diff options
author | Renato Botelho <renato@netgate.com> | 2018-11-15 11:57:57 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2018-11-15 11:57:57 -0200 |
commit | f672994b6e2ec181397e8cbc0c8db53d059083ee (patch) | |
tree | 906753baad23baae4263c36eb7231245f0a4a529 | |
parent | bcb678a58a7bdf6d7096c939f742f2c4fbdb5810 (diff) | |
download | FreeBSD-src-f672994b6e2ec181397e8cbc0c8db53d059083ee.zip FreeBSD-src-f672994b6e2ec181397e8cbc0c8db53d059083ee.tar.gz |
Fix libfetch for HTTPS links with proxy
Import a patch from FreeBSD Bugzilla #220468 to make libfetch to work on
HTTPS URLs when using proxy
-rw-r--r-- | lib/libfetch/http.c | 80 |
1 files changed, 71 insertions, 9 deletions
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index fe4e9de..cc3fa15 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -1370,12 +1370,51 @@ http_authorize(conn_t *conn, const char *hdr, http_auth_challenges_t *cs, /***************************************************************************** * Helper functions for connecting to a server or proxy */ +static int +http_connect_tunnel(conn_t *conn, struct url *URL, struct url *purl, int isproxyauth) +{ + const char *p; + http_auth_challenges_t proxy_challenges; + init_http_auth_challenges(&proxy_challenges); + http_cmd(conn, "CONNECT %s:%d HTTP/1.1", + URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", + URL->host, URL->port); + if (isproxyauth > 0) + { + http_auth_params_t aparams; + init_http_auth_params(&aparams); + if (*purl->user || *purl->pwd) { + aparams.user = strdup(purl->user); + aparams.password = strdup(purl->pwd); + } else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && + *p != '\0') { + if (http_authfromenv(p, &aparams) < 0) { + http_seterr(HTTP_NEED_PROXY_AUTH); + return HTTP_PROTOCOL_ERROR; + } + } else if (fetch_netrc_auth(purl) == 0) { + aparams.user = strdup(purl->user); + aparams.password = strdup(purl->pwd); + } + else { + // No auth information found in system - exiting with warning. + warnx("Missing username and/or password set"); + return HTTP_PROTOCOL_ERROR; + } + http_authorize(conn, "Proxy-Authorization", + &proxy_challenges, &aparams, purl); + clean_http_auth_params(&aparams); + } + http_cmd(conn, ""); + return 0; +} /* * Connect to the correct HTTP server or proxy. */ static conn_t * -http_connect(struct url *URL, struct url *purl, const char *flags) +http_connect(struct url *URL, struct url *purl, const char *flags, int isproxyauth) { struct url *curl; conn_t *conn; @@ -1407,13 +1446,17 @@ http_connect(struct url *URL, struct url *purl, const char *flags) return (NULL); init_http_headerbuf(&headerbuf); if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { - http_cmd(conn, "CONNECT %s:%d HTTP/1.1", - URL->host, URL->port); - http_cmd(conn, "Host: %s:%d", - URL->host, URL->port); - http_cmd(conn, ""); - if (http_get_reply(conn) != HTTP_OK) { - http_seterr(conn->err); + if (http_connect_tunnel(conn, URL, purl, isproxyauth) > 0) { + fetch_syserr(); + goto ouch; + } + /* Get replay from CONNECT Tunnel attempt */ + int httpreply = http_get_reply(conn); + if (httpreply != HTTP_OK) { + http_seterr(httpreply); + /* If the error is a 407/HTTP_NEED_PROXY_AUTH */ + if (httpreply == HTTP_NEED_PROXY_AUTH) + goto proxyauth; goto ouch; } /* Read and discard the rest of the proxy response */ @@ -1453,6 +1496,15 @@ ouch: fetch_close(conn); errno = serrno; return (NULL); +proxyauth: + /* returning a "dummy" object with error + * set to 407/HTTP_NEED_PROXY_AUTH */ + serrno = errno; + clean_http_headerbuf(&headerbuf); + fetch_close(conn); + errno = serrno; + conn->err = HTTP_NEED_PROXY_AUTH; + return (conn); } static struct url * @@ -1601,9 +1653,19 @@ http_request_body(struct url *URL, const char *op, struct url_stat *us, } /* connect to server or proxy */ - if ((conn = http_connect(url, purl, flags)) == NULL) + /* Getting connection without proxy connection */ + if ((conn = http_connect(url, purl, flags, 0)) == NULL) goto ouch; + /* If returning object request proxy auth, rerun the connect with proxy auth */ + if (conn->err == HTTP_NEED_PROXY_AUTH) { + /* Retry connection with proxy auth */ + if ((conn = http_connect(url, purl, flags, 1)) == NULL) { + http_seterr(HTTP_NEED_PROXY_AUTH); + goto ouch; + } + } + /* append port number only if necessary */ host = url->host; if (url->port != fetch_default_port(url->scheme)) { |