New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go/internal/auth: the .netrc parser doesn't understand passphrases with spaces #39403
Comments
How would it affect users that happen to have a double quote character in their password? |
Good question. According to
this StackOverflow answer
the two widely-used |
The Go
That implies that, for example,
should be parsed as
You could argue that real passwords should not contain quote characters, but that's not particularly different from arguing that real passwords should not contain spaces... |
So the question is: is there an authoritative (or semi-authoritative) reference for quote-escaping in |
Timed out in state WaitingForInfo. Closing. (I am just a bot, though. Please speak up if this is a mistake or you have the requested information.) |
@bcmills Who was supposed to add more info? I apologise if it was me, because as far as I know, there aren't any more authoritative references than the current implementations I mentioned. |
(Answering for @bcmills since he's out of office today) My understanding is that The .netrc file is the best source on this format. If there's a more authoritative source though, please let us know. I think we should stick to the spec, such as at is. If every tool has its own interpretation of this file, that's not a good situation for anyone. |
@jayconrod The thing about that file is that it uses two words that may or may not mean the same thing: “name” and “string”. This “string” may be just another name for a non-space string of characters or it may mean that I don't think there is a good solution here, to be honest. I assume, that passphrases with spaces are more common than those with double quotes, but there are already implementations that don't allow spaces. |
This doesn't seem ambiguous to me: name and string are just descriptive names. Tokens may be separated by spaces, tabs, or newlines; there's no other restriction on characters within tokens; nothing says quotes should have special meaning. Is GNU ftp implementing something else? I don't think their source code alone is convincing. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
With this in my
.netrc
:I did:
What did you expect to see?
Package in my
GOPATH
.What did you see instead?
401 from the server. I assume that it's because the
.netrc
parser doesn't understand quoted passphrases with spaces. IIRC, they're not standard, but are a common extension. Current code just usesstrings.Fields
.The text was updated successfully, but these errors were encountered: