cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: proxy question

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Wed, 11 Feb 2009 23:25:57 -0000

"Daniel Stenberg" <daniel_at_haxx.se> wrote in message
news:alpine.DEB.1.10.0902110727470.15753_at_yvahk2.pbagnpgbe.fr...
> On Tue, 10 Feb 2009, Markus Moeller wrote:
>
>> If I use curl with a proxy and the proxy name is a round robin address in
>> which structure is the ip address of the procy connection stored ?
>
> Internally, libcurl makes no real difference if the resolved host is a
> round robin or not, nor does it care much if the resolve is done for a
> host or a proxy. The address is stored in the 'connectdata' struct (and in
> the DNS cache). Since it is the only connection and only resolve for that
> transfer.
>
> The effect of course is that a round robin host will get "stuck" on the
> particular address libcurl resolved until it (the proxy) has been kicked
> out of the connection cache and the DNS cache.
>
> Did it answer the question?
>

yes it did and here is a patch against latest cvs to allow gssapi
authentication with a roundrobin proxy name.

--- http_negotiate.c 2009-02-11 23:18:55.000000000 +0000
+++ http_negotiate_new.c 2009-02-11 23:18:09.000000000 +0000
@@ -70,6 +70,8 @@
   gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
   char name[2048];
   const char* service;
+ char rname[NI_MAXHOST];
+ int rc;

   /* GSSAPI implementation by Globus (known as GSI) requires the name to be
      of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash
instead
@@ -83,13 +85,23 @@
   else
     service = "HTTP";

- token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
- conn->host.name) + 1;
+ rc = getnameinfo((struct sockaddr *)conn->ip_addr->ai_addr,
+ conn->ip_addr->ai_addrlen, rname,
+ sizeof(rname), NULL,
+ 0, NI_NAMEREQD);
+ if (rc) {
+ failf(data, "getnameinfo() returned %d", rc);
+ return CURLE_COULDNT_CONNECT;
+ }
+ if (strcmp(rname,proxy ? conn->proxy.name : conn->host.name))
+ infof(data, "Server's real hostname is %s not %s\n",
+ rname,proxy ? conn->proxy.name : conn->host.name);
+
+ token.length = strlen(service) + 1 + strlen(rname) + 1;
   if(token.length + 1 > sizeof(name))
     return EMSGSIZE;

- snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
- conn->host.name);
+ snprintf(name, sizeof(name), "%s@%s", service, rname);

   token.value = (void *) name;
   major_status = gss_import_name(&minor_status,
--- socks_gssapi.c 2009-02-11 23:18:55.000000000 +0000
+++ socks_gssapi_new.c 2009-02-11 23:18:30.000000000 +0000
@@ -140,6 +140,8 @@
   char *user=NULL;
   unsigned char socksreq[4]; /* room for gssapi exchange header only */
   char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ char rproxy_name[NI_MAXHOST];
+ int rc;

   /* get timeout */
   timeout = Curl_timeleft(conn, NULL, TRUE);
@@ -152,6 +154,18 @@
    * +----+------+-----+----------------+
    */

+ rc = getnameinfo((struct sockaddr *)conn->ip_addr->ai_addr,
+ conn->ip_addr->ai_addrlen, rproxy_name,
+ sizeof(rproxy_name), NULL,
+ 0, NI_NAMEREQD);
+ if (rc) {
+ failf(data, "getnameinfo() returned %d", rc);
+ return CURLE_COULDNT_CONNECT;
+ }
+ if (strcmp(rproxy_name,conn->proxy.name))
+ infof(data, "SOCKS5 server's real hostname is %s not %s\n",
+ rproxy_name,conn->proxy.name);
+
   /* prepare service name */
   if (strchr(serviceptr,'/')) {
     service.value = malloc(strlen(serviceptr));
--- socks_sspi.c 2009-02-11 23:18:56.000000000 +0000
+++ socks_sspi_new.c 2009-02-11 23:18:19.000000000 +0000
@@ -184,6 +184,8 @@
   ULONG qop;
   unsigned char socksreq[4]; /* room for gssapi exchange header only */
   char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ char rproxy_name[NI_MAXHOST];
+ int rc;

   /* get timeout */
   timeout = Curl_timeleft(conn, NULL, TRUE);
@@ -196,6 +198,18 @@
    * +----+------+-----+----------------+
    */

+ rc = getnameinfo((struct sockaddr *)conn->ip_addr->ai_addr,
+ conn->ip_addr->ai_addrlen, rproxy_name,
+ sizeof(rproxy_name), NULL,
+ 0, NI_NAMEREQD);
+ if (rc) {
+ failf(data, "getnameinfo() returned %d", rc);
+ return CURLE_COULDNT_CONNECT;
+ }
+ if (strcmp(rproxy_name,conn->proxy.name))
+ infof(data, "SOCKS5 server's real hostname is %s not %s\n",
+ rproxy_name,conn->proxy.name);
+
   /* prepare service name */
   if (strchr(service, '/')) {
     service_name = malloc(strlen(service));
@@ -204,11 +218,11 @@
     memcpy(service_name, service, strlen(service));
   }
   else {
- service_name = malloc(strlen(service) + strlen(conn->proxy.name) + 2);
+ service_name = malloc(strlen(service) + strlen(rproxy_name) + 2);
     if(!service_name)
       return CURLE_OUT_OF_MEMORY;
- _snprintf(service_name,strlen(service)
+strlen(conn->proxy.name)+2,"%s/%s",
- service,conn->proxy.name);
+ _snprintf(service_name,strlen(service) +strlen(rproxy_name)+2,"%s/%s",
+ service,rproxy_name);
   }

   input_desc.cBuffers = 1;

> --
>
> / daniel.haxx.se
>

Regards
Markus
Received on 2009-02-12