Fix #22242: Option to allow auths before challenged.

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 599226ae2771d12f46a52be485ec0b8919a91e0c..509828cc6acb2983608adf9ed2969d3766d7a73f 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,8 @@
+2008-02-10  Micah Cowan  <micah@cowan.name>
+
+       * wget.texi <HTTP Options>: Added documentation of
+       --auth-no-challenge.
+

 2008-02-06  Micah Cowan  <micah@cowan.name>
 
        * wget.ṫexi <Overview>: Remove references to no-longer-supported
 2008-02-06  Micah Cowan  <micah@cowan.name>
 
        * wget.ṫexi <Overview>: Remove references to no-longer-supported

diff --git a/doc/wget.texi b/doc/wget.texi
index 8d1a14825f99ad0e56140269ca1ec2c2bf0d7cb3..008e1809e438a711024b4dad0fd9eae65b204821 100644 (file)
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1359,6 +1359,18 @@ This option is useful for some file-downloading CGI programs that use
 @code{Content-Disposition} headers to describe what the name of a
 downloaded file should be.
 
 @code{Content-Disposition} headers to describe what the name of a
 downloaded file should be.
 

+@cindex authentication
+@item --auth-no-challenge
+
+If this option is given, Wget will send Basic HTTP authentication
+information (plaintext username and password) for all requests, just
+like Wget 1.10.2 and prior did by default.
+
+Use of this option is not recommended, and is intended only to support
+some few obscure servers, which never send HTTP authentication
+challenges, but accept unsolicited auth info, say, in addition to
+form-based authentication.
+

 @end table
 
 @node HTTPS (SSL/TLS) Options
 @end table
 
 @node HTTPS (SSL/TLS) Options

diff --git a/src/ChangeLog b/src/ChangeLog
index 673bd9c7aa4eb8a7a2a79788d0e6317f870aa5f2..dedc796786c5b214c960ed3a7811c0f00ff26688 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -9,6 +9,9 @@
        * progress.c (create_image): Add space for an extra column in
        the "eta" portion of the progress bar image; to deal with
        too-long Czech translation.
        * progress.c (create_image): Add space for an extra column in
        the "eta" portion of the progress bar image; to deal with
        too-long Czech translation.

+       * main.c, http.c, init.c: Added --auth-no-challenge option, to
+       bring back 1.10.2 unsafe auth behavior when needed. This fixes
+       bug #22242.

 
 2008-02-07  Micah Cowan  <micah@cowan.name>
 
 
 2008-02-07  Micah Cowan  <micah@cowan.name>
 

diff --git a/src/http.c b/src/http.c
index 3a0481a2be3d3a8ca5103c909cb356b449cb1e8e..6cc46616e9ef39685d6fd2bb08a923c0f64c2a9b 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -389,27 +389,35 @@ static struct hash_table *basic_authed_hosts;
  * it the username, password. A temporary measure until we can get
  * proper authentication in place. */
 
  * it the username, password. A temporary measure until we can get
  * proper authentication in place. */
 

-static int
+static bool

 maybe_send_basic_creds (const char *hostname, const char *user,
                         const char *passwd, struct request *req)
 {
 maybe_send_basic_creds (const char *hostname, const char *user,
                         const char *passwd, struct request *req)
 {

-  int did_challenge = 0;
+  bool do_challenge = false;

 
 

-  if (basic_authed_hosts
+  if (opt.auth_without_challenge)
+    {
+      DEBUGP(("Auth-without-challenge set, sending Basic credentials.\n"));
+      do_challenge = true;
+    }
+  else if (basic_authed_hosts

       && hash_table_contains(basic_authed_hosts, hostname))
     {
       DEBUGP(("Found `%s' in basic_authed_hosts.\n", hostname));
       && hash_table_contains(basic_authed_hosts, hostname))
     {
       DEBUGP(("Found `%s' in basic_authed_hosts.\n", hostname));

-      request_set_header (req, "Authorization",
-                          basic_authentication_encode (user, passwd),
-                          rel_value);
-      did_challenge = 1;
+      do_challenge = true;

     }
   else
     {
       DEBUGP(("Host `%s' has not issued a general basic challenge.\n",
               hostname));
     }
     }
   else
     {
       DEBUGP(("Host `%s' has not issued a general basic challenge.\n",
               hostname));
     }

-  return did_challenge;
+  if (do_challenge)
+    {
+      request_set_header (req, "Authorization",
+                          basic_authentication_encode (user, passwd),
+                          rel_value);
+    }
+  return do_challenge;

 }
 
 static void
 }
 
 static void

diff --git a/src/init.c b/src/init.c
index 3faec6175e8194a2df0d580a509940682cf0ca41..e957e528c8cb4dbcde3b7aa5999a4d3f53b26edd 100644 (file)
--- a/src/init.c
+++ b/src/init.c
@@ -113,6 +113,8 @@ static const struct {
   { "accept",           &opt.accepts,           cmd_vector },
   { "addhostdir",       &opt.add_hostdir,       cmd_boolean },
   { "alwaysrest",       &opt.always_rest,       cmd_boolean }, /* deprecated */
   { "accept",           &opt.accepts,           cmd_vector },
   { "addhostdir",       &opt.add_hostdir,       cmd_boolean },
   { "alwaysrest",       &opt.always_rest,       cmd_boolean }, /* deprecated */

+  { "authnochallenge",  &opt.auth_without_challenge,
+                                                cmd_boolean },

   { "background",       &opt.background,        cmd_boolean },
   { "backupconverted",  &opt.backup_converted,  cmd_boolean },
   { "backups",          &opt.backups,           cmd_number },
   { "background",       &opt.background,        cmd_boolean },
   { "backupconverted",  &opt.backup_converted,  cmd_boolean },
   { "backups",          &opt.backups,           cmd_number },

diff --git a/src/main.c b/src/main.c
index 824f9b2266daa42940387392a93667c2ea4842d1..b1e99695f19f124bc45af691a145be5b9324bc98 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -130,6 +130,7 @@ static struct cmdline_option option_data[] =
   {
     { "accept", 'A', OPT_VALUE, "accept", -1 },
     { "append-output", 'a', OPT__APPEND_OUTPUT, NULL, required_argument },
   {
     { "accept", 'A', OPT_VALUE, "accept", -1 },
     { "append-output", 'a', OPT__APPEND_OUTPUT, NULL, required_argument },

+    { "auth-no-challenge", 0, OPT_BOOLEAN, "authnochallenge", -1 },

     { "background", 'b', OPT_BOOLEAN, "background", -1 },
     { "backup-converted", 'K', OPT_BOOLEAN, "backupconverted", -1 },
     { "backups", 0, OPT_BOOLEAN, "backups", -1 },
     { "background", 'b', OPT_BOOLEAN, "background", -1 },
     { "backup-converted", 'K', OPT_BOOLEAN, "backupconverted", -1 },
     { "backups", 0, OPT_BOOLEAN, "backups", -1 },


@@ -532,6 +533,10 @@ HTTP options:\n"),
     N_("\
        --content-disposition   honor the Content-Disposition header when\n\
                                choosing local file names (EXPERIMENTAL).\n"),
     N_("\
        --content-disposition   honor the Content-Disposition header when\n\
                                choosing local file names (EXPERIMENTAL).\n"),

+    N_("\
+       --auth-no-challenge     Send Basic HTTP authentication information\n\
+                               without first waiting for the server's\n\
+                               challenge.\n"),

     "\n",
 
 #ifdef HAVE_SSL
     "\n",
 
 #ifdef HAVE_SSL

diff --git a/src/options.h b/src/options.h
index 6af6033681db14b0e05faa2348a06d2ce331f329..a4fa2f0de8bd43841464c97726f66c438b1df45a 100644 (file)
--- a/src/options.h
+++ b/src/options.h
@@ -234,6 +234,8 @@ struct options
                                   than one type is available */
   
   bool content_disposition;    /* Honor HTTP Content-Disposition header. */
                                   than one type is available */
   
   bool content_disposition;    /* Honor HTTP Content-Disposition header. */

+  bool auth_without_challenge;  /* Issue Basic authentication creds without
+                                   waiting for a challenge. */

 };
 
 extern struct options opt;
 };
 
 extern struct options opt;