From 552f0205e6901889a965fe679f4afeeeed7f4955 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 9 Dec 2018 19:34:47 -0500 Subject: http: fix HTTP auth to include query in URI - Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356 --- lib/http.c | 17 ++++++++--- tests/data/Makefile.inc | 2 +- tests/data/test2076 | 75 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 5 deletions(-) create mode 100644 tests/data/test2076 diff --git a/lib/http.c b/lib/http.c index 7d50750a4..345100f6c 100644 --- a/lib/http.c +++ b/lib/http.c @@ -702,7 +702,7 @@ output_auth_headers(struct connectdata *conn, * * @param conn all information about the current connection * @param request pointer to the request keyword - * @param path pointer to the requested path + * @param path pointer to the requested path; should include query part * @param proxytunnel boolean if this is the request setting up a "proxy * tunnel" * @@ -2000,9 +2000,18 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) } /* setup the authentication headers */ - result = Curl_http_output_auth(conn, request, path, FALSE); - if(result) - return result; + { + char *pq = NULL; + if(query && *query) { + pq = aprintf("%s?%s", path, query); + if(!pq) + return CURLE_OUT_OF_MEMORY; + } + result = Curl_http_output_auth(conn, request, (pq ? pq : path), FALSE); + free(pq); + if(result) + return result; + } if((data->state.authhost.multipass || data->state.authproxy.multipass) && (httpreq != HTTPREQ_GET) && diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index ac2946c97..7adebd3f9 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -201,7 +201,7 @@ test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 \ test2048 test2049 test2050 test2051 test2052 test2053 test2054 test2055 \ test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \ test2064 test2065 test2066 test2067 test2068 test2069 \ - test2071 test2072 test2073 test2074 test2075 \ + test2071 test2072 test2073 test2074 test2075 test2076 \ test2080 \ test2100 \ \ diff --git a/tests/data/test2076 b/tests/data/test2076 new file mode 100644 index 000000000..2c477b1a5 --- /dev/null +++ b/tests/data/test2076 @@ -0,0 +1,75 @@ + + + +HTTP +HTTP GET +HTTP Digest auth + + +# Server-side + + +HTTP/1.1 401 Authorization Required swsclose +WWW-Authenticate: Digest realm="testrealm", nonce="1" +Content-Length: 26 + +This is not the real page + + +# This is supposed to be returned when the server gets a +# Authorization: Digest line passed-in from the client + +HTTP/1.1 200 OK swsclose +Content-Length: 23 + +This IS the real page! + + + +HTTP/1.1 401 Authorization Required swsclose +WWW-Authenticate: Digest realm="testrealm", nonce="1" +Content-Length: 26 + +HTTP/1.1 200 OK swsclose +Content-Length: 23 + +This IS the real page! + + + + +# Client-side + + +http + + +!SSPI +crypto + + +HTTP with digest auth and URI contains query + + +"http://%HOSTIP:%HTTPPORT/2076?query" -u testuser:testpass --digest + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /2076?query HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + +GET /2076?query HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Authorization: Digest username="testuser", realm="testrealm", nonce="1", uri="/2076?query", response="5758bd3bbde7f33236e6ccd278eb59af" +Accept: */* + + + + -- cgit v1.2.1