Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: introduced an auth callback

From: Jeff King <peff_at_peff.net>
Date: Fri, 1 Jun 2012 02:40:52 -0400

On Thu, May 17, 2012 at 08:46:26PM +0000, Joe Mason wrote:

> I've pushed 3 new patches to
> https://github.com/JoeNotCharles/curl/commits/authcallback_api2, and
> also updated
> https://github.com/JoeNotCharles/curl/commits/authcallback_api2_squashed
> with a force push.
>
> - added a "succeeded" member to curl_auth_info, which is always 0. (I
> tried to find a place to add a call to the auth callback once auth is
> successful, but couldn't find the right place. Someone with more
> knowledge of curl may have to do this)
> - renamed CURLAUTH_TYPE_HOST to CURLAUTH_TYPE_HTTP so we can add
> TYPE_FTP, TYPE_SMTP, etc later
> - fixed the bug with CURLOPT_FAILONERROR

Sorry for the slow response. I got a chance tonight to play more with my
proof-of-concept patch to make git use the auth callback. I confirmed
that the FAILONERROR bug is fixed. However, I did run into a new bug.

If the requested URL is something like:

  https://example.com/

then it works fine. But if it contains a username, like:

  https://user@example.com/

then the callback is never invoked, and curl returns a 401. The problem
seems to be that the logic in Curl_http_auth_act checks
conn->bits.user_passwd; if it is set, then we assume we don't need to
gather more credentials. But we do; we don't actually have a password.

Furthermore, specifying this URL:

  https://user:wrong@example.com/

also does not trigger the callback; it just returns a 401. Shouldn't it
trigger the callback (possibly with the retries count incremented)?
If we did that, it would fix both issues (when we have just a username,
presumably we send the username and a blank password in the first
request, so it can be considered a special case of having the wrong
password).

> I didn't touch the url, since I think we've agreed to do that through
> curl_easy_getinfo.

Has anybody been working on that?

-Peff
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-01