diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-02-06 15:33:41 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-02-06 15:33:41 -0500 |
| commit | b2e39e7146608d5b600127de9a3b2448f13f6218 (patch) | |
| tree | 4518b872d768d3a1cf094ef21af668fc962c60a8 /httpconnectd.sh.in | |
| parent | d1a0019bb4c674a1ae6bc1d6d628ab039984d06a (diff) | |
Stuff
Diffstat (limited to 'httpconnectd.sh.in')
| -rw-r--r-- | httpconnectd.sh.in | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/httpconnectd.sh.in b/httpconnectd.sh.in new file mode 100644 index 0000000..747fcea --- /dev/null +++ b/httpconnectd.sh.in @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# Copyright 2016 Luke Shumaker +# License: WTFPLv2 + +# Dependencies: +# - bash +# - sed +# - socat +# - date -R + +server="${0##*/}" + +NoContent() { + printf '%s\r\n' \ + 'HTTP/1.1 204 No Content' \ + "Server: $server" \ + "Date: $(date -R)" \ + '' +} + +Forbidden() { + printf '%s\r\n' \ + 'HTTP/1.1 403 Forbidden' \ + "Server: $server" \ + "Date: $(date -R)" \ + 'Allow: CONNECT' \ + '' +} + +MethodNotAllowed() { + printf '%s\r\n' \ + 'HTTP/1.1 405 Method Not Allowed' \ + "Server: $server" \ + "Date: $(date -R)" \ + 'Allow: CONNECT' \ + '' +} + +ProxyAuthenticationRequired() { + printf '%s\r\n' \ + 'HTTP/1.1 407 Proxy Authentication Required' \ + "Server: $server" \ + "Date: $(date -R)" \ + "Proxy-Authenticate: $(echo $(declare -F|sed -n 's/^declare -f authenticate_//p')|sed 's/ /, /g')" \ + '' +} + +InternalServerError() { + printf '%s\r\n' \ + 'HTTP/1.1 500 Internal Server Error' \ + "Server: $server" \ + "Date: $(date -R)" \ + '' +} + +checkdest() { + true +} + +worker() { + local conffile + for conffile in @pkgconfdir@/*.conf; do + if ! source "$conffile"; then + InternalServerError + fi + done + local method dest version + read -r method dest version || exit 1 + if [[ "$method" != CONNECT ]]; then + MethodNotAllowed + return 0 + fi + local authenticated=false + local line + while read -r line; do + line="${line%$'\r'}" + case "${line,,}" in + proxy-authorization:*) + local scheme authparams + read -r scheme authparams <<<"${line#*:}" + scheme=${scheme,,} + if authenticate_${scheme} "$authparams" 1>&2; then + authenticated=true + fi + ;; + '') + if ! $authenticated; then + ProxyAuthenticationRequired + return 0 + fi + if ! checkdest "$dest"; then + Forbidden + return 0 + fi + NoContent + exec socat STDIO TCP-CONNECT:"$dest" + ;; + esac + done + exit 1 +} + +while worker "$@"; do :; done |