|
 |
28bab8 |
From e474cf3e6f937f0bc26a0f4171bacb468ebd2241 Mon Sep 17 00:00:00 2001
|
|
|
28bab8 |
From: Jakub Filak <jfilak@redhat.com>
|
|
|
28bab8 |
Date: Wed, 21 Oct 2015 14:40:28 +0200
|
|
|
28bab8 |
Subject: [PATCH] curl: return URLs without userinfo
|
|
|
28bab8 |
|
|
|
28bab8 |
All clients should work with URLs without userinfo. This commit will
|
|
|
28bab8 |
ensure that.
|
|
|
28bab8 |
|
|
|
28bab8 |
This commit also changes log messages from:
|
|
|
28bab8 |
|
|
|
28bab8 |
Sending /var/tmp/problem_dir.tar.gz to scp://localhost/tmp/tmp.x5WVgpgUsY/target/
|
|
|
28bab8 |
Error while uploading: 'curl_easy_perform: Login denied'
|
|
|
28bab8 |
Please enter user name for 'scp://localhost/tmp/tmp.x5WVgpgUsY/target/': root
|
|
|
28bab8 |
Please enter password for 'root':
|
|
|
28bab8 |
Sending /var/tmp/problem_dir.tar.gz to scp://localhost/tmp/tmp.x5WVgpgUsY/target/
|
|
|
28bab8 |
Successfully sent /var/tmp/problem_dir.tar.gz to scp://localhost/tmp/tmp.x5WVgpgUsY/target/
|
|
|
28bab8 |
|
|
|
28bab8 |
to:
|
|
|
28bab8 |
|
|
|
28bab8 |
Sending /var/tmp/problem_dir.tar.gz to scp://localhost
|
|
|
28bab8 |
Error while uploading: 'curl_easy_perform: Login denied'
|
|
|
28bab8 |
Please enter user name for 'scp://localhost': root
|
|
|
28bab8 |
Please enter password for 'scp://root@localhost':
|
|
|
28bab8 |
Sending /var/tmp/problem_dir.tar.gz to scp://localhost
|
|
|
28bab8 |
Successfully created scp://localhost/tmp/tmp.x5WVgpgUsY/target/problem_dir.tar.gz
|
|
|
28bab8 |
|
|
|
28bab8 |
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
28bab8 |
---
|
|
|
28bab8 |
src/include/libreport_curl.h | 9 ++++++
|
|
|
28bab8 |
src/lib/curl.c | 67 +++++++++++++++++++++++++++++++-------------
|
|
|
28bab8 |
2 files changed, 56 insertions(+), 20 deletions(-)
|
|
|
28bab8 |
|
|
|
28bab8 |
diff --git a/src/include/libreport_curl.h b/src/include/libreport_curl.h
|
|
|
28bab8 |
index 812738c..b9277ad 100644
|
|
|
28bab8 |
--- a/src/include/libreport_curl.h
|
|
|
28bab8 |
+++ b/src/include/libreport_curl.h
|
|
|
28bab8 |
@@ -128,6 +128,15 @@ enum {
|
|
|
28bab8 |
#define upload_file libreport_upload_file
|
|
|
28bab8 |
char *upload_file(const char *url, const char *filename);
|
|
|
28bab8 |
|
|
|
28bab8 |
+/* Uploads filename to url.
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * If url does not ends with '/', base name of filename will be amended.
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * Fails if the url does not have scheme or hostname.
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * @return Resulting URL on success (the URL does not contain userinfo);
|
|
|
28bab8 |
+ * otherwise NULL.
|
|
|
28bab8 |
+ */
|
|
|
28bab8 |
#define upload_file_ext libreport_upload_file_ext
|
|
|
28bab8 |
char *upload_file_ext(post_state_t *post_state,
|
|
|
28bab8 |
const char *url,
|
|
|
28bab8 |
diff --git a/src/lib/curl.c b/src/lib/curl.c
|
|
|
28bab8 |
index 606d9ea..a64c464 100644
|
|
|
28bab8 |
--- a/src/lib/curl.c
|
|
|
28bab8 |
+++ b/src/lib/curl.c
|
|
|
28bab8 |
@@ -600,27 +600,48 @@ char *upload_file_ext(post_state_t *state, const char *url, const char *filename
|
|
|
28bab8 |
{
|
|
|
28bab8 |
/* we don't want to print the whole url as it may contain password
|
|
|
28bab8 |
* rhbz#856960
|
|
|
28bab8 |
- * there can be '@' in the login or password so let's try to find the
|
|
|
28bab8 |
- * first '@' from the end
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * jfilak:
|
|
|
28bab8 |
+ * We want to print valid URLs in useful messages.
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * The old code had this approach:
|
|
|
28bab8 |
+ * there can be '@' in the login or password so let's try to find the
|
|
|
28bab8 |
+ * first '@' from the end
|
|
|
28bab8 |
+ *
|
|
|
28bab8 |
+ * The new implementation decomposes URI to its base elements and uses only
|
|
|
28bab8 |
+ * scheme and hostname for the logging purpose. These elements should not
|
|
|
28bab8 |
+ * contain any sensitive information.
|
|
|
28bab8 |
*/
|
|
|
28bab8 |
- const char *clean_url = strrchr(url, '@');
|
|
|
28bab8 |
- if (clean_url)
|
|
|
28bab8 |
- clean_url++;
|
|
|
28bab8 |
- else
|
|
|
28bab8 |
- clean_url = url;
|
|
|
28bab8 |
-
|
|
|
28bab8 |
- char *whole_url;
|
|
|
28bab8 |
- unsigned len = strlen(url);
|
|
|
28bab8 |
- if (len > 0 && url[len-1] == '/')
|
|
|
28bab8 |
- whole_url = concat_path_file(url, strrchr(filename, '/') ? : filename);
|
|
|
28bab8 |
- else
|
|
|
28bab8 |
- whole_url = xstrdup(url);
|
|
|
28bab8 |
-
|
|
|
28bab8 |
-
|
|
|
28bab8 |
const char *username_bck = state->username;
|
|
|
28bab8 |
const char *password_bck = state->password;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ char *whole_url = NULL;
|
|
|
28bab8 |
+ char *scheme = NULL;
|
|
|
28bab8 |
+ char *hostname = NULL;
|
|
|
28bab8 |
char *username = NULL;
|
|
|
28bab8 |
char *password = NULL;
|
|
|
28bab8 |
+ char *clean_url = NULL;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (uri_userinfo_remove(url, &clean_url, &scheme, &hostname, &username, &password, NULL) != 0)
|
|
|
28bab8 |
+ goto finito;
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (scheme == NULL || hostname == NULL)
|
|
|
28bab8 |
+ {
|
|
|
28bab8 |
+ log_warning(_("Ingoring URL without scheme and hostname"));
|
|
|
28bab8 |
+ goto finito;
|
|
|
28bab8 |
+ }
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ if (username && (state->username == NULL || state->username[0] == '\0'))
|
|
|
28bab8 |
+ {
|
|
|
28bab8 |
+ state->username = username;
|
|
|
28bab8 |
+ state->password = password;
|
|
|
28bab8 |
+ }
|
|
|
28bab8 |
+
|
|
|
28bab8 |
+ unsigned len = strlen(clean_url);
|
|
|
28bab8 |
+ if (len > 0 && clean_url[len-1] == '/')
|
|
|
28bab8 |
+ whole_url = concat_path_file(clean_url, strrchr(filename, '/') ? : filename);
|
|
|
28bab8 |
+ else
|
|
|
28bab8 |
+ whole_url = xstrdup(clean_url);
|
|
|
28bab8 |
|
|
|
28bab8 |
/* work around bug in libssh2(curl with scp://)
|
|
|
28bab8 |
* libssh2_aget_disconnect() calls close(0)
|
|
|
28bab8 |
@@ -634,7 +655,9 @@ char *upload_file_ext(post_state_t *state, const char *url, const char *filename
|
|
|
28bab8 |
*/
|
|
|
28bab8 |
do_post:
|
|
|
28bab8 |
|
|
|
28bab8 |
- log(_("Sending %s to %s"), filename, clean_url);
|
|
|
28bab8 |
+ /* Do not include the path part of the URL as it can contain sensitive data
|
|
|
28bab8 |
+ * in case of typos */
|
|
|
28bab8 |
+ log(_("Sending %s to %s//%s"), filename, scheme, hostname);
|
|
|
28bab8 |
post(state,
|
|
|
28bab8 |
whole_url,
|
|
|
28bab8 |
/*content_type:*/ "application/octet-stream",
|
|
|
28bab8 |
@@ -658,13 +681,13 @@ char *upload_file_ext(post_state_t *state, const char *url, const char *filename
|
|
|
28bab8 |
(state->curl_result == CURLE_LOGIN_DENIED
|
|
|
28bab8 |
|| state->curl_result == CURLE_REMOTE_ACCESS_DENIED))
|
|
|
28bab8 |
{
|
|
|
28bab8 |
- char *msg = xasprintf(_("Please enter user name for '%s':"), clean_url);
|
|
|
28bab8 |
+ char *msg = xasprintf(_("Please enter user name for '%s//%s':"), scheme, hostname);
|
|
|
28bab8 |
free(username);
|
|
|
28bab8 |
username = ask(msg);
|
|
|
28bab8 |
free(msg);
|
|
|
28bab8 |
if (username != NULL && username[0] != '\0')
|
|
|
28bab8 |
{
|
|
|
28bab8 |
- msg = xasprintf(_("Please enter password for '%s':"), username);
|
|
|
28bab8 |
+ msg = xasprintf(_("Please enter password for '%s//%s@%s':"), scheme, username, hostname);
|
|
|
28bab8 |
free(password);
|
|
|
28bab8 |
password = ask_password(msg);
|
|
|
28bab8 |
free(msg);
|
|
|
28bab8 |
@@ -687,13 +710,17 @@ char *upload_file_ext(post_state_t *state, const char *url, const char *filename
|
|
|
28bab8 |
else
|
|
|
28bab8 |
{
|
|
|
28bab8 |
/* This ends up a "reporting status message" in abrtd */
|
|
|
28bab8 |
- log(_("Successfully sent %s to %s"), filename, clean_url);
|
|
|
28bab8 |
+ log(_("Successfully created %s"), whole_url);
|
|
|
28bab8 |
}
|
|
|
28bab8 |
|
|
|
28bab8 |
close(stdin_bck);
|
|
|
28bab8 |
|
|
|
28bab8 |
+finito:
|
|
|
28bab8 |
free(password);
|
|
|
28bab8 |
free(username);
|
|
|
28bab8 |
+ free(hostname);
|
|
|
28bab8 |
+ free(scheme);
|
|
|
28bab8 |
+ free(clean_url);
|
|
|
28bab8 |
|
|
|
28bab8 |
state->username = username_bck;
|
|
|
28bab8 |
state->password = password_bck;
|
|
|
28bab8 |
--
|
|
|
28bab8 |
1.8.3.1
|
|
|
28bab8 |
|