From owner-dev-commits-src-all@freebsd.org Thu Apr 1 21:07:04 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1AF295B7515; Thu, 1 Apr 2021 21:07:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FBG2w0KkJz4q3m; Thu, 1 Apr 2021 21:07:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F1C2F14040; Thu, 1 Apr 2021 21:07:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 131L73rY041205; Thu, 1 Apr 2021 21:07:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 131L733q041204; Thu, 1 Apr 2021 21:07:03 GMT (envelope-from git) Date: Thu, 1 Apr 2021 21:07:03 GMT Message-Id: <202104012107.131L733q041204@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Renato Botelho Subject: git: 345c30a94f64 - main - libfetch: Retry with proxy auth when server returns 407 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: garga X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 345c30a94f6425954163f1e0b075a75f603d27cd Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2021 21:07:04 -0000 The branch main has been updated by garga (ports committer): URL: https://cgit.FreeBSD.org/src/commit/?id=345c30a94f6425954163f1e0b075a75f603d27cd commit 345c30a94f6425954163f1e0b075a75f603d27cd Author: Renato Botelho AuthorDate: 2021-04-01 21:02:57 +0000 Commit: Renato Botelho CommitDate: 2021-04-01 21:02:57 +0000 libfetch: Retry with proxy auth when server returns 407 PR: 220468 Submitted by: Egil Hasting (based on) Reviewed by: kevans, kp Approved by: kp MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29533 --- lib/libfetch/http.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c index 7f37b7d67197..e61e23b1425a 100644 --- a/lib/libfetch/http.c +++ b/lib/libfetch/http.c @@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -1387,6 +1388,8 @@ http_connect(struct url *URL, struct url *purl, const char *flags) int verbose; int af, val; int serrno; + bool isproxyauth = false; + http_auth_challenges_t proxy_challenges; #ifdef INET6 af = AF_UNSPEC; @@ -1404,18 +1407,58 @@ http_connect(struct url *URL, struct url *purl, const char *flags) curl = (purl != NULL) ? purl : URL; +retry: if ((conn = fetch_connect(curl->host, curl->port, af, verbose)) == NULL) /* fetch_connect() has already set an error code */ return (NULL); init_http_headerbuf(&headerbuf); if (strcmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { - http_cmd(conn, "CONNECT %s:%d HTTP/1.1", - URL->host, URL->port); - http_cmd(conn, "Host: %s:%d", - URL->host, URL->port); + init_http_auth_challenges(&proxy_challenges); + http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port); + http_cmd(conn, "Host: %s:%d", URL->host, URL->port); + if (isproxyauth) { + http_auth_params_t aparams; + init_http_auth_params(&aparams); + if (*purl->user || *purl->pwd) { + aparams.user = strdup(purl->user); + aparams.password = strdup(purl->pwd); + } else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && + *p != '\0') { + if (http_authfromenv(p, &aparams) < 0) { + http_seterr(HTTP_NEED_PROXY_AUTH); + fetch_syserr(); + goto ouch; + } + } else if (fetch_netrc_auth(purl) == 0) { + aparams.user = strdup(purl->user); + aparams.password = strdup(purl->pwd); + } else { + /* + * No auth information found in system - exiting + * with warning. + */ + warnx("Missing username and/or password set"); + fetch_syserr(); + goto ouch; + } + http_authorize(conn, "Proxy-Authorization", + &proxy_challenges, &aparams, purl); + clean_http_auth_params(&aparams); + } http_cmd(conn, ""); - if (http_get_reply(conn) != HTTP_OK) { - http_seterr(conn->err); + /* Get reply from CONNECT Tunnel attempt */ + int httpreply = http_get_reply(conn); + if (httpreply != HTTP_OK) { + http_seterr(httpreply); + /* If the error is a 407/HTTP_NEED_PROXY_AUTH */ + if (httpreply == HTTP_NEED_PROXY_AUTH && + ! isproxyauth) { + /* Try again with authentication. */ + clean_http_headerbuf(&headerbuf); + fetch_close(conn); + isproxyauth = true; + goto retry; + } goto ouch; } /* Read and discard the rest of the proxy response */