New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7.62.0 Netrc Lookup Failure #3213

Closed
alexcumbers opened this Issue Nov 1, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@alexcumbers

alexcumbers commented Nov 1, 2018

There appears to be a bug with this change where netrc lookup now fails to select the correct entry, instead defaulting to the first user entry every time. This was working in v7.61.1 and earlier.

Example netrc file:
machine ftp.gam.com login inet_web password INCORRECT
machine ftp.gam.com login fdxfer password ----
machine ftp.gam.com login impldn password -----
machine ftp.gam.com login pharo password ----
machine ftp.gam.com login pilling password ----

Version:
curl 7.62.0 (sparc-sun-solaris2.10) libcurl/7.62.0 OpenSSL/1.0.2p zlib/1.2.11 libssh2/1.8.0
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

The following examples running under Solaris 11 pick up the wrong netrc user entry:

curl --verbose --netrc --user fdxfer: ftp://ftp.gam.com

  • Trying 193.202.226.107...
  • TCP_NODELAY set
  • Failed to set TCP_KEEPALIVE on fd 4
  • Connected to ftp.gam.com (193.202.226.107) port 21 (#0)
    < 220 ftp.gam.com FTP server ready.
    > USER inet_web
    < 331 Password required for inet_web.

PASS INCORRECT
< 530 Login incorrect.

curl --verbose --netrc --user pilling: ftp://ftp.gam.com

  • Trying 193.202.226.107...
  • TCP_NODELAY set
  • Failed to set TCP_KEEPALIVE on fd 4
  • Connected to ftp.gam.com (193.202.226.107) port 21 (#0)
    < 220 ftp.gam.com FTP server ready.
    > USER inet_web
    < 331 Password required for inet_web.

PASS INCORRECT
< 530 Login incorrect.

Originally posted by @alexcumbers in #3122

@alexcumbers alexcumbers changed the title from There appears to be a bug with this change where netrc lookup now fails to select the correct entry, instead defaulting to the first user entry every time. This was working in v7.61.1 and earlier. to Netrc Lookup Issue Nov 1, 2018

@alexcumbers alexcumbers changed the title from Netrc Lookup Issue to V7.62 Netrc Lookup Issue Nov 1, 2018

@alexcumbers alexcumbers changed the title from V7.62 Netrc Lookup Issue to 7.62.0 Netrc Lookup Failure Nov 1, 2018

@bagder

This comment has been minimized.

Member

bagder commented Nov 1, 2018

@mkauf, feel like taking a closer look at this?

@bagder bagder added the regression label Nov 1, 2018

@mkauf mkauf self-assigned this Nov 2, 2018

@mkauf

This comment has been minimized.

Contributor

mkauf commented Nov 2, 2018

@bagder OK, will do.
@alexcumbers thank you for reporting this issue.

@alexcumbers

This comment has been minimized.

alexcumbers commented Nov 2, 2018

thanks - it might be useful to obscure the exposed password emitted after 331 output when logging is used.

mkauf added a commit to mkauf/curl that referenced this issue Nov 3, 2018

netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes curl#3213
@mkauf

This comment has been minimized.

Contributor

mkauf commented Nov 3, 2018

This bug was caused by commit 46e1640 . Commit d48e6b7 is unrelated.

I have proposed a bugfix in #3224 .

@mkauf mkauf closed this in 53db15b Nov 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment