[v2] fireinfo: support upstream proxy with authentication
Commit Message
Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.
To apply this on existing installations, the fireinfo package
needs to be shipped during an update.
The second version of this patch fixes bogus indention, assembles
proxy authentication string more readable and preserves HTTP
proxy handler.
Fixes #11905
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Michael Tremer <michael.tremer@ipfire.org>
---
src/sendprofile | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
mode change 100644 => 100755 src/sendprofile
Comments
Hello,
thanks for adding authentication and support for HTTPS to fireinfo.
On 29/10/2018 05:22 PM, Peter Müller wrote:
> Fireinfo could not send its profile to https://fireinfo.ipfire.org/
> if the machine is behind an upstream proxy which requires username
> and password. This is fixed by tweaking urllib2's opening handler.
>
> To apply this on existing installations, the fireinfo package
> needs to be shipped during an update.
Yes, obvs :)
> The second version of this patch fixes bogus indention, assembles
> proxy authentication string more readable and preserves HTTP
> proxy handler.
>
> Fixes #11905
>
> Signed-off-by: Peter Müller <peter.mueller@link38.eu>
> Cc: Michael Tremer <michael.tremer@ipfire.org>
> ---
> src/sendprofile | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)
> mode change 100644 => 100755 src/sendprofile
>
> diff --git a/src/sendprofile b/src/sendprofile
> old mode 100644
> new mode 100755
> index b836567..1f32440
> --- a/src/sendprofile
> +++ b/src/sendprofile
> @@ -73,10 +73,21 @@ def send_profile(profile):
> request.add_header("User-Agent", "fireinfo/%s" %
> fireinfo.__version__)
>
> # Set upstream proxy if we have one.
> - # XXX this cannot handle authentication
> proxy = get_upstream_proxy()
> +
> if proxy["host"]:
> - request.set_proxy(proxy["host"], "http")
> + # handling upstream proxies with authentication is more tricky...
> + if proxy["user"] and proxy["pass"]:
> + prx_auth_string = "http://%s:%s@%s/" % (proxy["user"],
> proxy["pass"], proxy["host"])
> +
> + proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
> + proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})
You are overwriting the proxy_handler variable here and that creates
this
only for HTTPS which is not what we want here.
> + auth = urllib2.HTTPBasicAuthHandler()
> + opener = urllib2.build_opener(proxy_handler, auth,
> urllib2.HTTPHandler)
> + urllib2.install_opener(opener)
> + else:
> + request.set_proxy(proxy["host"], "http")
> + request.set_proxy(proxy["host"], "https")
>
> try:
> urllib2.urlopen(request, timeout=60)
old mode 100644
new mode 100755
@@ -73,10 +73,21 @@ def send_profile(profile):
request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
# Set upstream proxy if we have one.
- # XXX this cannot handle authentication
proxy = get_upstream_proxy()
+
if proxy["host"]:
- request.set_proxy(proxy["host"], "http")
+ # handling upstream proxies with authentication is more tricky...
+ if proxy["user"] and proxy["pass"]:
+ prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
+
+ proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
+ proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})
+ auth = urllib2.HTTPBasicAuthHandler()
+ opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
+ urllib2.install_opener(opener)
+ else:
+ request.set_proxy(proxy["host"], "http")
+ request.set_proxy(proxy["host"], "https")
try:
urllib2.urlopen(request, timeout=60)