From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2] fireinfo: support upstream proxy with authentication
Date: Mon, 12 Nov 2018 00:26:00 +0000
Message-ID: <ffab8952e15b861271b8d95e993b492e@ipfire.org>
In-Reply-To: <20181029172210.4157-1-peter.mueller@link38.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2493571060064385335=="
List-Id: <development.lists.ipfire.org>

--===============2493571060064385335==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Hello,

thanks for adding authentication and support for HTTPS to fireinfo.

On 29/10/2018 05:22 PM, Peter Müller wrote:
> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
> if the machine is behind an upstream proxy which requires username
> and password. This is fixed by tweaking urllib2's opening handler.
> 
> To apply this on existing installations, the fireinfo package
> needs to be shipped during an update.

Yes, obvs :)

> The second version of this patch fixes bogus indention, assembles
> proxy authentication string more readable and preserves HTTP
> proxy handler.
> 
> Fixes #11905
> 
> Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
> Cc: Michael Tremer <michael.tremer(a)ipfire.org>
> ---
>  src/sendprofile | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
>  mode change 100644 => 100755 src/sendprofile
> 
> diff --git a/src/sendprofile b/src/sendprofile
> old mode 100644
> new mode 100755
> index b836567..1f32440
> --- a/src/sendprofile
> +++ b/src/sendprofile
> @@ -73,10 +73,21 @@ def send_profile(profile):
>  	request.add_header("User-Agent", "fireinfo/%s" % 
> fireinfo.__version__)
> 
>  	# Set upstream proxy if we have one.
> -	# XXX this cannot handle authentication
>  	proxy = get_upstream_proxy()
> +
>  	if proxy["host"]:
> -		request.set_proxy(proxy["host"], "http")
> +		# handling upstream proxies with authentication is more tricky...
> +		if proxy["user"] and proxy["pass"]:
> +			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"],
> proxy["pass"], proxy["host"])
> +
> +			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
> +			proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})

You are overwriting the proxy_handler variable here and that creates 
this
only for HTTPS which is not what we want here.

> +			auth = urllib2.HTTPBasicAuthHandler()
> +			opener = urllib2.build_opener(proxy_handler, auth, 
> urllib2.HTTPHandler)
> +			urllib2.install_opener(opener)
> +		else:
> +			request.set_proxy(proxy["host"], "http")
> +			request.set_proxy(proxy["host"], "https")
> 
>  	try:
>  		urllib2.urlopen(request, timeout=60)

--===============2493571060064385335==--