From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DF87D70AE1 for ; Fri, 14 May 2021 15:46:08 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 99DED17CBF for ; Fri, 14 May 2021 15:45:18 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id AFFCB17CB4 for ; Fri, 14 May 2021 15:45:17 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 88E4C46568 for ; Fri, 14 May 2021 15:45:17 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Fri, 14 May 2021 15:44:55 +0200 Message-Id: <20210514134457.1447930-20-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210514134457.1447930-1-f.gruenbichler@proxmox.com> References: <20210514134457.1447930-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.012 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, tools.rs, http.rs] Subject: [pbs-devel] [PATCH proxmox-backup 6/8] move tools::http to proxmox_http X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 May 2021 13:46:08 -0000 Signed-off-by: Fabian Grünbichler --- Notes: requires proxmox patch #7-9 Cargo.toml | 2 +- src/client/http_client.rs | 7 +- src/tools.rs | 1 - src/tools/http.rs | 197 -------------------------------- src/tools/simple_http_client.rs | 6 +- 5 files changed, 8 insertions(+), 205 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index df649c1b..73bd4240 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,7 +57,7 @@ proxmox = { version = "0.11.4", features = [ "sortable-macro", "api-macro" ] } #proxmox = { git = "git://git.proxmox.com/git/proxmox", version = "0.1.2", features = [ "sortable-macro", "api-macro" ] } #proxmox = { path = "../proxmox/proxmox", features = [ "sortable-macro", "api-macro" ] } proxmox-fuse = "0.1.1" -proxmox-http = { version = "0.1.0", path = "../proxmox/proxmox-http", features = [ "http-helpers", "websocket" ] } +proxmox-http = { version = "0.1.0", path = "../proxmox/proxmox-http", features = [ "client", "http-helpers", "websocket" ] } pxar = { version = "0.10.1", features = [ "tokio-io" ] } #pxar = { path = "../pxar", features = [ "tokio-io" ] } regex = "1.2" diff --git a/src/client/http_client.rs b/src/client/http_client.rs index 056f30e5..4c548481 100644 --- a/src/client/http_client.rs +++ b/src/client/http_client.rs @@ -20,6 +20,9 @@ use proxmox::{ tools::fs::{file_get_json, replace_file, CreateOptions}, }; +use proxmox_http::http::client::HttpsConnector; +use proxmox_http::http::helpers::build_authority; + use super::pipe_to_stream::PipeToSendStream; use crate::api2::types::{Authid, Userid}; use crate::tools::{ @@ -27,10 +30,6 @@ use crate::tools::{ BroadcastFuture, DEFAULT_ENCODE_SET, PROXMOX_BACKUP_TCP_KEEPALIVE_TIME, - http::{ - build_authority, - HttpsConnector, - }, }; /// Timeout used for several HTTP operations that are expected to finish quickly but may block in diff --git a/src/tools.rs b/src/tools.rs index 8a1d0bc7..eb9a9fd0 100644 --- a/src/tools.rs +++ b/src/tools.rs @@ -31,7 +31,6 @@ pub mod disks; pub mod format; pub mod fs; pub mod fuse_loop; -pub mod http; mod simple_http_client; pub use simple_http_client::SimpleHttp; diff --git a/src/tools/http.rs b/src/tools/http.rs index b99d26a1..dba8dc98 100644 --- a/src/tools/http.rs +++ b/src/tools/http.rs @@ -20,200 +20,3 @@ use tokio_openssl::SslStream; use proxmox::sys::linux::socket::set_tcp_keepalive; use proxmox_http::http::{MaybeTlsStream, ProxyConfig}; - -// Build a http::uri::Authority ("host:port"), use '[..]' around IPv6 addresses -pub(crate) fn build_authority(host: &str, port: u16) -> Result { - let bytes = host.as_bytes(); - let len = bytes.len(); - let authority = if len > 3 && bytes.contains(&b':') && bytes[0] != b'[' && bytes[len-1] != b']' { - format!("[{}]:{}", host, port).parse()? - } else { - format!("{}:{}", host, port).parse()? - }; - Ok(authority) -} - -#[derive(Clone)] -pub struct HttpsConnector { - connector: HttpConnector, - ssl_connector: Arc, - proxy: Option, - tcp_keepalive: u32, -} - -impl HttpsConnector { - pub fn with_connector(mut connector: HttpConnector, ssl_connector: SslConnector, tcp_keepalive: u32) -> Self { - connector.enforce_http(false); - Self { - connector, - ssl_connector: Arc::new(ssl_connector), - proxy: None, - tcp_keepalive, - } - } - - pub fn set_proxy(&mut self, proxy: ProxyConfig) { - self.proxy = Some(proxy); - } - - async fn secure_stream( - tcp_stream: TcpStream, - ssl_connector: &SslConnector, - host: &str, - ) -> Result, Error> { - let config = ssl_connector.configure()?; - let mut conn: SslStream = SslStream::new(config.into_ssl(host)?, tcp_stream)?; - Pin::new(&mut conn).connect().await?; - Ok(MaybeTlsStream::Secured(conn)) - } - - fn parse_status_line(status_line: &str) -> Result<(), Error> { - if !(status_line.starts_with("HTTP/1.1 200") || status_line.starts_with("HTTP/1.0 200")) { - bail!("proxy connect failed - invalid status: {}", status_line) - } - Ok(()) - } - - async fn parse_connect_response( - stream: &mut R, - ) -> Result<(), Error> { - - let mut data: Vec = Vec::new(); - let mut buffer = [0u8; 256]; - const END_MARK: &[u8; 4] = b"\r\n\r\n"; - - 'outer: loop { - let n = stream.read(&mut buffer[..]).await?; - if n == 0 { break; } - let search_start = if data.len() > END_MARK.len() { data.len() - END_MARK.len() + 1 } else { 0 }; - data.extend(&buffer[..n]); - if data.len() >= END_MARK.len() { - if let Some(pos) = data[search_start..].windows(END_MARK.len()).position(|w| w == END_MARK) { - let response = String::from_utf8_lossy(&data); - let status_line = match response.split("\r\n").next() { - Some(status) => status, - None => bail!("missing newline"), - }; - Self::parse_status_line(status_line)?; - - if pos != data.len() - END_MARK.len() { - bail!("unexpected data after connect response"); - } - break 'outer; - } - } - if data.len() > 1024*32 { // max 32K (random chosen limit) - bail!("too many bytes"); - } - } - Ok(()) - } -} - -impl hyper::service::Service for HttpsConnector { - type Response = MaybeTlsStream; - type Error = Error; - #[allow(clippy::type_complexity)] - type Future = Pin> + Send + 'static>>; - - fn poll_ready(&mut self, ctx: &mut Context<'_>) -> Poll> { - self.connector - .poll_ready(ctx) - .map_err(|err| err.into()) - } - - fn call(&mut self, dst: Uri) -> Self::Future { - let mut connector = self.connector.clone(); - let ssl_connector = Arc::clone(&self.ssl_connector); - let is_https = dst.scheme() == Some(&http::uri::Scheme::HTTPS); - let host = match dst.host() { - Some(host) => host.to_owned(), - None => { - return futures::future::err(format_err!("missing URL scheme")).boxed(); - } - }; - let port = dst.port_u16().unwrap_or(if is_https { 443 } else { 80 }); - let keepalive = self.tcp_keepalive; - - if let Some(ref proxy) = self.proxy { - - let use_connect = is_https || proxy.force_connect; - - let proxy_authority = match build_authority(&proxy.host, proxy.port) { - Ok(authority) => authority, - Err(err) => return futures::future::err(err).boxed(), - }; - - let proxy_uri = match Uri::builder() - .scheme("http") - .authority(proxy_authority.as_str()) - .path_and_query("/") - .build() - { - Ok(uri) => uri, - Err(err) => return futures::future::err(err.into()).boxed(), - }; - - let authorization = proxy.authorization.clone(); - - if use_connect { - async move { - - let mut tcp_stream = connector - .call(proxy_uri) - .await - .map_err(|err| format_err!("error connecting to {} - {}", proxy_authority, err))?; - - let _ = set_tcp_keepalive(tcp_stream.as_raw_fd(), keepalive); - - let mut connect_request = format!("CONNECT {0}:{1} HTTP/1.1\r\n", host, port); - if let Some(authorization) = authorization { - connect_request.push_str(&format!( - "Proxy-Authorization: Basic {}\r\n", - base64::encode(authorization), - )); - } - connect_request.push_str(&format!("Host: {0}:{1}\r\n\r\n", host, port)); - - tcp_stream.write_all(connect_request.as_bytes()).await?; - tcp_stream.flush().await?; - - Self::parse_connect_response(&mut tcp_stream).await?; - - if is_https { - Self::secure_stream(tcp_stream, &ssl_connector, &host).await - } else { - Ok(MaybeTlsStream::Normal(tcp_stream)) - } - }.boxed() - } else { - async move { - let tcp_stream = connector - .call(proxy_uri) - .await - .map_err(|err| format_err!("error connecting to {} - {}", proxy_authority, err))?; - - let _ = set_tcp_keepalive(tcp_stream.as_raw_fd(), keepalive); - - Ok(MaybeTlsStream::Proxied(tcp_stream)) - }.boxed() - } - } else { - async move { - let dst_str = dst.to_string(); // for error messages - let tcp_stream = connector - .call(dst) - .await - .map_err(|err| format_err!("error connecting to {} - {}", dst_str, err))?; - - let _ = set_tcp_keepalive(tcp_stream.as_raw_fd(), keepalive); - - if is_https { - Self::secure_stream(tcp_stream, &ssl_connector, &host).await - } else { - Ok(MaybeTlsStream::Normal(tcp_stream)) - } - }.boxed() - } - } -} diff --git a/src/tools/simple_http_client.rs b/src/tools/simple_http_client.rs index 729711c8..fa3eadf4 100644 --- a/src/tools/simple_http_client.rs +++ b/src/tools/simple_http_client.rs @@ -7,10 +7,12 @@ use http::{Request, Response, HeaderValue}; use openssl::ssl::{SslConnector, SslMethod}; use futures::*; -use proxmox_http::http::ProxyConfig; +use proxmox_http::http::{ + ProxyConfig, + client::HttpsConnector, +}; use crate::tools::PROXMOX_BACKUP_TCP_KEEPALIVE_TIME; -use crate::tools::http::HttpsConnector; /// Asyncrounous HTTP client implementation pub struct SimpleHttp { -- 2.20.1