HTTP proxy auth for ftp(1)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

HTTP proxy auth for ftp(1)

Nikns Siankin
There is reworked diff (thanks Otto for corrections) that adds basic
http auth support for ftp(1).


Nikns

Index: fetch.c
===================================================================
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.57
diff -u -p -r1.57 fetch.c
--- fetch.c 1 Feb 2006 09:19:07 -0000 1.57
+++ fetch.c 8 Mar 2006 12:02:54 -0000
@@ -51,6 +51,7 @@ static char rcsid[] = "$OpenBSD: fetch.c
 #include <sys/stat.h>
 
 #include <netinet/in.h>
+#include <resolv.h>
 
 #include <arpa/ftp.h>
 #include <arpa/inet.h>
@@ -81,6 +82,7 @@ char *urldecode(const char *);
 #define FILE_URL "file:" /* file URL prefix */
 #define FTP_PROXY "ftp_proxy" /* env var with ftp proxy location */
 #define HTTP_PROXY "http_proxy" /* env var with http proxy location */
+#define PROXY_AUTH_HEADER "Proxy-Authorization: Basic" /* proxy authorization header */
 
 
 #define EMPTYSTRING(x) ((x) == NULL || (*(x) == '\0'))
@@ -105,6 +107,7 @@ url_get(const char *origline, const char
  int error, i, isftpurl = 0, isfileurl = 0, isredirect = 0, rval = -1;
  struct addrinfo hints, *res0, *res;
  const char * volatile savefile;
+ char *proxyauth = NULL, *b64_proxyauth;
  char * volatile proxy = NULL;
  volatile int s = -1, out;
  volatile sig_t oldintr;
@@ -173,6 +176,37 @@ url_get(const char *origline, const char
  warnx("Malformed proxy URL: %s", proxyenv);
  goto cleanup_url_get;
  }
+
+ proxyauth = strdup(host);
+ if (proxyauth == NULL)
+ errx(1, NULL);
+
+ /* searching for authorization creditial before last '@' if any */
+ hosttail = strrchr(proxyauth, '@');
+ if (hosttail != NULL) {
+ *hosttail++ = '\0';
+ host = hosttail;
+ if (EMPTYSTRING(proxyauth)) {
+ warnx("Malformed proxy authorization creditials.");
+ goto cleanup_url_get;
+ }
+ } else {
+ free(proxyauth);
+ proxyauth = NULL;
+ }
+
+ if (proxyauth) {
+ size_t sz = ((strlen(proxyauth) + 2) * 4 / 3) + 1;
+ /* encoding creditials to base64 */
+ b64_proxyauth = malloc(sz);
+ if (b64_proxyauth == NULL)
+ errx(1, NULL);
+
+ if (b64_ntop(proxyauth, strlen(proxyauth),
+    b64_proxyauth, sz)  == -1)
+ errx(1, "b64_ntop: error encoding base64!");
+ }
+
  *--path = '/'; /* add / back to real path */
  path = strchr(host, '/'); /* remove trailing / on host */
  if (!EMPTYSTRING(path))
@@ -350,8 +384,12 @@ again:
  * Host: directive must use the destination host address for
  * the original URI (path).  We do not attach it at this moment.
  */
- fprintf(fin, "GET %s HTTP/1.0\r\n%s\r\n\r\n", path,
-    HTTP_USER_AGENT);
+ if (proxyauth) {
+ fprintf(fin, "GET %s HTTP/1.0\r\n%s\r\n%s %s\r\n\r\n", path,
+    HTTP_USER_AGENT, PROXY_AUTH_HEADER, b64_proxyauth);
+ } else
+ fprintf(fin, "GET %s HTTP/1.0\r\n%s\r\n\r\n", path,
+    HTTP_USER_AGENT);
  } else {
  fprintf(fin, "GET /%s HTTP/1.0\r\nHost: ", path);
  if (strchr(host, ':')) {
@@ -548,6 +586,7 @@ cleanup_url_get:
  if (proxy)
  free(proxy);
  free(line);
+ free(proxyauth);
  return (rval);
 }

Reply | Threaded
Open this post in threaded view
|

Re: HTTP proxy auth for ftp(1)

Kjell-5
a minor comment:

> + if (proxyauth) {
> + size_t sz = ((strlen(proxyauth) + 2) * 4 / 3) + 1;
> + /* encoding creditials to base64 */

Maybe a comment explaining *why* that weird little calculation?
I'm not the only one that looks at that and says "huh?", am I?

Finally, I'm not a big fan of block-scoped variables.
Maybe it's because I'm an old fart. I can't think of any other
reason.

-kj

Reply | Threaded
Open this post in threaded view
|

Re: HTTP proxy auth for ftp(1)

Nikns Siankin
On Thu, May 11, 2006 at 09:34:00AM -0600, [hidden email] wrote:
>a minor comment:
>
>> + if (proxyauth) {
>> + size_t sz = ((strlen(proxyauth) + 2) * 4 / 3) + 1;
>> + /* encoding creditials to base64 */
>
>Maybe a comment explaining *why* that weird little calculation?
>I'm not the only one that looks at that and says "huh?", am I?

This calculates size of base64 encoded proxyauth response.
Perhaps this should be commented.

Nikns


>
>Finally, I'm not a big fan of block-scoped variables.
>Maybe it's because I'm an old fart. I can't think of any other
>reason.
>
>-kj