Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15:Update
cntlm
cntlm-0.92.3-HTTP-1.1-persistent-connections-wi...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cntlm-0.92.3-HTTP-1.1-persistent-connections-with-HTTP-1.0-clients.patch of Package cntlm
Index: utils.c =================================================================== --- utils.c (revision 305) +++ utils.c (revision 306) @@ -508,6 +508,7 @@ data->body_len = 0; data->empty = 1; data->port = 0; + data->http_version = -1; data->headers = NULL; data->method = NULL; data->url = NULL; @@ -535,6 +536,7 @@ dst->body_len = src->body_len; dst->empty = src->empty; dst->port = src->port; + dst->http_version = src->http_version; if (src->headers) dst->headers = hlist_dup(src->headers); @@ -584,6 +586,7 @@ data->body_len = 0; data->empty = 1; data->port = 0; + data->http_version = -1; if (data->headers) hlist_free(data->headers); if (data->method) free(data->method); @@ -623,6 +626,7 @@ if (data->http) free(data->http); if (data->msg) free(data->msg); if (data->body) free(data->body); + memset(data, 0, sizeof(struct rr_data_s)); free(data); } Index: forward.c =================================================================== --- forward.c (revision 305) +++ forward.c (revision 306) @@ -188,6 +188,7 @@ if (debug) { printf("\nSending PROXY auth request...\n"); + printf("HEAD: %s %s %s\n", auth->method, auth->url, auth->http); hlist_dump(auth->headers); } @@ -316,7 +317,7 @@ * request is NOT freed */ rr_data_t forward_request(void *thread_data, rr_data_t request) { - int i, w, loop, plugin, retry = 0; + int i, loop, plugin, retry = 0; int *rsocket[2], *wsocket[2]; rr_data_t data[2], rc = NULL; hlist_t tl; @@ -368,7 +369,7 @@ sd = proxy_connect(tcreds); if (sd <= 0) { tmp = gen_502_page(request->http, "Parent proxy unreacheable"); - w = write(cd, tmp, strlen(tmp)); + i = write(cd, tmp, strlen(tmp)); free(tmp); rc = (void *)-1; goto bailout; @@ -446,7 +447,9 @@ && strcasecmp(hostname, data[0]->hostname)) { if (debug) printf("\n******* F RETURN: %s *******\n", data[0]->url); - if (authok) + if (authok && data[0]->http_version >= 11 + && (hlist_subcmp(data[0]->headers, "Proxy-Connection", "keep-alive") + || hlist_subcmp(data[0]->headers, "Connection", "keep-alive"))) proxy_alive = 1; rc = dup_rr_data(data[0]); @@ -465,7 +468,7 @@ /* * Modify request headers. * - * Try to request keep-alive for every connection. We keep them in a pool + * Try to request keep-alive for every client supporting HTTP/1.1+. We keep them in a pool * for future reuse. */ if (loop == 0 && data[0]->req) { @@ -474,13 +477,14 @@ */ if (http_parse_basic(data[loop]->headers, "Proxy-Authorization", tcreds) > 0) { if (debug) - printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n", tcreds->domain, tcreds->user, tcreds->workstation); + printf("NTLM-to-basic: Credentials parsed: %s\\%s at %s\n", + tcreds->domain, tcreds->user, tcreds->workstation); } else if (ntlmbasic) { if (debug) printf("NTLM-to-basic: Returning client auth request.\n"); tmp = gen_407_page(data[loop]->http); - w = write(cd, tmp, strlen(tmp)); + i = write(cd, tmp, strlen(tmp)); free(tmp); free_rr_data(data[0]); @@ -499,13 +503,14 @@ } /* - * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might - * cause some ISAs to deny us, even if the connection is already auth'd. + * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) */ - data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); + if (data[0]->http_version >= 11) + data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); /* - * Remove all Proxy-Authorization headers from client + * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might + * cause some ISAs to deny us, even if the connection is already auth'd. */ while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); @@ -623,8 +628,10 @@ if (plugin & PLUG_SENDHEAD) { if (debug) { printf("Sending headers (%d)...\n", *wsocket[loop]); - if (loop == 0) + if (loop == 0) { + printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http); hlist_dump(data[loop]->headers); + } } /* @@ -672,8 +679,14 @@ * This way, we also tell our caller that proxy keep-alive is impossible. */ if (loop == 1) { - proxy_alive = hlist_subcmp(data[loop]->headers, "Proxy-Connection", "keep-alive"); - if (!proxy_alive) { + proxy_alive = hlist_subcmp(data[1]->headers, "Proxy-Connection", "keep-alive") + && data[0]->http_version >= 11; + if (proxy_alive) { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); + } else { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); if (debug) printf("PROXY CLOSING CONNECTION\n"); rc = (void *)-1; Index: utils.h =================================================================== --- utils.h (revision 305) +++ utils.h (revision 306) @@ -89,6 +89,7 @@ int body_len; int empty; int port; + int http_version; char *method; char *url; char *rel_url; Index: http.c =================================================================== --- http.c (revision 305) +++ http.c (revision 306) @@ -84,7 +84,7 @@ */ int headers_recv(int fd, rr_data_t data) { int i, bsize; - int len; + int len, is_http = 0; char *buf; char *tok, *s3 = 0; char *orig = NULL; @@ -108,12 +108,22 @@ orig = strdup(buf); len = strlen(buf); tok = strtok_r(buf, " ", &s3); - if (tok && (!strncasecmp(buf, "HTTP/", 5) || !strncasecmp(tok, "ICY", 3))) { + if (tok && ((is_http = !strncasecmp(tok, "HTTP/", 5)) || !strncasecmp(tok, "ICY", 3))) { data->req = 0; data->empty = 0; data->http = strdup(tok); data->msg = NULL; + /* + * Let's find out the numeric version of the HTTP version: 09, 10, 11. + * Set to -1 if header is misformatted. + */ + if (is_http && (tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { + data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); + } else { + data->http_version = -1; + } + tok = strtok_r(NULL, " ", &s3); if (tok) { ccode = strdup(tok); @@ -156,6 +166,16 @@ goto bailout; } + /* + * Let's find out the numeric version of the HTTP version: 09, 10, 11. + * Set to -1 if header is misformatted. + */ + if ((tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { + data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); + } else { + data->http_version = -1; + } + if ((tok = strstr(data->url, "://"))) { tok += 3; } else { @@ -367,7 +387,7 @@ */ int chunked_data_send(int dst, int src) { char *buf; - int bsize; + int bsize, len; int i, w, csize; char *err = NULL; @@ -408,11 +428,14 @@ } while (csize != 0); /* Take care of possible trailer */ + w = len = i = 0; do { i = so_recvln(src, &buf, &bsize); - if (dst >= 0 && i > 0) - w = write(dst, buf, strlen(buf)); - } while (i > 0 && buf[0] != '\r' && buf[0] != '\n'); + if (dst >= 0 && i > 0) { + len = strlen(buf); + w = write(dst, buf, len); + } + } while (w == len && i > 0 && buf[0] != '\r' && buf[0] != '\n'); free(buf); return 1; Index: direct.c =================================================================== --- direct.c (revision 305) +++ direct.c (revision 306) @@ -198,6 +198,8 @@ syslog(LOG_WARNING, "Connection failed for %s:%d (%s)", request->hostname, request->port, strerror(errno)); tmp = gen_502_page(request->http, strerror(errno)); w = write(cd, tmp, strlen(tmp)); + // We don't really care about the result - shut up GCC warning (unused-but-set-variable) + if (!w) w = 1; free(tmp); rc = (void *)-1; @@ -282,10 +284,21 @@ data[0]->url = strdup(data[0]->rel_url); } - data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); - data[0]->headers = hlist_del(data[0]->headers, "Proxy-Authorization"); + /* + * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) + */ + if (data[0]->http_version >= 11) + data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); /* + * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might + * cause some ISAs to deny us, even if the connection is already auth'd. + */ + while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { + data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); + } + + /* * Try to get auth from client if present */ if (http_parse_basic(data[0]->headers, "Authorization", tcreds) > 0 && debug) @@ -373,18 +386,25 @@ */ if (loop == 1) { conn_alive = !hlist_subcmp(data[1]->headers, "Connection", "close") - && http_has_body(data[0], data[1]) != -1; + && http_has_body(data[0], data[1]) != -1 + && data[0]->http_version >= 11; if (conn_alive) { data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); } else { data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); rc = (void *)-1; } } - if (debug) + if (debug) { printf("Sending headers (%d)...\n", *wsocket[loop]); + if (loop == 0) { + printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http); + hlist_dump(data[loop]->headers); + } + } /* * Send headers Index: main.c =================================================================== --- main.c (revision 305) +++ main.c (revision 306) @@ -462,6 +462,8 @@ bs[0] = 5; bs[1] = 0xFF; w = write(cd, bs, 2); + // We don't really care about the result - shut up GCC warning (unused-but-set-variable) + if (!w) w = 1; goto bailout; } else { bs[0] = 5; @@ -1400,6 +1402,8 @@ * If we fail, exit with error. */ if (strlen(cpidfile)) { + int len; + umask(0); cd = open(cpidfile, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (cd < 0) { @@ -1409,7 +1413,11 @@ tmp = new(50); snprintf(tmp, 50, "%d\n", getpid()); - w = write(cd, tmp, strlen(tmp)); + w = write(cd, tmp, (len = strlen(tmp))); + if (w != len) { + syslog(LOG_ERR, "Error writing to the PID file\n"); + myexit(1); + } free(tmp); close(cd); } @@ -1517,6 +1525,8 @@ inet_ntoa(caddr.sin_addr), ntohs(caddr.sin_port)); tmp = gen_denied_page(inet_ntoa(caddr.sin_addr)); w = write(cd, tmp, strlen(tmp)); + // We don't really care about the result - shut up GCC warning (unused-but-set-variable) + if (!w) w = 1; free(tmp); close(cd); continue; Index: scanner.c =================================================================== --- scanner.c (revision 305) +++ scanner.c (revision 306) @@ -153,6 +153,8 @@ tmp = new(MINIBUF_SIZE); snprintf(tmp, MINIBUF_SIZE, "%s 200 OK\r\n", request->http); w = write(cd, tmp, strlen(tmp)); + // We don't really care about the result - shut up GCC warning (unused-but-set-variable) + if (!w) w = 1; free(tmp); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor