Attachment #184069 for bug #220468




/*****************************************************************************
 * Helper functions for connecting to a server or proxy
 */
static int
http_connect_tunnel(conn_t *conn, struct url *URL, struct url *purl, int isproxyauth)
{
	const char *p;
	http_auth_challenges_t proxy_challenges;
	init_http_auth_challenges(&proxy_challenges);
	http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
	      URL->host, URL->port);
	http_cmd(conn, "Host: %s:%d",
	      URL->host, URL->port);
	if (isproxyauth > 0)
	{
		http_auth_params_t aparams;
		init_http_auth_params(&aparams);
		if (*purl->user || *purl->pwd) {
			aparams.user = strdup(purl->user);
			aparams.password = strdup(purl->pwd);
		} else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL &&
			    *p != '\0') {
			if (http_authfromenv(p, &aparams) < 0) {
				http_seterr(HTTP_NEED_PROXY_AUTH);
				return HTTP_PROTOCOL_ERROR;
			}
		} else if (fetch_netrc_auth(purl) == 0) {
			aparams.user = strdup(purl->user);
			aparams.password = strdup(purl->pwd);
		}
		else {
			// No auth information found in system - exiting with warning.
			warnx("Missing username and/or password set");
			return HTTP_PROTOCOL_ERROR;
		}
		http_authorize(conn, "Proxy-Authorization",
				&proxy_challenges, &aparams, purl);
		clean_http_auth_params(&aparams);
	}
	http_cmd(conn, "");
	return 0;
}

/*
 * Connect to the correct HTTP server or proxy.
 */
static conn_t *
http_connect(struct url *URL, struct url *purl, const char *flags, int isproxyauth)
{
	struct url *curl;
	conn_t *conn;

		return (NULL);
	init_http_headerbuf(&headerbuf);
	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
		if (http_connect_tunnel(conn, URL, purl, isproxyauth) > 0) {
			fetch_syserr();
			goto ouch;
		}
		/* Get replay from CONNECT Tunnel attempt */
		int httpreply = http_get_reply(conn);
		if (httpreply != HTTP_OK) {
			http_seterr(httpreply);
			/* If the error is a 407/HTTP_NEED_PROXY_AUTH */
			if (httpreply == HTTP_NEED_PROXY_AUTH)
				goto proxyauth;
			goto ouch;
		}
		/* Read and discard the rest of the proxy response */

	fetch_close(conn);
	errno = serrno;
	return (NULL);
proxyauth:
	/* returning a "dummy" object with error 
	 * set to 407/HTTP_NEED_PROXY_AUTH */
	serrno = errno;
	clean_http_headerbuf(&headerbuf);
	fetch_close(conn);
	errno = serrno;
	conn->err = HTTP_NEED_PROXY_AUTH;
	return (conn);
}

static struct url *

		}

		/* connect to server or proxy */
		/* Getting connection without proxy connection */
		if ((conn = http_connect(url, purl, flags, 0)) == NULL)
			goto ouch;
		
		/* If returning object request proxy auth, rerun the connect with proxy auth */
		if (conn->err == HTTP_NEED_PROXY_AUTH) {
			/* Retry connection with proxy auth */
			if ((conn = http_connect(url, purl, flags, 1)) == NULL) {
				http_seterr(HTTP_NEED_PROXY_AUTH);
				goto ouch;
			}
		}
		
		host = url->host;
#ifdef INET6
		if (strchr(url->host, ':')) {

Return to bug 220468

Lines 1370-1381 Link Here

(-)/usr/src/lib/libfetch/http.c (-10 / +72 lines)
1370	/*****************************************************************************	1370	/*****************************************************************************
1371	* Helper functions for connecting to a server or proxy	1371	* Helper functions for connecting to a server or proxy
1372	*/	1372	*/
		1373	static int
		1374	http_connect_tunnel(conn_t conn, struct url URL, struct url *purl, int isproxyauth)
		1375	{
		1376	const char *p;
		1377	http_auth_challenges_t proxy_challenges;
		1378	init_http_auth_challenges(&proxy_challenges);
		1379	http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
		1380	URL->host, URL->port);
		1381	http_cmd(conn, "Host: %s:%d",
		1382	URL->host, URL->port);
		1383	if (isproxyauth > 0)
		1384	{
		1385	http_auth_params_t aparams;
		1386	init_http_auth_params(&aparams);
		1387	if (purl->user \|\| purl->pwd) {
		1388	aparams.user = strdup(purl->user);
		1389	aparams.password = strdup(purl->pwd);
		1390	} else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL &&
		1391	*p != '\0') {
		1392	if (http_authfromenv(p, &aparams) < 0) {
		1393	http_seterr(HTTP_NEED_PROXY_AUTH);
		1394	return HTTP_PROTOCOL_ERROR;
		1395	}
		1396	} else if (fetch_netrc_auth(purl) == 0) {
		1397	aparams.user = strdup(purl->user);
		1398	aparams.password = strdup(purl->pwd);
		1399	}
		1400	else {
		1401	// No auth information found in system - exiting with warning.
		1402	warnx("Missing username and/or password set");
		1403	return HTTP_PROTOCOL_ERROR;
		1404	}
		1405	http_authorize(conn, "Proxy-Authorization",
		1406	&proxy_challenges, &aparams, purl);
		1407	clean_http_auth_params(&aparams);
		1408	}
		1409	http_cmd(conn, "");
		1410	return 0;
		1411	}
1373		1412
1374	/*	1413	/*
1375	* Connect to the correct HTTP server or proxy.	1414	* Connect to the correct HTTP server or proxy.
1376	*/	1415	*/
1377	static conn_t *	1416	static conn_t *
1378	http_connect(struct url URL, struct url purl, const char *flags)	1417	http_connect(struct url URL, struct url purl, const char *flags, int isproxyauth)
1379	{	1418	{
1380	struct url *curl;	1419	struct url *curl;
1381	conn_t *conn;	1420	conn_t *conn;
Lines 1407-1419 Link Here
1407	return (NULL);	1446	return (NULL);
1408	init_http_headerbuf(&headerbuf);	1447	init_http_headerbuf(&headerbuf);
1409	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {	1448	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
1410	http_cmd(conn, "CONNECT %s:%d HTTP/1.1",	1449	if (http_connect_tunnel(conn, URL, purl, isproxyauth) > 0) {
1411	URL->host, URL->port);	1450	fetch_syserr();
1412	http_cmd(conn, "Host: %s:%d",	1451	goto ouch;
1413	URL->host, URL->port);	1452	}
1414	http_cmd(conn, "");	1453	/* Get replay from CONNECT Tunnel attempt */
1415	if (http_get_reply(conn) != HTTP_OK) {	1454	int httpreply = http_get_reply(conn);
1416	http_seterr(conn->err);	1455	if (httpreply != HTTP_OK) {
		1456	http_seterr(httpreply);
		1457	/* If the error is a 407/HTTP_NEED_PROXY_AUTH */
		1458	if (httpreply == HTTP_NEED_PROXY_AUTH)
		1459	goto proxyauth;
1417	goto ouch;	1460	goto ouch;
1418	}	1461	}
1419	/* Read and discard the rest of the proxy response */	1462	/* Read and discard the rest of the proxy response */
Lines 1453-1458 Link Here
1453	fetch_close(conn);	1496	fetch_close(conn);
1454	errno = serrno;	1497	errno = serrno;
1455	return (NULL);	1498	return (NULL);
		1499	proxyauth:
		1500	/* returning a "dummy" object with error
		1501	* set to 407/HTTP_NEED_PROXY_AUTH */
		1502	serrno = errno;
		1503	clean_http_headerbuf(&headerbuf);
		1504	fetch_close(conn);
		1505	errno = serrno;
		1506	conn->err = HTTP_NEED_PROXY_AUTH;
		1507	return (conn);
1456	}	1508	}
1457		1509
1458	static struct url *	1510	static struct url *
Lines 1601-1609 Link Here
1601	}	1653	}
1602		1654
1603	/* connect to server or proxy */	1655	/* connect to server or proxy */
1604	if ((conn = http_connect(url, purl, flags)) == NULL)	1656	/* Getting connection without proxy connection */
		1657	if ((conn = http_connect(url, purl, flags, 0)) == NULL)
1605	goto ouch;	1658	goto ouch;
1606		1659
		1660	/* If returning object request proxy auth, rerun the connect with proxy auth */
		1661	if (conn->err == HTTP_NEED_PROXY_AUTH) {
		1662	/* Retry connection with proxy auth */
		1663	if ((conn = http_connect(url, purl, flags, 1)) == NULL) {
		1664	http_seterr(HTTP_NEED_PROXY_AUTH);
		1665	goto ouch;
		1666	}
		1667	}
		1668
1607	host = url->host;	1669	host = url->host;
1608	#ifdef INET6	1670	#ifdef INET6
1609	if (strchr(url->host, ':')) {	1671	if (strchr(url->host, ':')) {