diff -Nru cntlm-0.91~rc6/Makefile cntlm-0.92.3/Makefile --- cntlm-0.91~rc6/Makefile 2010-04-29 11:18:58.000000000 +0000 +++ cntlm-0.92.3/Makefile 2012-03-02 13:18:35.000000000 +0000 @@ -15,12 +15,17 @@ NAME=cntlm CC=gcc VER=`cat VERSION` -OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o forward.o direct.o scanner.o pages.o main.o -CFLAGS=$(FLAGS) -std=c99 -Wall -pedantic -O3 -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -DVERSION=\"`cat VERSION`\" -g +CFLAGS+=$(FLAGS) -std=c99 -Wall -Wno-unused-but-set-variable -pedantic -O3 -D__BSD_VISIBLE -D_ALL_SOURCE -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112 -D_ISOC99_SOURCE -D_REENTRANT -D_BSD_SOURCE -DVERSION=\"`cat VERSION`\" OS=$(shell uname -s) OSLDFLAGS=$(shell [ $(OS) = "SunOS" ] && echo "-lrt -lsocket -lnsl") LDFLAGS:=-lpthread $(OSLDFLAGS) +ifeq ($(findstring CYGWIN,$(OS)),) + OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o forward.o direct.o scanner.o pages.o main.o +else + OBJS=utils.o ntlm.o xcrypt.o config.o socket.o acl.o auth.o http.o forward.o direct.o scanner.o pages.o main.o win/resources.o +endif + $(NAME): configure-stamp $(OBJS) @echo "Linking $@" @$(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS) @@ -38,11 +43,16 @@ @$(CC) $(CFLAGS) -c -o $@ $< install: $(NAME) - # AIX? - if [ -f /usr/bin/oslevel ]; then \ + # Special handling for install(1) + if [ "`uname -s`" = "AIX" ]; then \ install -M 755 -S -f $(BINDIR) $(NAME); \ install -M 644 -f $(MANDIR)/man1 doc/$(NAME).1; \ install -M 600 -c $(SYSCONFDIR) doc/$(NAME).conf; \ + elif [ "`uname -s`" = "Darwin" ]; then \ + install -d -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ + install -d -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ + [ -f $(SYSCONFDIR)/$(NAME).conf -o -z "$(SYSCONFDIR)" ] \ + || install -d -m 600 doc/$(NAME).conf $(SYSCONFDIR)/$(NAME).conf; \ else \ install -D -m 755 -s $(NAME) $(BINDIR)/$(NAME); \ install -D -m 644 doc/$(NAME).1 $(MANDIR)/man1/$(NAME).1; \ @@ -101,20 +111,27 @@ cat doc/cntlm.conf | unix2dos > win/cntlm.ini cat COPYRIGHT LICENSE | unix2dos > win/license.txt sed "s/\$$VERSION/$(VER)/g" win/setup.iss.in > win/setup.iss - cp /bin/cygwin1.dll /bin/cygrunsrv.exe win/ + cp /bin/cygwin1.dll /bin/cyggcc_s-1.dll /bin/cygrunsrv.exe win/ cp cntlm.exe win/ strip win/cntlm.exe + ln -s win $(NAME)-$(VER) + zip -9 $(NAME)-$(VER).zip $(NAME)-$(VER)/cntlm.exe $(NAME)-$(VER)/cyggcc_s-1.dll $(NAME)-$(VER)/cygwin1.dll $(NAME)-$(VER)/cygrunsrv.exe $(NAME)-$(VER)/cntlm.ini $(NAME)-$(VER)/README.txt $(NAME)-$(VER)/license.txt + rm -f $(NAME)-$(VER) @echo @echo Now open folder "win", right-click "setup.iss", then "Compile". @echo InnoSetup will generate a new installer cntlm-X.XX-setup.exe @echo +win/resources.o: win/resources.rc + @echo Adding EXE resources + @windres $^ -o $@ + uninstall: rm -f $(BINDIR)/$(NAME) $(MANDIR)/man1/$(NAME).1 2>/dev/null || true clean: @rm -f *.o cntlm cntlm.exe configure-stamp build-stamp config/config.h 2>/dev/null - @rm -f win/*.exe win/*.dll win/*.iss win/*.pdf win/cntlm.ini win/license.txt 2>/dev/null + @rm -f win/*.exe win/*.dll win/*.iss win/*.pdf win/cntlm.ini win/license.txt win/resouces.o 2>/dev/null @rm -f config/endian config/gethostname config/strdup config/socklen_t config/*.exe @if [ -h Makefile ]; then rm -f Makefile; mv Makefile.gcc Makefile; fi diff -Nru cntlm-0.91~rc6/VERSION cntlm-0.92.3/VERSION --- cntlm-0.91~rc6/VERSION 2010-04-30 21:02:02.000000000 +0000 +++ cntlm-0.92.3/VERSION 2012-03-07 13:08:52.000000000 +0000 @@ -1 +1 @@ -0.91rc6 +0.92.3 diff -Nru cntlm-0.91~rc6/configure cntlm-0.92.3/configure --- cntlm-0.91~rc6/configure 2008-07-08 13:08:46.000000000 +0000 +++ cntlm-0.92.3/configure 2010-05-07 08:12:26.000000000 +0000 @@ -16,7 +16,7 @@ # Look for supported compilers # for c in $CCS; do - if CCPATH=`which $c 2>&1` && [ `expr substr "$CCPATH" 1 1` = "/" ]; then + if CCPATH=`which $c 2>&1` && [ -z "${CCPATH%%/*}" ]; then CC="$c" break fi diff -Nru cntlm-0.91~rc6/debian/changelog cntlm-0.92.3/debian/changelog --- cntlm-0.91~rc6/debian/changelog 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/debian/changelog 2012-09-04 22:00:12.000000000 +0000 @@ -1,3 +1,29 @@ +cntlm (0.92.3-0ubuntu0.1) precise-proposed; urgency=low + + * Backport 0.92.3-1ubuntu1 to Precise as an SRU (LP: #1009436): + - Properly handle non-HTTP/1.1 keep-alive (LP: #1009436, #257210) + - Support SHOUTcast (ICY) internet radio protocol (LP: #659809) + - Fix error when downloading files >2GB (LP: #1031670) + - Resolve proxy hostname on demand, not at startup (LP: #825593) + + -- Graham Inggs Wed, 29 Aug 2012 16:26:00 +0200 + +cntlm (0.92.3-1ubuntu1) quantal; urgency=low + + * Cherry-pick r306 from 0.93 to properly handle non-HTTP/1.1 keep-alive + (LP: #1009436) + + -- Graham Inggs Wed, 01 Aug 2012 23:04:45 +0200 + +cntlm (0.92.3-1) unstable; urgency=low + + * New upstream release. Closes: #652725, #588920. + * Fix Init script error, thanks Martijn. Closes: #588683. + * Correct spellings in man page. + * Update Standards Version, no changes needed. + + -- David Watson Fri, 27 Apr 2012 15:08:17 +0100 + cntlm (0.91~rc6-0ubuntu2.12.04.1) precise-proposed; urgency=low * Cherry-pick r273 from 0.92 to fix a lockup with git clones over HTTPS. diff -Nru cntlm-0.91~rc6/debian/cntlm.if-up cntlm-0.92.3/debian/cntlm.if-up --- cntlm-0.91~rc6/debian/cntlm.if-up 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/debian/cntlm.if-up 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -#!/bin/sh -# In case we couldn't start earlier because the necessary interface wasn't up, -# try and start again now. LP: #358298 -set -e - -# ... but, first of all, let's check whether cntlm is enabled in this runlevel -# LP: #733537 -level=`runlevel | cut -d" " -f2` -if [ -e /etc/rc${level}.d/S??cntlm ]; then - invoke-rc.d --quiet cntlm start >/dev/null 2>&1 || true -fi diff -Nru cntlm-0.91~rc6/debian/cntlm.init cntlm-0.92.3/debian/cntlm.init --- cntlm-0.91~rc6/debian/cntlm.init 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/debian/cntlm.init 2012-09-04 22:00:12.000000000 +0000 @@ -2,8 +2,8 @@ # ### BEGIN INIT INFO # Provides: cntlm -# Required-Start: $syslog $time -# Required-Stop: $syslog $time +# Required-Start: $remote_fs $syslog $time $network +# Required-Stop: $remote_fs $syslog $time $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Authenticating HTTP accelerator for NTLM secured proxies @@ -32,6 +32,9 @@ test -x $DAEMON || exit 0 +. /lib/lsb/init-functions +test -r /etc/default/rcS && . /etc/default/rcS + # Include custom values if available if [ -f /etc/default/cntlm ] ; then . /etc/default/cntlm @@ -59,7 +62,7 @@ stop() { echo -n "Stopping $DESC: " - start-stop-daemon --oknodo --quiet --stop --retry -HUP/$TIMEOUT/-HUP/2/-KILL --pidfile $PIDFILE --name $NAME 2>/dev/null + start-stop-daemon --oknodo --quiet --stop --retry -HUP/$TIMEOUT/-HUP/2/forever/-KILL --pidfile $PIDFILE --name $NAME if [ $? -eq 0 ]; then echo "$NAME." else @@ -78,8 +81,11 @@ stop start ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; *) - echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2 exit 2 ;; esac diff -Nru cntlm-0.91~rc6/debian/control cntlm-0.92.3/debian/control --- cntlm-0.91~rc6/debian/control 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/debian/control 2012-09-04 22:00:12.000000000 +0000 @@ -1,10 +1,9 @@ Source: cntlm Section: net Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: David Watson -Build-Depends: debhelper (>= 5.0.44~) -Standards-Version: 3.8.3 +Maintainer: David Watson +Build-Depends: debhelper (>= 5) +Standards-Version: 3.9.3 Vcs-Git: git://planetwatson.co.uk/cntlm Vcs-Browser: http://projects.planetwatson.co.uk/repositories/show/cntlm Homepage: http://cntlm.sourceforge.net/ diff -Nru cntlm-0.91~rc6/debian/rules cntlm-0.92.3/debian/rules --- cntlm-0.91~rc6/debian/rules 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/debian/rules 2012-09-04 22:00:12.000000000 +0000 @@ -22,7 +22,9 @@ ./configure touch configure-stamp -build: build-stamp +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp build-stamp: configure-stamp dh_testdir @@ -65,7 +67,6 @@ cp debian/lintian-override debian/cntlm/usr/share/lintian/overrides/cntlm dh_installdebconf dh_installinit -n - dh_installifupdown dh_installman doc/cntlm.1 dh_link dh_strip diff -Nru cntlm-0.91~rc6/debian/source/format cntlm-0.92.3/debian/source/format --- cntlm-0.91~rc6/debian/source/format 1970-01-01 00:00:00.000000000 +0000 +++ cntlm-0.92.3/debian/source/format 2012-09-04 22:00:12.000000000 +0000 @@ -0,0 +1 @@ +1.0 diff -Nru cntlm-0.91~rc6/direct.c cntlm-0.92.3/direct.c --- cntlm-0.91~rc6/direct.c 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/direct.c 2012-09-04 22:00:12.000000000 +0000 @@ -28,6 +28,10 @@ #include #include #include +#include +#include + +extern int h_errno; #include "utils.h" #include "globals.h" @@ -43,8 +47,8 @@ errno = 0; if (!so_resolv(&addr, hostname)) { - if (debug) - printf("so_resolv: %s failed\n", hostname); + //if (debug) + // printf("so_resolv: %s failed (%d: %s)\n", hostname, h_errno, hstrerror(h_errno)); return -1; } @@ -278,8 +282,19 @@ data[0]->url = strdup(data[0]->rel_url); } - data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); - data[0]->headers = hlist_del(data[0]->headers, "Proxy-Authorization"); + /* + * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) + */ + if (data[0]->http_version >= 11) + data[0]->headers = hlist_mod(data[0]->headers, "Connection", "keep-alive", 1); + + /* + * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might + * cause some ISAs to deny us, even if the connection is already auth'd. + */ + while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { + data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); + } /* * Try to get auth from client if present @@ -369,18 +384,25 @@ */ if (loop == 1) { conn_alive = !hlist_subcmp(data[1]->headers, "Connection", "close") - && http_has_body(data[0], data[1]) != -1; + && http_has_body(data[0], data[1]) != -1 + && data[0]->http_version >= 11; if (conn_alive) { data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); } else { data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); rc = (void *)-1; } } - if (debug) + if (debug) { printf("Sending headers (%d)...\n", *wsocket[loop]); + if (loop == 0) { + printf("HEAD: %s %s %s\n", data[loop]->method, data[loop]->url, data[loop]->http); + hlist_dump(data[loop]->headers); + } + } /* * Send headers diff -Nru cntlm-0.91~rc6/doc/cntlm.1 cntlm-0.92.3/doc/cntlm.1 --- cntlm-0.91~rc6/doc/cntlm.1 2010-04-13 00:02:53.000000000 +0000 +++ cntlm-0.92.3/doc/cntlm.1 2012-09-04 22:00:12.000000000 +0000 @@ -124,7 +124,7 @@ .B -c Configuration file. Command-line options, if used, override its single options or are added at the top of the list for multi options (tunnels, parent proxies, etc) with the exception of ACLs, which are completely -overriden. Use \fI/dev/null\fP to disable any config file. +overridden. Use \fI/dev/null\fP to disable any config file. .TP .B -D IP/mask\ \ \ \ (Deny) @@ -191,7 +191,7 @@ .TP .B -L [:]::\ \ \ \ (Tunnel) Tunnel definition. The syntax is the same as in OpenSSH's local forwarding (\fB-L\fP), with a new optional -prefix, \fIsaddr\fP - the source IP address to bind the \fIlport\fP to. \fBCntlm\fP will listen for incomming +prefix, \fIsaddr\fP - the source IP address to bind the \fIlport\fP to. \fBCntlm\fP will listen for incoming connections on the local port \fIlport\fP, forwarding every new connection through the parent proxy to the \fIrhost\fP:\fIrport\fP (authenticating on the go). This option can be used multiple times for unlimited number of tunnels, with or without the \fIsaddr\fP option. See \fB-g\fP for the details concerning local port @@ -365,8 +365,8 @@ whitespace delimited keyword and value pairs. Apart from that, there are sections as well, they have the usual "[section_name]" syntax. Comment begins with a hash "#" or a semicolon ";" and can be anywhere in the file. Everything after the mark up until EOL is a comment. Values can contain any characters, including whitespace. -You \fIcan\fP use double quotes to set a value ending/beginning with a "space" character or containing a -comment mark, but otherwise it's not necessary. There are no escape sequences or characters. +You \fIcan\fP use double quotes around the value to set a string containing special characters like spaces, +pound signs, etc. No escape sequences are allowed in quoted strings. There are two types of keywords, \fIlocal\fP and \fIglobal\fP. Local options specify authentication details per domain (or location). Global keywords apply to all sections and proxies. They should be placed before all @@ -423,7 +423,8 @@ .TP .B Password -Proxy account password. +Proxy account password. As with any other option, the value (password) can be enclosed in double quotes (") +in case it contains special characters like spaces, pound signs, etc. .ne 11 .TP diff -Nru cntlm-0.91~rc6/forward.c cntlm-0.92.3/forward.c --- cntlm-0.91~rc6/forward.c 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/forward.c 2012-09-04 22:00:12.000000000 +0000 @@ -59,20 +59,38 @@ pthread_mutex_lock(&parent_mtx); if (parent_curr == 0) { aux = (proxy_t *)plist_get(parent_list, ++parent_curr); - syslog(LOG_INFO, "Using proxy %s:%d\n", inet_ntoa(aux->host), aux->port); + syslog(LOG_INFO, "Using proxy %s:%d\n", aux->hostname, aux->port); } pthread_mutex_unlock(&parent_mtx); do { + pthread_mutex_lock(&parent_mtx); aux = (proxy_t *)plist_get(parent_list, parent_curr); - i = so_connect(aux->host, aux->port); + pthread_mutex_unlock(&parent_mtx); + if (aux->resolved == 0) { + if (debug) + syslog(LOG_INFO, "Resolving proxy %s...\n", aux->hostname); + if (so_resolv(&aux->host, aux->hostname)) { + aux->resolved = 1; + } else { + syslog(LOG_ERR, "Cannot resolve proxy %s\n", aux->hostname); + } + } + + i = 0; + if (aux->resolved != 0) + i = so_connect(aux->host, aux->port); + + /* + * Resolve or connect failed? + */ if (i <= 0) { pthread_mutex_lock(&parent_mtx); if (parent_curr >= parent_count) parent_curr = 0; aux = (proxy_t *)plist_get(parent_list, ++parent_curr); pthread_mutex_unlock(&parent_mtx); - syslog(LOG_ERR, "Proxy connect failed, will try %s:%d\n", inet_ntoa(aux->host), aux->port); + syslog(LOG_ERR, "Proxy connect failed, will try %s:%d\n", aux->hostname, aux->port); } } while (i <= 0 && ++loop < parent_count); @@ -323,7 +341,9 @@ if (debug) { printf("Thread processing%s...\n", retry ? " (retry)" : ""); + pthread_mutex_lock(&connection_mtx); plist_dump(connection_list); + pthread_mutex_unlock(&connection_mtx); } /* @@ -426,7 +446,9 @@ && strcasecmp(hostname, data[0]->hostname)) { if (debug) printf("\n******* F RETURN: %s *******\n", data[0]->url); - if (authok) + if (authok && data[0]->http_version >= 11 + && (hlist_subcmp(data[0]->headers, "Proxy-Connection", "keep-alive") + || hlist_subcmp(data[0]->headers, "Connection", "keep-alive"))) proxy_alive = 1; rc = dup_rr_data(data[0]); @@ -445,7 +467,7 @@ /* * Modify request headers. * - * Try to request keep-alive for every connection. We keep them in a pool + * Try to request keep-alive for every client supporting HTTP/1.1+. We keep them in a pool * for future reuse. */ if (loop == 0 && data[0]->req) { @@ -479,13 +501,14 @@ } /* - * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might - * cause some ISAs to deny us, even if the connection is already auth'd. + * Force proxy keep-alive if the client can handle it (HTTP >= 1.1) */ - data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); + if (data[0]->http_version >= 11) + data[0]->headers = hlist_mod(data[0]->headers, "Proxy-Connection", "keep-alive", 1); /* - * Remove all Proxy-Authorization headers from client + * Also remove runaway P-A from the client (e.g. Basic from N-t-B), which might + * cause some ISAs to deny us, even if the connection is already auth'd. */ while (hlist_get(data[loop]->headers, "Proxy-Authorization")) { data[loop]->headers = hlist_del(data[loop]->headers, "Proxy-Authorization"); @@ -652,8 +675,14 @@ * This way, we also tell our caller that proxy keep-alive is impossible. */ if (loop == 1) { - proxy_alive = hlist_subcmp(data[loop]->headers, "Proxy-Connection", "keep-alive"); - if (!proxy_alive) { + proxy_alive = hlist_subcmp(data[1]->headers, "Proxy-Connection", "keep-alive") + && data[0]->http_version >= 11; + if (proxy_alive) { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "keep-alive", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "keep-alive", 1); + } else { + data[1]->headers = hlist_mod(data[1]->headers, "Proxy-Connection", "close", 1); + data[1]->headers = hlist_mod(data[1]->headers, "Connection", "close", 1); if (debug) printf("PROXY CLOSING CONNECTION\n"); rc = (void *)-1; @@ -713,7 +742,7 @@ data1->req = 1; data1->method = strdup("CONNECT"); data1->url = strdup(thost); - data1->http = strdup("1"); + data1->http = strdup("HTTP/1.1"); data1->headers = hlist_mod(data1->headers, "Proxy-Connection", "keep-alive", 1); /* @@ -843,7 +872,7 @@ req->req = 1; req->method = strdup("GET"); req->url = strdup(url); - req->http = strdup("1"); + req->http = strdup("HTTP/1.1"); req->headers = hlist_add(req->headers, "Proxy-Connection", "keep-alive", HLIST_ALLOC, HLIST_ALLOC); if (host) req->headers = hlist_add(req->headers, "Host", host, HLIST_ALLOC, HLIST_ALLOC); diff -Nru cntlm-0.91~rc6/globals.h cntlm-0.92.3/globals.h --- cntlm-0.91~rc6/globals.h 2010-03-28 23:58:51.000000000 +0000 +++ cntlm-0.92.3/globals.h 2011-11-29 22:18:41.000000000 +0000 @@ -52,9 +52,11 @@ * just malloc/free sizeof(proxy_t) */ typedef struct { + char hostname[64]; struct auth_s creds; struct in_addr host; int port; + int resolved; } proxy_t; extern hlist_t header_list; /* forward_request() */ diff -Nru cntlm-0.91~rc6/http.c cntlm-0.92.3/http.c --- cntlm-0.91~rc6/http.c 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/http.c 2012-09-04 22:00:12.000000000 +0000 @@ -84,7 +84,7 @@ */ int headers_recv(int fd, rr_data_t data) { int i, bsize; - int len; + int len, is_http = 0; char *buf; char *tok, *s3 = 0; char *orig = NULL; @@ -108,13 +108,21 @@ orig = strdup(buf); len = strlen(buf); tok = strtok_r(buf, " ", &s3); - if (!strncasecmp(buf, "HTTP/", 5) && tok) { + if (tok && ((is_http = !strncasecmp(tok, "HTTP/", 5)) || !strncasecmp(tok, "ICY", 3))) { data->req = 0; data->empty = 0; - data->http = NULL; + data->http = strdup(tok); data->msg = NULL; - data->http = substr(tok, 7, 1); + /* + * Let's find out the numeric version of the HTTP version: 09, 10, 11. + * Set to -1 if header is misformatted. + */ + if (is_http && (tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { + data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); + } else { + data->http_version = -1; + } tok = strtok_r(NULL, " ", &s3); if (tok) { @@ -130,7 +138,7 @@ if (!data->msg) data->msg = strdup(""); - if (!ccode || strlen(ccode) != 3 || (data->code = atoi(ccode)) == 0 || !data->http) { + if (!ccode || strlen(ccode) != 3 || (data->code = atoi(ccode)) == 0) { i = -2; goto bailout; } @@ -151,13 +159,23 @@ tok = strtok_r(NULL, " ", &s3); if (tok) - data->http = substr(tok, 7, 1); + data->http = strdup(tok); if (!data->url || !data->http) { i = -3; goto bailout; } + /* + * Let's find out the numeric version of the HTTP version: 09, 10, 11. + * Set to -1 if header is misformatted. + */ + if ((tok = strchr(data->http, '/')) && strlen(tok) >= 4 && isdigit(tok[1]) && isdigit(tok[3])) { + data->http_version = (tok[1] - 0x30) * 10 + (tok[3] - 0x30); + } else { + data->http_version = -1; + } + if ((tok = strstr(data->url, "://"))) { tok += 3; } else { @@ -273,9 +291,9 @@ */ len = 0; if (data->req) - len = sprintf(buf, "%s %s HTTP/1.%s\r\n", data->method, data->url, data->http); + len = sprintf(buf, "%s %s %s\r\n", data->method, data->url, data->http); else if (!data->skip_http) - len = sprintf(buf, "HTTP/1.%s %03d %s\r\n", data->http, data->code, data->msg); + len = sprintf(buf, "%s %03d %s\r\n", data->http, data->code, data->msg); /* * Now add all headers. @@ -315,26 +333,26 @@ * forwarding until src reaches EOF. * If dst == -1, data is discarded. */ -int data_send(int dst, int src, int size) { +int data_send(int dst, int src, length_t len) { char *buf; int i, block; int c = 0; int j = 1; - if (!size) + if (!len) return 1; buf = new(BLOCK); do { - block = (size == -1 || size-c > BLOCK ? BLOCK : size-c); + block = (len == -1 || len-c > BLOCK ? BLOCK : len-c); i = read(src, buf, block); if (i > 0) c += i; if (dst >= 0 && debug) - printf("data_send: read %d of %d / %d of %d (errno = %s)\n", i, block, c, size, i < 0 ? strerror(errno) : "ok"); + printf("data_send: read %d of %d / %d of %lld (errno = %s)\n", i, block, c, len, i < 0 ? strerror(errno) : "ok"); if (dst >= 0 && so_closed(dst)) { i = -999; @@ -347,12 +365,12 @@ printf("data_send: wrote %d of %d\n", j, i); } - } while (i > 0 && j > 0 && (size == -1 || c < size)); + } while (i > 0 && j > 0 && (len == -1 || c < len)); free(buf); if (i <= 0 || j <= 0) { - if (i == 0 && j > 0 && (size == -1 || c == size)) + if (i == 0 && j > 0 && (len == -1 || c == len)) return 1; if (debug) @@ -470,9 +488,10 @@ * Return 0 if no body, -1 if body until EOF, number if size known * One of request/response can be NULL */ -int http_has_body(rr_data_t request, rr_data_t response) { +length_t http_has_body(rr_data_t request, rr_data_t response) { rr_data_t current; - int length, nobody; + length_t length; + int nobody; char *tmp; /* @@ -516,7 +535,7 @@ else length = -1; } else - length = (tmp == NULL || nobody ? 0 : atol(tmp)); + length = (tmp == NULL || nobody ? 0 : atoll(tmp)); if (current == request && length == -1) length = 0; @@ -528,7 +547,7 @@ * Send a HTTP body (if any) between descriptors readfd and writefd */ int http_body_send(int writefd, int readfd, rr_data_t request, rr_data_t response) { - int bodylen; + length_t bodylen; int rc = 1; rr_data_t current; @@ -555,7 +574,7 @@ printf(rc ? "Chunked body sent.\n" : "Could not chunk send whole body\n"); } else { if (debug) - printf("Body included. Lenght: %d\n", bodylen); + printf("Body included. Length: %lld\n", bodylen); rc = data_send(writefd, readfd, bodylen); if (debug) @@ -572,7 +591,8 @@ * Return 0 if connection closed or EOF, 1 if OK to continue */ int http_body_drop(int fd, rr_data_t response) { - int bodylen, rc = 1; + length_t bodylen; + int rc = 1; bodylen = http_has_body(NULL, response); if (bodylen) { @@ -582,7 +602,7 @@ rc = chunked_data_send(-1, fd); } else { if (debug) - printf("Discarding %d bytes.\n", bodylen); + printf("Discarding %lld bytes.\n", bodylen); rc = data_send(-1, fd, bodylen); } } diff -Nru cntlm-0.91~rc6/http.h cntlm-0.92.3/http.h --- cntlm-0.91~rc6/http.h 2010-04-20 12:21:39.000000000 +0000 +++ cntlm-0.92.3/http.h 2011-11-29 16:23:21.000000000 +0000 @@ -22,6 +22,8 @@ #ifndef _HTTP_H #define _HTTP_H +#include + #include "utils.h" #include "auth.h" @@ -32,6 +34,8 @@ #define HEAD(data) ((data) && (data)->req && !strcasecmp("HEAD", (data)->method)) #define GET(data) ((data) && (data)->req && !strcasecmp("GET", (data)->method)) +typedef long long int length_t; + extern int is_http_header(const char *src); extern char *get_http_header_name(const char *src); extern char *get_http_header_value(const char *src); @@ -39,7 +43,7 @@ extern int headers_recv(int fd, rr_data_t data); extern int headers_send(int fd, rr_data_t data); extern int tunnel(int cd, int sd); -extern int http_has_body(rr_data_t request, rr_data_t response); +extern length_t http_has_body(rr_data_t request, rr_data_t response); extern int http_body_send(int writefd, int readfd, rr_data_t request, rr_data_t response); extern int http_body_drop(int fd, rr_data_t response); diff -Nru cntlm-0.91~rc6/main.c cntlm-0.92.3/main.c --- cntlm-0.91~rc6/main.c 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/main.c 2012-03-02 00:11:22.000000000 +0000 @@ -125,7 +125,6 @@ int len, i; char *proxy; proxy_t *aux; - struct in_addr host; /* * Check format and parse it. @@ -157,7 +156,7 @@ /* * Try to resolve proxy address - */ + * if (debug) syslog(LOG_INFO, "Resolving proxy %s...\n", proxy); if (!so_resolv(&host, proxy)) { @@ -165,10 +164,12 @@ free(proxy); return 0; } + */ aux = (proxy_t *)new(sizeof(proxy_t)); - aux->host = host; + strlcpy(aux->hostname, proxy, sizeof(aux->hostname)); aux->port = port; + aux->resolved = 0; parent_list = plist_add(parent_list, ++parent_count, (char *)aux); free(proxy); @@ -222,7 +223,7 @@ spec = strdup(spec); len = strlen(spec); field[0] = spec; - for (count = 1, i = 0; i < len; ++i) + for (count = 1, i = 0; count < 4 && i < len; ++i) if (spec[i] == ':') { spec[i] = 0; field[count++] = spec+i+1; @@ -346,7 +347,7 @@ ret = forward_request(thread_data, request); if (debug) - printf("proxy_thread: request rc = %x\n", (int)ret); + printf("proxy_thread: request rc = %p\n", (void *)ret); } while (ret != NULL && ret != (void *)-1); free_rr_data(request); @@ -948,14 +949,15 @@ #ifdef SYSCONFDIR if (!cf) { #ifdef __CYGWIN__ - tmp = getenv("PROGRAMFILES"); - if (tmp == NULL) { + tmp = getenv("PROGRAMFILES(X86)"); + if (tmp == NULL || strlen(tmp) == 0) + tmp = getenv("PROGRAMFILES"); + if (tmp == NULL) tmp = "C:\\Program Files"; - } head = new(MINIBUF_SIZE); strlcpy(head, tmp, MINIBUF_SIZE); - strlcat(head, "\\cntlm\\cntlm.ini", MINIBUF_SIZE); + strlcat(head, "\\Cntlm\\cntlm.ini", MINIBUF_SIZE); cf = config_open(head); #else cf = config_open(SYSCONFDIR "/cntlm.conf"); @@ -1194,7 +1196,7 @@ /* * Last chance to get password from the user */ - if (interactivehash || (interactivepwd && !ntlmbasic)) { + if (interactivehash || magic_detect || (interactivepwd && !ntlmbasic)) { printf("Password: "); tcgetattr(0, &termold); termnew = termold; @@ -1202,8 +1204,12 @@ tcsetattr(0, TCSADRAIN, &termnew); tmp = fgets(cpassword, MINIBUF_SIZE, stdin); tcsetattr(0, TCSADRAIN, &termold); - i = strlen(cpassword)-1; - trimr(cpassword); + i = strlen(cpassword) - 1; + if (cpassword[i] == '\n') { + cpassword[i] = 0; + if (cpassword[i - 1] == '\r') + cpassword[i - 1] = 0; + } printf("\n"); } diff -Nru cntlm-0.91~rc6/pages.c cntlm-0.92.3/pages.c --- cntlm-0.91~rc6/pages.c 2010-03-21 14:22:58.000000000 +0000 +++ cntlm-0.92.3/pages.c 2011-12-10 17:26:43.000000000 +0000 @@ -29,10 +29,10 @@ char *gen_407_page(const char *http) { char *tmp; if (http == NULL) - http = "0"; + http = "HTTP/1.0"; tmp = new(BUFSIZE); snprintf(tmp, BUFSIZE-1, - "HTTP/1.%s 407 Access denied\r\n" + "%s 407 Access denied\r\n" "Proxy-Authenticate: Basic realm=\"Cntlm Proxy\"\r\n" "Content-Type: text/html\r\n\r\n" "

407 Access denied

Cntlm requests your credentials for proxy access.

", @@ -43,10 +43,10 @@ char *gen_401_page(const char *http, const char *host, int port) { char *tmp; if (http == NULL) - http = "0"; + http = "HTTP/1.0"; tmp = new(BUFSIZE); snprintf(tmp, BUFSIZE-1, - "HTTP/1.%s 401 Access denied\r\n" + "%s 401 Access denied\r\n" "WWW-Authenticate: Basic realm=\"%s:%d\"\r\n" "Content-Type: text/html\r\n\r\n" "

401 Access denied

Cntlm proxy requests your credentials for this URL.

", @@ -70,12 +70,12 @@ char *gen_502_page(const char *http, const char *msg) { char *tmp; if (http == NULL) - http = "0"; + http = "HTTP/1.0"; if (msg == NULL) msg = "Proxy error"; tmp = new(BUFSIZE); snprintf(tmp, BUFSIZE-1, - "HTTP/1.%s 502 %s\r\n" + "%s 502 %s\r\n" "Content-Type: text/html\r\n\r\n" "

502 %s

Cntlm proxy failed to complete the request.

", http, msg, msg); diff -Nru cntlm-0.91~rc6/rpm/cntlm.init cntlm-0.92.3/rpm/cntlm.init --- cntlm-0.91~rc6/rpm/cntlm.init 2010-03-22 09:51:25.000000000 +0000 +++ cntlm-0.92.3/rpm/cntlm.init 1970-01-01 00:00:00.000000000 +0000 @@ -1,272 +0,0 @@ -#!/bin/sh -# -# cntlmd: Start/stop the cntlm proxy. -# -# chkconfig: 2345 26 89 -# Description: Cntlm is meant to be given your proxy address and becomming -# the primary proxy then, listening on a selected local port. -# You point all your proxy-aware programs to it and don't ever -# have to deal with proxy authentication again. -# -# Authors: Radislav Vrnata -# Michal Strnad -# Christian Wittmer -# -### BEGIN INIT INFO -# Provides: cntlm -# Required-Start: $syslog $network $time -# Should-Start: $remote_fs -# Required-Stop: $syslog $network $time -# Should-Stop: $remote_fs -# Default-Start: 2 3 5 -# Default-Stop: 0 1 6 -# Short-Description: start/stop the cntlm proxy -# Description: ntlm is meant to be given your proxy address and becomming -# the primary proxy then, listening on a selected local port. -# You point all your proxy-aware programs to it and don't ever -# have to deal with proxy authentication again. -### END INIT INFO -# -# Note on runlevels: -# 0 - halt/poweroff 6 - reboot -# 1 - single user -# 2 - multiuser without network exported -# 3 - multiuser with network (text mode) -# 4 - Not used/User-definable -# 5 - multiuser with network and X11 (xdm) -# 6 - reboot -# - -# Determining Linux RedHat/SuSE -# -# /etc/redhat-release -# /etc/SuSE-release - -SuSE=false -RedHat=false - -if [ -f /etc/SuSE-release ]; then - SuSE=true -elif [ -f /etc/redhat-release ]; then - RedHat=true -else - echo "Error: your platform is not supported by $0" > /dev/stderr - exit 1 -fi - - -# Source function library SuSE/RedHat. -if $SuSE; then - # Source LSB init functions - # providing start_daemon, killproc, pidofproc, - # log_success_msg, log_failure_msg and log_warning_msg. - # This is currently not used by UnitedLinux based distributions and - # not needed for init scripts for UnitedLinux only. If it is used, - # the functions from rc.status should not be sourced or used. - #. /lib/lsb/init-functions - - # Shell functions sourced from /etc/rc.status: - # rc_check check and set local and overall rc status - # rc_status check and set local and overall rc status - # rc_status -v be verbose in local rc status and clear it afterwards - # rc_status -v -r ditto and clear both the local and overall rc status - # rc_status -s display "skipped" and exit with status 3 - # rc_status -u display "unused" and exit with status 3 - # rc_failed set local and overall rc status to failed - # rc_failed set local and overall rc status to - # rc_reset clear both the local and overall rc status - # rc_exit exit appropriate to overall rc status - # rc_active checks whether a service is activated by symlinks - - # Return values acc. to LSB for all commands but status: - # 0 - success - # 1 - generic or unspecified error - # 2 - invalid or excess argument(s) - # 3 - unimplemented feature (e.g. "reload") - # 4 - user had insufficient privileges - # 5 - program is not installed - # 6 - program is not configured - # 7 - program is not running - # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) - # - # Note that starting an already running service, stopping - # or restarting a not-running service as well as the restart - # with force-reload (in case signaling is not supported) are - # considered a success. - test -f /etc/rc.status && . /etc/rc.status || { - echo "Error: your platform is not supported by $0" > /dev/stderr; - exit 1 - } - rc_reset -else - test -f /etc/init.d/functions && . /etc/init.d/functions || { - echo "Error: your platform is not supported by $0" > /dev/stderr; - exit 1 - } - RETVAL=0 -fi - -# Check for existence of needed config file and read it -CNTLM_CONFIG="/etc/cntlm.conf" -test -r $CNTLM_CONFIG || { echo "$CNTLM_CONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -# Check for existence of needed sysconfig file and read it -if $SuSE ; then - CNTLM_SYSCONFIG="/etc/sysconfig/cntlm" -else - CNTLM_SYSCONFIG="/etc/sysconfig/cntlmd" -fi -test -r $CNTLM_SYSCONFIG && . $CNTLM_SYSCONFIG || { - echo "$CNTLM_SYSCONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -# some defaults -[ -z "${DAEMON}" ] && DAEMON=/usr/sbin/cntlm -[ -z "${DESC}" ] && DESC="CNTLM Authentication Proxy" -[ -z "${PIDFILE}" ] && PIDFILE="/var/run/cntlm/cntlmd.pid" -if $SuSE ; then - [ -z "${LOCKFILE}" ] && LOCKFILE="/var/lock/subsys/cntlm" -else - [ -z "${LOCKFILE}" ] && LOCKFILE="/var/lock/subsys/cntlmd" -fi -[ -z "${RUNAS}" ] && RUNAS="cntlm" - -# if no "Proxy" is set in cntlm.conf try '127.0.0.1:3128' as a default -if [ `/bin/cat $CNTLM_CONFIG | grep -e "^Listen" >/dev/null; echo $?` -eq 0 ]; then - CNTLM_LISTEN= -else - CNTLM_LISTEN="-l 127.0.0.1:3128" -fi - -# Check for missing binaries (stale symlinks should not happen) -# Note: Special treatment of stop for LSB conformance -test -x $DAEMON || { echo "$DAEMON not installed"; - if [ "$1" = "stop" ]; then exit 0; - else exit 5; fi; } - -case "$1" in - start) - echo -n "Starting ${DESC}: " - if $SuSE; then - ## Start daemon with startproc(8). If this fails - ## the return value is set appropriately by startproc. - /sbin/startproc -p $PIDFILE $DAEMON -P $PIDFILE $CNTLM_LISTEN -U $RUNAS $OPTARGS &>/dev/null - - # Remember status and be verbose - rc_status -v - else - daemon cntlm -P $PIDFILE $CNTLM_LISTEN -U $RUNAS $OPTARGS 2>/dev/null - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch $LOCKFILE - exit $RETVAL - fi - ;; - stop) - echo -n "Shutting down ${DESC}: " - if $SuSE; then - ## Stop daemon with killproc(8) and if this fails - ## killproc sets the return value according to LSB. - /sbin/killproc -p $PIDFILE -TERM $DAEMON &>/dev/null - - # Remember status and be verbose - rc_status -v - else - killproc cntlm - RETVAL=$? - echo - [ $RETVAL -eq 0 ] && rm -f $LOCKFILE - exit $RETVAL - fi - ;; - try-restart|condrestart) - ## Do a restart only if the service was active before. - ## Note: try-restart is now part of LSB (as of 1.9). - ## RH has a similar command named condrestart. - if test "$1" = "condrestart"; then - echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" - fi - $0 status - if test $? = 0; then - $0 restart - else - if $SuSE; then - rc_reset # Not running is not a failure. - # Remember status and be quiet - rc_status - else - exit 0 - fi - fi - ;; - restart) - ## Stop the service and regardless of whether it was - ## running or not, start it again. - $0 stop - $0 start - - if $SuSE; then - # Remember status and be quiet - rc_status - fi - ;; - force-reload|reload) - ## Signal the daemon to reload its config. Most daemons - ## do this on signal 1 (SIGHUP). - ## If it does not support it, restart the service if it - ## is running. - - # cntlm does not support SIGHUP, so restart - echo -n "Reload ${DESC}: " - ## if it supports it: - #/sbin/killproc -p $PIDFILE -HUP $DAEMON - - # Remember status and be verbose - #rc_status -v - - ## Otherwise: - $0 try-restart - - if $SuSE; then - # Remember status and be quiet - rc_status - fi - ;; - status) - echo -n "Checking for ${DESC}: " - if $SuSE; then - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Return value is slightly different for the status command: - # 0 - service up and running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running (unused) - # 4 - service status unknown :-( - # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) - - # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc -p $PIDFILE $DAEMON - # NOTE: rc_status knows that we called this init script with - # "status" option and adapts its messages accordingly. - - # Remember status and be verbose - rc_status -v - else - status cntlm - fi - ;; - *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" - exit 1 - ;; -esac -if $SuSE; then - rc_exit -else - exit $RETVAL -fi diff -Nru cntlm-0.91~rc6/rpm/cntlm.spec cntlm-0.92.3/rpm/cntlm.spec --- cntlm-0.91~rc6/rpm/cntlm.spec 2010-04-30 21:02:02.000000000 +0000 +++ cntlm-0.92.3/rpm/cntlm.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,161 +0,0 @@ -Summary: Fast NTLM authentication proxy with tunneling -Name: cntlm -Version: 0.91rc6 -Release: 1%{?dist} -License: GNU GPL V2 -%if 0%{?suse_version} -Group: Productivity/Networking/Web/Proxy -%else -Group: System/Daemons -%endif -URL: http://cntlm.sourceforge.net/ -Source0: %{name}-%{version}.tar.bz2 -Source1: %{name}.init -Source2: %{name}.sysconfig - - -%if 0%{?suse_version} -Prereq: util-linux %{?insserv_prereq} %{?fillup_prereq} -%else -Prereq: which /sbin/chkconfig -%endif -Prereq: /usr/sbin/useradd /usr/bin/getent - -Provides: cntlm = %{version} - -BuildRoot: %{_tmppath}/%{name}-%{version}-root - -%description -Cntlm is a fast and efficient NTLM proxy, with support for TCP/IP tunneling, -authenticated connection caching, ACLs, proper daemon logging and behaviour -and much more. It has up to ten times faster responses than similar NTLM -proxies, while using by orders or magnitude less RAM and CPU. Manual page -contains detailed information. - -%prep -%setup -q -n %{name}-%{version} - -%build -./configure -make SYSCONFDIR=%{_sysconfdir} \ - BINDIR=%{_sbindir} \ - MANDIR=%{_mandir} - -%install -# Clean up in case there is trash left from a previous build -rm -rf $RPM_BUILD_ROOT -mkdir $RPM_BUILD_ROOT - -# Create the target build directory hierarchy -%if 0%{?suse_version} - mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates -%else - mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig -%endif - -mkdir -p $RPM_BUILD_ROOT/sbin - -%makeinstall SYSCONFDIR=$RPM_BUILD_ROOT/%{_sysconfdir} \ - BINDIR=$RPM_BUILD_ROOT/%{_sbindir} \ - MANDIR=$RPM_BUILD_ROOT/%{_mandir} -%if 0%{?suse_version} - install -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/cntlm - install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.cntlm - ln -sf %{_initrddir}/cntlm $RPM_BUILD_ROOT/sbin/rccntlm -%else - install -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/cntlmd - install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/cntlmd - ln -sf %{_initrddir}/cntlmd $RPM_BUILD_ROOT/sbin/rccntlmd -%endif - -%clean -rm -rf $RPM_BUILD_ROOT - -%pre -if [ "$1" -eq 1 ]; then - [ -z "`%{_bindir}/getent passwd "cntlm"`" ] && { - useradd -s /sbin/nologin -m -r -d /var/run/cntlm cntlm 2>/dev/null - } -fi -: - -%post -%if 0%{?suse_version} -%{fillup_and_insserv cntlm} -%else - if [ "$1" -eq 1 ]; then - if [ -x /usr/lib/lsb/install_initd ]; then - /usr/lib/lsb/install_initd /etc/init.d/cntlmd - elif [ -x /sbin/chkconfig ]; then - /sbin/chkconfig --add cntlmd - else - for i in 2 3 4 5; do - ln -sf /etc/init.d/cntlmd /etc/rc.d/rc${i}.d/S26cntlmd - done - for i in 1 6; do - ln -sf /etc/init.d/cntlmd /etc/rc.d/rc${i}.d/K89cntlmd - done - fi - fi - : -%endif - -%preun -%if 0%{?suse_version} -%{stop_on_removal cntlm} -%else - if [ "$1" -eq 0 ]; then - /etc/init.d/cntlmd stop > /dev/null 2>&1 - if [ -x /usr/lib/lsb/remove_initd ]; then - /usr/lib/lsb/install_initd /etc/init.d/cntlmd - elif [ -x /sbin/chkconfig ]; then - /sbin/chkconfig --del cntlmd - else - rm -f /etc/rc.d/rc?.d/???cntlmd - fi - fi - : -%endif - -%postun -if [ "$1" -eq 0 ]; then - /usr/sbin/userdel -r cntlm 2>/dev/null -fi -: -%if 0%{?suse_version} -%{insserv_cleanup} -%else - if [ -x /usr/lib/lsb/remove_initd ]; then - /usr/lib/lsb/install_initd /etc/init.d/cntlmd - elif [ -x /sbin/chkconfig ]; then - /sbin/chkconfig --del cntlmd - else - rm -f /etc/rc.d/rc?.d/???cntlmd - fi - : -%endif - -%files -%defattr(-,root,root,-) -%doc LICENSE README COPYRIGHT -%{_sbindir}/cntlm -%{_mandir}/man1/cntlm.1* -%config(noreplace) %{_sysconfdir}/cntlm.conf -%if 0%{?suse_version} - %config(noreplace) /var/adm/fillup-templates/sysconfig.cntlm - %{_initrddir}/cntlm - /sbin/rccntlm -%else - %config(noreplace) %{_sysconfdir}/sysconfig/cntlmd - %{_initrddir}/cntlmd - /sbin/rccntlmd -%endif - -%changelog -* Thu Mar 18 2010 : Version 0.90 -- Major rewrite of proxy code -- NoProxy option added to bypass proxy for certain addresses -- Ability to work as a standalone proxy added -- few changes in spec file to package successfully for SuSE - and RedHat distros using openSuSE BuildService by - Michal Strnad diff -Nru cntlm-0.91~rc6/rpm/cntlm.sysconfig cntlm-0.92.3/rpm/cntlm.sysconfig --- cntlm-0.91~rc6/rpm/cntlm.sysconfig 2010-03-22 23:27:47.000000000 +0000 +++ cntlm-0.92.3/rpm/cntlm.sysconfig 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -## Path: Network/Proxy/Cntlm - -## Type: string -## Default: /usr/sbin/cntlm -# CNTLM binary location -DAEMON="/usr/sbin/cntlm" - -## Type: string -## Default: /usr/sbin/cntlm -# Location of CNTLM's PID file. -# Make sure that you or, if used, -U uid can create/write it -PIDFILE="/var/run/cntlm/cntlmd.pid" - -## Description: Timeout before forced shutdown -## Type: integer -## Default: 1 -# How long to wait before forcing cntlm to stop with a second -# signal when active connections are still not finished -TIMEOUT=1 - -## Type: string -## Default: cntlm -# Name or number of the non-privileged account to run as -RUNAS=cntlm - -## Type: string -## Default: "CNTLM Authentication Proxy" -# CNTLM custom service description -DESC="CNTLM Authentication Proxy" - -## Type: string -## Default: "" -# List o optional arguments one would specify on the command line. -# See the cntlm man page for list of available arguments -# with their description. -OPTARGS="-U $RUNAS -P $PIDFILE" diff -Nru cntlm-0.91~rc6/rpm/rules cntlm-0.92.3/rpm/rules --- cntlm-0.91~rc6/rpm/rules 2010-03-20 22:00:51.000000000 +0000 +++ cntlm-0.92.3/rpm/rules 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -#!/bin/sh -# -# Usage: rules [binary|clean] -# - -if [ ! -f VERSION -o ! -f Makefile ]; then - echo "This command must be run from the main source directory!" >&2 - exit 1 -fi - -RPMS="BUILD RPMS SOURCES SPECS SRPMS tmp" -DIR=`pwd`/tmp -NAME=cntlm-`cat VERSION` - -if [ "$1" = "binary" ]; then - rm -f cntlm*.rpm 2>/dev/null - for i in $RPMS; do mkdir -p $DIR/$i; done # Create new rpm build structure - - make tbz2 - mv $NAME.tar.bz2 $DIR/SOURCES - cp rpm/cntlm.* $DIR/SOURCES # Prepare build environment - - rpmbuild \ - --define "_topdir $DIR" \ - --define "_sourcedir %_topdir/SOURCES" \ - --define "_builddir %_topdir/BUILD" \ - --define "_buildrootdir %_topdir/BUILD" \ - --define "_rpmdir %_topdir/RPMS" \ - --define "_specdir %_topdir/SPECS" \ - --define "_srcrpmdir %_topdir/SRPMS" \ - -ba $DIR/SOURCES/cntlm.spec - - cp $DIR/SRPMS/*rpm . 2>/dev/null - cp $DIR/RPMS/*/cntlm*rpm . 2>/dev/null -elif [ "$1" = "clean" ]; then - for i in $RPMS; do rm -rf $DIR/$i; done # Clean the whole mess, keep packages - rmdir $DIR 2>/dev/null || true -fi diff -Nru cntlm-0.91~rc6/scanner.c cntlm-0.92.3/scanner.c --- cntlm-0.91~rc6/scanner.c 2010-04-30 08:29:20.000000000 +0000 +++ cntlm-0.92.3/scanner.c 2011-12-10 17:26:43.000000000 +0000 @@ -131,8 +131,14 @@ if ((pos = strstr(line, "To be downloaded"))) { filesize = atol(pos+16); - if (debug) - printf("scanner_hook: file size detected: %ld KiBs (max: %ld)\n", filesize/1024, maxKBs); + if (debug) { + if (filesize > 0) { + printf("scanner_hook: file size detected: %ld KiBs (max: %ld)\n", filesize/1024, maxKBs); + } else { + printf("scanner_hook: file size unknown -- quitting\n"); + break; + } + } if (maxKBs && (maxKBs == 1 || filesize/1024 > maxKBs)) break; @@ -145,7 +151,7 @@ */ headers_initiated = 1; tmp = new(MINIBUF_SIZE); - snprintf(tmp, MINIBUF_SIZE, "HTTP/1.%s 200 OK\r\n", request->http); + snprintf(tmp, MINIBUF_SIZE, "%s 200 OK\r\n", request->http); w = write(cd, tmp, strlen(tmp)); free(tmp); } diff -Nru cntlm-0.91~rc6/socket.c cntlm-0.92.3/socket.c --- cntlm-0.91~rc6/socket.c 2010-03-25 01:24:22.000000000 +0000 +++ cntlm-0.92.3/socket.c 2011-11-29 22:18:41.000000000 +0000 @@ -41,6 +41,7 @@ * gethostbyname() wrapper. Return 1 if OK, otherwise 0. */ int so_resolv(struct in_addr *host, const char *name) { +/* struct hostent *resolv; resolv = gethostbyname(name); @@ -49,6 +50,41 @@ memcpy(host, resolv->h_addr_list[0], resolv->h_length); return 1; +*/ + struct addrinfo hints, *res, *p; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + int rc = getaddrinfo(name, NULL, &hints, &res); + if (rc != 0) { + if (debug) + printf("so_resolv: %s failed: %s (%d)\n", name, gai_strerror(rc), rc); + return 0; + } + + if (debug) + printf("Resolve %s:\n", name); + int addr_set = 0; + for (p = res; p != NULL; p = p->ai_next) { + struct sockaddr_in *ad = (struct sockaddr_in*)(p->ai_addr); + if (ad == NULL) { + freeaddrinfo(res); + return 0; + } + if (!addr_set) { + memcpy(host, &ad->sin_addr, sizeof(ad->sin_addr)); + addr_set = 1; + if (debug) + printf(" -> %s\n", inet_ntoa(ad->sin_addr)); + } else + if (debug) + printf(" %s\n", inet_ntoa(ad->sin_addr)); + } + + freeaddrinfo(res); + + return 1; } /* diff -Nru cntlm-0.91~rc6/utils.c cntlm-0.92.3/utils.c --- cntlm-0.91~rc6/utils.c 2012-09-04 22:00:12.000000000 +0000 +++ cntlm-0.92.3/utils.c 2012-09-04 22:00:12.000000000 +0000 @@ -508,6 +508,7 @@ data->body_len = 0; data->empty = 1; data->port = 0; + data->http_version = -1; data->headers = NULL; data->method = NULL; data->url = NULL; @@ -535,6 +536,7 @@ dst->body_len = src->body_len; dst->empty = src->empty; dst->port = src->port; + dst->http_version = src->http_version; if (src->headers) dst->headers = hlist_dup(src->headers); @@ -584,6 +586,7 @@ data->body_len = 0; data->empty = 1; data->port = 0; + data->http_version = -1; if (data->headers) hlist_free(data->headers); if (data->method) free(data->method); @@ -623,6 +626,7 @@ if (data->http) free(data->http); if (data->msg) free(data->msg); if (data->body) free(data->body); + memset(data, 0, sizeof(struct rr_data_s)); free(data); } diff -Nru cntlm-0.91~rc6/utils.h cntlm-0.92.3/utils.h --- cntlm-0.91~rc6/utils.h 2010-04-30 08:29:20.000000000 +0000 +++ cntlm-0.92.3/utils.h 2012-09-04 22:00:12.000000000 +0000 @@ -89,6 +89,7 @@ int body_len; int empty; int port; + int http_version; char *method; char *url; char *rel_url; @@ -158,6 +159,8 @@ #if config_gethostname == 1 extern int gethostname(char *name, size_t len); #endif +#ifndef strdup extern char *strdup(const char *src); +#endif #endif /* _UTILS_H */ diff -Nru cntlm-0.91~rc6/win/Cntlm Homepage.url cntlm-0.92.3/win/Cntlm Homepage.url --- cntlm-0.91~rc6/win/Cntlm Homepage.url 2010-03-20 22:00:51.000000000 +0000 +++ cntlm-0.92.3/win/Cntlm Homepage.url 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -[InternetShortcut] -URL=http://cntlm.sf.net/ diff -Nru cntlm-0.91~rc6/win/README.txt cntlm-0.92.3/win/README.txt --- cntlm-0.91~rc6/win/README.txt 2010-03-20 22:00:51.000000000 +0000 +++ cntlm-0.92.3/win/README.txt 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -Cntlm Installation Manual for Windows -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -- Run setup.exe installer -- Edit cntlm.ini -- Start Cntlm - -Visit http://cntlm.sf.net for HOWTO's and configuration tips. - -Starting and stopping -~~~~~~~~~~~~~~~~~~~~~ - -You can use Cntlm Start Menu shortcuts to start, stop and configure -the application. Cntlm is installed as an auto-start service. - -OR: -Start -> Settings -> Control Panel -> Administrative Tools -> Services - -OR (command line): -net start cntlm -net stop cntlm - - -Uninstalling -~~~~~~~~~~~~ -Stop Cntlm service, run uninstaller from your Start Menu, or use -native Windows "Add/Remove Programs" Control Panel. diff -Nru cntlm-0.91~rc6/win/Software Updates.url cntlm-0.92.3/win/Software Updates.url --- cntlm-0.91~rc6/win/Software Updates.url 2010-03-20 22:00:51.000000000 +0000 +++ cntlm-0.92.3/win/Software Updates.url 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -[InternetShortcut] -URL=http://sourceforge.net/projects/cntlm/files/ diff -Nru cntlm-0.91~rc6/win/Support Website.url cntlm-0.92.3/win/Support Website.url --- cntlm-0.91~rc6/win/Support Website.url 2010-03-20 22:00:51.000000000 +0000 +++ cntlm-0.92.3/win/Support Website.url 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -[InternetShortcut] -URL=http://sourceforge.net/tracker/?group_id=197861 Binary files /tmp/a39erhr1y1/cntlm-0.91~rc6/win/cntlm.ico and /tmp/Km8ewEeQT5/cntlm-0.92.3/win/cntlm.ico differ diff -Nru cntlm-0.91~rc6/win/setup.iss.in cntlm-0.92.3/win/setup.iss.in --- cntlm-0.91~rc6/win/setup.iss.in 2010-03-30 20:11:45.000000000 +0000 +++ cntlm-0.92.3/win/setup.iss.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -[Setup] -AppId={{4D753458-961F-45DA-B5E3-7B44D4E368B4} -AppName=Cntlm -AppVerName=Cntlm v$VERSION -AppCopyright=Copyright (C) 2007-2010 David Kubicek -AppPublisher=David Kubicek -AppPublisherURL=http://cntlm.sf.net/ -LicenseFile=license.txt - -DefaultDirName={pf}\Cntlm -DefaultGroupName=Cntlm -SetupIconFile=cntlm.ico -UninstallDisplayIcon={app}\cntlm.ico -Uninstallable=yes -OutputBaseFileName=cntlm-$VERSION-setup -OutputDir=. - -[Files] -Source: "cntlm.exe"; DestDir: "{app}" -Source: "cygrunsrv.exe"; DestDir: "{app}" -Source: "cygwin1.dll"; DestDir: "{app}" -Source: "cntlm.ini"; DestDir: "{app}"; Flags: uninsneveruninstall confirmoverwrite -Source: "cntlm_manual.pdf"; DestDir: "{app}" -Source: "README.txt"; DestDir: "{app}"; Flags: isreadme -Source: "Cntlm Homepage.url"; DestDir: "{app}" -Source: "Software Updates.url"; DestDir: "{app}" -Source: "Support Website.url"; DestDir: "{app}" - -[Run] -Filename: "{app}\cygrunsrv.exe"; StatusMsg: "Stopping Cntlm service..."; Parameters: " --stop cntlm" -Filename: "{app}\cygrunsrv.exe"; StatusMsg: "Removing Cntlm service..."; Parameters: " --remove cntlm" -Filename: "{app}\cygrunsrv.exe"; StatusMsg: "Installing Cntlm service..."; Parameters: "--install cntlm -s KILL -t auto -p ""{app}\cntlm.exe"" -d ""Cntlm Authentication Proxy"" -f ""HTTP Accelerator"" -a -f" - -[Icons] -Name: "{group}\cntlm.ini"; Filename: "{app}\cntlm.ini" -Name: "{group}\Start Cntlm Authentication Proxy"; Filename: "{sys}\net.exe"; Parameters: "start cntlm"; WorkingDir: {app} -Name: "{group}\Stop Cntlm Authentication Proxy"; Filename: "{sys}\net.exe"; Parameters: "stop cntlm"; WorkingDir: {app} -Name: "{group}\Tools\Uninstall Cntlm"; Filename: "{uninstallexe}" -Name: "{group}\Tools\Cntlm Homepage"; Filename: "{app}\Cntlm Homepage.url" -Name: "{group}\Tools\Software Updates"; Filename: "{app}\Software Updates.url" -Name: "{group}\Tools\Support Website"; Filename: "{app}\Support Website.url" -Name: "{group}\Tools\PDF configuration manual"; Filename: "{app}\cntlm_manual.pdf" - -[UninstallRun] -Filename: "{app}\cygrunsrv.exe"; StatusMsg: "Stopping Cntlm service..."; Parameters: " --stop cntlm" -Filename: "{app}\cygrunsrv.exe"; StatusMsg: "Removing Cntlm service..."; Parameters: " --remove cntlm"