FreeBSD Bugzilla – Attachment 184069 Details for
Bug 220468
libfetch: Does not handle 407 (proxy auth) when connecting to HTTPS using connect tunnel
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch of the diff from freebsd 11.0 release src
http.c.patch (text/plain), 3.48 KB, created by
Egil Hasting
on 2017-07-05 11:39:30 UTC
(
hide
)
Description:
patch of the diff from freebsd 11.0 release src
Filename:
MIME Type:
Creator:
Egil Hasting
Created:
2017-07-05 11:39:30 UTC
Size:
3.48 KB
patch
obsolete
>--- http.c 2016-09-29 01:26:01.000000000 +0200 >+++ /usr/src/lib/libfetch/http.c 2017-07-05 13:29:46.511869000 +0200 >@@ -1370,12 +1370,51 @@ > /***************************************************************************** > * Helper functions for connecting to a server or proxy > */ >+static int >+http_connect_tunnel(conn_t *conn, struct url *URL, struct url *purl, int isproxyauth) >+{ >+ const char *p; >+ http_auth_challenges_t proxy_challenges; >+ init_http_auth_challenges(&proxy_challenges); >+ http_cmd(conn, "CONNECT %s:%d HTTP/1.1", >+ URL->host, URL->port); >+ http_cmd(conn, "Host: %s:%d", >+ URL->host, URL->port); >+ if (isproxyauth > 0) >+ { >+ http_auth_params_t aparams; >+ init_http_auth_params(&aparams); >+ if (*purl->user || *purl->pwd) { >+ aparams.user = strdup(purl->user); >+ aparams.password = strdup(purl->pwd); >+ } else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && >+ *p != '\0') { >+ if (http_authfromenv(p, &aparams) < 0) { >+ http_seterr(HTTP_NEED_PROXY_AUTH); >+ return HTTP_PROTOCOL_ERROR; >+ } >+ } else if (fetch_netrc_auth(purl) == 0) { >+ aparams.user = strdup(purl->user); >+ aparams.password = strdup(purl->pwd); >+ } >+ else { >+ // No auth information found in system - exiting with warning. >+ warnx("Missing username and/or password set"); >+ return HTTP_PROTOCOL_ERROR; >+ } >+ http_authorize(conn, "Proxy-Authorization", >+ &proxy_challenges, &aparams, purl); >+ clean_http_auth_params(&aparams); >+ } >+ http_cmd(conn, ""); >+ return 0; >+} > > /* > * Connect to the correct HTTP server or proxy. > */ > static conn_t * >-http_connect(struct url *URL, struct url *purl, const char *flags) >+http_connect(struct url *URL, struct url *purl, const char *flags, int isproxyauth) > { > struct url *curl; > conn_t *conn; >@@ -1407,13 +1446,17 @@ > return (NULL); > init_http_headerbuf(&headerbuf); > if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { >- http_cmd(conn, "CONNECT %s:%d HTTP/1.1", >- URL->host, URL->port); >- http_cmd(conn, "Host: %s:%d", >- URL->host, URL->port); >- http_cmd(conn, ""); >- if (http_get_reply(conn) != HTTP_OK) { >- http_seterr(conn->err); >+ if (http_connect_tunnel(conn, URL, purl, isproxyauth) > 0) { >+ fetch_syserr(); >+ goto ouch; >+ } >+ /* Get replay from CONNECT Tunnel attempt */ >+ int httpreply = http_get_reply(conn); >+ if (httpreply != HTTP_OK) { >+ http_seterr(httpreply); >+ /* If the error is a 407/HTTP_NEED_PROXY_AUTH */ >+ if (httpreply == HTTP_NEED_PROXY_AUTH) >+ goto proxyauth; > goto ouch; > } > /* Read and discard the rest of the proxy response */ >@@ -1453,6 +1496,15 @@ > fetch_close(conn); > errno = serrno; > return (NULL); >+proxyauth: >+ /* returning a "dummy" object with error >+ * set to 407/HTTP_NEED_PROXY_AUTH */ >+ serrno = errno; >+ clean_http_headerbuf(&headerbuf); >+ fetch_close(conn); >+ errno = serrno; >+ conn->err = HTTP_NEED_PROXY_AUTH; >+ return (conn); > } > > static struct url * >@@ -1601,9 +1653,19 @@ > } > > /* connect to server or proxy */ >- if ((conn = http_connect(url, purl, flags)) == NULL) >+ /* Getting connection without proxy connection */ >+ if ((conn = http_connect(url, purl, flags, 0)) == NULL) > goto ouch; >- >+ >+ /* If returning object request proxy auth, rerun the connect with proxy auth */ >+ if (conn->err == HTTP_NEED_PROXY_AUTH) { >+ /* Retry connection with proxy auth */ >+ if ((conn = http_connect(url, purl, flags, 1)) == NULL) { >+ http_seterr(HTTP_NEED_PROXY_AUTH); >+ goto ouch; >+ } >+ } >+ > host = url->host; > #ifdef INET6 > if (strchr(url->host, ':')) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 220468
:
184056
|
184057
| 184069 |
209479