*
* Check if we have enough auth data and capabilities to authenticate.
*/
-bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn)
+bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data)
{
/* Have credentials been provided? */
- if(conn->bits.user_passwd)
+ if(data->state.aptr.user)
return TRUE;
/* EXTERNAL can authenticate without a user name and/or password */
if(force_ir || data->set.sasl_ir)
result = Curl_auth_create_external_message(conn->user, &resp);
}
- else if(conn->bits.user_passwd) {
+ else if(data->state.aptr.user) {
#if defined(USE_KERBEROS5)
if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() &&
Curl_auth_user_contains_domain(conn->user)) {
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
const struct SASLproto *params);
/* Check if we have enough auth data and capabilities to authenticate */
-bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
+bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data);
/* Calculate the required login details for SASL authentication */
CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
*done = TRUE; /* unconditionally */
- if(conn->bits.user_passwd) {
- /* AUTH is missing */
- }
-
if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
if(data->state.authproblem)
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
- if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) &&
+ if((data->state.aptr.user || data->set.str[STRING_BEARER]) &&
((data->req.httpcode == 401) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
pickhost = pickoneauth(&data->state.authhost, authmask);
(proxy && conn->bits.proxy_user_passwd &&
!Curl_checkProxyheaders(data, conn, STRCONST("Proxy-authorization"))) ||
#endif
- (!proxy && conn->bits.user_passwd &&
+ (!proxy && data->state.aptr.user &&
!Curl_checkheaders(data, STRCONST("Authorization")))) {
auth = "Basic";
result = http_output_basic(data, proxy);
#ifndef CURL_DISABLE_PROXY
(conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
#endif
- conn->bits.user_passwd || data->set.str[STRING_BEARER])
+ data->state.aptr.user || data->set.str[STRING_BEARER])
/* continue please */;
else {
authhost->done = TRUE;
** Either we're not authenticating, or we're supposed to
** be authenticating something else. This is an error.
*/
- if((httpcode == 401) && !data->conn->bits.user_passwd)
+ if((httpcode == 401) && !data->state.aptr.user)
return TRUE;
#ifndef CURL_DISABLE_PROXY
if((httpcode == 407) && !data->conn->bits.proxy_user_passwd)
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ if(!data->state.aptr.user) {
state(data, IMAP_STOP);
return result;
/* Check if already authenticated OR if there is enough data to authenticate
with and end the connect phase if we don't */
if(imapc->preauth ||
- !Curl_sasl_can_authenticate(&imapc->sasl, conn)) {
+ !Curl_sasl_can_authenticate(&imapc->sasl, data)) {
state(data, IMAP_STOP);
return result;
}
host = conn->host.name;
#endif
- if(conn->bits.user_passwd) {
+ if(data->state.aptr.user) {
user = conn->user;
passwd = conn->passwd;
}
passwd.bv_val = NULL;
passwd.bv_len = 0;
- if(conn->bits.user_passwd) {
+ if(data->state.aptr.user) {
binddn = conn->user;
passwd.bv_val = conn->passwd;
passwd.bv_len = strlen(passwd.bv_val);
state(data, newstate);
else
result = oldap_map_error(rc,
- conn->bits.user_passwd?
+ data->state.aptr.user?
CURLE_LOGIN_DENIED: CURLE_LDAP_CANNOT_BIND);
return result;
}
/* FALLTHROUGH */
case LDAP_SUCCESS:
case LDAP_NO_RESULTS_RETURNED:
- if(Curl_sasl_can_authenticate(&li->sasl, conn))
+ if(Curl_sasl_can_authenticate(&li->sasl, data))
result = oldap_perform_sasl(data);
else
result = CURLE_LOGIN_DENIED;
conn->bits.tls_upgraded = TRUE;
if(li->sasl.prefmech != SASL_AUTH_NONE)
result = oldap_perform_mechs(data);
- else if(conn->bits.user_passwd)
+ else if(data->state.aptr.user)
result = oldap_perform_bind(data, OLDAP_BIND);
else {
state(data, OLDAP_STOP); /* Version 3 supported: no bind required */
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ if(!data->state.aptr.user) {
state(data, POP3_STOP);
return result;
/* Check we have a username and password to authenticate with and end the
connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ if(!data->state.aptr.user) {
state(data, POP3_STOP);
return result;
/* Check we have enough data to authenticate with and end the
connect phase if we don't */
- if(!Curl_sasl_can_authenticate(&pop3c->sasl, conn)) {
+ if(!Curl_sasl_can_authenticate(&pop3c->sasl, data)) {
state(data, POP3_STOP);
return result;
}
(void) done;
/* Check we have a username and password to authenticate with */
- if(!conn->bits.user_passwd)
+ if(!data->state.aptr.user)
return CURLE_LOGIN_DENIED;
/* Initialize the connection state */
/* Check we have enough data to authenticate with, and the
server supports authentication, and end the connect phase if not */
if(!smtpc->auth_supported ||
- !Curl_sasl_can_authenticate(&smtpc->sasl, conn)) {
+ !Curl_sasl_can_authenticate(&smtpc->sasl, data)) {
state(data, SMTP_STOP);
return result;
}
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
/* Add the user name as an environment variable if it
was given on the command line */
- if(conn->bits.user_passwd) {
+ if(data->state.aptr.user) {
msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
beg = curl_slist_append(tn->telnet_vars, option_arg);
if(!beg) {
conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
#endif /* CURL_DISABLE_PROXY */
- conn->bits.user_passwd = (data->state.aptr.user) ? TRUE : FALSE;
#ifndef CURL_DISABLE_FTP
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
* User name and password set with their own options override the
* credentials possibly set in the URL.
*/
- if(!data->state.aptr.user) {
- /* we don't use the URL API's URL decoder option here since it rejects
- control codes and we want to allow them for some schemes in the user
- and password fields */
- uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0);
+ if(!data->state.aptr.passwd) {
+ uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0);
if(!uc) {
char *decoded;
- result = Curl_urldecode(data->state.up.user, 0, &decoded, NULL,
+ result = Curl_urldecode(data->state.up.password, 0, &decoded, NULL,
conn->handler->flags&PROTOPT_USERPWDCTRL ?
REJECT_ZERO : REJECT_CTRL);
if(result)
return result;
- conn->user = decoded;
- conn->bits.user_passwd = TRUE;
- result = Curl_setstropt(&data->state.aptr.user, decoded);
+ conn->passwd = decoded;
+ result = Curl_setstropt(&data->state.aptr.passwd, decoded);
if(result)
return result;
}
- else if(uc != CURLUE_NO_USER)
+ else if(uc != CURLUE_NO_PASSWORD)
return Curl_uc_to_curlcode(uc);
}
- if(!data->state.aptr.passwd) {
- uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0);
+ if(!data->state.aptr.user) {
+ /* we don't use the URL API's URL decoder option here since it rejects
+ control codes and we want to allow them for some schemes in the user
+ and password fields */
+ uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0);
if(!uc) {
char *decoded;
- result = Curl_urldecode(data->state.up.password, 0, &decoded, NULL,
+ result = Curl_urldecode(data->state.up.user, 0, &decoded, NULL,
conn->handler->flags&PROTOPT_USERPWDCTRL ?
REJECT_ZERO : REJECT_CTRL);
if(result)
return result;
- conn->passwd = decoded;
- conn->bits.user_passwd = TRUE;
- result = Curl_setstropt(&data->state.aptr.passwd, decoded);
- if(result)
- return result;
+ conn->user = decoded;
+ result = Curl_setstropt(&data->state.aptr.user, decoded);
}
- else if(uc != CURLUE_NO_PASSWORD)
+ else if(uc != CURLUE_NO_USER)
return Curl_uc_to_curlcode(uc);
+ else if(data->state.aptr.passwd) {
+ /* no user was set but a password, set a blank user */
+ result = Curl_setstropt(&data->state.aptr.user, "");
+ }
+ if(result)
+ return result;
}
uc = curl_url_get(uh, CURLUPART_OPTIONS, &data->state.up.options,
char **optionsp = &conn->options;
#ifndef CURL_DISABLE_NETRC
- if(data->set.use_netrc == CURL_NETRC_REQUIRED && conn->bits.user_passwd) {
+ if(data->set.use_netrc == CURL_NETRC_REQUIRED && data->state.aptr.user) {
Curl_safefree(*userp);
Curl_safefree(*passwdp);
- conn->bits.user_passwd = FALSE; /* disable user+password */
+ Curl_safefree(data->state.aptr.user); /* disable user+password */
}
#endif
file, so that it is safe to use even if we followed a Location: to a
different host or similar. */
conn->bits.netrc = TRUE;
- conn->bits.user_passwd = TRUE; /* enable user+password */
}
if(url_provided) {
Curl_safefree(conn->user);
/*
* Set the login details so they're available in the connection
*/
-static CURLcode set_login(struct connectdata *conn)
+static CURLcode set_login(struct Curl_easy *data,
+ struct connectdata *conn)
{
CURLcode result = CURLE_OK;
const char *setuser = CURL_DEFAULT_USER;
const char *setpasswd = CURL_DEFAULT_PASSWORD;
/* If our protocol needs a password and we have none, use the defaults */
- if((conn->handler->flags & PROTOPT_NEEDSPWD) && !conn->bits.user_passwd)
+ if((conn->handler->flags & PROTOPT_NEEDSPWD) && !data->state.aptr.user)
;
else {
setuser = "";
/* get the user+password information from the old_conn struct since it may
* be new for this request even when we re-use an existing connection */
- conn->bits.user_passwd = old_conn->bits.user_passwd;
- if(conn->bits.user_passwd) {
+ if(old_conn->user) {
/* use the new user name and password though */
Curl_safefree(conn->user);
Curl_safefree(conn->passwd);
if(result)
goto out;
- result = set_login(conn); /* default credentials */
+ result = set_login(data, conn); /* default credentials */
if(result)
goto out;
that overrides the host in the URL */
BIT(conn_to_port); /* if set, this connection has a "connect to port"
that overrides the port in the URL (remote port) */
- BIT(user_passwd); /* do we use user+password for this connection? */
BIT(ipv6_ip); /* we communicate with a remote site specified with pure IPv6
IP address */
BIT(ipv6); /* we communicate with a site using an IPv6 address */
projects / thirdparty / curl.git / commitdiff
