tags #660257 + patch thanks Hi Petter,as discussed on IRC here is a proposed patch for making wpad-extract use libproxy-tools.
The patch also adapts update-proxy-from-wpad and the dhcp client hook to the new situation.
Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Index: debian/control
===================================================================
--- debian/control (Revision 76485)
+++ debian/control (Arbeitskopie)
@@ -14,7 +14,7 @@
Package: debian-edu-config
Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, debconf-utils, cfengine2, libconfig-inifiles-perl, mime-support, libnet-ldap-perl, ng-utils, host, desktop-profiles, lsb-base, ssl-cert, openssl, libfilesys-df-perl, libtext-unaccent-perl, libhtml-fromtext-perl, libio-socket-ssl-perl, discover, tftp | tftp-hpa, debian-edu-artwork, education-tasks (>= 0.853), net-tools, patch, base-files (>= 5.3), python-notify, libterm-readkey-perl, fping, ldap-utils, libnet-netmask-perl, smbldap-tools, lockfile-progs
-Recommends: resolvconf, ddccontrol | xresprobe, syslinux, memtest86+, libnotify-bin, lsof, libjavascript-perl
+Recommends: resolvconf, ddccontrol | xresprobe, syslinux, memtest86+, libnotify-bin, lsof, libproxy-tools
Suggests: atftpd | tftpd-hpa
Breaks: nslcd (<< 0.7.7), dhcp3-client (<< 4.1.1-P1-9), dhcp3-server (<< 4.1.1-P1-9), slapd (<< 2.4.23-5), debian-edu-install (<< 1.521~svn74617)
Description: Configuration files for Skolelinux systems
Index: share/debian-edu-config/tools/wpad-extract
===================================================================
--- share/debian-edu-config/tools/wpad-extract (Revision 76485)
+++ share/debian-edu-config/tools/wpad-extract (Arbeitskopie)
@@ -1,342 +1,15 @@
-#!/usr/bin/perl
+#!/bin/bash
+
#
-# Process WPAD file to extract proxy settings
-# http://docs.huihoo.com/gnu_linux/squid/html/x1187.html
+# Detect proxy URL via WPAD
#
-# Author: Petter Reinholdtsen
+# Author: Mike Gabriel
# License: GNU General Public License v2 or later
-use strict;
-use warnings;
+# This new and very short wpad-extract script is a replacement
+# for the old (before squeeze) libjavascript-perl based wpad-extract
+# script. This version uses libproxy-tools to retrieve the
+# proxy URL and thus is much shorter then its predecessor.
-use Socket; # for inet_ntoa
-use JavaScript; # From the libjavascript-perl debian package
-use LWP::Simple; # From the libwww-perl debian package
-
-my $debug = 0;
-
-sub get_wpad_script_test {
- # Example wpad script for debugging and testing
- return <<EOF;
-function FindProxyForURL(url, host)
- {
- if (!isResolvable(host) ||
- isPlainHostName(host) ||
- dnsDomainIs(host, ".intern"))
- return "DIRECT";
- else
- return "PROXY webcache:3128; DIRECT";
- }
-EOF
-}
-sub get_wpad_script {
- my $wpadurl = shift;
- my $wpadbody;
- if ($wpadurl =~ m/^http[s]?:/) {
- print "Fetching URL $wpadurl\n" if $debug;
- $wpadbody = LWP::Simple::get($wpadurl);
- die "Could not get url $wpadurl!" unless defined $wpadbody;
- } elsif ($wpadurl =~ m/^file:\/\/(\/?.+)$/) {
- open(FILE, "<", $1) || die "Unable to read $1";
- $wpadbody = "";
- while (<FILE>) {
- $wpadbody .= $_;
- }
- close(FILE);
- } else {
- die "Unhandled URL type $wpadurl!";
- }
- return $wpadbody;
-}
-
-sub usage {
- my $retval = shift;
- print <<EOF;
-Usage: $0 [URL-to-wpad-file]
-EOF
- exit $retval;
-}
-
-my $wpadurl = $ARGV[0]; shift;
-usage(1) unless $wpadurl;
-my $wpadbody;
-unless ("debug" eq $wpadurl) {
- $wpadbody = get_wpad_script($wpadurl);
-} else {
- $wpadbody = get_wpad_script_test();
-}
-
-my @types = @ARGV;
-@types = ("http", "ftp") unless @types;
-
-
-for my $type (@types) {
- my $proxy = get_proxy($type, $wpadbody) || "";
- print "${type}_proxy=$proxy\n";
-}
-
-exit 0;
-
-sub get_proxy {
- my ($type, $wpadbody) = @_;
- my $rt = new JavaScript::Runtime();
- my $cx = $rt->create_context();
-
- # See #564772 for info on why this is needed
- $cx->bind_function(name => "dnsResolve", func => sub {
- my $name = shift;
- my $packed = gethostbyname($name);
- # Make sure we can extract the WPAD setting even if DNS lookup fail.
- return $packed ? inet_ntoa($packed) : "dns-lookup-failed";
- });
-
- # Load proxy autoconfig helper functions and WPAD script
- for my $script (get_pac_functions(),$wpadbody) {
- $cx->eval($script);
- die $@ if $@;
- }
-
- my ($url, $host);
- if ("http" eq $type) {
- $url = "http://www.debian.org/";;
- $host = "www.debian.org";
- } elsif ("ftp" eq $type) {
- $url = "ftp://ftp.debian.org/";;
- $host = "ftp.debian.org";
- } else {
- die "Unhandled proxy type requested";
- }
- my $setting = $cx->call("FindProxyForURL", $url, $host) || "";
- die $@ if $@;
- print "S[$type]: $setting\n" if $debug;
- if ($setting) {
- for my $entry (split(/; */, $setting)) {
- print " E: $entry\n" if $debug;
- return undef if $entry eq "DIRECT";
- return "http://$1"; if $entry =~ /^PROXY (.+)$/;
- # Not handling SOCKS proxy settings
- }
- } else {
- print STDERR "Unable to find proxy settings for $type\n";
- }
- return undef;
-}
-
-# Make common functions available. Copied from
-# http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsProxyAutoConfig.js
-sub get_pac_functions {
- my $pacUtils = <<'EOF';
-function dnsDomainIs(host, domain) {
- return (host.length >= domain.length &&
- host.substring(host.length - domain.length) == domain);
-}
-
-function dnsDomainLevels(host) {
- return host.split('.').length-1;
-}
-
-function convert_addr(ipchars) {
- var bytes = ipchars.split('.');
- var result = ((bytes[0] & 0xff) << 24) |
- ((bytes[1] & 0xff) << 16) |
- ((bytes[2] & 0xff) << 8) |
- (bytes[3] & 0xff);
- return result;
-}
-
-function isInNet(ipaddr, pattern, maskstr) {
- var test = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/(ipaddr);
- if (test == null) {
- ipaddr = dnsResolve(ipaddr);
- if (ipaddr == null)
- return false;
- } else if (test[1] > 255 || test[2] > 255 ||
- test[3] > 255 || test[4] > 255) {
- return false; // not an IP address
- }
- var host = convert_addr(ipaddr);
- var pat = convert_addr(pattern);
- var mask = convert_addr(maskstr);
- return ((host & mask) == (pat & mask));
-
-}
-
-function isPlainHostName(host) {
- return (host.search('\\.') == -1);
-}
-
-function isResolvable(host) {
- var ip = dnsResolve(host);
- return (ip != null);
-}
-
-function localHostOrDomainIs(host, hostdom) {
- return (host == hostdom) ||
- (hostdom.lastIndexOf(host + '.', 0) == 0);
-}
-
-function shExpMatch(url, pattern) {
- pattern = pattern.replace(/\./g, '\\.');
- pattern = pattern.replace(/\*/g, '.*');
- pattern = pattern.replace(/\?/g, '.');
- var newRe = new RegExp('^'+pattern+'$');
- return newRe.test(url);
-}
-
-var wdays = {SUN: 0, MON: 1, TUE: 2, WED: 3, THU: 4, FRI: 5, SAT: 6};
-var months = {JAN: 0, FEB: 1, MAR: 2, APR: 3, MAY: 4, JUN: 5, JUL: 6, AUG: 7, SEP: 8, OCT: 9, NOV: 10, DEC: 11};
-
-function weekdayRange() {
- function getDay(weekday) {
- if (weekday in wdays) {
- return wdays[weekday];
- }
- return -1;
- }
- var date = new Date();
- var argc = arguments.length;
- var wday;
- if (argc < 1)
- return false;
- if (arguments[argc - 1] == 'GMT') {
- argc--;
- wday = date.getUTCDay();
- } else {
- wday = date.getDay();
- }
- var wd1 = getDay(arguments[0]);
- var wd2 = (argc == 2) ? getDay(arguments[1]) : wd1;
- return (wd1 == -1 || wd2 == -1) ? false
- : (wd1 <= wday && wday <= wd2);
-}
-
-function dateRange() {
- function getMonth(name) {
- if (name in months) {
- return months[name];
- }
- return -1;
- }
- var date = new Date();
- var argc = arguments.length;
- if (argc < 1) {
- return false;
- }
- var isGMT = (arguments[argc - 1] == 'GMT');
-
- if (isGMT) {
- argc--;
- }
- // function will work even without explict handling of this case
- if (argc == 1) {
- var tmp = parseInt(arguments[0]);
- if (isNaN(tmp)) {
- return ((isGMT ? date.getUTCMonth() : date.getMonth()) ==
-getMonth(arguments[0]));
- } else if (tmp < 32) {
- return ((isGMT ? date.getUTCDate() : date.getDate()) == tmp);
- } else {
- return ((isGMT ? date.getUTCFullYear() : date.getFullYear()) ==
-tmp);
- }
- }
- var year = date.getFullYear();
- var date1, date2;
- date1 = new Date(year, 0, 1, 0, 0, 0);
- date2 = new Date(year, 11, 31, 23, 59, 59);
- var adjustMonth = false;
- for (var i = 0; i < (argc >> 1); i++) {
- var tmp = parseInt(arguments[i]);
- if (isNaN(tmp)) {
- var mon = getMonth(arguments[i]);
- date1.setMonth(mon);
- } else if (tmp < 32) {
- adjustMonth = (argc <= 2);
- date1.setDate(tmp);
- } else {
- date1.setFullYear(tmp);
- }
- }
- for (var i = (argc >> 1); i < argc; i++) {
- var tmp = parseInt(arguments[i]);
- if (isNaN(tmp)) {
- var mon = getMonth(arguments[i]);
- date2.setMonth(mon);
- } else if (tmp < 32) {
- date2.setDate(tmp);
- } else {
- date2.setFullYear(tmp);
- }
- }
- if (adjustMonth) {
- date1.setMonth(date.getMonth());
- date2.setMonth(date.getMonth());
- }
- if (isGMT) {
- var tmp = date;
- tmp.setFullYear(date.getUTCFullYear());
- tmp.setMonth(date.getUTCMonth());
- tmp.setDate(date.getUTCDate());
- tmp.setHours(date.getUTCHours());
- tmp.setMinutes(date.getUTCMinutes());
- tmp.setSeconds(date.getUTCSeconds());
- date = tmp;
- }
- return ((date1 <= date) && (date <= date2));
-}
-
-function timeRange() {
- var argc = arguments.length;
- var date = new Date();
- var isGMT= false;
-
- if (argc < 1) {
- return false;
- }
- if (arguments[argc - 1] == 'GMT') {
- isGMT = true;
- argc--;
- }
-
- var hour = isGMT ? date.getUTCHours() : date.getHours();
- var date1, date2;
- date1 = new Date();
- date2 = new Date();
-
- if (argc == 1) {
- return (hour == arguments[0]);
- } else if (argc == 2) {
- return ((arguments[0] <= hour) && (hour <= arguments[1]));
- } else {
- switch (argc) {
- case 6:
- date1.setSeconds(arguments[2]);
- date2.setSeconds(arguments[5]);
- case 4:
- var middle = argc >> 1;
- date1.setHours(arguments[0]);
- date1.setMinutes(arguments[1]);
- date2.setHours(arguments[middle]);
- date2.setMinutes(arguments[middle + 1]);
- if (middle == 2) {
- date2.setSeconds(59);
- }
- break;
- default:
- throw 'timeRange: bad number of arguments'
- }
- }
-
- if (isGMT) {
- date.setFullYear(date.getUTCFullYear());
- date.setMonth(date.getUTCMonth());
- date.setDate(date.getUTCDate());
- date.setHours(date.getUTCHours());
- date.setMinutes(date.getUTCMinutes());
- date.setSeconds(date.getUTCSeconds());
- }
- return ((date1 <= date) && (date <= date2));
-}
-EOF
- return $pacUtils;
-}
+proxy_url=$(echo http://www.debian.org | proxy 2>/dev/null | cut -d" " -f1)
+echo http_proxy=$proxy_url
Index: share/debian-edu-config/tools/update-proxy-from-wpad
===================================================================
--- share/debian-edu-config/tools/update-proxy-from-wpad (Revision 76485)
+++ share/debian-edu-config/tools/update-proxy-from-wpad (Arbeitskopie)
@@ -32,27 +32,19 @@
# like browsers who need to get their proxy settings without using a
# proxy.
http_proxy=
-ftp_proxy=
-# Use http://wpad/wpad.dat configuration to update /etc/environment
-# and apt configuration if possible
-wpadurl="$1"
-if [ -z "$wpadurl" ] &&
- wget -nv -T 10 -O /dev/null http://wpad/wpad.dat >/dev/null 2>&1; then
- wpadurl="http://wpad/wpad.dat";
-fi
+eval `/usr/share/debian-edu-config/tools/wpad-extract`
+ftp_proxy=$http_proxy
+https_proxy=$http_proxy
-if [ "$wpadurl" ] ; then
- eval `/usr/share/debian-edu-config/tools/wpad-extract $wpadurl`
-fi
-
# Update /etc/environment with the current proxy settings extracted
# from the WPAD file
file=/etc/environment
touch $file
chmod a+r $file
sed -e "s%^http_proxy=.*%http_proxy=$http_proxy%" \
- -e "s%^ftp_proxy=.*%ftp_proxy=$http_proxy%" \
+ -e "s%^ftp_proxy=.*%ftp_proxy=$ftp_proxy%" \
+ -e "s%^https_proxy=.*%https_proxy=$https_proxy%" \
< $file > $file.new && chmod a+r $file.new
# Only replace if new file have content and is different from the old
@@ -64,6 +56,7 @@
fi
append_if_missing $file http_proxy=$http_proxy
append_if_missing $file ftp_proxy=$ftp_proxy
+append_if_missing $file https_proxy=$https_proxy
# Make sure APT used from cron also get the wanted proxy settings
# /etc/apt/apt.conf is created by debian-installer if a proxy was used
@@ -73,6 +66,7 @@
chmod a+r $file
sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
-e "s%^Acquire::ftp::Proxy .*%Acquire::ftp::Proxy \"$ftp_proxy\";%" \
+ -e "s%^Acquire::https::Proxy .*%Acquire::https::Proxy \"$https_proxy\";%" \
< $file > $file.new && chmod a+r $file.new
# Only replace if new file have content and is different from the old
@@ -84,3 +78,4 @@
fi
append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
+append_if_missing $file "Acquire::ftp::Proxy \"$https_proxy\";"
Index: etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
===================================================================
--- etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update (Revision 76485)
+++ etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update (Arbeitskopie)
@@ -6,7 +6,7 @@
# but the content of the WPAD file changed. If the option is not
# set and no wpad file is available from http://wpad/wpad.dat ,
# the use of a proxy should be disabled.
- /usr/share/debian-edu-config/tools/update-proxy-from-wpad "$new_wpad_url"
+ /usr/share/debian-edu-config/tools/update-proxy-from-wpad
}
if [ -r /etc/debian-edu/config ] ; then
Index: etc/dhcp/dhclient-debian-edu.conf
===================================================================
--- etc/dhcp/dhclient-debian-edu.conf (Revision 76485)
+++ etc/dhcp/dhclient-debian-edu.conf (Arbeitskopie)
@@ -7,12 +7,9 @@
# This one is in the debian package
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
-# This one is added by Debian Edu
-option wpad-url code 252 = text;
-
-# For Debian Edu, we added smtp-server, wpad-url
+# For Debian Edu, we added smtp-server
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers,
- smtp-server, wpad-url;
+ smtp-server;
Attachment:
pgpBbrYNdcjeo.pgp
Description: Digitale PGP-Unterschrift