snapshot of project "lynx", label v2-8-9dev_11d

5 files changed, 107 insertions, 24 deletions

diff --git a/WWW/Library/Implementation/HTAABrow.c b/WWW/Library/Implementation/HTAABrow.c
index 31a0a469..4bc1add2 100644
--- a/WWW/Library/Implementation/HTAABrow.c
+++ b/WWW/Library/Implementation/HTAABrow.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTAABrow.c,v 1.41 2016/11/24 15:14:00 tom Exp $
+ * $LynxId: HTAABrow.c,v 1.42 2016/11/24 23:57:57 tom Exp $
  *
  * MODULE							HTAABrow.c
  *		BROWSER SIDE ACCESS AUTHORIZATION MODULE
@@ -532,6 +532,72 @@ static HTAARealm *HTAARealm_new(HTList *realm_table,
     return realm;
 }
 
+BOOL HTAA_HaveUserinfo(const char *hostname)
+{
+    int gen_delims = 0;
+    char *my_info = NULL;
+    char *at_sign = HTSkipToAt(StrAllocCopy(my_info, hostname), &gen_delims);
+
+    free(my_info);
+    return (at_sign != NULL && gen_delims == 0) ? TRUE : FALSE;
+}
+
+/*
+ * If there is userinfo in the hostname string, update the realm to use that
+ * information.  The command-line "-auth" option will override this.
+ */
+static void fill_in_userinfo(HTAARealm *realm, const char *hostname)
+{
+    int gen_delims = 0;
+    char *my_info = NULL;
+    char *at_sign = HTSkipToAt(StrAllocCopy(my_info, hostname), &gen_delims);
+
+    if (at_sign != NULL && gen_delims == 0) {
+	char *colon;
+
+	*at_sign = '\0';
+	if ((colon = StrChr(my_info, ':')) != 0) {
+	    *colon++ = '\0';
+	}
+	if (non_empty(my_info)) {
+	    char *msg;
+	    BOOL prior = non_empty(realm->username);
+
+	    if (prior && strcmp(realm->username, my_info)) {
+		msg = 0;
+		HTSprintf0(&msg,
+			   gettext("username for realm %s changed from %s to %s"),
+			   realm->realmname,
+			   realm->username,
+			   my_info);
+		HTAlert(msg);
+		free(msg);
+		FREE(realm->username);
+		StrAllocCopy(realm->username, my_info);
+	    } else if (!prior) {
+		StrAllocCopy(realm->username, my_info);
+	    }
+	    if (non_empty(colon)) {
+		prior = non_empty(realm->password);
+		if (prior && strcmp(realm->password, colon)) {
+		    msg = 0;
+		    HTSprintf0(&msg,
+			       gettext("password for realm %s user %s changed"),
+			       realm->realmname,
+			       realm->username);
+		    HTAlert(msg);
+		    free(msg);
+		    FREE(realm->password);
+		    StrAllocCopy(realm->password, colon);
+		} else if (!prior) {
+		    StrAllocCopy(realm->password, colon);
+		}
+	    }
+	}
+    }
+    free(my_info);
+}
+
 /***************** Basic and Pubkey Authentication ************************/
 
 /* static						compose_auth_string()
@@ -540,6 +606,7 @@ static HTAARealm *HTAARealm_new(HTList *realm_table,
  *		PROMPTS FOR USERNAME AND PASSWORD IF NEEDED
  *
  * ON ENTRY:
+ *	hostname	may include user- and password information
  *	scheme		is either HTAA_BASIC or HTAA_PUBKEY.
  *	setup		is the current server setup.
  *	IsProxy		should be TRUE if this is a proxy.
@@ -555,7 +622,10 @@ static HTAARealm *HTAARealm_new(HTList *realm_table,
  *	returned by AA package needs to (or should) be freed.
  *
  */
-static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsProxy)
+static char *compose_auth_string(const char *hostname,
+				 HTAAScheme scheme,
+				 HTAASetup * setup,
+				 int IsProxy)
 {
     char *cleartext = NULL;	/* Cleartext presentation */
     char *ciphertext = NULL;	/* Encrypted presentation */
@@ -573,9 +643,12 @@ static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsPro
 
     FREE(compose_auth_stringResult);	/* From previous call */
 
-    if ((scheme != HTAA_BASIC && scheme != HTAA_PUBKEY) || !setup ||
-	!setup->scheme_specifics || !setup->scheme_specifics[scheme] ||
-	!setup->server || !setup->server->realms)
+    if ((scheme != HTAA_BASIC && scheme != HTAA_PUBKEY) ||
+	!(setup &&
+	  setup->scheme_specifics &&
+	  setup->scheme_specifics[scheme] &&
+	  setup->server &&
+	  setup->server->realms))
 	return NULL;
 
     realmname = HTAssocList_lookup(setup->scheme_specifics[scheme], "realm");
@@ -583,9 +656,11 @@ static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsPro
 	return NULL;
 
     realm = HTAARealm_lookup(setup->server->realms, realmname);
+    setup->retry |= HTAA_HaveUserinfo(hostname);
+
     if (!(realm &&
-	  realm->username && *realm->username &&
-	  realm->password) || setup->retry) {
+	  non_empty(realm->username) &&
+	  non_empty(realm->password)) || setup->retry) {
 	if (!realm) {
 	    CTRACE((tfp, "%s `%s' %s\n",
 		    "compose_auth_string: realm:", realmname,
@@ -593,6 +668,7 @@ static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsPro
 	    realm = HTAARealm_new(setup->server->realms,
 				  realmname, NULL, NULL);
 	}
+	fill_in_userinfo(realm, hostname);
 	/*
 	 * The template should be either the '*' global for everything on the
 	 * server (always true for proxy authorization setups), or a path for
@@ -617,12 +693,7 @@ static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsPro
 	    setup->server->portnumber != 80) {
 	    HTSprintf0(&thePort, ":%d", setup->server->portnumber);
 	}
-	/*
-	 * Set up the message for the username prompt, and then issue the
-	 * prompt.  The default username is included in the call to the
-	 * prompting function, but the password is NULL-ed and always replaced. 
-	 * - FM
-	 */
+
 	HTSprintf0(&msg, gettext("Username for '%s' at %s '%s%s':"),
 		   realm->realmname,
 		   (IsProxy ? "proxy" : "server"),
@@ -630,13 +701,18 @@ static char *compose_auth_string(HTAAScheme scheme, HTAASetup * setup, int IsPro
 		   NonNull(thePort));
 	FREE(proxiedHost);
 	FREE(thePort);
-	StrAllocCopy(username, realm->username);
-	password = NULL;
+	if (non_empty(realm->username)) {
+	    StrAllocCopy(username, realm->username);
+	}
+	if (non_empty(realm->password)) {
+	    StrAllocCopy(password, realm->password);
+	}
 	HTPromptUsernameAndPassword(msg, &username, &password, IsProxy);
 
 	FREE(msg);
 	FREE(realm->username);
 	FREE(realm->password);
+
 	realm->username = username;
 	realm->password = password;
 
@@ -882,7 +958,7 @@ char *HTAA_composeAuth(const char *hostname,
 	switch (scheme = HTAA_selectScheme(proxy_setup)) {
 	case HTAA_BASIC:
 	case HTAA_PUBKEY:
-	    auth_string = compose_auth_string(scheme, proxy_setup, IsProxy);
+	    auth_string = compose_auth_string(hostname, scheme, proxy_setup, IsProxy);
 	    break;
 	case HTAA_KERBEROS_V4:
 	    /* OTHER AUTHENTICATION ROUTINES ARE CALLED HERE */
@@ -959,7 +1035,7 @@ char *HTAA_composeAuth(const char *hostname,
 	switch (scheme = HTAA_selectScheme(current_setup)) {
 	case HTAA_BASIC:
 	case HTAA_PUBKEY:
-	    auth_string = compose_auth_string(scheme, current_setup, IsProxy);
+	    auth_string = compose_auth_string(hostname, scheme, current_setup, IsProxy);
 	    break;
 	case HTAA_KERBEROS_V4:
 	    /* OTHER AUTHENTICATION ROUTINES ARE CALLED HERE */
diff --git a/WWW/Library/Implementation/HTAABrow.h b/WWW/Library/Implementation/HTAABrow.h
index 064f11e3..f151deb5 100644
--- a/WWW/Library/Implementation/HTAABrow.h
+++ b/WWW/Library/Implementation/HTAABrow.h
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTAABrow.h,v 1.16 2010/10/27 00:13:53 tom Exp $
+ * $LynxId: HTAABrow.h,v 1.17 2016/11/24 23:32:22 tom Exp $
  *
  *                          BROWSER SIDE ACCESS AUTHORIZATION MODULE
 
@@ -117,6 +117,11 @@ extern "C" {
     extern void HTClearHTTPAuthInfo(void);
 
 /*
+ * Check if a hostname-string contains user information.
+ */
+    extern BOOL HTAA_HaveUserinfo(const char *hostname);
+
+/*
 
 Enabling Gateway httpds to Forward Authorization
 
diff --git a/WWW/Library/Implementation/HTFTP.c b/WWW/Library/Implementation/HTFTP.c
index d2c8bdf2..03781a63 100644
--- a/WWW/Library/Implementation/HTFTP.c
+++ b/WWW/Library/Implementation/HTFTP.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTFTP.c,v 1.127 2016/11/24 16:22:50 tom Exp $
+ * $LynxId: HTFTP.c,v 1.128 2016/11/24 23:43:55 tom Exp $
  *
  *			File Transfer Protocol (FTP) Client
  *			for a WorldWideWeb browser
@@ -870,7 +870,7 @@ static int get_connection(const char *arg,
 		    HTSprintf0(&tmp, gettext("Enter password for user %s@%s:"),
 			       username, p1);
 		    FREE(user_entered_password);
-		    user_entered_password = HTPromptPassword(tmp);
+		    user_entered_password = HTPromptPassword(tmp, NULL);
 
 		}		/* else we already know the password */
 		password = user_entered_password;
diff --git a/WWW/Library/Implementation/HTNews.c b/WWW/Library/Implementation/HTNews.c
index 669f3a99..6e38b51e 100644
--- a/WWW/Library/Implementation/HTNews.c
+++ b/WWW/Library/Implementation/HTNews.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTNews.c,v 1.70 2013/11/28 11:13:46 tom Exp $
+ * $LynxId: HTNews.c,v 1.71 2016/11/24 23:43:38 tom Exp $
  *
  *			NEWS ACCESS				HTNews.c
  *			===========
@@ -501,7 +501,7 @@ static NNTPAuthResult HTHandleAuthInfo(char *host)
 	while (tries) {
 	    if (PassWord == NULL) {
 		HTSprintf0(&msg, gettext("Password for news host '%s':"), host);
-		PassWord = HTPromptPassword(msg);
+		PassWord = HTPromptPassword(msg, NULL);
 		FREE(msg);
 		if (!(PassWord && *PassWord)) {
 		    FREE(PassWord);
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
index 2db68e25..581cb5e6 100644
--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTTP.c,v 1.162 2016/11/24 18:25:32 tom Exp $
+ * $LynxId: HTTP.c,v 1.163 2016/11/24 23:56:50 tom Exp $
  *
  * HyperText Tranfer Protocol	- Client implementation		HTTP.c
  * ==========================
@@ -2308,7 +2308,9 @@ static int HTLoadHTTP(const char *arg,
 						 length, s, NO)) {
 
 			HTTP_NETCLOSE(s, handle);
-			if (dump_output_immediately && !authentication_info[0]) {
+			if (dump_output_immediately &&
+			    !HTAA_HaveUserinfo(HTParse(arg, "", PARSE_HOST)) &&
+			    !authentication_info[0]) {
 			    fprintf(stderr,
 				    "HTTP: Access authorization required.\n");
 			    fprintf(stderr,