| Message ID | b397de57-1ab7-bdfd-be3f-bbd59ea5a7d7@link38.eu |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 7F3DC8AB84A for <patchwork@web07.i.ipfire.org>; Tue, 4 Dec 2018 17:13:25 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 74C5E2089BDA; Tue, 4 Dec 2018 17:13:24 +0000 (GMT) Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [IPv6:2a03:4000:6:432c:1f9e:48:ac3:199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx-nbg.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id EA65021AEFF8 for <development@lists.ipfire.org>; Tue, 4 Dec 2018 17:13:19 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803; t=1543943596; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ndxu2AejaZg+Es+Gm5Z/M1GFGIaEVvJZOIj7a0TmtF4=; b=QcWkA/9LOZbfmUy7di9iAcrhrSXQ/PzZi/OnzUf1JoxG/n5wvucwR9Fm9Da7RguysaRDbi OUXG9D6o3GMgThPZKnxwwy4DawXbpXwWXaZROpIRNlfubVqfvGb0YrZlCOQz9F7zkxw0gm yxloldBFQvxF3Nrqzk78MCnTEyKhQp4IXjW3kXLi4Xh/hu2i6eoBgXPMWgsUIaS4UovXAp /NNZGK87iKtISfbzARREh+QtHCcXnMsRwll3h0cRBLQC52sdR01mFinKRt2bZEz2i5Ylx2 VjjKjS3/UF6gg83hIraWn1aVNd0crXRcBTaqs3eLta+ikfndM8ZPp1a/r8U4Pg== To: Michael Tremer <michael.tremer@ipfire.org> References: <20181029172210.4157-1-peter.mueller@link38.eu> <ffab8952e15b861271b8d95e993b492e@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu> Openpgp: preference=signencrypt Autocrypt: addr=peter.mueller@link38.eu; keydata= xsFNBFrlh/UBEADDNM0LnM9+1NhjgfIz7Ww9Hlx6egK75TJoVa/S9gjI+3DeXn7hsj7vZnQz qSXMhSauU7k4g+F+MmOJP2HRIl0lEo/JNrpAqrAseSnbJp4eq8OTyAL6+Z3SVNJNbcRDOHmw jb/GR8ncURcgYDYV+oCs4csrghtBnm4cWaD/RW10zlB4nQsqQ5G3jzY9aIM+NKRHSAZEbXBZ W6pyDcGRMkwSFTHXpjtFDZ6mVEMxi1nv2W8PMU+uGbs3ud4gzPZ0tT5ICR8bp71qpua4r4RQ o6rB/suiPOptOE5/rk8FiW3ho0y1xDu7bRx8UzdLS9cYCVeSvf9n9YZ6RGOH9O7dS23zfTkS 8iqYol1PmVZrNtpsWBCq4HzFtRJPs6gykFNfj2sVQXU3RHHf2ui0OKm3R0olhLVbKSw2qSPM ajP1vBuVLEMSJmucxlJQ72Im/afnOz3LlNt+/FOB0zneoKGvPpPGSP/Fr5FJYED6/l1DZl2W 8Wb76xq3HGfETHW9kwwqbbQefMu6LNQIw9CnTpSk/R9mt7AnIrKCjxfclLDfz6VBJ0grRDDF PBEVBrj7uZM0UCl/dUX0adjDxBfma/UJZcBlDVX61+41vsX6w094sveKaNdqybAIxqGnhRUq kCHm5P/IYOZrtkao/TsRIW508MJBGmxoUl2qqCj7tXtNy2tiUQARAQABzSdQZXRlciBNw7xs bGVyIDxwZXRlci5tdWVsbGVyQGxpbmszOC5ldT7CwX8EEwECACkFAlrlh/UCGyMFCQlmAYAH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDZSPIPfXufaDlVD/0elAwSohcC4T5jFtPt hZ1+jU9t46pwBhQ8ohKpo4/wAuVBg5B0FYb0gegcSicYWsNkhTtCjUhExMilLKTaJir5l+3V B/rU/WG7NgLYqmYsGlgHPXdLZAbOMU/0atONFYos1UZnRGmPfhLwRw3g5TBaKrfqaFBzRABE W0R+XuRoXy9ho+lNP5g0Sa+SxtOeBpLQxppObk5WLUqDKxrvHhStgM3PrJASKujsJiw19IUg ws0q+WezH8LPQd3Vc8DP56sl1/h8w2Xklsdxj1NEcO7OIrrKSNIRGyqgqvtmDi6dxh1suGUW Par/VhB+P+u0yVy8H1lZ4SFUsZJFPwHNFSN41USmT/uHf9Z7K1+qXm4zpyexrDQ+ojuXxnB1 y97cHYcYaCZ2Bo+deljXng1NF0I3CdIdhPfLv7FHRBoBw1xs0qJjUfTfSAZsYD0H/jl76bRx 4s8rrECqM7pMnE4aLiP4m6gKJKooH8QAQsmGRYAI8gG/BIHPHZUpZ8J2jRnj6GQ1MpEdcnLE Q0N7QMayDoPq177es7tey5vzofq3bDGW/O9yqUWiz3e7uaGSQnYoRGm2oCCTojvGt37yS0H8 v+ms2fokPNt8UDmpZoLFFPXDwVcnL/KBkPY665xchatKpBOtJ3lRnXdlyRJW1gGda9G5mGFn xLcWumkZ12YKmtixuM7BTQRa5Yf1ARAA4UCkVBvQhks9lApBxvfZ8ekWrticMooBkegL+KQT TPWQHTgdwkFzSneaRq0vFFcgKxmXA54OmT58y0tf09hUvTGK4COs5GTZKP/SYSWZM6xOQqaT 37fros/ma4iSS+IJw/eDh7bWKM5gllz0EuoewaTveGDWeucf7V36mRUPG47GsNk/PgCRsO5Y SLlpfT/3xH02aRnUmWjzHCkJ9EV388cIWaYo9kP4q9rbcl3IyHP0t78XpIIWH6+o/I0FgzwL GJBdJ0eAE3PNIRGYu8nqYlJ+TIpcIrEPitma6nZtiWAITRO2XDb/2o05tUlEbmlN6dUOqM7X Jvj/Z9KkYNgvYNbHXqXJ+j5gzcq0DR7DtDSDnd1WDrYivQMGBDnZR2YfFjBEsmeArdmDTZqY aqYhBN3iMCI9cErZgik6Niz6jrqBMK98geB04vrqZUYprh7zXgPu0A/EwTIJuZ+GGeEKwMVL pBc2NGxUb/kt8nr1JHAnSludD78EW6QVdpcgO4DhHxzhdDk/L8yE53b5UdvXwad5N4T1QS/Y kk80nByinD4vaIIHti9nOvLQJAro1p997YnVeY0wQ2x14Qw1rqeCOeKqB8PxmHvSK6b+nXLg Dv7HuFLovIeQd/IimGLXBDW4Bkn60HApJ5KcX+GwHp5XqPRKPmtjfMsETZn1ESjyc3sAEQEA AcLBZQQYAQIADwUCWuWH9QIbDAUJCWYBgAAKCRDZSPIPfXufaBRaEACMS5Q1BY/O5o+Vn8lD uMUczEVk/8j07gi1EV2ffutwZ5eYrKvXkuoMPEBb7SWqPUKqpTbw1pNjUf5002c2xm2r/OSZ oQMRWDztht+EMhjy0qkixMV+TvS6DcFPb8sd+KOoIBD08EBVUxpeNhAFxaRjGEDboJUwtDAd EDUJts5HnXvBqEcnkOfkwDSUWf9epa1mbyO1sO5NnMtxQY6paB2UGQPNE5/J3eo4f5s4wrxR AaM6OCCOtJxs4u0svmOCwd0D8LQ6higBq+EFesc57ZpG3pkNokrROFWRpx6OpQJUnYi5lWm8 +4xF99QfI9mHIz+jrnPcsfAiKdXb8QkeaDkR7bIU269wwKupfN6bHsKFtOnx7AhMLUddzTHA hTe8cov/tnn5xPvSZhpfknOBx+mffNQBsCETuCxPMqtDN5xFuwBxw4ZKZpKYFk/FUl6As1z4 LY2tNXb/JI58fGiLreunuvxsEkb97hmly1e19IPOTJzawB/aKRQNpIkoE11UBhKyc+kwIfVo ZCTlp+3hpBFqxEjRReSQUKKb9hA4yP3j90Fb353JbNKf9+Y3UtFPJb67koDOGtbJsk19bzPE zO0j/ek+eXxTIf5NxURVuzY6yvg57ZzW7T/tApT/LLfMEmuYz/LiijgON0uTOSp8KflwAt8m eNtEia+FigGVqn+PSQ== Subject: [PATCH v3] fireinfo: support upstream proxy with authentication Message-ID: <b397de57-1ab7-bdfd-be3f-bbd59ea5a7d7@link38.eu> Date: Tue, 4 Dec 2018 18:13:15 +0100 MIME-Version: 1.0 In-Reply-To: <ffab8952e15b861271b8d95e993b492e@ipfire.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Authentication-Results: mail01.ipfire.org; dkim=pass header.d=link38.eu:s=201803; dmarc=pass (policy=none) header.from=link38.eu; spf=pass smtp.mailfrom=peter.mueller@link38.eu X-Spamd-Result: default: False [-11.49 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[link38.eu:s=201803]; BAYES_HAM(-3.00)[100.00%]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_MED(0.00)[link38.eu.dwl.dnswl.org : 127.0.6.2]; R_SPF_ALLOW(-0.20)[+ip6:2a03:4000:6:432c:1f9e:48:ac3:199]; MIME_GOOD(-0.10)[text/plain]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[link38.eu:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[link38.eu,none]; MX_GOOD(-0.01)[cached: mx-nbg.link38.eu]; NEURAL_HAM(-3.00)[-0.999,0]; RCVD_IN_DNSWL_MED(-0.20)[9.9.1.0.3.c.a.0.8.4.0.0.e.9.f.1.c.2.3.4.6.0.0.0.0.0.0.4.3.0.a.2.list.dnswl.org : 127.0.6.2]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.78)[ip: (-9.91), ipnet: 2a03:4000::/32(-4.95), asn: 197540(-3.96), country: DE(-0.09)]; ASN(0.00)[asn:197540, ipnet:2a03:4000::/32, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RBL_COMPOSITE_RCVD_IN_DNSWL_MED_DWL_DNSWL_MED(0.00)[] X-Spam-Status: No, score=-11.49 X-Rspamd-Server: mail01.i.ipfire.org Cc: "IPFire: Development-List" <development@lists.ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[v3] fireinfo: support upstream proxy with authentication
|
|
Commit Message
Peter Müller
Dec. 5, 2018, 4:13 a.m. UTC
Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.
To apply this on existing installations, the fireinfo package
needs to be shipped during an update.
The third version of this patch fixes bogus indention, assembles
proxy authentication string more readable and preserves HTTP
proxy handler.
Fixes #11905
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Michael Tremer <michael.tremer@ipfire.org>
---
src/sendprofile | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
mode change 100644 => 100755 src/sendprofile
Comments
Hello Michael, is there any chance to get this into upcoming Core Update 126? Thanks, and best regards, Peter Müller Am 04.12.18 um 18:13 schrieb Peter Müller: > Fireinfo could not send its profile to https://fireinfo.ipfire.org/ > if the machine is behind an upstream proxy which requires username > and password. This is fixed by tweaking urllib2's opening handler. > > To apply this on existing installations, the fireinfo package > needs to be shipped during an update. > > The third version of this patch fixes bogus indention, assembles > proxy authentication string more readable and preserves HTTP > proxy handler. > > Fixes #11905 > > Signed-off-by: Peter Müller <peter.mueller@link38.eu> > Cc: Michael Tremer <michael.tremer@ipfire.org> > --- > src/sendprofile | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > mode change 100644 => 100755 src/sendprofile > > diff --git a/src/sendprofile b/src/sendprofile > old mode 100644 > new mode 100755 > index b836567..3ce68b9 > --- a/src/sendprofile > +++ b/src/sendprofile > @@ -73,10 +73,20 @@ def send_profile(profile): > request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__) > > # Set upstream proxy if we have one. > - # XXX this cannot handle authentication > proxy = get_upstream_proxy() > + > if proxy["host"]: > - request.set_proxy(proxy["host"], "http") > + # handling upstream proxies with authentication is more tricky... > + if proxy["user"] and proxy["pass"]: > + prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"]) > + > + proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string}) > + auth = urllib2.HTTPBasicAuthHandler() > + opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler) > + urllib2.install_opener(opener) > + else: > + request.set_proxy(proxy["host"], "http") > + request.set_proxy(proxy["host"], "https") > > try: > urllib2.urlopen(request, timeout=60) >
Hi, No, the Core Update is already tagged, built and uploaded to the mirrors. The release announcement is also ready, but Arne hasn’t released it, yet. -Michael > On 10 Dec 2018, at 15:29, Peter Müller <peter.mueller@link38.eu> wrote: > > Hello Michael, > > is there any chance to get this into upcoming Core Update 126? > > Thanks, and best regards, > Peter Müller > > Am 04.12.18 um 18:13 schrieb Peter Müller: >> Fireinfo could not send its profile to https://fireinfo.ipfire.org/ >> if the machine is behind an upstream proxy which requires username >> and password. This is fixed by tweaking urllib2's opening handler. >> >> To apply this on existing installations, the fireinfo package >> needs to be shipped during an update. >> >> The third version of this patch fixes bogus indention, assembles >> proxy authentication string more readable and preserves HTTP >> proxy handler. >> >> Fixes #11905 >> >> Signed-off-by: Peter Müller <peter.mueller@link38.eu> >> Cc: Michael Tremer <michael.tremer@ipfire.org> >> --- >> src/sendprofile | 14 ++++++++++++-- >> 1 file changed, 12 insertions(+), 2 deletions(-) >> mode change 100644 => 100755 src/sendprofile >> >> diff --git a/src/sendprofile b/src/sendprofile >> old mode 100644 >> new mode 100755 >> index b836567..3ce68b9 >> --- a/src/sendprofile >> +++ b/src/sendprofile >> @@ -73,10 +73,20 @@ def send_profile(profile): >> request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__) >> >> # Set upstream proxy if we have one. >> - # XXX this cannot handle authentication >> proxy = get_upstream_proxy() >> + >> if proxy["host"]: >> - request.set_proxy(proxy["host"], "http") >> + # handling upstream proxies with authentication is more tricky... >> + if proxy["user"] and proxy["pass"]: >> + prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"]) >> + >> + proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string}) >> + auth = urllib2.HTTPBasicAuthHandler() >> + opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler) >> + urllib2.install_opener(opener) >> + else: >> + request.set_proxy(proxy["host"], "http") >> + request.set_proxy(proxy["host"], "https") >> >> try: >> urllib2.urlopen(request, timeout=60) >> > > > -- > Microsoft DNS service terminates abnormally when it recieves a response > to a DNS query that was never made. Fix Information: Run your DNS > service on a different platform. > -- bugtraq
Merged and scheduled for Core Update 127! > On 10 Dec 2018, at 19:09, Michael Tremer <michael.tremer@ipfire.org> wrote: > > Hi, > > No, the Core Update is already tagged, built and uploaded to the mirrors. > > The release announcement is also ready, but Arne hasn’t released it, yet. > > -Michael > >> On 10 Dec 2018, at 15:29, Peter Müller <peter.mueller@link38.eu> wrote: >> >> Hello Michael, >> >> is there any chance to get this into upcoming Core Update 126? >> >> Thanks, and best regards, >> Peter Müller >> >> Am 04.12.18 um 18:13 schrieb Peter Müller: >>> Fireinfo could not send its profile to https://fireinfo.ipfire.org/ >>> if the machine is behind an upstream proxy which requires username >>> and password. This is fixed by tweaking urllib2's opening handler. >>> >>> To apply this on existing installations, the fireinfo package >>> needs to be shipped during an update. >>> >>> The third version of this patch fixes bogus indention, assembles >>> proxy authentication string more readable and preserves HTTP >>> proxy handler. >>> >>> Fixes #11905 >>> >>> Signed-off-by: Peter Müller <peter.mueller@link38.eu> >>> Cc: Michael Tremer <michael.tremer@ipfire.org> >>> --- >>> src/sendprofile | 14 ++++++++++++-- >>> 1 file changed, 12 insertions(+), 2 deletions(-) >>> mode change 100644 => 100755 src/sendprofile >>> >>> diff --git a/src/sendprofile b/src/sendprofile >>> old mode 100644 >>> new mode 100755 >>> index b836567..3ce68b9 >>> --- a/src/sendprofile >>> +++ b/src/sendprofile >>> @@ -73,10 +73,20 @@ def send_profile(profile): >>> request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__) >>> >>> # Set upstream proxy if we have one. >>> - # XXX this cannot handle authentication >>> proxy = get_upstream_proxy() >>> + >>> if proxy["host"]: >>> - request.set_proxy(proxy["host"], "http") >>> + # handling upstream proxies with authentication is more tricky... >>> + if proxy["user"] and proxy["pass"]: >>> + prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"]) >>> + >>> + proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string}) >>> + auth = urllib2.HTTPBasicAuthHandler() >>> + opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler) >>> + urllib2.install_opener(opener) >>> + else: >>> + request.set_proxy(proxy["host"], "http") >>> + request.set_proxy(proxy["host"], "https") >>> >>> try: >>> urllib2.urlopen(request, timeout=60) >>> >> >> >> -- >> Microsoft DNS service terminates abnormally when it recieves a response >> to a DNS query that was never made. Fix Information: Run your DNS >> service on a different platform. >> -- bugtraq >
diff --git a/src/sendprofile b/src/sendprofile old mode 100644 new mode 100755 index b836567..3ce68b9 --- a/src/sendprofile +++ b/src/sendprofile @@ -73,10 +73,20 @@ def send_profile(profile): request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__) # Set upstream proxy if we have one. - # XXX this cannot handle authentication proxy = get_upstream_proxy() + if proxy["host"]: - request.set_proxy(proxy["host"], "http") + # handling upstream proxies with authentication is more tricky... + if proxy["user"] and proxy["pass"]: + prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"]) + + proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string, 'https': prx_auth_string}) + auth = urllib2.HTTPBasicAuthHandler() + opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler) + urllib2.install_opener(opener) + else: + request.set_proxy(proxy["host"], "http") + request.set_proxy(proxy["host"], "https") try: urllib2.urlopen(request, timeout=60)