From 9fac3ef792d7923e1fabd90b7b46acbf227d8578 Mon Sep 17 00:00:00 2001 From: Valen Blanco Date: Mon, 3 Oct 2016 17:33:10 +0200 Subject: [PATCH 1/4] Added new field to upstream struct; added new function for registering an upstream proxy with basic auth --- src/upstream.c | 36 +++++++++++++++++++++++++++++------- src/upstream.h | 4 ++++ 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/upstream.c b/src/upstream.c index 6b25f9b..eda28f2 100644 --- a/src/upstream.c +++ b/src/upstream.c @@ -30,9 +30,12 @@ #ifdef UPSTREAM_SUPPORT /** - * Construct an upstream struct from input data. + * Construct an upstream struct from input data, with basic auth credentials. + * 'basic_auth' can be NULL. */ -static struct upstream *upstream_build (const char *host, int port, const char *domain) +static struct upstream *upstream_build (const char *host, int port, + const char *basic_auth, + const char *domain) { char *ptr; struct upstream *up; @@ -44,7 +47,7 @@ static struct upstream *upstream_build (const char *host, int port, const char * return NULL; } - up->host = up->domain = NULL; + up->host = up->domain = up->basic_auth = NULL; up->ip = up->mask = 0; if (domain == NULL) { @@ -57,6 +60,9 @@ static struct upstream *upstream_build (const char *host, int port, const char * up->host = safestrdup (host); up->port = port; + if (basic_auth != NULL) + up->basic_auth = safestrdup (basic_auth); + log_message (LOG_INFO, "Added upstream %s:%d for [default]", host, port); } else if (host == NULL) { @@ -101,6 +107,9 @@ static struct upstream *upstream_build (const char *host, int port, const char * up->port = port; up->domain = safestrdup (domain); + if (basic_auth != NULL) + up->basic_auth = safestrdup (basic_auth); + log_message (LOG_INFO, "Added upstream %s:%d for %s", host, port, domain); } @@ -109,6 +118,7 @@ static struct upstream *upstream_build (const char *host, int port, const char * fail: safefree (up->host); + safefree (up->basic_auth); safefree (up->domain); safefree (up); @@ -116,14 +126,15 @@ fail: } /* - * Add an entry to the upstream list + * Add an entry to the upstream list, with basic auth credentials. + * 'basic_auth' can be NULL. */ -void upstream_add (const char *host, int port, const char *domain, - struct upstream **upstream_list) +void upstream_bauth_add (const char *host, int port, const char *basic_auth, + const char *domain, struct upstream **upstream_list) { struct upstream *up; - up = upstream_build (host, port, domain); + up = upstream_build (host, port, basic_auth, domain); if (up == NULL) { return; } @@ -155,12 +166,22 @@ void upstream_add (const char *host, int port, const char *domain, upstream_cleanup: safefree (up->host); + safefree (up->basic_auth); safefree (up->domain); safefree (up); return; } +/* + * Add an entry to the upstream list + */ +void upstream_add (const char *host, int port, const char *domain, + struct upstream **upstream_list) +{ + upstream_bauth_add (host, port, NULL, domain, upstream_list); +} + /* * Check if a host is in the upstream list */ @@ -216,6 +237,7 @@ void free_upstream_list (struct upstream *up) struct upstream *tmp = up; up = up->next; safefree (tmp->domain); + safefree (tmp->basic_auth); safefree (tmp->host); safefree (tmp); } diff --git a/src/upstream.h b/src/upstream.h index 34dad68..1e965e1 100644 --- a/src/upstream.h +++ b/src/upstream.h @@ -36,12 +36,16 @@ struct upstream { char *domain; /* optional */ char *host; int port; + char *basic_auth; /* optional, Base64 basic auth */ in_addr_t ip, mask; }; #ifdef UPSTREAM_SUPPORT extern void upstream_add (const char *host, int port, const char *domain, struct upstream **upstream_list); +extern void upstream_bauth_add (const char *host, int port, + const char *basic_auth, const char *domain, + struct upstream **upstream_list); extern struct upstream *upstream_get (char *host, struct upstream *up); extern void free_upstream_list (struct upstream *up); #endif /* UPSTREAM_SUPPORT */ From 474e3f35a115f53fa0fa46dba5d9d93db4553cdb Mon Sep 17 00:00:00 2001 From: Valen Blanco Date: Tue, 4 Oct 2016 18:25:55 +0200 Subject: [PATCH 2/4] Changed 'establish_http_connection' to support connecting to an upstream proxy with a 'basic_auth' field --- src/reqs.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/reqs.c b/src/reqs.c index 990152a..26158ae 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -267,6 +267,17 @@ establish_http_connection (struct conn_s *connptr, struct request_s *request) "Connection: close\r\n", request->method, request->path, request->host, portbuff); + } else if ((connptr->upstream_proxy) && + (connptr->upstream_proxy->basic_auth)) { + /* Basic auth is set for upstream proxy. */ + return write_message (connptr->server_fd, + "%s %s HTTP/1.0\r\n" + "Host: %s%s\r\n" + "Connection: close\r\n" + "Proxy-Authorization: Basic %s\r\n", + request->method, request->path, + request->host, portbuff, + connptr->upstream_proxy->basic_auth); } else { return write_message (connptr->server_fd, "%s %s HTTP/1.0\r\n" From 14eae55fef492c3491a6abca0d3dd05c91ab737a Mon Sep 17 00:00:00 2001 From: Valen Blanco Date: Fri, 7 Oct 2016 11:09:50 +0200 Subject: [PATCH 3/4] Changed Upstream config directive to support receiving a Base64 string --- src/conf.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/conf.c b/src/conf.c index c003627..4f9e55f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -254,8 +254,8 @@ struct { BEGIN "(no" WS "upstream)" WS STR END, handle_upstream_no, NULL }, { - BEGIN "(upstream)" WS "(" IP "|" ALNUM ")" ":" INT "(" WS STR - ")?" END, handle_upstream, NULL + BEGIN "(upstream)" WS "(" STR "@" ")?" "(" IP "|" ALNUM ")" ":" + INT "(" WS STR ")?" END, handle_upstream, NULL }, #endif /* loglevel */ @@ -1075,22 +1075,31 @@ static HANDLE_FUNC (handle_upstream) char *ip; int port; char *domain; + char *basic_auth = NULL; /* optional, Base64 basic auth */ - ip = get_string_arg (line, &match[2]); + if (match[3].rm_so != -1) { + /* Basic auth is set for upstream proxy. */ + basic_auth = get_string_arg (line, &match[3]); + } + + ip = get_string_arg (line, &match[4]); if (!ip) return -1; - port = (int) get_long_arg (line, &match[7]); + port = (int) get_long_arg (line, &match[9]); - if (match[10].rm_so != -1) { - domain = get_string_arg (line, &match[10]); + if (match[12].rm_so != -1) { + domain = get_string_arg (line, &match[12]); if (domain) { - upstream_add (ip, port, domain, &conf->upstream_list); + upstream_bauth_add (ip, port, basic_auth, domain, + &conf->upstream_list); safefree (domain); } } else { - upstream_add (ip, port, NULL, &conf->upstream_list); + upstream_bauth_add (ip, port, basic_auth, NULL, + &conf->upstream_list); } + safefree (basic_auth); safefree (ip); return 0; From 066b2d5edeaa7fc1cda6a09cdf2a42cdc9512094 Mon Sep 17 00:00:00 2001 From: Valen Blanco Date: Fri, 7 Oct 2016 11:57:50 +0200 Subject: [PATCH 4/4] Renamed upstream_bauth_add -> upstream_add --- src/conf.c | 9 ++++----- src/upstream.c | 19 ++++--------------- src/upstream.h | 6 ++---- 3 files changed, 10 insertions(+), 24 deletions(-) diff --git a/src/conf.c b/src/conf.c index 4f9e55f..e555424 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1090,13 +1090,12 @@ static HANDLE_FUNC (handle_upstream) if (match[12].rm_so != -1) { domain = get_string_arg (line, &match[12]); if (domain) { - upstream_bauth_add (ip, port, basic_auth, domain, - &conf->upstream_list); + upstream_add (ip, port, basic_auth, domain, + &conf->upstream_list); safefree (domain); } } else { - upstream_bauth_add (ip, port, basic_auth, NULL, - &conf->upstream_list); + upstream_add (ip, port, basic_auth, NULL, &conf->upstream_list); } safefree (basic_auth); @@ -1113,7 +1112,7 @@ static HANDLE_FUNC (handle_upstream_no) if (!domain) return -1; - upstream_add (NULL, 0, domain, &conf->upstream_list); + upstream_add (NULL, 0, NULL, domain, &conf->upstream_list); safefree (domain); return 0; diff --git a/src/upstream.c b/src/upstream.c index eda28f2..201e967 100644 --- a/src/upstream.c +++ b/src/upstream.c @@ -30,8 +30,7 @@ #ifdef UPSTREAM_SUPPORT /** - * Construct an upstream struct from input data, with basic auth credentials. - * 'basic_auth' can be NULL. + * Construct an upstream struct from input data. */ static struct upstream *upstream_build (const char *host, int port, const char *basic_auth, @@ -126,11 +125,10 @@ fail: } /* - * Add an entry to the upstream list, with basic auth credentials. - * 'basic_auth' can be NULL. + * Add an entry to the upstream list. */ -void upstream_bauth_add (const char *host, int port, const char *basic_auth, - const char *domain, struct upstream **upstream_list) +void upstream_add (const char *host, int port, const char *basic_auth, + const char *domain, struct upstream **upstream_list) { struct upstream *up; @@ -173,15 +171,6 @@ upstream_cleanup: return; } -/* - * Add an entry to the upstream list - */ -void upstream_add (const char *host, int port, const char *domain, - struct upstream **upstream_list) -{ - upstream_bauth_add (host, port, NULL, domain, upstream_list); -} - /* * Check if a host is in the upstream list */ diff --git a/src/upstream.h b/src/upstream.h index 1e965e1..1431d4b 100644 --- a/src/upstream.h +++ b/src/upstream.h @@ -41,11 +41,9 @@ struct upstream { }; #ifdef UPSTREAM_SUPPORT -extern void upstream_add (const char *host, int port, const char *domain, +extern void upstream_add (const char *host, int port, + const char *basic_auth, const char *domain, struct upstream **upstream_list); -extern void upstream_bauth_add (const char *host, int port, - const char *basic_auth, const char *domain, - struct upstream **upstream_list); extern struct upstream *upstream_get (char *host, struct upstream *up); extern void free_upstream_list (struct upstream *up); #endif /* UPSTREAM_SUPPORT */