From 0eda142e90afc33177d050249fcc4371ba01d039 Mon Sep 17 00:00:00 2001 From: Ben Greear Date: Sat, 27 Mar 2010 23:00:51 +0100 Subject: allow user+password in the URL for all protocols Ben Greear brought a patch that from now on allows all protocols to specify name and user within the URL, in the same manner HTTP and FTP have been allowed to in the past - although far from all of the libcurl supported protocols actually have that feature in their URL definition spec. --- lib/url.c | 101 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 50 insertions(+), 51 deletions(-) (limited to 'lib') diff --git a/lib/url.c b/lib/url.c index e32e8da16..357f213c0 100644 --- a/lib/url.c +++ b/lib/url.c @@ -4113,63 +4113,62 @@ static CURLcode parse_url_userpass(struct SessionHandle *data, * We need somewhere to put the embedded details, so do that first. */ + char *ptr=strchr(conn->host.name, '@'); + char *userpass = conn->host.name; + user[0] =0; /* to make everything well-defined */ passwd[0]=0; - if(conn->protocol & (PROT_FTP|PROT_HTTP|PROT_SCP|PROT_SFTP)) { - /* This is a FTP, HTTP, SCP or SFTP URL, we will now try to extract the - * possible user+password pair in a string like: - * ftp://user:password@ftp.my.site:8021/README */ - char *ptr=strchr(conn->host.name, '@'); - char *userpass = conn->host.name; - if(ptr != NULL) { - /* there's a user+password given here, to the left of the @ */ - - conn->host.name = ++ptr; - - /* So the hostname is sane. Only bother interpreting the - * results if we could care. It could still be wasted - * work because it might be overtaken by the programmatically - * set user/passwd, but doing that first adds more cases here :-( - */ + /* We will now try to extract the + * possible user+password pair in a string like: + * ftp://user:password@ftp.my.site:8021/README */ + if(ptr != NULL) { + /* there's a user+password given here, to the left of the @ */ - conn->bits.userpwd_in_url = 1; - if(data->set.use_netrc != CURL_NETRC_REQUIRED) { - /* We could use the one in the URL */ + conn->host.name = ++ptr; - conn->bits.user_passwd = TRUE; /* enable user+password */ + /* So the hostname is sane. Only bother interpreting the + * results if we could care. It could still be wasted + * work because it might be overtaken by the programmatically + * set user/passwd, but doing that first adds more cases here :-( + */ - if(*userpass != ':') { - /* the name is given, get user+password */ - sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:" - "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", - user, passwd); - } - else - /* no name given, get the password only */ - sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd); - - if(user[0]) { - char *newname=curl_easy_unescape(data, user, 0, NULL); - if(!newname) - return CURLE_OUT_OF_MEMORY; - if(strlen(newname) < MAX_CURL_USER_LENGTH) - strcpy(user, newname); - - /* if the new name is longer than accepted, then just use - the unconverted name, it'll be wrong but what the heck */ - free(newname); - } - if(passwd[0]) { - /* we have a password found in the URL, decode it! */ - char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL); - if(!newpasswd) - return CURLE_OUT_OF_MEMORY; - if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH) - strcpy(passwd, newpasswd); - - free(newpasswd); - } + conn->bits.userpwd_in_url = 1; + if(data->set.use_netrc != CURL_NETRC_REQUIRED) { + /* We could use the one in the URL */ + + conn->bits.user_passwd = TRUE; /* enable user+password */ + + if(*userpass != ':') { + /* the name is given, get user+password */ + sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:" + "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", + user, passwd); + } + else + /* no name given, get the password only */ + sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", passwd); + + if(user[0]) { + char *newname=curl_easy_unescape(data, user, 0, NULL); + if(!newname) + return CURLE_OUT_OF_MEMORY; + if(strlen(newname) < MAX_CURL_USER_LENGTH) + strcpy(user, newname); + + /* if the new name is longer than accepted, then just use + the unconverted name, it'll be wrong but what the heck */ + free(newname); + } + if(passwd[0]) { + /* we have a password found in the URL, decode it! */ + char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL); + if(!newpasswd) + return CURLE_OUT_OF_MEMORY; + if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH) + strcpy(passwd, newpasswd); + + free(newpasswd); } } } -- cgit v1.2.3