darinkes · April 26, 2017 13:40
diff --git a/ftp_no_proxy.patch b/ftp_no_proxy.patch
 Index: fetch.c
 ===================================================================
 RCS file: /mount/cvsdev/cvs/openbsd/src/usr.bin/ftp/fetch.c,v
 retrieving revision 1.163
 diff -u -r1.163 fetch.c
 --- fetch.c	7 Mar 2017 08:00:23 -0000	1.163
 +++ fetch.c	26 Apr 2017 13:10:48 -0000
 @@ -57,6 +57,7 @@
 #include <unistd.h>
 #include <util.h>
 #include <resolv.h>
 +#include <fnmatch.h>
 
 #ifndef NOSSL
 #include <tls.h>
 @@ -67,7 +68,9 @@
 #include "ftp_var.h"
 #include "cmds.h"
 
 -static int	url_get(const char *, const char *, const char *, int);
 +static int	url_get(const char *, const char *, const char *, const char *,
 +		    int);
 +static int	probe_no_proxy(const char *, const char *);
 void		aborthttp(int);
 void		abortfile(int);
 char		hextochar(const char *);
 @@ -88,6 +91,7 @@
 #define	FILE_URL	"file:"		/* file URL prefix */
 #define FTP_PROXY	"ftp_proxy"	/* env var with ftp proxy location */
 #define HTTP_PROXY	"http_proxy"	/* env var with http proxy location */
 +#define NO_PROXY	"no_proxy"	/* env var with no proxy location */
 
 #define EMPTYSTRING(x)	((x) == NULL || (*(x) == '\0'))
 
 @@ -174,12 +178,48 @@
 }
 
 /*
 + * Checks if host is in no_proxy
 + * Returns 1 on host found in no_proxy, otherwise 0
 + */
 +static int
 +probe_no_proxy(const char *host, const char *no_proxy)
 +{
 +	char		*p, *np, *last;
 +	int		rval = 0;
 +
 +	if (no_proxy == NULL)
 +		return 0;
 +
 +	np = strdup(no_proxy);
 +	if (np == NULL)
 +		errx(1, "Can't allocate memory to parse no_proxy");
 +
 +	for ((p = strtok_r(np, ",", &last)); p;
 +	    (p = strtok_r(NULL, ",", &last))) {
 +		if (fnmatch(p, host, 0) == 0) {
 +#ifndef SMALL
 +			if (debug)
 +				fprintf(ttyout, "%s: Matched %s -> %s\n",
 +				    __func__, host, p);
 +#endif
 +			rval = 1;
 +			goto done;
 +		}
 +	}
 +
 +done:
 +	free(np);
 +	return (rval);
 +}
 +
 +/*
  * Retrieve URL, via the proxy in $proxyvar if necessary.
  * Modifies the string argument given.
  * Returns -1 on failure, 0 on success
  */
 static int
 -url_get(const char *origline, const char *proxyenv, const char *outfile, int lastfile)
 +url_get(const char *origline, const char *proxyenv, const char *noproxy,
 +    const char *outfile, int lastfile)
 {
 	char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], *cp, *portnum, *path, ststr[4];
 	char *hosttail, *cause = "unknown", *newline, *host, *port, *buf = NULL;
 @@ -304,7 +344,8 @@
 	}
 #endif /* !SMALL */
 
 -	if (!isfileurl && proxyenv != NULL) {		/* use proxy */
 +	if (!isfileurl && proxyenv != NULL &&
 +	    !probe_no_proxy(host, noproxy)) {		/* use proxy */
 #ifndef NOSSL
 		if (ishttpsurl) {
 			sslpath = strdup(path);
 @@ -916,7 +957,8 @@
 				fclose(fin);
 			else if (s != -1)
 				close(s);
 -			rval = url_get(redirurl, proxyenv, savefile, lastfile);
 +			rval = url_get(redirurl, proxyenv, noproxy,
 +			    savefile, lastfile);
 			free(redirurl);
 			goto cleanup_url_get;
 		}
 @@ -1101,7 +1143,7 @@
 	char *xargv[5];
 	char *cp, *url, *host, *dir, *file, *portnum;
 	char *username, *pass, *pathstart;
 -	char *ftpproxy, *httpproxy;
 +	char *ftpproxy, *httpproxy, *noproxy;
 	int rval, xargc, lastfile;
 	volatile int argpos;
 	int dirhasglob, filehasglob, oautologin;
 @@ -1121,6 +1163,8 @@
 		ftpproxy = NULL;
 	if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0')
 		httpproxy = NULL;
 +	if ((noproxy = getenv(NO_PROXY)) != NULL && *noproxy == '\0')
 +		noproxy = NULL;
 
 	/*
 	 * Loop through as long as there's files to fetch.
 @@ -1153,7 +1197,7 @@
 #endif /* !NOSSL */
 		    strncasecmp(url, FILE_URL, sizeof(FILE_URL) - 1) == 0) {
 			redirect_loop = 0;
 -			if (url_get(url, httpproxy, outfile, lastfile) == -1)
 +			if (url_get(url, httpproxy, noproxy, outfile, lastfile) == -1)
 				rval = argpos + 1;
 			continue;
 		}
 @@ -1168,7 +1212,7 @@
 			char *passend, *passagain, *userend;
 
 			if (ftpproxy) {
 -				if (url_get(url, ftpproxy, outfile, lastfile) == -1)
 +				if (url_get(url, ftpproxy, noproxy, outfile, lastfile) == -1)
 					rval = argpos + 1;
 				continue;
 			}
 Index: ftp.1
 ===================================================================
 RCS file: /mount/cvsdev/cvs/openbsd/src/usr.bin/ftp/ftp.1,v
 retrieving revision 1.107
 diff -u -r1.107 ftp.1
 --- ftp.1	25 Jan 2017 07:21:18 -0000	1.107
 +++ ftp.1	26 Apr 2017 10:23:46 -0000
 @@ -1355,6 +1355,9 @@
 If
 .Ev http_proxy
 is defined, it is used as a URL to an HTTP proxy server.
 +If
 +.Ev no_proxy
 +is defined, it is used to check for ftp or http proxy exceptions.
 If a
 .Ar user
 and
 @@ -1741,6 +1744,9 @@
 (if not defined, use the standard FTP protocol).
 .It Ev http_proxy
 URL of HTTP proxy to use when making HTTP or HTTPS URL requests.
 +.It Ev no_proxy
 +A comma-separated list which specifies hosts that should
 +be excluded from proxying. Asterisks can be used as wildcards.
 .It Ev http_cookies
 Path of a Netscape-like cookiejar file to use when making
 HTTP or HTTPS URL requests.
	Index: fetch.c
	===================================================================
	RCS file: /mount/cvsdev/cvs/openbsd/src/usr.bin/ftp/fetch.c,v
	retrieving revision 1.163
	diff -u -r1.163 fetch.c
	--- fetch.c 7 Mar 2017 08:00:23 -0000 1.163
	+++ fetch.c 26 Apr 2017 13:10:48 -0000
	@@ -57,6 +57,7 @@
	#include <unistd.h>
	#include <util.h>
	#include <resolv.h>
	+#include <fnmatch.h>

	#ifndef NOSSL
	#include <tls.h>
	@@ -67,7 +68,9 @@
	#include "ftp_var.h"
	#include "cmds.h"

	-static int url_get(const char , const char , const char *, int);
	+static int url_get(const char , const char , const char , const char ,
	+ int);
	+static int probe_no_proxy(const char , const char );
	void aborthttp(int);
	void abortfile(int);
	char hextochar(const char *);
	@@ -88,6 +91,7 @@
	#define FILE_URL "file:" /* file URL prefix */
	#define FTP_PROXY "ftp_proxy" /* env var with ftp proxy location */
	#define HTTP_PROXY "http_proxy" /* env var with http proxy location */
	+#define NO_PROXY "no_proxy" /* env var with no proxy location */

	#define EMPTYSTRING(x) ((x) == NULL \|\| (*(x) == '\0'))

	@@ -174,12 +178,48 @@
	}

	/*
	+ * Checks if host is in no_proxy
	+ * Returns 1 on host found in no_proxy, otherwise 0
	+ */
	+static int
	+probe_no_proxy(const char host, const char no_proxy)
	+{
	+ char p, np, *last;
	+ int rval = 0;
	+
	+ if (no_proxy == NULL)
	+ return 0;
	+
	+ np = strdup(no_proxy);
	+ if (np == NULL)
	+ errx(1, "Can't allocate memory to parse no_proxy");
	+
	+ for ((p = strtok_r(np, ",", &last)); p;
	+ (p = strtok_r(NULL, ",", &last))) {
	+ if (fnmatch(p, host, 0) == 0) {
	+#ifndef SMALL
	+ if (debug)
	+ fprintf(ttyout, "%s: Matched %s -> %s\n",
	+ __func__, host, p);
	+#endif
	+ rval = 1;
	+ goto done;
	+ }
	+ }
	+
	+done:
	+ free(np);
	+ return (rval);
	+}
	+
	+/*
	* Retrieve URL, via the proxy in $proxyvar if necessary.
	* Modifies the string argument given.
	* Returns -1 on failure, 0 on success
	*/
	static int
	-url_get(const char origline, const char proxyenv, const char *outfile, int lastfile)
	+url_get(const char origline, const char proxyenv, const char *noproxy,
	+ const char *outfile, int lastfile)
	{
	char pbuf[NI_MAXSERV], hbuf[NI_MAXHOST], cp, portnum, *path, ststr[4];
	char hosttail, cause = "unknown", newline, host, port, buf = NULL;
	@@ -304,7 +344,8 @@
	}
	#endif /* !SMALL */

	- if (!isfileurl && proxyenv != NULL) { /* use proxy */
	+ if (!isfileurl && proxyenv != NULL &&
	+ !probe_no_proxy(host, noproxy)) { /* use proxy */
	#ifndef NOSSL
	if (ishttpsurl) {
	sslpath = strdup(path);
	@@ -916,7 +957,8 @@
	fclose(fin);
	else if (s != -1)
	close(s);
	- rval = url_get(redirurl, proxyenv, savefile, lastfile);
	+ rval = url_get(redirurl, proxyenv, noproxy,
	+ savefile, lastfile);
	free(redirurl);
	goto cleanup_url_get;
	}
	@@ -1101,7 +1143,7 @@
	char *xargv[5];
	char cp, url, host, dir, file, portnum;
	char username, pass, *pathstart;
	- char ftpproxy, httpproxy;
	+ char ftpproxy, httpproxy, *noproxy;
	int rval, xargc, lastfile;
	volatile int argpos;
	int dirhasglob, filehasglob, oautologin;
	@@ -1121,6 +1163,8 @@
	ftpproxy = NULL;
	if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0')
	httpproxy = NULL;
	+ if ((noproxy = getenv(NO_PROXY)) != NULL && *noproxy == '\0')
	+ noproxy = NULL;

	/*
	* Loop through as long as there's files to fetch.
	@@ -1153,7 +1197,7 @@
	#endif /* !NOSSL */
	strncasecmp(url, FILE_URL, sizeof(FILE_URL) - 1) == 0) {
	redirect_loop = 0;
	- if (url_get(url, httpproxy, outfile, lastfile) == -1)
	+ if (url_get(url, httpproxy, noproxy, outfile, lastfile) == -1)
	rval = argpos + 1;
	continue;
	}
	@@ -1168,7 +1212,7 @@
	char passend, passagain, *userend;

	if (ftpproxy) {
	- if (url_get(url, ftpproxy, outfile, lastfile) == -1)
	+ if (url_get(url, ftpproxy, noproxy, outfile, lastfile) == -1)
	rval = argpos + 1;
	continue;
	}
	Index: ftp.1
	===================================================================
	RCS file: /mount/cvsdev/cvs/openbsd/src/usr.bin/ftp/ftp.1,v
	retrieving revision 1.107
	diff -u -r1.107 ftp.1
	--- ftp.1 25 Jan 2017 07:21:18 -0000 1.107
	+++ ftp.1 26 Apr 2017 10:23:46 -0000
	@@ -1355,6 +1355,9 @@
	If
	.Ev http_proxy
	is defined, it is used as a URL to an HTTP proxy server.
	+If
	+.Ev no_proxy
	+is defined, it is used to check for ftp or http proxy exceptions.
	If a
	.Ar user
	and
	@@ -1741,6 +1744,9 @@
	(if not defined, use the standard FTP protocol).
	.It Ev http_proxy
	URL of HTTP proxy to use when making HTTP or HTTPS URL requests.
	+.It Ev no_proxy
	+A comma-separated list which specifies hosts that should
	+be excluded from proxying. Asterisks can be used as wildcards.
	.It Ev http_cookies
	Path of a Netscape-like cookiejar file to use when making
	HTTP or HTTPS URL requests.