Support username and password authentication when talking to HTTP

proxies. [originally from svn r1971]
2025-01-09 17:38:00 +00:00 · 2002-09-21 14:03:05 +00:00 · 2002-09-21 14:03:05 +00:00 · 442a360fb2
commit 442a360fb2
parent 3006fa4f38
6 changed files with 61 additions and 31 deletions
--- a/doc/config.but
+++ b/doc/config.but
@ -1,4 +1,4 @@
-\versionid $Id: config.but,v 1.38 2002/09/10 12:30:45 jacob Exp $
+\versionid $Id: config.but,v 1.39 2002/09/21 14:03:05 simon Exp $

 \C{config} Configuring PuTTY

@ -1433,9 +1433,16 @@ This excludes both of the above ranges at once.
 If your proxy requires authentication, you can enter a username and
 a password in the \q{Username} and \q{Password} boxes.

-Currently only the \q{Username} box has any effect, and that only for
-SOCKS 4 proxies. ( [FIXME] No forms of authentication are supported
-for other types of proxy.)
+Authentication is not supported for all forms of proxy. Currently:
+
+\b Username and password authentication is supported for HTTP proxies.
+
+\b SOCKS 4 can use the \q{Username} field, but does not support
+passwords.
+
+\b PuTTY does not support authentication in SOCKS 5 at all.
+
+\b Authentication is meaningless in Telnet proxies.

 \S{config-proxy-command} Specifying the Telnet proxy command

--- a/misc.c
+++ b/misc.c
@ -50,6 +50,35 @@ char *dupcat(char *s1, ...)
    return p;
 }

+/* ----------------------------------------------------------------------
+ * Base64 encoding routine. This is required in public-key writing
+ * but also in HTTP proxy handling, so it's centralised here.
+ */
+
+void base64_encode_atom(unsigned char *data, int n, char *out)
+{
+    static const char base64_chars[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+    unsigned word;
+
+    word = data[0] << 16;
+    if (n > 1)
+	word |= data[1] << 8;
+    if (n > 2)
+	word |= data[2];
+    out[0] = base64_chars[(word >> 18) & 0x3F];
+    out[1] = base64_chars[(word >> 12) & 0x3F];
+    if (n > 1)
+	out[2] = base64_chars[(word >> 6) & 0x3F];
+    else
+	out[2] = '=';
+    if (n > 2)
+	out[3] = base64_chars[word & 0x3F];
+    else
+	out[3] = '=';
+}
+
 /* ----------------------------------------------------------------------
 * Generic routines to deal with send buffers: a linked list of
 * smallish blocks, with the operations
--- a/misc.h
+++ b/misc.h
@ -13,6 +13,8 @@
 char *dupstr(char *s);
 char *dupcat(char *s1, ...);

+void base64_encode_atom(unsigned char *data, int n, char *out);
+
 struct bufchain_granule;
 typedef struct bufchain_tag {
    struct bufchain_granule *head, *tail;
--- a/proxy.c
+++ b/proxy.c
@ -425,10 +425,26 @@ int proxy_http_negotiate (Proxy_Socket p, int change)

 	sk_getaddr(p->remote_addr, dest, 64);

-	sprintf(buf, "CONNECT %s:%i HTTP/1.1\r\nHost: %s:%i\r\n\r\n",
+	sprintf(buf, "CONNECT %s:%i HTTP/1.1\r\nHost: %s:%i\r\n",
 		dest, p->remote_port, dest, p->remote_port);
 	sk_write(p->sub_socket, buf, strlen(buf));

+	if (cfg.proxy_username[0] || cfg.proxy_password[0]) {
+	    char buf[sizeof(cfg.proxy_username)+sizeof(cfg.proxy_password)];
+	    char buf2[sizeof(buf)*4/3 + 100];
+	    int i, j, len;
+	    sprintf(buf, "%s:%s", cfg.proxy_username, cfg.proxy_password);
+	    len = strlen(buf);
+	    sprintf(buf2, "Proxy-Authorization: basic ");
+	    for (i = 0, j = strlen(buf2); i < len; i += 3, j += 4)
+		base64_encode_atom(buf+i, (len-i > 3 ? 3 : len-i), buf2+j);
+	    strcpy(buf2+j, "\r\n");
+	    sk_write(p->sub_socket, buf2, strlen(buf2));
+	}
+
+	sprintf(buf, "\r\n");
+	sk_write(p->sub_socket, buf, strlen(buf));
+
 	p->state = 1;
 	return 0;
    }
--- a/sshpubk.c
+++ b/sshpubk.c
@ -949,30 +949,6 @@ int base64_lines(int datalen)
    return (datalen + 47) / 48;
 }

-void base64_encode_atom(unsigned char *data, int n, char *out)
-{
-    static const char base64_chars[] =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-    unsigned word;
-
-    word = data[0] << 16;
-    if (n > 1)
-	word |= data[1] << 8;
-    if (n > 2)
-	word |= data[2];
-    out[0] = base64_chars[(word >> 18) & 0x3F];
-    out[1] = base64_chars[(word >> 12) & 0x3F];
-    if (n > 1)
-	out[2] = base64_chars[(word >> 6) & 0x3F];
-    else
-	out[2] = '=';
-    if (n > 2)
-	out[3] = base64_chars[word & 0x3F];
-    else
-	out[3] = '=';
-}
-
 void base64_encode(FILE * fp, unsigned char *data, int datalen, int cpl)
 {
    int linelen = 0;
--- a/windlg.c
+++ b/windlg.c
@ -1829,8 +1829,8 @@ static void create_controls(HWND hwnd, int dlgtype, int panel)
 		      IDC_PROXYEXCLUDEEDIT, 100, NULL);
 	    staticedit(&cp, "&Username", IDC_PROXYUSERSTATIC,
 		       IDC_PROXYUSEREDIT, 60);
-	    staticedit(&cp, "Pass&word", IDC_PROXYPASSSTATIC,
-		       IDC_PROXYPASSEDIT, 60);
+	    staticpassedit(&cp, "Pass&word", IDC_PROXYPASSSTATIC,
+			   IDC_PROXYPASSEDIT, 60);
 	    endbox(&cp);
 	    beginbox(&cp, "Misc. proxy settings", IDC_BOX_PROXY2);
 	    multiedit(&cp,