From 4c1a59ea4807d3d27a41d82e7ab37b6ded92b355 Mon Sep 17 00:00:00 2001
From: Micah Cowan <micah@cowan.name>
Date: Sun, 10 Feb 2008 17:31:27 -0800
Subject: [PATCH] Fix #22242: Option to allow auths before challenged.

---
 doc/ChangeLog |  5 +++++
 doc/wget.texi | 12 ++++++++++++
 src/ChangeLog |  3 +++
 src/http.c    | 24 ++++++++++++++++--------
 src/init.c    |  2 ++
 src/main.c    |  5 +++++
 src/options.h |  2 ++
 7 files changed, 45 insertions(+), 8 deletions(-)
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 599226ae..509828cc 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,8 @@
+2008-02-10  Micah Cowan  <micah@cowan.name>
+
+	* wget.texi <HTTP Options>: Added documentation of
+	--auth-no-challenge.
+
 2008-02-06  Micah Cowan  <micah@cowan.name>
 
 	* wget.á¹«exi <Overview>: Remove references to no-longer-supported
diff --git a/doc/wget.texi b/doc/wget.texi
index 8d1a1482..008e1809 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1359,6 +1359,18 @@ This option is useful for some file-downloading CGI programs that use
 @code{Content-Disposition} headers to describe what the name of a
 downloaded file should be.
 
+@cindex authentication
+@item --auth-no-challenge
+
+If this option is given, Wget will send Basic HTTP authentication
+information (plaintext username and password) for all requests, just
+like Wget 1.10.2 and prior did by default.
+
+Use of this option is not recommended, and is intended only to support
+some few obscure servers, which never send HTTP authentication
+challenges, but accept unsolicited auth info, say, in addition to
+form-based authentication.
+
 @end table
 
 @node HTTPS (SSL/TLS) Options
diff --git a/src/ChangeLog b/src/ChangeLog
index 673bd9c7..dedc7967 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -9,6 +9,9 @@
 	* progress.c (create_image): Add space for an extra column in
 	the "eta" portion of the progress bar image; to deal with
 	too-long Czech translation.
+	* main.c, http.c, init.c: Added --auth-no-challenge option, to
+	bring back 1.10.2 unsafe auth behavior when needed. This fixes
+	bug #22242.
 
 2008-02-07  Micah Cowan  <micah@cowan.name>
 
diff --git a/src/http.c b/src/http.c
index 3a0481a2..6cc46616 100644
--- a/src/http.c
+++ b/src/http.c
@@ -389,27 +389,35 @@ static struct hash_table *basic_authed_hosts;
  * it the username, password. A temporary measure until we can get
  * proper authentication in place. */
 
-static int
+static bool
 maybe_send_basic_creds (const char *hostname, const char *user,
                         const char *passwd, struct request *req)
 {
-  int did_challenge = 0;
+  bool do_challenge = false;
 
-  if (basic_authed_hosts
+  if (opt.auth_without_challenge)
+    {
+      DEBUGP(("Auth-without-challenge set, sending Basic credentials.\n"));
+      do_challenge = true;
+    }
+  else if (basic_authed_hosts
       && hash_table_contains(basic_authed_hosts, hostname))
     {
       DEBUGP(("Found `%s' in basic_authed_hosts.\n", hostname));
-      request_set_header (req, "Authorization",
-                          basic_authentication_encode (user, passwd),
-                          rel_value);
-      did_challenge = 1;
+      do_challenge = true;
     }
   else
     {
       DEBUGP(("Host `%s' has not issued a general basic challenge.\n",
               hostname));
     }
-  return did_challenge;
+  if (do_challenge)
+    {
+      request_set_header (req, "Authorization",
+                          basic_authentication_encode (user, passwd),
+                          rel_value);
+    }
+  return do_challenge;
 }
 
 static void
diff --git a/src/init.c b/src/init.c
index 3faec617..e957e528 100644
--- a/src/init.c
+++ b/src/init.c
@@ -113,6 +113,8 @@ static const struct {
   { "accept",           &opt.accepts,           cmd_vector },
   { "addhostdir",       &opt.add_hostdir,       cmd_boolean },
   { "alwaysrest",       &opt.always_rest,       cmd_boolean }, /* deprecated */
+  { "authnochallenge",  &opt.auth_without_challenge,
+                                                cmd_boolean },
   { "background",       &opt.background,        cmd_boolean },
   { "backupconverted",  &opt.backup_converted,  cmd_boolean },
   { "backups",          &opt.backups,           cmd_number },
diff --git a/src/main.c b/src/main.c
index 824f9b22..b1e99695 100644
--- a/src/main.c
+++ b/src/main.c
@@ -130,6 +130,7 @@ static struct cmdline_option option_data[] =
   {
     { "accept", 'A', OPT_VALUE, "accept", -1 },
     { "append-output", 'a', OPT__APPEND_OUTPUT, NULL, required_argument },
+    { "auth-no-challenge", 0, OPT_BOOLEAN, "authnochallenge", -1 },
     { "background", 'b', OPT_BOOLEAN, "background", -1 },
     { "backup-converted", 'K', OPT_BOOLEAN, "backupconverted", -1 },
     { "backups", 0, OPT_BOOLEAN, "backups", -1 },
@@ -532,6 +533,10 @@ HTTP options:\n"),
     N_("\
        --content-disposition   honor the Content-Disposition header when\n\
                                choosing local file names (EXPERIMENTAL).\n"),
+    N_("\
+       --auth-no-challenge     Send Basic HTTP authentication information\n\
+                               without first waiting for the server's\n\
+                               challenge.\n"),
     "\n",
 
 #ifdef HAVE_SSL
diff --git a/src/options.h b/src/options.h
index 6af60336..a4fa2f0d 100644
--- a/src/options.h
+++ b/src/options.h
@@ -234,6 +234,8 @@ struct options
 				   than one type is available */
   
   bool content_disposition;	/* Honor HTTP Content-Disposition header. */
+  bool auth_without_challenge;  /* Issue Basic authentication creds without
+                                   waiting for a challenge. */
 };
 
 extern struct options opt;
-- 
2.39.2

