From patchwork Tue Oct 30 04:22:10 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
X-Patchwork-Id: 1976
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200])
	by web02.i.ipfire.org (Postfix) with ESMTP id A9C8061A1B
	for <patchwork@web02.i.ipfire.org>; Mon, 29 Oct 2018 18:22:17 +0100 (CET)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 0C5DF20F5E72;
	Mon, 29 Oct 2018 17:22:17 +0000 (GMT)
Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx-nbg.link38.eu",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail01.ipfire.org (Postfix) with ESMTPS id 67CF820F5E71
 for <development@lists.ipfire.org>; Mon, 29 Oct 2018 17:22:14 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803;
 t=1540833731; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
 content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:in-reply-to:
 references; bh=OYEVc5SLpjF0FrA49/0gNM0LaLDv4NTtbvHQPqYCZ/g=;
 b=EbKadM1Zqxzldo6KuzhzXoO9QM+n8VXaX2I/OP7Xkq2k6VP8Nkkc/xwAbO/4/fyh4m18Mc
 zvULk4J1wx/vw+pKChhggnIsaXYiDQpLgN6/3WyWvmCX03MHrvib2oovRQNn1a8jix0PZc
 cqWHJnbkMlTsOb5s2wegn2AuCZmfWmk7RpkAIfozovQimsw3aSCgXJHt9kE0I1elSI10qv
 3zCbiZ5UnX6+N3qpNBI+KNS8qs+FJxg6CnZ4eL31LEzaV7/I4CAYmYU6eAvSTOvES49nqv
 qDbGLzu327k2RptxQQSL10DdYzgxnufydR8C6xa7XrgMe7tqqAQ1eRoUkXbz+g==
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH v2] fireinfo: support upstream proxy with authentication
Date: Mon, 29 Oct 2018 18:22:10 +0100
Message-Id: <20181029172210.4157-1-peter.mueller@link38.eu>
MIME-Version: 1.0
Authentication-Results: mail01.ipfire.org; dkim=pass header.d=link38.eu;
 dmarc=pass (policy=none) header.from=link38.eu;
 spf=pass smtp.mailfrom=peter.mueller@link38.eu
X-Spamd-Result: default: False [-10.49 / 11.00]; ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[link38.eu]; NEURAL_HAM(-3.00)[-0.999,0];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:37.120.167.53];
 MIME_GOOD(-0.10)[text/plain]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[link38.eu:+];
 RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[];
 RCVD_IN_DNSWL_MED(-0.20)[53.167.120.37.list.dnswl.org : 127.0.6.2];
 DMARC_POLICY_ALLOW(-0.50)[link38.eu,none];
 MX_GOOD(-0.01)[cached: mx-nbg.link38.eu];
 RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(-3.78)[ip: (-9.91), ipnet: 37.120.160.0/19(-4.96), asn:
 197540(-3.96), country: DE(-0.09)];
 ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE];
 RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%]
X-Spam-Status: No, score=-10.49
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Fireinfo could not send its profile to https://fireinfo.ipfire.org/
if the machine is behind an upstream proxy which requires username
and password. This is fixed by tweaking urllib2's opening handler.

To apply this on existing installations, the fireinfo package
needs to be shipped during an update.

The second version of this patch fixes bogus indention, assembles
proxy authentication string more readable and preserves HTTP
proxy handler.

Fixes #11905

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Cc: Michael Tremer <michael.tremer@ipfire.org>
---
 src/sendprofile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 src/sendprofile

diff --git a/src/sendprofile b/src/sendprofile
old mode 100644
new mode 100755
index b836567..1f32440
--- a/src/sendprofile
+++ b/src/sendprofile
@@ -73,10 +73,21 @@ def send_profile(profile):
 	request.add_header("User-Agent", "fireinfo/%s" % fireinfo.__version__)
 
 	# Set upstream proxy if we have one.
-	# XXX this cannot handle authentication
 	proxy = get_upstream_proxy()
+
 	if proxy["host"]:
-		request.set_proxy(proxy["host"], "http")
+		# handling upstream proxies with authentication is more tricky...
+		if proxy["user"] and proxy["pass"]:
+			prx_auth_string = "http://%s:%s@%s/" % (proxy["user"], proxy["pass"], proxy["host"])
+
+			proxy_handler = urllib2.ProxyHandler({'http': prx_auth_string})
+			proxy_handler = urllib2.ProxyHandler({'https': prx_auth_string})
+			auth = urllib2.HTTPBasicAuthHandler()
+			opener = urllib2.build_opener(proxy_handler, auth, urllib2.HTTPHandler)
+			urllib2.install_opener(opener)
+		else:
+			request.set_proxy(proxy["host"], "http")
+			request.set_proxy(proxy["host"], "https")
 
 	try:
 		urllib2.urlopen(request, timeout=60)