setup.exe to use Proxy-Authenticate other than Basic

setup.exe to use Proxy-Authenticate other than Basic

[Stephen More]

It appears that the cygwin setup.exe only works for Proxy-Authenticate: Basic.

Are there any plans to code for any of the following:
   Proxy-Authenticate: NTLM
   Proxy-Authenticate: Kerberos
   Proxy-Authenticate: Negotiate

I know for a fact that firefox currently implements the Proxy-Authenticate: NTLM

-Thanks
Steve More

RE: setup.exe to use Proxy-Authenticate other than Basic

[Dave Korn]

On 19 December 2006 14:07, Stephen More wrote:

> It appears that the cygwin setup.exe only works for Proxy-Authenticate:
> Basic. 
> 
> Are there any plans to code for any of the following:
>    Proxy-Authenticate: NTLM
>    Proxy-Authenticate: Kerberos
>    Proxy-Authenticate: Negotiate

  Not AFAIK.  I'm afraid it's a case of http://cygwin.com/acronyms#SHTDI.
 

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Re: setup.exe to use Proxy-Authenticate other than Basic

[Stephen More]

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

On 12/19/06, Dave Korn <dave.korn@artimi.com> wrote:
>   Not AFAIK.  I'm afraid it's a case of http://cygwin.com/acronyms#SHTDI.

OK, here is a start. As they say, a job started is a job half done.

I am having problems getting at CVS using cvsgrab, so I had to use the snapshot.

-Steve More

[-- Attachment #2: setup.diff --]
[-- Type: application/octet-stream, Size: 4133 bytes --]

Only in setup-0.wip: .deps
Only in setup-0.wip: Makefile
Common subdirectories: setup-0/cfgaux and setup-0.wip/cfgaux
Only in setup-0.wip: config.cache
Only in setup-0.wip: config.log
Only in setup-0.wip: config.status
Common subdirectories: setup-0/csu_util and setup-0.wip/csu_util
Common subdirectories: setup-0/libgetopt++ and setup-0.wip/libgetopt++
Common subdirectories: setup-0/libmd5-rfc and setup-0.wip/libmd5-rfc
Only in setup-0.wip: libtool
diff -up setup-0/netio.cc setup-0.wip/netio.cc
--- setup-0/netio.cc	2005-05-04 10:52:34.000000000 -0400
+++ setup-0.wip/netio.cc	2006-12-27 11:32:14.340466600 -0500
@@ -50,6 +50,12 @@ char *NetIO::net_proxy_passwd;
 char *NetIO::net_ftp_user;
 char *NetIO::net_ftp_passwd;
 
+bool NetIO::basic = false;
+bool NetIO::ntlm = false;
+bool NetIO::kerberos = false;
+bool NetIO::negotiate = false;
+
+
 NetIO::NetIO (char const *Purl)
 {
   set_url (Purl);
diff -up setup-0/netio.h setup-0.wip/netio.h
--- setup-0/netio.h	2005-05-04 10:52:34.000000000 -0400
+++ setup-0.wip/netio.h	2006-12-27 11:31:42.953056000 -0500
@@ -35,6 +35,10 @@ protected:
   static char *net_ftp_user;
   static char *net_ftp_passwd;
 
+  static bool basic;
+  static bool ntlm;
+  static bool kerberos;
+  static bool negotiate;
 
 public:
   /* if nonzero, this is the estimated total file size */
diff -up setup-0/nio-http.cc setup-0.wip/nio-http.cc
--- setup-0/nio-http.cc	2006-04-25 23:25:28.000000000 -0400
+++ setup-0.wip/nio-http.cc	2006-12-27 11:18:33.705758200 -0500
@@ -38,6 +38,8 @@ static const char *cvsid =
 #define _strnicmp strncasecmp
 #endif
 
+#include "LogSingleton.h"
+
 static char six2pr[64] = {
   'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
   'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
@@ -122,11 +124,11 @@ retry_get:
   else
     s->printf ("Host: %s:%d\r\n", host, port);
 
-  if (net_user && net_passwd)
+  if (net_user && net_passwd && basic)
     s->printf ("Authorization: Basic %s\r\n",
 	       base64_encode (net_user, net_passwd));
 
-  if (net_proxy_user && net_proxy_passwd)
+  if (net_proxy_user && net_proxy_passwd && basic)
     s->printf ("Proxy-Authorization: Basic %s\r\n",
 	       base64_encode (net_proxy_user, net_proxy_passwd));
 
@@ -139,6 +141,9 @@ retry_get:
   if (!l)
     return;
   sscanf (l, "%*s %d", &code);
+
+  log (LOG_PLAIN) << "HTTP Error Code: " << code << endLog;
+
   if (code >= 300 && code < 400)
     {
       while ((l = s->gets ()) != 0)
@@ -165,10 +170,40 @@ retry_get:
     }
   if (code == 407)		/* proxy authorization required */
     {
-      get_proxy_auth (NULL);
-      delete
-	s;
-      goto retry_get;
+
+	// Eat the header, picking out the Proxy-Authenticate in the process
+        while (((l = s->gets ()) != NULL) && (*l != '\0'))
+        {
+              if (_strnicmp (l, "Proxy-Authenticate: Basic", 25) == 0)
+                  basic = true;
+	      else if (_strnicmp (l, "Proxy-Authenticate: NTLM", 24) == 0)
+		  ntlm = true;
+	      else if (_strnicmp (l, "Proxy-Authenticate: Kerberos", 28) == 0)
+		  kerberos = true;
+              else if (_strnicmp (l, "Proxy-Authenticate: Negotiate", 29) == 0)
+		  negotiate = true;
+        }
+
+	log (LOG_BABBLE) << "Basic allowed " << basic << endLog;
+        log (LOG_BABBLE) << "NTLM allowed " << ntlm << endLog;
+        log (LOG_BABBLE) << "Kerberos allowed: " << kerberos << endLog;
+        log (LOG_BABBLE) << "Negotiate allowed: " << negotiate << endLog;
+	
+	delete
+          s;
+
+	if( basic )
+	{
+	      get_proxy_auth (NULL);
+	      goto retry_get;
+	}
+
+	// Other Proxy-Authenticate methods currently not supported
+	log (LOG_PLAIN) << "Sorry, only Proxy-Authenticate: Basic is currently implemented." << endLog;
+
+        s = NULL;
+	return;
+	
     }
   if (code == 500		/* ftp authentication through proxy required */
       && net_method == IDC_NET_PROXY && !strncmp (Purl, "ftp://", 6))
@@ -210,6 +245,8 @@ NetIO_HTTP::ok ()
 {
   if (s && s->ok ())
     return 1;
+
+  log (LOG_PLAIN) << "NetIO_HTTP is not ok" << endLog;
   return 0;
 }
 
Common subdirectories: setup-0/tests and setup-0.wip/tests

[-- Attachment #3: ChangeLog --]
[-- Type: application/octet-stream, Size: 275 bytes --]

2006-12-27  Stephen More  <stephen.more@gmail.com>

        * netio.cc (basic, ntlm, kerberos, negotiate): Added fields. 
	* netio.h (basic, ntlm, kerberos, negotiate): Added fields.
        * nio-http.cc (NetIO_HTTP::NetIO_HTTP): Added logging for non-implemented proxies.