Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | #include "curl_setup.h" |
26 | | #ifndef CURL_DISABLE_NETRC |
27 | | |
28 | | #ifdef HAVE_PWD_H |
29 | | #include <pwd.h> |
30 | | #endif |
31 | | |
32 | | #include <curl/curl.h> |
33 | | #include "netrc.h" |
34 | | #include "strtok.h" |
35 | | #include "strcase.h" |
36 | | #include "curl_get_line.h" |
37 | | |
38 | | /* The last 3 #include files should be in this order */ |
39 | | #include "curl_printf.h" |
40 | | #include "curl_memory.h" |
41 | | #include "memdebug.h" |
42 | | |
43 | | /* Get user and password from .netrc when given a machine name */ |
44 | | |
45 | | enum host_lookup_state { |
46 | | NOTHING, |
47 | | HOSTFOUND, /* the 'machine' keyword was found */ |
48 | | HOSTVALID, /* this is "our" machine! */ |
49 | | MACDEF |
50 | | }; |
51 | | |
52 | 0 | #define NETRC_FILE_MISSING 1 |
53 | 0 | #define NETRC_FAILED -1 |
54 | 0 | #define NETRC_SUCCESS 0 |
55 | | |
56 | | /* |
57 | | * Returns zero on success. |
58 | | */ |
59 | | static int parsenetrc(const char *host, |
60 | | char **loginp, |
61 | | char **passwordp, |
62 | | char *netrcfile) |
63 | 0 | { |
64 | 0 | FILE *file; |
65 | 0 | int retcode = NETRC_FILE_MISSING; |
66 | 0 | char *login = *loginp; |
67 | 0 | char *password = *passwordp; |
68 | 0 | bool specific_login = (login && *login != 0); |
69 | 0 | bool login_alloc = FALSE; |
70 | 0 | bool password_alloc = FALSE; |
71 | 0 | enum host_lookup_state state = NOTHING; |
72 | |
|
73 | 0 | char state_login = 0; /* Found a login keyword */ |
74 | 0 | char state_password = 0; /* Found a password keyword */ |
75 | 0 | int state_our_login = TRUE; /* With specific_login, found *our* login |
76 | | name (or login-less line) */ |
77 | |
|
78 | 0 | DEBUGASSERT(netrcfile); |
79 | | |
80 | 0 | file = fopen(netrcfile, FOPEN_READTEXT); |
81 | 0 | if(file) { |
82 | 0 | bool done = FALSE; |
83 | 0 | char netrcbuffer[4096]; |
84 | 0 | int netrcbuffsize = (int)sizeof(netrcbuffer); |
85 | |
|
86 | 0 | while(!done && Curl_get_line(netrcbuffer, netrcbuffsize, file)) { |
87 | 0 | char *tok; |
88 | 0 | char *tok_end; |
89 | 0 | bool quoted; |
90 | 0 | if(state == MACDEF) { |
91 | 0 | if((netrcbuffer[0] == '\n') || (netrcbuffer[0] == '\r')) |
92 | 0 | state = NOTHING; |
93 | 0 | else |
94 | 0 | continue; |
95 | 0 | } |
96 | 0 | tok = netrcbuffer; |
97 | 0 | while(tok) { |
98 | 0 | while(ISBLANK(*tok)) |
99 | 0 | tok++; |
100 | | /* tok is first non-space letter */ |
101 | 0 | if(!*tok || (*tok == '#')) |
102 | | /* end of line or the rest is a comment */ |
103 | 0 | break; |
104 | | |
105 | | /* leading double-quote means quoted string */ |
106 | 0 | quoted = (*tok == '\"'); |
107 | |
|
108 | 0 | tok_end = tok; |
109 | 0 | if(!quoted) { |
110 | 0 | while(!ISSPACE(*tok_end)) |
111 | 0 | tok_end++; |
112 | 0 | *tok_end = 0; |
113 | 0 | } |
114 | 0 | else { |
115 | 0 | bool escape = FALSE; |
116 | 0 | bool endquote = FALSE; |
117 | 0 | char *store = tok; |
118 | 0 | tok_end++; /* pass the leading quote */ |
119 | 0 | while(*tok_end) { |
120 | 0 | char s = *tok_end; |
121 | 0 | if(escape) { |
122 | 0 | escape = FALSE; |
123 | 0 | switch(s) { |
124 | 0 | case 'n': |
125 | 0 | s = '\n'; |
126 | 0 | break; |
127 | 0 | case 'r': |
128 | 0 | s = '\r'; |
129 | 0 | break; |
130 | 0 | case 't': |
131 | 0 | s = '\t'; |
132 | 0 | break; |
133 | 0 | } |
134 | 0 | } |
135 | 0 | else if(s == '\\') { |
136 | 0 | escape = TRUE; |
137 | 0 | tok_end++; |
138 | 0 | continue; |
139 | 0 | } |
140 | 0 | else if(s == '\"') { |
141 | 0 | tok_end++; /* pass the ending quote */ |
142 | 0 | endquote = TRUE; |
143 | 0 | break; |
144 | 0 | } |
145 | 0 | *store++ = s; |
146 | 0 | tok_end++; |
147 | 0 | } |
148 | 0 | *store = 0; |
149 | 0 | if(escape || !endquote) { |
150 | | /* bad syntax, get out */ |
151 | 0 | retcode = NETRC_FAILED; |
152 | 0 | goto out; |
153 | 0 | } |
154 | 0 | } |
155 | | |
156 | 0 | if((login && *login) && (password && *password)) { |
157 | 0 | done = TRUE; |
158 | 0 | break; |
159 | 0 | } |
160 | | |
161 | 0 | switch(state) { |
162 | 0 | case NOTHING: |
163 | 0 | if(strcasecompare("macdef", tok)) { |
164 | | /* Define a macro. A macro is defined with the specified name; its |
165 | | contents begin with the next .netrc line and continue until a |
166 | | null line (consecutive new-line characters) is encountered. */ |
167 | 0 | state = MACDEF; |
168 | 0 | } |
169 | 0 | else if(strcasecompare("machine", tok)) { |
170 | | /* the next tok is the machine name, this is in itself the |
171 | | delimiter that starts the stuff entered for this machine, |
172 | | after this we need to search for 'login' and |
173 | | 'password'. */ |
174 | 0 | state = HOSTFOUND; |
175 | 0 | } |
176 | 0 | else if(strcasecompare("default", tok)) { |
177 | 0 | state = HOSTVALID; |
178 | 0 | retcode = NETRC_SUCCESS; /* we did find our host */ |
179 | 0 | } |
180 | 0 | break; |
181 | 0 | case MACDEF: |
182 | 0 | if(!strlen(tok)) { |
183 | 0 | state = NOTHING; |
184 | 0 | } |
185 | 0 | break; |
186 | 0 | case HOSTFOUND: |
187 | 0 | if(strcasecompare(host, tok)) { |
188 | | /* and yes, this is our host! */ |
189 | 0 | state = HOSTVALID; |
190 | 0 | retcode = NETRC_SUCCESS; /* we did find our host */ |
191 | 0 | } |
192 | 0 | else |
193 | | /* not our host */ |
194 | 0 | state = NOTHING; |
195 | 0 | break; |
196 | 0 | case HOSTVALID: |
197 | | /* we are now parsing sub-keywords concerning "our" host */ |
198 | 0 | if(state_login) { |
199 | 0 | if(specific_login) { |
200 | 0 | state_our_login = !Curl_timestrcmp(login, tok); |
201 | 0 | } |
202 | 0 | else if(!login || Curl_timestrcmp(login, tok)) { |
203 | 0 | if(login_alloc) { |
204 | 0 | free(login); |
205 | 0 | login_alloc = FALSE; |
206 | 0 | } |
207 | 0 | login = strdup(tok); |
208 | 0 | if(!login) { |
209 | 0 | retcode = NETRC_FAILED; /* allocation failed */ |
210 | 0 | goto out; |
211 | 0 | } |
212 | 0 | login_alloc = TRUE; |
213 | 0 | } |
214 | 0 | state_login = 0; |
215 | 0 | } |
216 | 0 | else if(state_password) { |
217 | 0 | if((state_our_login || !specific_login) |
218 | 0 | && (!password || Curl_timestrcmp(password, tok))) { |
219 | 0 | if(password_alloc) { |
220 | 0 | free(password); |
221 | 0 | password_alloc = FALSE; |
222 | 0 | } |
223 | 0 | password = strdup(tok); |
224 | 0 | if(!password) { |
225 | 0 | retcode = NETRC_FAILED; /* allocation failed */ |
226 | 0 | goto out; |
227 | 0 | } |
228 | 0 | password_alloc = TRUE; |
229 | 0 | } |
230 | 0 | state_password = 0; |
231 | 0 | } |
232 | 0 | else if(strcasecompare("login", tok)) |
233 | 0 | state_login = 1; |
234 | 0 | else if(strcasecompare("password", tok)) |
235 | 0 | state_password = 1; |
236 | 0 | else if(strcasecompare("machine", tok)) { |
237 | | /* ok, there's machine here go => */ |
238 | 0 | state = HOSTFOUND; |
239 | 0 | state_our_login = FALSE; |
240 | 0 | } |
241 | 0 | break; |
242 | 0 | } /* switch (state) */ |
243 | 0 | tok = ++tok_end; |
244 | 0 | } |
245 | 0 | } /* while Curl_get_line() */ |
246 | | |
247 | 0 | out: |
248 | 0 | if(!retcode) { |
249 | | /* success */ |
250 | 0 | if(login_alloc) { |
251 | 0 | if(*loginp) |
252 | 0 | free(*loginp); |
253 | 0 | *loginp = login; |
254 | 0 | } |
255 | 0 | if(password_alloc) { |
256 | 0 | if(*passwordp) |
257 | 0 | free(*passwordp); |
258 | 0 | *passwordp = password; |
259 | 0 | } |
260 | 0 | } |
261 | 0 | else { |
262 | 0 | if(login_alloc) |
263 | 0 | free(login); |
264 | 0 | if(password_alloc) |
265 | 0 | free(password); |
266 | 0 | } |
267 | 0 | fclose(file); |
268 | 0 | } |
269 | | |
270 | 0 | return retcode; |
271 | 0 | } |
272 | | |
273 | | /* |
274 | | * @unittest: 1304 |
275 | | * |
276 | | * *loginp and *passwordp MUST be allocated if they aren't NULL when passed |
277 | | * in. |
278 | | */ |
279 | | int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, |
280 | | char *netrcfile) |
281 | 0 | { |
282 | 0 | int retcode = 1; |
283 | 0 | char *filealloc = NULL; |
284 | |
|
285 | 0 | if(!netrcfile) { |
286 | 0 | #if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID) |
287 | 0 | char pwbuf[1024]; |
288 | 0 | #endif |
289 | 0 | char *home = NULL; |
290 | 0 | char *homea = curl_getenv("HOME"); /* portable environment reader */ |
291 | 0 | if(homea) { |
292 | 0 | home = homea; |
293 | 0 | #if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID) |
294 | 0 | } |
295 | 0 | else { |
296 | 0 | struct passwd pw, *pw_res; |
297 | 0 | if(!getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res) |
298 | 0 | && pw_res) { |
299 | 0 | home = pw.pw_dir; |
300 | 0 | } |
301 | | #elif defined(HAVE_GETPWUID) && defined(HAVE_GETEUID) |
302 | | } |
303 | | else { |
304 | | struct passwd *pw; |
305 | | pw = getpwuid(geteuid()); |
306 | | if(pw) { |
307 | | home = pw->pw_dir; |
308 | | } |
309 | | #elif defined(_WIN32) |
310 | | } |
311 | | else { |
312 | | homea = curl_getenv("USERPROFILE"); |
313 | | if(homea) { |
314 | | home = homea; |
315 | | } |
316 | | #endif |
317 | 0 | } |
318 | |
|
319 | 0 | if(!home) |
320 | 0 | return retcode; /* no home directory found (or possibly out of |
321 | | memory) */ |
322 | | |
323 | 0 | filealloc = curl_maprintf("%s%s.netrc", home, DIR_CHAR); |
324 | 0 | if(!filealloc) { |
325 | 0 | free(homea); |
326 | 0 | return -1; |
327 | 0 | } |
328 | 0 | retcode = parsenetrc(host, loginp, passwordp, filealloc); |
329 | 0 | free(filealloc); |
330 | | #ifdef WIN32 |
331 | | if(retcode == NETRC_FILE_MISSING) { |
332 | | /* fallback to the old-style "_netrc" file */ |
333 | | filealloc = curl_maprintf("%s%s_netrc", home, DIR_CHAR); |
334 | | if(!filealloc) { |
335 | | free(homea); |
336 | | return -1; |
337 | | } |
338 | | retcode = parsenetrc(host, loginp, passwordp, filealloc); |
339 | | free(filealloc); |
340 | | } |
341 | | #endif |
342 | 0 | free(homea); |
343 | 0 | } |
344 | 0 | else |
345 | 0 | retcode = parsenetrc(host, loginp, passwordp, netrcfile); |
346 | 0 | return retcode; |
347 | 0 | } |
348 | | |
349 | | #endif |