New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
7.62.0 Netrc Lookup Failure #3213
Labels
Comments
@mkauf, feel like taking a closer look at this? |
@bagder OK, will do. |
thanks - it might be useful to obscure the exposed password emitted after 331 output when logging is used. |
mkauf
added a commit
to mkauf/curl
that referenced
this issue
Nov 3, 2018
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes curl#3213
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There appears to be a bug with this change where netrc lookup now fails to select the correct entry, instead defaulting to the first user entry every time. This was working in v7.61.1 and earlier.
Example netrc file:
machine ftp.gam.com login inet_web password INCORRECT
machine ftp.gam.com login fdxfer password ----
machine ftp.gam.com login impldn password -----
machine ftp.gam.com login pharo password ----
machine ftp.gam.com login pilling password ----
Version:
curl 7.62.0 (sparc-sun-solaris2.10) libcurl/7.62.0 OpenSSL/1.0.2p zlib/1.2.11 libssh2/1.8.0
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy
The following examples running under Solaris 11 pick up the wrong netrc user entry:
curl --verbose --netrc --user fdxfer: ftp://ftp.gam.com
< 220 ftp.gam.com FTP server ready.
> USER inet_web
< 331 Password required for inet_web.
curl --verbose --netrc --user pilling: ftp://ftp.gam.com
< 220 ftp.gam.com FTP server ready.
> USER inet_web
< 331 Password required for inet_web.
Originally posted by @alexcumbers in #3122
The text was updated successfully, but these errors were encountered: