Re: PATCH: Allow user:password to be passed in SMTP urls.

[Ben Greear]

On 03/26/2010 08:30 AM, Daniel Stenberg wrote:

On Fri, 26 Mar 2010, Ben Greear wrote:

Could we just change the code to parse user:passwd for ALL protocols
and let protocols ignore the user:passwd as needed?

Yeah, I think so. As long as the parsing doesn't break legitimately
formatted URLs, but I don't know of any such cases where that would happen.

But do note that this is a libcurl extension. These protocols aren't
specified to support name and password within the URLs.

Updated patch is attached.

I also noticed that a previous patch for telnet introduced a compile warning.
I'm going to figure out how to enable -Werr and then fix all warnings for
64-bit and just enable -Werr in my testing so that this quits happening.

Thanks,
Ben

--
Ben Greear <gree...@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com


diff --git a/lib/url.c b/lib/url.c
index bd9bd46..15304fd 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4116,63 +4116,62 @@ static CURLcode parse_url_userpass(struct SessionHandle 
*data,
    * We need somewhere to put the embedded details, so do that first.
    */
 
+  char *ptr=strchr(conn->host.name, '@');
+  char *userpass = conn->host.name;
+
   user[0] =0;   /* to make everything well-defined */
   passwd[0]=0;
 
-  if(conn->protocol & (PROT_FTP|PROT_HTTP|PROT_SCP|PROT_SFTP)) {
-    /* This is a FTP, HTTP, SCP or SFTP URL, we will now try to extract the
-     * possible user+password pair in a string like:
-     * ftp://user:passw...@ftp.my.site:8021/README */
-    char *ptr=strchr(conn->host.name, '@');
-    char *userpass = conn->host.name;
-    if(ptr != NULL) {
-      /* there's a user+password given here, to the left of the @ */
-
-      conn->host.name = ++ptr;
-
-      /* So the hostname is sane.  Only bother interpreting the
-       * results if we could care.  It could still be wasted
-       * work because it might be overtaken by the programmatically
-       * set user/passwd, but doing that first adds more cases here :-(
-       */
+  /* We will now try to extract the
+   * possible user+password pair in a string like:
+   * ftp://user:passw...@ftp.my.site:8021/README */
+  if(ptr != NULL) {
+    /* there's a user+password given here, to the left of the @ */
 
-      conn->bits.userpwd_in_url = 1;
-      if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
-        /* We could use the one in the URL */
+    conn->host.name = ++ptr;
 
-        conn->bits.user_passwd = TRUE; /* enable user+password */
+    /* So the hostname is sane.  Only bother interpreting the
+     * results if we could care.  It could still be wasted
+     * work because it might be overtaken by the programmatically
+     * set user/passwd, but doing that first adds more cases here :-(
+     */
 
-        if(*userpass != ':') {
-          /* the name is given, get user+password */
-          sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
-                 "%" MAX_CURL_PASSWORD_LENGTH_TXT "[...@]",
-                 user, passwd);
-        }
-        else
-          /* no name given, get the password only */
-          sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[...@]", passwd);
-
-        if(user[0]) {
-          char *newname=curl_easy_unescape(data, user, 0, NULL);
-          if(!newname)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newname) < MAX_CURL_USER_LENGTH)
-            strcpy(user, newname);
-
-          /* if the new name is longer than accepted, then just use
-             the unconverted name, it'll be wrong but what the heck */
-          free(newname);
-        }
-        if(passwd[0]) {
-          /* we have a password found in the URL, decode it! */
-          char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
-          if(!newpasswd)
-            return CURLE_OUT_OF_MEMORY;
-          if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
-            strcpy(passwd, newpasswd);
-
-          free(newpasswd);
-        }
+    conn->bits.userpwd_in_url = 1;
+    if(data->set.use_netrc != CURL_NETRC_REQUIRED) {
+      /* We could use the one in the URL */
+
+      conn->bits.user_passwd = TRUE; /* enable user+password */
+
+      if(*userpass != ':') {
+        /* the name is given, get user+password */
+        sscanf(userpass, "%" MAX_CURL_USER_LENGTH_TXT "[^:@]:"
+               "%" MAX_CURL_PASSWORD_LENGTH_TXT "[...@]",
+               user, passwd);
+      }
+      else
+        /* no name given, get the password only */
+        sscanf(userpass, ":%" MAX_CURL_PASSWORD_LENGTH_TXT "[...@]", passwd);
+
+      if(user[0]) {
+        char *newname=curl_easy_unescape(data, user, 0, NULL);
+        if(!newname)
+          return CURLE_OUT_OF_MEMORY;
+        if(strlen(newname) < MAX_CURL_USER_LENGTH)
+          strcpy(user, newname);
+
+        /* if the new name is longer than accepted, then just use
+           the unconverted name, it'll be wrong but what the heck */
+        free(newname);
+      }
+      if(passwd[0]) {
+        /* we have a password found in the URL, decode it! */
+        char *newpasswd=curl_easy_unescape(data, passwd, 0, NULL);
+        if(!newpasswd)
+          return CURLE_OUT_OF_MEMORY;
+        if(strlen(newpasswd) < MAX_CURL_PASSWORD_LENGTH)
+          strcpy(passwd, newpasswd);
+
+        free(newpasswd);
       }
     }
   }

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html