cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: introduced an auth callback

From: Joe Mason <jmason_at_rim.com>
Date: Fri, 1 Jun 2012 14:48:11 +0000

> From: curl-library-bounces_at_cool.haxx.se [curl-library-bounces_at_cool.haxx.se] on
> behalf of Jeff King [peff_at_peff.net]
> Sent: Friday, June 01, 2012 2:40 AM
> To: libcurl development
> Subject: Re: introduced an auth callback
>
> Sorry for the slow response. I got a chance tonight to play more with my
> proof-of-concept patch to make git use the auth callback. I confirmed
> that the FAILONERROR bug is fixed. However, I did run into a new bug.

No problem. I haven't had time to work on the auth callback myself recently. I hope to get back to it soon. (Since it's on github, feel free to submit patches if you can fix anything!)

> If the requested URL is something like:
>
> https://example.com/
>
> then it works fine. But if it contains a username, like:
>
> https://user@example.com/
>
> then the callback is never invoked, and curl returns a 401. The problem
> seems to be that the logic in Curl_http_auth_act checks
> conn->bits.user_passwd; if it is set, then we assume we don't need to
> gather more credentials. But we do; we don't actually have a password.

Yes, I thought it was very strange that user_passwd only checks username. But I followed the way curl already did it since I didn't want to risk changing bits I didn't fully understand.

> Furthermore, specifying this URL:
>
> https://user:wrong@example.com/
>
> also does not trigger the callback; it just returns a 401. Shouldn't it
> trigger the callback (possibly with the retries count incremented)?
> If we did that, it would fix both issues (when we have just a username,
> presumably we send the username and a blank password in the first
> request, so it can be considered a special case of having the wrong
> password).

That's an interesting bug. I agree, that would be the best fix. I'll look into it.

> > I didn't touch the url, since I think we've agreed to do that through
> > curl_easy_getinfo.
>
> Has anybody been working on that?

Not to my knowledge.

Joe
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-06-01