Sunday, December 14, 2008

FreeBSD|Portsnap through http proxy

Reply via E-mail
From:"Matthew Gream"
Date:Wed, 18 Jan 2006 14:49:37 -0000 (GMT)
For my scenario, further investigation revealed that this was not about
NTLM authentication, but about a disparity between fetch(3) and phttpget
as used by portsnap.sh when processing proxy authentication data from
environment variables. This is a trivial problem.

PROBLEM

fetch(3) reports that the following two syntaxes are valid:

(a)
HTTP_PROXY=http://:@proxy.example.com:8080

(b)
HTTP_PROXY=http://proxy.example.com:8080
HTTP_PROXY_AUTH=basic:*::

2.

portsnap(8) reports that "Since portsnap uses fetch(1) to download
updates, setting the HTTP_PROXY environment variable will direct it to
fetch updates from the given proxy."

3.

Investigation reveals that phttpget only supports 1(b), not 1(a). If the
syntax in 1(a) is used, phttpget will extract invalid values for host and
port, and not extract authentication values at all. It is a fair
assumption that users will either use the short-form syntax in 1(a), or
assume it is a valid syntax upon reading portsnap(8) and fetch(3).

SOLUTION

For consistency, ensure that phttpget parses basic authentication data
from the proxy url as in 1(a) above. The following patch works (against
HEAD). Note that this handles case where ':pass' is not present.

Download patch-3.diff 
--- portsnap/phttpget/phttpget.c        Wed Jan 18 13:39:53 2006
+++ portsnap.x/phttpget/phttpget.c      Wed Jan 18 14:43:15 2006
@@ -44,7 +44,7 @@
#include 
#include 
-static const char *    env_HTTP_PROXY;

+static char *          env_HTTP_PROXY;
static char *          env_HTTP_PROXY_AUTH;
static const char *    env_HTTP_USER_AGENT;
static const char *    proxyport;
@@ -129,6 +129,13 @@
       if (env_HTTP_PROXY != NULL) {
               if (strncmp(env_HTTP_PROXY, "http://", 7) == 0)
                       env_HTTP_PROXY += 7;
+               /* Process user:pass from http://user:pass@host:port */
+               proxy_auth_user = strsep(&env_HTTP_PROXY, "@");
+               if (proxy_auth_user != NULL) {
+                       proxy_auth_pass = strchr(proxy_auth_user, ':');
+                       if (proxy_auth_pass != NULL)
+                               *proxy_auth_pass++ = '\0';
+               }
               p = strchr(env_HTTP_PROXY, '/');
               if (p != NULL)
                       *p = 0;
@@ -141,7 +148,8 @@
       }
       env_HTTP_PROXY_AUTH = getenv("HTTP_PROXY_AUTH");

-       if ((env_HTTP_PROXY != NULL) &&
+       if ((proxy_auth_user != NULL || proxy_auth_pass != NULL) &&
+           (env_HTTP_PROXY != NULL) &&
           (env_HTTP_PROXY_AUTH != NULL) &&
           (strncasecmp(env_HTTP_PROXY_AUTH, "basic:" , 6) == 0)) {
               /* Ignore authentication scheme */


-- 


Matthew Gream
matthew.gream@pobox.com
http://matthewgream.net

Posted by Stephen Cheng at 8:09 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)