Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7.62.0 Netrc Lookup Failure #3213

Closed
alexcumbers opened this issue Nov 1, 2018 · 4 comments
Closed

7.62.0 Netrc Lookup Failure #3213

alexcumbers opened this issue Nov 1, 2018 · 4 comments
Assignees
Labels

Comments

@alexcumbers
Copy link

@alexcumbers alexcumbers commented Nov 1, 2018

There appears to be a bug with this change where netrc lookup now fails to select the correct entry, instead defaulting to the first user entry every time. This was working in v7.61.1 and earlier.

Example netrc file:
machine ftp.gam.com login inet_web password INCORRECT
machine ftp.gam.com login fdxfer password ----
machine ftp.gam.com login impldn password -----
machine ftp.gam.com login pharo password ----
machine ftp.gam.com login pilling password ----

Version:
curl 7.62.0 (sparc-sun-solaris2.10) libcurl/7.62.0 OpenSSL/1.0.2p zlib/1.2.11 libssh2/1.8.0
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

The following examples running under Solaris 11 pick up the wrong netrc user entry:

curl --verbose --netrc --user fdxfer: ftp://ftp.gam.com

  • Trying 193.202.226.107...
  • TCP_NODELAY set
  • Failed to set TCP_KEEPALIVE on fd 4
  • Connected to ftp.gam.com (193.202.226.107) port 21 (#0)
    < 220 ftp.gam.com FTP server ready.
    > USER inet_web
    < 331 Password required for inet_web.

PASS INCORRECT
< 530 Login incorrect.

curl --verbose --netrc --user pilling: ftp://ftp.gam.com

  • Trying 193.202.226.107...
  • TCP_NODELAY set
  • Failed to set TCP_KEEPALIVE on fd 4
  • Connected to ftp.gam.com (193.202.226.107) port 21 (#0)
    < 220 ftp.gam.com FTP server ready.
    > USER inet_web
    < 331 Password required for inet_web.

PASS INCORRECT
< 530 Login incorrect.

Originally posted by @alexcumbers in #3122

@alexcumbers alexcumbers changed the title There appears to be a bug with this change where netrc lookup now fails to select the correct entry, instead defaulting to the first user entry every time. This was working in v7.61.1 and earlier. Netrc Lookup Issue Nov 1, 2018
@alexcumbers alexcumbers changed the title Netrc Lookup Issue V7.62 Netrc Lookup Issue Nov 1, 2018
@alexcumbers alexcumbers changed the title V7.62 Netrc Lookup Issue 7.62.0 Netrc Lookup Failure Nov 1, 2018
@bagder
Copy link
Member

@bagder bagder commented Nov 1, 2018

@mkauf, feel like taking a closer look at this?

@bagder bagder added the regression label Nov 1, 2018
@mkauf mkauf self-assigned this Nov 2, 2018
@mkauf
Copy link
Contributor

@mkauf mkauf commented Nov 2, 2018

@bagder OK, will do.
@alexcumbers thank you for reporting this issue.

@alexcumbers
Copy link
Author

@alexcumbers alexcumbers commented Nov 2, 2018

thanks - it might be useful to obscure the exposed password emitted after 331 output when logging is used.

mkauf added a commit to mkauf/curl that referenced this issue Nov 3, 2018
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes curl#3213
@mkauf
Copy link
Contributor

@mkauf mkauf commented Nov 3, 2018

This bug was caused by commit 46e1640 . Commit d48e6b7 is unrelated.

I have proposed a bugfix in #3224 .

@mkauf mkauf closed this in 53db15b Nov 5, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Feb 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants
You can’t perform that action at this time.