On Fri, 13 Dec 2013, Daniel Stenberg wrote:
The only truly working way I can think of is to have separate options for
all of them so that we avoid single-letter separators completely.
I think separate options is something that we should consider.
I'll work on that.
Hi again Steve,
Would you object to something like the attached patch?
--
/ daniel.haxx.se
From 74ecf3a69397d02e5a3e9504a0ab159714214cb0 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <[email protected]>
Date: Fri, 13 Dec 2013 23:56:24 +0100
Subject: [PATCH] auth options: remove the ;[options] support from
CURLOPT_USERPWD
To avoid the regression when users pass in passwords containing
semicolons, we now drop the ability to set the options in the same
options. The options support in CURLOPT_USERPWD was added in 7.31.0.
Test case 83 was modified to verify that colons and semicolons can be
used as part of the password when using -u (CURLOPT_USERPWD).
Also, CURLOPT_AUTH_OPTIONS is now the setopt option name for setting the
options directly (renamed from CURLOPT_OPTIONS).
Bug: http://curl.haxx.se/bug/view.cgi?id=1311
Reported-by: Petr Bahula
---
docs/libcurl/curl_easy_setopt.3 | 14 +++++++-------
docs/libcurl/symbols-in-versions | 2 +-
include/curl/curl.h | 2 +-
include/curl/typecheck-gcc.h | 4 ++--
lib/url.c | 21 ++++++---------------
src/tool_cfgable.h | 1 +
src/tool_getparam.c | 10 ++++++++--
src/tool_operate.c | 2 ++
tests/data/test83 | 4 ++--
9 files changed, 30 insertions(+), 30 deletions(-)
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 51edaea..2649810 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -1165,22 +1165,22 @@ authentication. You should not use this option together with the (older)
CURLOPT_USERPWD option.
To specify the password and login options, along with the user name, use the
-\fICURLOPT_PASSWORD\fP and \fICURLOPT_OPTIONS\fP options or alternatively use
-the older \CURLOPT_USERPWD\fP option instead. (Added in 7.19.1)
+\fICURLOPT_PASSWORD\fP and \fICURLOPT_AUTH_OPTIONS\fP options or alternatively
+use the older \CURLOPT_USERPWD\fP option instead. (Added in 7.19.1)
.IP CURLOPT_PASSWORD
Pass a char * as parameter, which should be pointing to the zero terminated
password to use for the transfer.
The CURLOPT_PASSWORD option should be used in conjunction with the
\fICURLOPT_USERNAME\fP option. (Added in 7.19.1)
-.IP CURLOPT_OPTIONS
+.IP CURLOPT_AUTH_OPTIONS
Pass a char * as parameter, which should be pointing to the zero terminated
options string to use for the transfer.
-\CURLOPT_OPTIONS\fP can be used to set protocol specific authentication options,
-such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", and
-should be used in conjunction with the \fICURLOPT_USERNAME\fP option. (Added in
-7.34.0)
+\CURLOPT_AUTH_OPTIONS\fP can be used to set protocol specific authentication
+options, such as the preferred authentication mechanism via "AUTH=NTLM" or
+"AUTH=*", and should be used in conjunction with the \fICURLOPT_USERNAME\fP
+option. (Added in 7.34.0)
.IP CURLOPT_PROXYUSERNAME
Pass a char * as parameter, which should be pointing to the zero terminated
user name to use for the transfer while connecting to Proxy.
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index e9d7719..cda0ce5 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -302,6 +302,7 @@ CURLOPT_ACCEPTTIMEOUT_MS 7.24.0
CURLOPT_ACCEPT_ENCODING 7.21.6
CURLOPT_ADDRESS_SCOPE 7.19.0
CURLOPT_APPEND 7.17.0
+CURLOPT_AUTH_OPTIONS 7.34.0
CURLOPT_AUTOREFERER 7.1
CURLOPT_BUFFERSIZE 7.10
CURLOPT_CAINFO 7.4.2
@@ -418,7 +419,6 @@ CURLOPT_NOSIGNAL 7.10
CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0
CURLOPT_OPENSOCKETDATA 7.17.1
CURLOPT_OPENSOCKETFUNCTION 7.17.1
-CURLOPT_OPTIONS 7.34.0
CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5
CURLOPT_PASSWORD 7.19.1
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 9bee934..a17050b 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1569,7 +1569,7 @@ typedef enum {
CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
/* Set authentication options directly */
- CINIT(OPTIONS, OBJECTPOINT, 224),
+ CINIT(AUTH_OPTIONS, OBJECTPOINT, 224),
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
index 7feccf3..07c18df 100644
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <[email protected]>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <[email protected]>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -269,7 +269,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(option) == CURLOPT_DNS_INTERFACE || \
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
- (option) == CURLOPT_OPTIONS || \
+ (option) == CURLOPT_AUTH_OPTIONS || \
0)
/* evaluates to true if option takes a curl_write_callback argument */
diff --git a/lib/url.c b/lib/url.c
index 7536877..d6c3113 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -299,13 +299,11 @@ static CURLcode setstropt(char **charp, char *s)
return CURLE_OK;
}
-static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
- char **optionsp)
+static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
{
CURLcode result = CURLE_OK;
char *user = NULL;
char *passwd = NULL;
- char *options = NULL;
/* Parse the login details if specified. It not then we treat NULL as a hint
to clear the existing data */
@@ -313,7 +311,7 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
result = parse_login_details(option, strlen(option),
(userp ? &user : NULL),
(passwdp ? &passwd : NULL),
- (optionsp ? &options : NULL));
+ NULL);
}
if(!result) {
@@ -335,12 +333,6 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
Curl_safefree(*passwdp);
*passwdp = passwd;
}
-
- /* Store the options part of option if required */
- if(optionsp) {
- Curl_safefree(*optionsp);
- *optionsp = options;
- }
}
return result;
@@ -1553,12 +1545,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
case CURLOPT_USERPWD:
/*
- * user:password;options to use in the operation
+ * user:password to use in the operation
*/
result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_USERNAME],
- &data->set.str[STRING_PASSWORD],
- &data->set.str[STRING_OPTIONS]);
+ &data->set.str[STRING_PASSWORD]);
break;
case CURLOPT_USERNAME:
@@ -1577,7 +1568,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
va_arg(param, char *));
break;
- case CURLOPT_OPTIONS:
+ case CURLOPT_AUTH_OPTIONS:
/*
* authentication options to use in the operation
*/
@@ -1662,7 +1653,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
*/
result = setstropt_userpwd(va_arg(param, char *),
&data->set.str[STRING_PROXYUSERNAME],
- &data->set.str[STRING_PROXYPASSWORD], NULL);
+ &data->set.str[STRING_PROXYPASSWORD]);
break;
case CURLOPT_PROXYUSERNAME:
/*
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 2f9cd5a..ccc6ced 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -74,6 +74,7 @@ struct Configurable {
0 => -s is used to NOT show errors
1 => -S has been used to show errors */
char *userpwd;
+ char *authoptions;
char *tls_username;
char *tls_password;
char *tls_authtype;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index d0feb71..ff1d399 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -218,6 +218,7 @@ static const struct LongShort aliases[]= {
{"El", "tlspassword", TRUE},
{"Em", "tlsauthtype", TRUE},
{"En", "ssl-allow-beast", FALSE},
+ {"Eo", "auth-options", TRUE},
{"f", "fail", FALSE},
{"F", "form", TRUE},
{"Fs", "form-string", TRUE},
@@ -1366,10 +1367,15 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
- case 'n': /* no empty SSL fragments */
+ case 'n': /* no empty SSL fragments, --ssl-allow-beast */
if(curlinfo->features & CURL_VERSION_SSL)
config->ssl_allow_beast = toggle;
break;
+
+ case 'o': /* --auth-options */
+ GetStr(&config->authoptions, nextarg);
+ break;
+
default: /* certificate file */
{
char *certname, *passphrase;
@@ -1687,7 +1693,7 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
}
break;
case 'u':
- /* user:password;options */
+ /* user:password */
GetStr(&config->userpwd, nextarg);
cleanarg(nextarg);
break;
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 7b43691..a5c9fcd 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1051,6 +1051,8 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
my_setopt(curl, CURLOPT_NETRC_FILE, config->netrc_file);
my_setopt(curl, CURLOPT_TRANSFERTEXT, config->use_ascii?1L:0L);
+ if(config->authoptions)
+ my_setopt_str(curl, CURLOPT_AUTH_OPTIONS, config->authoptions);
my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd);
my_setopt_str(curl, CURLOPT_RANGE, config->range);
my_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
diff --git a/tests/data/test83 b/tests/data/test83
index 4386c12..e00a288 100644
--- a/tests/data/test83
+++ b/tests/data/test83
@@ -50,7 +50,7 @@ http-proxy
HTTP over proxy-tunnel with site authentication
</name>
<command>
-http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user iam:myself
+http://test.83:%HTTPPORT/we/want/that/page/83 -p -x %HOSTIP:%PROXYPORT --user 'iam:my:;self'
</command>
</client>
@@ -69,7 +69,7 @@ Proxy-Connection: Keep-Alive
</proxy>
<protocol>
GET /we/want/that/page/83 HTTP/1.1
-Authorization: Basic aWFtOm15c2VsZg==
+Authorization: Basic aWFtOm15OjtzZWxm
User-Agent: curl/7.10.7-pre2 (i686-pc-linux-gnu) libcurl/7.10.7-pre2 OpenSSL/0.9.7a zlib/1.1.3
Host: test.83:%HTTPPORT
Accept: */*
--
1.8.5.1
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
