From patchwork Sun Oct 28 01:20:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
X-Patchwork-Id: 1975
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200])
	by web02.i.ipfire.org (Postfix) with ESMTP id E592C6095F
	for <patchwork@web02.i.ipfire.org>; Sat, 27 Oct 2018 16:20:24 +0200 (CEST)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 0A601202C054;
	Sat, 27 Oct 2018 15:20:24 +0100 (BST)
Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx-nbg.link38.eu",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail01.ipfire.org (Postfix) with ESMTPS id 331A8202C054
 for <development@lists.ipfire.org>; Sat, 27 Oct 2018 15:20:21 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803;
 t=1540650019; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:in-reply-to:
 references; bh=PlJ713CjUlQqs/moQRI9Hd09gxFBEWLptgfJZN11hU4=;
 b=G5NDnx2QSNENmz9f/yoL5+yvx09jmPup+wgheeq239tsZkNj5btFUKg6nbULaRUsGDZeTz
 dJpF35NJdpkxVEdCUVKYgZmL0kd8ooR91vLtqihG5lKc/lQQPCXMmW/wgB0G8uEzyDw+YB
 V8pexyNzMqYhj5us8vXdV2wkMpthFwTzfn9JEWS6dj9rOoCOvqfwY5mngWky+0T8e5xe3j
 PvHh8kUF+o81FZV9rO+npAwTVpVEdK2YI0a4nLaa3KNs5Dzl78wfldfAUhFvsXE7H3iXdx
 yFhMznMC6xdbAnTnOaushAgCNd9EZbqayhU1qym9BfSAJMnxErttrrT3Ar5syw==
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH] fireinfo: support upstream proxy with authentication
Date: Sat, 27 Oct 2018 16:20:16 +0200
Message-Id: <20181027142016.5402-1-peter.mueller@link38.eu>
MIME-Version: 1.0
Authentication-Results: mail01.ipfire.org; dkim=pass header.d=link38.eu;
 dmarc=pass (policy=none) header.from=link38.eu;
 spf=pass smtp.mailfrom=peter.mueller@link38.eu
X-Spamd-Result: default: False [-10.48 / 11.00]; ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[link38.eu]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:37.120.167.53];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
 RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[link38.eu:+];
 RCVD_IN_DNSWL_MED(-0.20)[53.167.120.37.list.dnswl.org : 127.0.6.2];
 MID_CONTAINS_FROM(1.00)[];
 MX_GOOD(-0.01)[cached: mx-nbg.link38.eu];
 DMARC_POLICY_ALLOW(-0.50)[link38.eu,none];
 NEURAL_HAM(-2.99)[-0.997,0]; RCVD_COUNT_ZERO(0.00)[0];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(-3.78)[ip: (-9.91), ipnet: 37.120.160.0/19(-4.96), asn:
 197540(-3.96), country: DE(-0.09)];
 ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE];
 RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%]
X-Spam-Status: No, score=-10.48
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.

To apply this on existing installations, the fireinfo package
needs to be shipped during an update.

Fixes #11905

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 src/sendprofile | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 src/sendprofile

diff --git a/src/sendprofile b/src/sendprofile
old mode 100644
new mode 100755
index b836567..8c0603f
--- a/src/sendprofile
+++ b/src/sendprofile
@@ -73,10 +73,17 @@ def send_profile(profile):
 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
 
 	# Set upstream proxy if we have one.
-	# XXX this cannot handle authentication
 	proxy = get_upstream_proxy()
+
 	if proxy["host"]:
-		request.set_proxy(proxy["host"], "http")
+                # handling upstream proxies with authentication is more tricky...
+		if proxy["user"] and proxy["pass"]:
+			proxy_handler = urllib2.ProxyHandler({'https': 'http://' + proxy["user"] + ':' + proxy["pass"] + '@' + proxy["host"] + '/'})
+			auth = urllib2.HTTPBasicAuthHandler()
+			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
+			urllib2.install_opener(opener)
+		else:
+			request.set_proxy(proxy["host"], "https")
 
 	try:
 		urllib2.urlopen(request, timeout=60)