From patchwork Mon Jan 22 09:21:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3583 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2802:b0:101:b91e:57cc with SMTP id hj2csp2461351dyb; Mon, 22 Jan 2024 01:22:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHOdiG/q4c0LmyF80FQNnZFSf/9t51d3D/aHALQwNjRqVTYrWWYneuUY8p3Zqs2kJ7cpXO X-Received: by 2002:a17:903:543:b0:1d7:3adf:b121 with SMTP id jo3-20020a170903054300b001d73adfb121mr5467912plb.5.1705915325492; Mon, 22 Jan 2024 01:22:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705915325; cv=none; d=google.com; s=arc-20160816; b=pBN7viODmpWNpG1Zsl24q8/pJcriuuu74gBpePe5vrLKoZ/5bLAT2LUNONapMMVn42 iFwrKyfQkzvoe1DcqR+KUucX9gtCWvG9nGah2CUu91xrdhJxxWIo8uCr7c0SJqKEFlzL /Nx1TV3pTRpUDqp8KQ3YTqxLfJe/+66z1aZdpj7gvCJYE6WAUIWobZ+cfed5iXOhcbGz RwzMGD+Bdxc+ctrjWFqcZghtY3qnhJ0ZoiHiHFoIu/xKjqGJbpk6ggPj/xBsp/IQsN71 3l9welsK6jyzP1vqO4xWD9s8pWyINLkYODrlnj84Z6kPGffpHtvM4n8fvhUvflWGUlPv Qklg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=jkZpRLjqxH43eenZlWAVAT2xGFfNt3cCdziEcCFbk3s=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=uL15ogxPPcISSSDUFq1OnIQdh2RG9dW9IIYTpGp2ODfCqAfXvM91O9V1iydPcCadwn oJS/gwZBcGraovu+D0hI91+izgsLtoMnzD7dbFLSOP9XSkWVjMgnVdEz2uP0wR3ji9Hp ejhJokVr70iY/KFMjiSkmhYBq+1U0sii/uGMgK0WH1PSrD41D479RvxE8lOFTEO765st +0RSy9LGXuLd1LI5TJ7SrpaJ3uiJay7FBSjJZoEstH8Gc1U33r89v6yLp6SNyfW7g2jv V52dV3knVS47X9rvThoAT3xSVtF6V0gxr68dSMQ/tX/7/0aoDiSWHxi4QdST0ND4i+RC j9OQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GQ4wcpA3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=F5bMJ6cM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d9-20020a170902b70900b001d73245636asi3430025pls.4.2024.01.22.01.22.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jan 2024 01:22:05 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GQ4wcpA3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=F5bMJ6cM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rRqUs-0003wQ-Be; Mon, 22 Jan 2024 09:21:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rRqUq-0003wK-Tu for openvpn-devel@lists.sourceforge.net; Mon, 22 Jan 2024 09:21:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=hZ8e45xmhMOSJIvrTfeAVxHURhTTQttVSkY4q5k6AYg=; b=GQ4wcpA3k64rABcGoJaqLcR22m f1o0VNVW2nOFQcuWJnsy8eubOzaDJZZPYILRdY0MX2E9rNoRFVvRq1PFQwaAQUI5WLWomEcfgCyJe rPhdg4itSe5uoPC8mnbHSdDpaEiWzfBXnLCossg0eFSot+rXCHDGL9J+3kNL2h8+lt28=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=hZ8e45xmhMOSJIvrTfeAVxHURhTTQttVSkY4q5k6AYg=; b=F5bMJ6cM535yCsFM2EKnjPC08A m05E7IktoQK8LxuL2wI7w9bbe+an7dv/1+WRBoJw34s0vrJUYjM5Kg7fL1AJ9fs/NS5A6uroLXkc/ kRHuWEpnBVAwzodhz6g+L0DqWW6PM8TUqExgJ2c4+yGTP7sXHhdu8lJ79woYePhGdMA8=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rRqUo-0003cu-PG for openvpn-devel@lists.sourceforge.net; Mon, 22 Jan 2024 09:21:37 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 40M9LNs9008601 for ; Mon, 22 Jan 2024 10:21:23 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 40M9LNIQ008600 for openvpn-devel@lists.sourceforge.net; Mon, 22 Jan 2024 10:21:23 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 22 Jan 2024 10:21:22 +0100 Message-ID: <20240122092122.8591-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Previously, when using a third argument to --http-proxy other than auto/auto-nct, order did matter between --http-proxy and --http-proxy-user-pass. Always prefer --http-proxy-user-pass when given. Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rRqUo-0003cu-PG Subject: [Openvpn-devel] [PATCH v1] --http-proxy-user-pass: allow to specify in either order with --http-proxy X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1788781868340239985?= X-GMAIL-MSGID: =?utf-8?q?1788781868340239985?= From: Frank Lichtenheld Previously, when using a third argument to --http-proxy other than auto/auto-nct, order did matter between --http-proxy and --http-proxy-user-pass. Always prefer --http-proxy-user-pass when given. Change-Id: I6f402db2fb73f1206fbc1139c47d2bf4378376fa Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/499 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/options.c b/src/openvpn/options.c index f54f276..e393511 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1649,6 +1649,8 @@ SHOW_STR(port); SHOW_STR(auth_method_string); SHOW_STR(auth_file); + SHOW_STR(auth_file_up); + SHOW_BOOL(inline_creds); SHOW_STR(http_version); SHOW_STR(user_agent); for (i = 0; i < MAX_CUSTOM_HTTP_HEADER && o->custom_headers[i].name; i++) @@ -6824,7 +6826,7 @@ struct http_proxy_options *ho; VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INLINE); ho = init_http_proxy_options_once(&options->ce.http_proxy_options, &options->gc); - ho->auth_file = p[1]; + ho->auth_file_up = p[1]; ho->inline_creds = is_inline; } else if (streq(p[0], "http-proxy-retry") || streq(p[0], "socks-proxy-retry")) diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index e081532..e2324f4 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -271,6 +271,11 @@ if (!static_proxy_user_pass.defined) { unsigned int flags = GET_USER_PASS_MANAGEMENT; + const char *auth_file = p->options.auth_file; + if (p->options.auth_file_up) + { + auth_file = p->options.auth_file_up; + } if (p->queried_creds) { flags |= GET_USER_PASS_PREVIOUS_CREDS_FAILED; @@ -280,7 +285,7 @@ flags |= GET_USER_PASS_INLINE_CREDS; } get_user_pass(&static_proxy_user_pass, - p->options.auth_file, + auth_file, UP_TYPE_PROXY, flags); p->queried_creds = true; diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h index 7900244..4e78772 100644 --- a/src/openvpn/proxy.h +++ b/src/openvpn/proxy.h @@ -52,10 +52,11 @@ const char *auth_method_string; const char *auth_file; + const char *auth_file_up; /* specified with --http-proxy-user-pass */ const char *http_version; const char *user_agent; struct http_custom_header custom_headers[MAX_CUSTOM_HTTP_HEADER]; - bool inline_creds; + bool inline_creds; /* auth_file_up is inline credentials */ }; struct http_proxy_options_simple {