[PATCH v2] fireinfo: support upstream proxy with authentication

[PATCH v2] fireinfo: support upstream proxy with authentication

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 1855 bytes --]

Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.

To apply this on existing installations, the fireinfo package
needs to be shipped during an update.

The second version of this patch fixes bogus indention, assembles
proxy authentication string more readable and preserves HTTP
proxy handler.

Fixes #11905

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/sendprofile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 src/sendprofile

diff --git a/src/sendprofile b/src/sendprofile
old mode 100644
new mode 100755
index b836567..1f32440
--- a/src/sendprofile
+++ b/src/sendprofile
@@ -73,10 +73,21 @@ def send_profile(profile):
 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
 
 	# Set upstream proxy if we have one.
-	# XXX this cannot handle authentication
 	proxy = get_upstream_proxy()
+
 	if proxy["host"]:
-		request.set_proxy(proxy["host"], "http")
+		# handling upstream proxies with authentication is more tricky...
+		if proxy["user"] and proxy["pass"]:
+			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
+
+			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
+			proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})
+			auth = urllib2.HTTPBasicAuthHandler()
+			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
+			urllib2.install_opener(opener)
+		else:
+			request.set_proxy(proxy["host"], "http")
+			request.set_proxy(proxy["host"], "https")
 
 	try:
 		urllib2.urlopen(request, timeout=60)
-- 
2.16.4

Re: [PATCH v2] fireinfo: support upstream proxy with authentication

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2154 bytes --]

Hello,

thanks for adding authentication and support for HTTPS to fireinfo.

On 29/10/2018 05:22 PM, Peter Müller wrote:
> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
> if the machine is behind an upstream proxy which requires username
> and password. This is fixed by tweaking urllib2's opening handler.
> 
> To apply this on existing installations, the fireinfo package
> needs to be shipped during an update.

Yes, obvs :)

> The second version of this patch fixes bogus indention, assembles
> proxy authentication string more readable and preserves HTTP
> proxy handler.
> 
> Fixes #11905
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  src/sendprofile | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
>  mode change 100644 => 100755 src/sendprofile
> 
> diff --git a/src/sendprofile b/src/sendprofile
> old mode 100644
> new mode 100755
> index b836567..1f32440
> --- a/src/sendprofile
> +++ b/src/sendprofile
> @@ -73,10 +73,21 @@ def send_profile(profile):
>  	request.add_header("User-Agent", "fireinfo/%s" % 
> fireinfo.__version__)
> 
>  	# Set upstream proxy if we have one.
> -	# XXX this cannot handle authentication
>  	proxy = get_upstream_proxy()
> +
>  	if proxy["host"]:
> -		request.set_proxy(proxy["host"], "http")
> +		# handling upstream proxies with authentication is more tricky...
> +		if proxy["user"] and proxy["pass"]:
> +			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"],
> proxy["pass"], proxy["host"])
> +
> +			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
> +			proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})

You are overwriting the proxy_handler variable here and that creates 
this
only for HTTPS which is not what we want here.

> +			auth = urllib2.HTTPBasicAuthHandler()
> +			opener = urllib2.build_opener(proxy_handler, auth, 
> urllib2.HTTPHandler)
> +			urllib2.install_opener(opener)
> +		else:
> +			request.set_proxy(proxy["host"], "http")
> +			request.set_proxy(proxy["host"], "https")
> 
>  	try:
>  		urllib2.urlopen(request, timeout=60)

[PATCH v3] fireinfo: support upstream proxy with authentication

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 1807 bytes --]

Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.

To apply this on existing installations, the fireinfo package
needs to be shipped during an update.

The third version of this patch fixes bogus indention, assembles
proxy authentication string more readable and preserves HTTP
proxy handler.

Fixes #11905

Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/sendprofile | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 src/sendprofile

diff --git a/src/sendprofile b/src/sendprofile
old mode 100644
new mode 100755
index b836567..3ce68b9
--- a/src/sendprofile
+++ b/src/sendprofile
@@ -73,10 +73,20 @@ def send_profile(profile):
 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
 
 	# Set upstream proxy if we have one.
-	# XXX this cannot handle authentication
 	proxy = get_upstream_proxy()
+
 	if proxy["host"]:
-		request.set_proxy(proxy["host"], "http")
+		# handling upstream proxies with authentication is more tricky...
+		if proxy["user"] and proxy["pass"]:
+			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
+
+			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string})
+			auth = urllib2.HTTPBasicAuthHandler()
+			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
+			urllib2.install_opener(opener)
+		else:
+			request.set_proxy(proxy["host"], "http")
+			request.set_proxy(proxy["host"], "https")
 
 	try:
 		urllib2.urlopen(request, timeout=60)
-- 
2.16.4

Re: [PATCH v3] fireinfo: support upstream proxy with authentication

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 2267 bytes --]

Hello Michael,

is there any chance to get this into upcoming Core Update 126?

Thanks, and best regards,
Peter Müller

Am 04.12.18 um 18:13 schrieb Peter Müller:
> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
> if the machine is behind an upstream proxy which requires username
> and password. This is fixed by tweaking urllib2's opening handler.
> 
> To apply this on existing installations, the fireinfo package
> needs to be shipped during an update.
> 
> The third version of this patch fixes bogus indention, assembles
> proxy authentication string more readable and preserves HTTP
> proxy handler.
> 
> Fixes #11905
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  src/sendprofile | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
>  mode change 100644 => 100755 src/sendprofile
> 
> diff --git a/src/sendprofile b/src/sendprofile
> old mode 100644
> new mode 100755
> index b836567..3ce68b9
> --- a/src/sendprofile
> +++ b/src/sendprofile
> @@ -73,10 +73,20 @@ def send_profile(profile):
>  	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
>  
>  	# Set upstream proxy if we have one.
> -	# XXX this cannot handle authentication
>  	proxy = get_upstream_proxy()
> +
>  	if proxy["host"]:
> -		request.set_proxy(proxy["host"], "http")
> +		# handling upstream proxies with authentication is more tricky...
> +		if proxy["user"] and proxy["pass"]:
> +			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
> +
> +			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string})
> +			auth = urllib2.HTTPBasicAuthHandler()
> +			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
> +			urllib2.install_opener(opener)
> +		else:
> +			request.set_proxy(proxy["host"], "http")
> +			request.set_proxy(proxy["host"], "https")
>  
>  	try:
>  		urllib2.urlopen(request, timeout=60)
> 


-- 
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made.  Fix Information: Run your DNS
service on a different platform.
		-- bugtraq

Re: [PATCH v3] fireinfo: support upstream proxy with authentication

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2595 bytes --]

Hi,

No, the Core Update is already tagged, built and uploaded to the mirrors.

The release announcement is also ready, but Arne hasn’t released it, yet.

-Michael

> On 10 Dec 2018, at 15:29, Peter Müller <peter.mueller(a)link38.eu> wrote:
> 
> Hello Michael,
> 
> is there any chance to get this into upcoming Core Update 126?
> 
> Thanks, and best regards,
> Peter Müller
> 
> Am 04.12.18 um 18:13 schrieb Peter Müller:
>> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
>> if the machine is behind an upstream proxy which requires username
>> and password. This is fixed by tweaking urllib2's opening handler.
>> 
>> To apply this on existing installations, the fireinfo package
>> needs to be shipped during an update.
>> 
>> The third version of this patch fixes bogus indention, assembles
>> proxy authentication string more readable and preserves HTTP
>> proxy handler.
>> 
>> Fixes #11905
>> 
>> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
>> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>> src/sendprofile | 14 ++++++++++++--
>> 1 file changed, 12 insertions(+), 2 deletions(-)
>> mode change 100644 => 100755 src/sendprofile
>> 
>> diff --git a/src/sendprofile b/src/sendprofile
>> old mode 100644
>> new mode 100755
>> index b836567..3ce68b9
>> --- a/src/sendprofile
>> +++ b/src/sendprofile
>> @@ -73,10 +73,20 @@ def send_profile(profile):
>> 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
>> 
>> 	# Set upstream proxy if we have one.
>> -	# XXX this cannot handle authentication
>> 	proxy = get_upstream_proxy()
>> +
>> 	if proxy["host"]:
>> -		request.set_proxy(proxy["host"], "http")
>> +		# handling upstream proxies with authentication is more tricky...
>> +		if proxy["user"] and proxy["pass"]:
>> +			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
>> +
>> +			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string})
>> +			auth = urllib2.HTTPBasicAuthHandler()
>> +			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
>> +			urllib2.install_opener(opener)
>> +		else:
>> +			request.set_proxy(proxy["host"], "http")
>> +			request.set_proxy(proxy["host"], "https")
>> 
>> 	try:
>> 		urllib2.urlopen(request, timeout=60)
>> 
> 
> 
> -- 
> Microsoft DNS service terminates abnormally when it recieves a response
> to a DNS query that was never made.  Fix Information: Run your DNS
> service on a different platform.
> 		-- bugtraq

Re: [PATCH v3] fireinfo: support upstream proxy with authentication

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2812 bytes --]

Merged and scheduled for Core Update 127!

> On 10 Dec 2018, at 19:09, Michael Tremer <michael.tremer(a)ipfire.org> wrote:
> 
> Hi,
> 
> No, the Core Update is already tagged, built and uploaded to the mirrors.
> 
> The release announcement is also ready, but Arne hasn’t released it, yet.
> 
> -Michael
> 
>> On 10 Dec 2018, at 15:29, Peter Müller <peter.mueller(a)link38.eu> wrote:
>> 
>> Hello Michael,
>> 
>> is there any chance to get this into upcoming Core Update 126?
>> 
>> Thanks, and best regards,
>> Peter Müller
>> 
>> Am 04.12.18 um 18:13 schrieb Peter Müller:
>>> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
>>> if the machine is behind an upstream proxy which requires username
>>> and password. This is fixed by tweaking urllib2's opening handler.
>>> 
>>> To apply this on existing installations, the fireinfo package
>>> needs to be shipped during an update.
>>> 
>>> The third version of this patch fixes bogus indention, assembles
>>> proxy authentication string more readable and preserves HTTP
>>> proxy handler.
>>> 
>>> Fixes #11905
>>> 
>>> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
>>> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
>>> ---
>>> src/sendprofile | 14 ++++++++++++--
>>> 1 file changed, 12 insertions(+), 2 deletions(-)
>>> mode change 100644 => 100755 src/sendprofile
>>> 
>>> diff --git a/src/sendprofile b/src/sendprofile
>>> old mode 100644
>>> new mode 100755
>>> index b836567..3ce68b9
>>> --- a/src/sendprofile
>>> +++ b/src/sendprofile
>>> @@ -73,10 +73,20 @@ def send_profile(profile):
>>> 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
>>> 
>>> 	# Set upstream proxy if we have one.
>>> -	# XXX this cannot handle authentication
>>> 	proxy = get_upstream_proxy()
>>> +
>>> 	if proxy["host"]:
>>> -		request.set_proxy(proxy["host"], "http")
>>> +		# handling upstream proxies with authentication is more tricky...
>>> +		if proxy["user"] and proxy["pass"]:
>>> +			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
>>> +
>>> +			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string})
>>> +			auth = urllib2.HTTPBasicAuthHandler()
>>> +			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
>>> +			urllib2.install_opener(opener)
>>> +		else:
>>> +			request.set_proxy(proxy["host"], "http")
>>> +			request.set_proxy(proxy["host"], "https")
>>> 
>>> 	try:
>>> 		urllib2.urlopen(request, timeout=60)
>>> 
>> 
>> 
>> -- 
>> Microsoft DNS service terminates abnormally when it recieves a response
>> to a DNS query that was never made.  Fix Information: Run your DNS
>> service on a different platform.
>> 		-- bugtraq
>