tool_cfgable.h | 1 + src/tool_getparam.c | 10 ++++++++-- src/tool_operate.c | 2 ++ tests/data/test83 | 4 ++-- 12 files changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 51edaea97..2cfa2663c 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1165,22 +1165,22 @@ authentication. You should not use this option together with the (older) CURLOPT_USERPWD option. To specify the password and login options, along with the user name, use the -\fICURLOPT_PASSWORD\fP and \fICURLOPT_OPTIONS\fP options or alternatively use -the older \CURLOPT_USERPWD\fP option instead. (Added in 7.19.1) +\fICURLOPT_PASSWORD\fP and \fICURLOPT_LOGIN_OPTIONS\fP options. (Added in +7.19.1) .IP CURLOPT_PASSWORD Pass a char * as parameter, which should be pointing to the zero terminated password to use for the transfer. The CURLOPT_PASSWORD option should be used in conjunction with the \fICURLOPT_USERNAME\fP option. (Added in 7.19.1) -.IP CURLOPT_OPTIONS +.IP CURLOPT_LOGIN_OPTIONS Pass a char * as parameter, which should be pointing to the zero terminated options string to use for the transfer. -\CURLOPT_OPTIONS\fP can be used to set protocol specific authentication options, -such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", and -should be used in conjunction with the \fICURLOPT_USERNAME\fP option. (Added in -7.34.0) +\CURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options, +such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", +and should be used in conjunction with the \fICURLOPT_USERNAME\fP option. +(Added in 7.34.0) .IP CURLOPT_PROXYUSERNAME Pass a char * as parameter, which should be pointing to the zero terminated user name to use for the transfer while connecting to Proxy. diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index e9d77194d..432f180ec 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -395,6 +395,7 @@ CURLOPT_KRB4LEVEL 7.3 7.17.0 CURLOPT_KRBLEVEL 7.16.4 CURLOPT_LOCALPORT 7.15.2 CURLOPT_LOCALPORTRANGE 7.15.2 +CURLOPT_LOGIN_OPTIONS 7.34.0 CURLOPT_LOW_SPEED_LIMIT 7.1 CURLOPT_LOW_SPEED_TIME 7.1 CURLOPT_MAIL_AUTH 7.25.0 @@ -418,7 +419,6 @@ CURLOPT_NOSIGNAL 7.10 CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0 CURLOPT_OPENSOCKETDATA 7.17.1 CURLOPT_OPENSOCKETFUNCTION 7.17.1 -CURLOPT_OPTIONS 7.34.0 CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5 CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5 CURLOPT_PASSWORD 7.19.1 diff --git a/include/curl/curl.h b/include/curl/curl.h index 9bee934a1..aafaeed2d 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -1569,7 +1569,7 @@ typedef enum { CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223), /* Set authentication options directly */ - CINIT(OPTIONS, OBJECTPOINT, 224), + CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224), CURLOPT_LASTENTRY /* the last unused */ } CURLoption; diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h index 7feccf347..cdeba21a2 100644 --- a/include/curl/typecheck-gcc.h +++ b/include/curl/typecheck-gcc.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -269,7 +269,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist, (option) == CURLOPT_DNS_INTERFACE || \ (option) == CURLOPT_DNS_LOCAL_IP4 || \ (option) == CURLOPT_DNS_LOCAL_IP6 || \ - (option) == CURLOPT_OPTIONS || \ + (option) == CURLOPT_LOGIN_OPTIONS || \ 0) /* evaluates to true if option takes a curl_write_callback argument */ diff --git a/lib/url.c b/lib/url.c index 7536877ba..5903628c9 100644 --- a/lib/url.c +++ b/lib/url.c @@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s) return CURLE_OK; } -static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, - char **optionsp) +static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) { CURLcode result = CURLE_OK; char *user = NULL; char *passwd = NULL; - char *options = NULL; /* Parse the login details if specified. It not then we treat NULL as a hint to clear the existing data */ @@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, result = parse_login_details(option, strlen(option), (userp ? &user : NULL), (passwdp ? &passwd : NULL), - (optionsp ? &options : NULL)); + NULL); } if(!result) { @@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp, Curl_safefree(*passwdp); *passwdp = passwd; } - - /* Store the options part of option if required */ - if(optionsp) { - Curl_safefree(*optionsp); - *optionsp = options; - } } return result; @@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, case CURLOPT_USERPWD: /* - * user:password;options to use in the operation + * user:password to use in the operation */ result = setstropt_userpwd(va_arg(param, char *), &data->set.str[STRING_USERNAME], - &data->set.str[STRING_PASSWORD], - &data->set.str[STRING_OPTIONS]); + &data->set.str[STRING_PASSWORD]); break; case CURLOPT_USERNAME: @@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, va_arg(param, char *)); break; - case CURLOPT_OPTIONS: + case CURLOPT_LOGIN_OPTIONS: /* * authentication options to use in the operation */ @@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, */ result = setstropt_userpwd(va_arg(param, char *), &data->set.str[STRING_PROXYUSERNAME], - &data->set.str[STRING_PROXYPASSWORD], NULL); + &data->set.str[STRING_PROXYPASSWORD]); break; case CURLOPT_PROXYUSERNAME: /* diff --git a/packages/OS400/README.OS400 b/packages/OS400/README.OS400 index 62918c9b7..06e6632a2 100644 --- a/packages/OS400/README.OS400 +++ b/packages/OS400/README.OS400 @@ -85,11 +85,11 @@ options: CURLOPT_ISSUERCERT CURLOPT_KEYPASSWD CURLOPT_KRBLEVEL + CURLOPT_LOGIN_OPTIONS CURLOPT_MAIL_FROM CURLOPT_MAIL_AUTH CURLOPT_NETRC_FILE CURLOPT_NOPROXY - CURLOPT_OPTIONS CURLOPT_PASSWORD CURLOPT_PROXY CURLOPT_PROXYPASSWORD diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index 0c99a47f9..34ca8dc23 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -1148,11 +1148,11 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...) case CURLOPT_ISSUERCERT: case CURLOPT_KEYPASSWD: case CURLOPT_KRBLEVEL: + case CURLOPT_LOGIN_OPTIONS: case CURLOPT_MAIL_FROM: case CURLOPT_MAIL_AUTH: case CURLOPT_NETRC_FILE: case CURLOPT_NOPROXY: - case CURLOPT_OPTIONS: case CURLOPT_PASSWORD: case CURLOPT_PROXY: case CURLOPT_PROXYPASSWORD: diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in index bb8807ca3..831c9c722 100644 --- a/packages/OS400/curl.inc.in +++ b/packages/OS400/curl.inc.in @@ -1180,7 +1180,7 @@ d c 10222 d CURLOPT_DNS_LOCAL_IP6... d c 10223 - d CURLOPT_OPTIONS... + d CURLOPT_LOGIN_OPTIONS... d c 10224 * /if not defined(CURL_NO_OLDIES) diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 2f9cd5afb..c1687328d 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -74,6 +74,7 @@ struct Configurable { 0 => -s is used to NOT show errors 1 => -S has been used to show errors */ char *userpwd; + char *login_options; char *tls_username; char *tls_password; char *tls_authtype; diff --git a/src/tool_getparam.c b/src/tool_getparam.c index d0feb71ed..542bea022 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -218,6 +218,7 @@ static const struct LongShort aliases[]= { {"El", "tlspassword", TRUE}, {"Em", "tlsauthtype", TRUE}, {"En", "ssl-allow-beast", FALSE}, + {"Eo", "login-options", TRUE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, @@ -1366,10 +1367,15 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ else return PARAM_LIBCURL_DOESNT_SUPPORT; break; - case 'n': /* no empty SSL fragments */ + case 'n': /* no empty SSL fragments, --ssl-allow-beast */ if(curlinfo->features & CURL_VERSION_SSL) config->ssl_allow_beast = toggle; break; + + case 'o': /* --login-options */ + GetStr(&config->login_options, nextarg); + break; + default: /* certificate file */ { char *certname, *passphrase; @@ -1687,7 +1693,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ } break; case 'u': - /* user:password;options */ + /* user:password */ GetStr(&config->userpwd, nextarg); cleanarg(nextarg); break; diff --git a/src/tool_operate.c b/src/tool_operate.c index 7b43691bb..7cb807734 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1051,6 +1051,8 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[]) my_setopt(curl, CURLOPT_NETRC_FILE, config->netrc_file); my_setopt(curl, CURLOPT_TRANSFERTEXT, config->use_ascii?1L:0L); + if(config->login_options) + my_setopt_str(curl, CURLOPT_LOGIN_OPTIONS, config->login_options); my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd); my_setopt_str(curl, CURLOPT_RANGE, config->range); my_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); diff --git a/tests/data/test83 b/tests/data/test83 index 4386c12b9..e00a28893 100644 --- a/tests/data/test83 +++ b/tests/data/test83 @@ -50,7 +50,7 @@ http-proxy HTTP over proxy-tunnel with site authentication -http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user iam:myself +http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user 'iam:my:;self' @@ -69,7 +69,7 @@ Proxy-Connection: Keep-Alive GET /we/want/that/page/83 HTTP/1.1 -Authorization: Basic aWFtOm15c2VsZg== +Authorization: Basic aWFtOm15OjtzZWxm User-Agent: curl/7.10.7-pre2 (i686-pc-linux-gnu) libcurl/7.10.7-pre2 OpenSSL/0.9.7a zlib/1.1.3 Host: test.83:%HTTPPORT Accept: */* -- cgit v1.2.3