https://github.com/de-vri-es/curl-inject-opt

Inject options into CURL sessions of another command.
https://github.com/de-vri-es/curl-inject-opt

curl hacktoberfest ld-preload

Last synced: about 1 month ago
JSON representation

Inject options into CURL sessions of another command.

• Host: GitHub
• URL: https://github.com/de-vri-es/curl-inject-opt
• Owner: de-vri-es
• License: bsd-2-clause
• Created: 2019-01-14T22:43:54.000Z (over 6 years ago)
• Default Branch: main
• Last Pushed: 2023-01-26T10:51:50.000Z (over 2 years ago)
• Last Synced: 2025-03-27T12:52:34.495Z (about 2 months ago)
• Topics: curl, hacktoberfest, ld-preload
• Language: Rust
• Homepage:
• Size: 91.8 KB
• Stars: 6
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# curl-inject-opt

`curl-inject-opt` is a program to inject CURL options into the sessions of a subcommand.

The subcommand will be run with `/path/to/libcurl-inject-opt-preload.so` added to `LD_PRELOAD`,

and a list of options to set in the `CURL_INJECT_OPT` environment variable.

The command-line tool takes care of these steps automatically.

The preloaded library will intercept calls to `curl_easy_perform()` and `curl_multi_add_handle()`.

Whenever a call is intercepted, the options listed in `CURL_INJECT_OPT` are set on the relevant CURL handle

before the original function is called.

This can be used to take advantage of certain CURL features even if the program being run doesn't expose them.

Currently, supported options include timeout options, TLS client certificate settings, proxy settings, and `CURLOPT_VERBOSE`.

For a full list, see the table below.

For the exact effects of an option, refer to the man-page of the relevant CURL option.

## Options:

Usage                       |  CURL option                 | Description

----------------------------|------------------------------|---------------

`--verbose `           |  `CURLOPT_VERBOSE`           | Set to 1 to enable verbose output from CURL.

`--timeout `           |  `CURLOPT_TIMEOUT_MS`        | Timeout in milliseconds for the whole request.

`--connect-timeout `   |  `CURLOPT_CONNECTTIMEOUT_MS` | Timeout in milliseconds for the connection phase of the request.

`--proxy `             |  `CURLOPT_PROXY`             | Set the proxy to use.

`--proxy-port `        |  `CURLOPT_PROXYPORT`         | Set the proxy port.

`--proxy-type `        |  `CURLOPT_PROXYTYPE`         | Set the proxy type.

`--proxy-tunnel `      |  `CURLOPT_HTTPPROXYTUNNEL`   | Set to 1 to use CONNECT to tunnel through a configured HTTP proxy.

`--no-proxy `          |  `CURLOPT_NOPROXY`           | Set hosts to contact directly, bypassing the proxy settings.

`--client-cert `       |  `CURLOPT_SSLCERT`           | Use a client certificate to authenticate with a remote server.

`--client-cert-type `  |  `CURLOPT_SSLCERTTYPE`       | Specify the type of the client certificate (normally defaults to PEM).

`--client-key `        |  `CURLOPT_SSLKEY`            | Use a separate file as key with the client certificate.

`--client-key-type `   |  `CURLOPT_SSLKEYTYPE`        | Specify the type of the client key.

## Building

To build the project, all you need is `make`, `bash` and `cargo`, the Rust build tool.

Cargo will take care of downloading additional Rust dependencies.

See the `Cargo.toml` files to get a full list of Rust dependencies.

Since the command-line application needs to know where the preload library will be installed,

there is also a `./configure` script included.

To build and install the project, run the following commands:

```console

$ ./configure PREFIX=/usr

$ make

$ make install

```

Run `./configure --help` for an overview of all supported compile-time configuration options.

The build system also supports installing to a staging directory for packaging purposes:

```console

$ make install DESTDIR="..."

```

## Security considerations

Since `curl-inject-opt` uses `LD_PRELOAD` to intercept function calls,

it is subject to the usual security restrictions imposed by the operating system.

On Linux, this means that programs which are run in secure-execution mode will not simply preload the library.

This is generally not a problem, since it should work fine to run `sudo curl-inject-opt ...`.

Secure execution mode on Linux is used (amongst others) when a program has the `setuid` or `setgid` permission bit set,

or if the program has additional capabilities as set by the `setcap` tool.

For more information, see `man 8 ld.so` on Linux.

Although not recommended, it is possible to make `curl-inject-opt` work even with commands that are subject to the restrictions of secure-execution mode.

To make `curl-inject-opt` work with secure execution mode, the entry added to `LD_PRELOAD` must consist only of the library name `libcurl-inject-opt.so` with no path information.

The library must be found by the dynamic linker in the default search path and the library must have the `setuid` permission bit set.

This can partly be achieved by configuring the project with `./configure PREFIX=/usr RELY_ON_SEARCH=1`.

See `./configure --help` for more information.

It is up to the packager or installer to set the `setuid` bit of the installed library, if desired.

This is not done by the build system.