X-Git-Url: http://sjero.net/git/?a=blobdiff_plain;f=src%2Fhttp.c;h=5715df655c54cc8b256c842eaed31d4158a730b4;hb=d260ded06063cd974b50ea061641c98b64fe25a3;hp=b2a03c87fd7a879f47a9e3a6506d04e221b63a56;hpb=a300f1e47d12877b13cb661a9742de443232dc1a;p=wget diff --git a/src/http.c b/src/http.c index b2a03c87..5715df65 100644 --- a/src/http.c +++ b/src/http.c @@ -74,7 +74,7 @@ extern char *version_string; struct http_stat; static char *create_authorization_line (const char *, const char *, const char *, const char *, - const char *, bool *); + const char *, bool *, uerr_t *); static char *basic_authentication_encode (const char *, const char *); static bool known_authentication_scheme_p (const char *, const char *); static void ensure_extension (struct http_stat *, const char *, int *); @@ -924,8 +924,6 @@ skip_short_body (int fd, wgint contlen, bool chunked) char dlbuf[SKIP_SIZE + 1]; dlbuf[SKIP_SIZE] = '\0'; /* so DEBUGP can safely print it */ - assert (contlen != -1 || contlen); - /* If the body is too large, it makes more sense to simply close the connection than to try to read the body. */ if (contlen > SKIP_THRESHOLD) @@ -1690,7 +1688,7 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, char *head; struct response *resp; - char hdrval[256]; + char hdrval[512]; char *message; /* Declare WARC variables. */ @@ -2015,10 +2013,9 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy, the regular request below. */ proxyauth = NULL; } - /* Examples in rfc2817 use the Host header in CONNECT - requests. I don't see how that gains anything, given - that the contents of Host would be exactly the same as - the contents of CONNECT. */ + request_set_header (connreq, "Host", + aprintf ("%s:%d", u->host, u->port), + rel_value); write_error = request_send (connreq, sock, 0); request_free (connreq); @@ -2350,6 +2347,7 @@ read_header: } pconn.authorized = false; + uerr_t auth_err = RETROK; if (!auth_finished && (user && passwd)) { /* IIS sends multiple copies of WWW-Authenticate, one with @@ -2377,28 +2375,44 @@ read_header: else if (!basic_auth_finished || !BEGINS_WITH (www_authenticate, "Basic")) { - char *pth; - pth = url_full_path (u); - request_set_header (req, "Authorization", - create_authorization_line (www_authenticate, - user, passwd, - request_method (req), - pth, - &auth_finished), - rel_value); - if (BEGINS_WITH (www_authenticate, "NTLM")) - ntlm_seen = true; - else if (!u->user && BEGINS_WITH (www_authenticate, "Basic")) + char *pth = url_full_path (u); + const char *value; + uerr_t *auth_stat; + auth_stat = xmalloc (sizeof (uerr_t)); + *auth_stat = RETROK; + + value = create_authorization_line (www_authenticate, + user, passwd, + request_method (req), + pth, + &auth_finished, + auth_stat); + + auth_err = *auth_stat; + if (auth_err == RETROK) { - /* Need to register this host as using basic auth, - * so we automatically send creds next time. */ - register_basic_auth_host (u->host); + request_set_header (req, "Authorization", value, rel_value); + + if (BEGINS_WITH (www_authenticate, "NTLM")) + ntlm_seen = true; + else if (!u->user && BEGINS_WITH (www_authenticate, "Basic")) + { + /* Need to register this host as using basic auth, + * so we automatically send creds next time. */ + register_basic_auth_host (u->host); + } + + xfree (pth); + xfree_null (message); + resp_free (resp); + xfree (head); + xfree (auth_stat); + goto retry_with_auth; + } + else + { + /* Creating the Authorization header went wrong */ } - xfree (pth); - xfree_null (message); - resp_free (resp); - xfree (head); - goto retry_with_auth; } else { @@ -2406,12 +2420,14 @@ read_header: * give up. */ } } - logputs (LOG_NOTQUIET, _("Authorization failed.\n")); request_free (req); xfree_null (message); resp_free (resp); xfree (head); - return AUTHFAILED; + if (auth_err == RETROK) + return AUTHFAILED; + else + return auth_err; } else /* statcode != HTTP_STATUS_UNAUTHORIZED */ { @@ -3027,7 +3043,10 @@ http_loop (struct url *u, struct url *original_url, char **newloc, /* Send preliminary HEAD request if -N is given and we have an existing * destination file. */ - file_name = url_file_name (opt.trustservernames ? u : original_url, NULL); + if (!opt.output_document) + file_name = url_file_name (opt.trustservernames ? u : original_url, NULL); + else + file_name = xstrdup (opt.output_document); if (opt.timestamping && (file_exists_p (file_name) || opt.content_disposition)) send_head_first = true; @@ -3133,12 +3152,23 @@ Spider mode enabled. Check if remote file exists.\n")); logputs (LOG_VERBOSE, "\n"); logprintf (LOG_NOTQUIET, _("Cannot write to %s (%s).\n"), quote (hstat.local_file), strerror (errno)); - case HOSTERR: case CONIMPOSSIBLE: case PROXERR: case AUTHFAILED: - case SSLINITFAILED: case CONTNOTSUPPORTED: case VERIFCERTERR: - case FILEBADFILE: + case HOSTERR: case CONIMPOSSIBLE: case PROXERR: case SSLINITFAILED: + case CONTNOTSUPPORTED: case VERIFCERTERR: case FILEBADFILE: + case UNKNOWNATTR: /* Fatal errors just return from the function. */ ret = err; goto exit; + case ATTRMISSING: + /* A missing attribute in a Header is a fatal Protocol error. */ + logputs (LOG_VERBOSE, "\n"); + logprintf (LOG_NOTQUIET, _("Required attribute missing from Header received.\n")); + ret = err; + goto exit; + case AUTHFAILED: + logputs (LOG_VERBOSE, "\n"); + logprintf (LOG_NOTQUIET, _("Username/Password Authentication Failed.\n")); + ret = err; + goto exit; case WARC_ERR: /* A fatal WARC error. */ logputs (LOG_VERBOSE, "\n"); @@ -3677,7 +3707,7 @@ dump_hash (char *buf, const unsigned char *hash) static char * digest_authentication_encode (const char *au, const char *user, const char *passwd, const char *method, - const char *path) + const char *path, uerr_t *auth_err) { static char *realm, *opaque, *nonce, *qop, *algorithm; static struct { @@ -3717,22 +3747,27 @@ digest_authentication_encode (const char *au, const char *user, if (qop != NULL && strcmp(qop,"auth")) { logprintf (LOG_NOTQUIET, _("Unsupported quality of protection '%s'.\n"), qop); - user = NULL; /* force freeing mem and return */ + xfree_null (qop); /* force freeing mem and return */ + qop = NULL; } - - if (algorithm != NULL && strcmp (algorithm,"MD5") && strcmp (algorithm,"MD5-sess")) + else if (algorithm != NULL && strcmp (algorithm,"MD5") && strcmp (algorithm,"MD5-sess")) { logprintf (LOG_NOTQUIET, _("Unsupported algorithm '%s'.\n"), algorithm); - user = NULL; /* force freeing mem and return */ + xfree_null (qop); /* force freeing mem and return */ + qop = NULL; } - if (!realm || !nonce || !user || !passwd || !path || !method) + if (!realm || !nonce || !user || !passwd || !path || !method || !qop) { xfree_null (realm); xfree_null (opaque); xfree_null (nonce); xfree_null (qop); xfree_null (algorithm); + if (!qop) + *auth_err = UNKNOWNATTR; + else + *auth_err = ATTRMISSING; return NULL; } @@ -3902,7 +3937,7 @@ known_authentication_scheme_p (const char *hdrbeg, const char *hdrend) static char * create_authorization_line (const char *au, const char *user, const char *passwd, const char *method, - const char *path, bool *finished) + const char *path, bool *finished, uerr_t *auth_err) { /* We are called only with known schemes, so we can dispatch on the first letter. */ @@ -3914,7 +3949,7 @@ create_authorization_line (const char *au, const char *user, #ifdef ENABLE_DIGEST case 'D': /* Digest */ *finished = true; - return digest_authentication_encode (au, user, passwd, method, path); + return digest_authentication_encode (au, user, passwd, method, path, auth_err); #endif #ifdef ENABLE_NTLM case 'N': /* NTLM */