##// END OF EJS Templates
url: Remove the proxy env variables only when needed (issue2451)...
Renato Cunha -
r15077:02734d2b stable
parent child Browse files
Show More
@@ -1,471 +1,473 b''
1 1 # url.py - HTTP handling for mercurial
2 2 #
3 3 # Copyright 2005, 2006, 2007, 2008 Matt Mackall <mpm@selenic.com>
4 4 # Copyright 2006, 2007 Alexis S. L. Carvalho <alexis@cecm.usp.br>
5 5 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
6 6 #
7 7 # This software may be used and distributed according to the terms of the
8 8 # GNU General Public License version 2 or any later version.
9 9
10 10 import urllib, urllib2, httplib, os, socket, cStringIO
11 11 from i18n import _
12 12 import keepalive, util, sslutil
13 13 import httpconnection as httpconnectionmod
14 14
15 15 class passwordmgr(urllib2.HTTPPasswordMgrWithDefaultRealm):
16 16 def __init__(self, ui):
17 17 urllib2.HTTPPasswordMgrWithDefaultRealm.__init__(self)
18 18 self.ui = ui
19 19
20 20 def find_user_password(self, realm, authuri):
21 21 authinfo = urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
22 22 self, realm, authuri)
23 23 user, passwd = authinfo
24 24 if user and passwd:
25 25 self._writedebug(user, passwd)
26 26 return (user, passwd)
27 27
28 28 if not user or not passwd:
29 29 res = httpconnectionmod.readauthforuri(self.ui, authuri, user)
30 30 if res:
31 31 group, auth = res
32 32 user, passwd = auth.get('username'), auth.get('password')
33 33 self.ui.debug("using auth.%s.* for authentication\n" % group)
34 34 if not user or not passwd:
35 35 if not self.ui.interactive():
36 36 raise util.Abort(_('http authorization required'))
37 37
38 38 self.ui.write(_("http authorization required\n"))
39 39 self.ui.write(_("realm: %s\n") % realm)
40 40 if user:
41 41 self.ui.write(_("user: %s\n") % user)
42 42 else:
43 43 user = self.ui.prompt(_("user:"), default=None)
44 44
45 45 if not passwd:
46 46 passwd = self.ui.getpass()
47 47
48 48 self.add_password(realm, authuri, user, passwd)
49 49 self._writedebug(user, passwd)
50 50 return (user, passwd)
51 51
52 52 def _writedebug(self, user, passwd):
53 53 msg = _('http auth: user %s, password %s\n')
54 54 self.ui.debug(msg % (user, passwd and '*' * len(passwd) or 'not set'))
55 55
56 56 def find_stored_password(self, authuri):
57 57 return urllib2.HTTPPasswordMgrWithDefaultRealm.find_user_password(
58 58 self, None, authuri)
59 59
60 60 class proxyhandler(urllib2.ProxyHandler):
61 61 def __init__(self, ui):
62 62 proxyurl = ui.config("http_proxy", "host") or os.getenv('http_proxy')
63 63 # XXX proxyauthinfo = None
64 64
65 65 if proxyurl:
66 66 # proxy can be proper url or host[:port]
67 67 if not (proxyurl.startswith('http:') or
68 68 proxyurl.startswith('https:')):
69 69 proxyurl = 'http://' + proxyurl + '/'
70 70 proxy = util.url(proxyurl)
71 71 if not proxy.user:
72 72 proxy.user = ui.config("http_proxy", "user")
73 73 proxy.passwd = ui.config("http_proxy", "passwd")
74 74
75 75 # see if we should use a proxy for this url
76 76 no_list = ["localhost", "127.0.0.1"]
77 77 no_list.extend([p.lower() for
78 78 p in ui.configlist("http_proxy", "no")])
79 79 no_list.extend([p.strip().lower() for
80 80 p in os.getenv("no_proxy", '').split(',')
81 81 if p.strip()])
82 82 # "http_proxy.always" config is for running tests on localhost
83 83 if ui.configbool("http_proxy", "always"):
84 84 self.no_list = []
85 85 else:
86 86 self.no_list = no_list
87 87
88 88 proxyurl = str(proxy)
89 89 proxies = {'http': proxyurl, 'https': proxyurl}
90 90 ui.debug('proxying through http://%s:%s\n' %
91 91 (proxy.host, proxy.port))
92 92 else:
93 93 proxies = {}
94 94
95 95 # urllib2 takes proxy values from the environment and those
96 # will take precedence if found, so drop them
97 for env in ["HTTP_PROXY", "http_proxy", "no_proxy"]:
98 try:
99 if env in os.environ:
100 del os.environ[env]
101 except OSError:
102 pass
96 # will take precedence if found. So, if there's a config entry
97 # defining a proxy, drop the environment ones
98 if ui.config("http_proxy", "host"):
99 for env in ["HTTP_PROXY", "http_proxy", "no_proxy"]:
100 try:
101 if env in os.environ:
102 del os.environ[env]
103 except OSError:
104 pass
103 105
104 106 urllib2.ProxyHandler.__init__(self, proxies)
105 107 self.ui = ui
106 108
107 109 def proxy_open(self, req, proxy, type_):
108 110 host = req.get_host().split(':')[0]
109 111 if host in self.no_list:
110 112 return None
111 113
112 114 # work around a bug in Python < 2.4.2
113 115 # (it leaves a "\n" at the end of Proxy-authorization headers)
114 116 baseclass = req.__class__
115 117 class _request(baseclass):
116 118 def add_header(self, key, val):
117 119 if key.lower() == 'proxy-authorization':
118 120 val = val.strip()
119 121 return baseclass.add_header(self, key, val)
120 122 req.__class__ = _request
121 123
122 124 return urllib2.ProxyHandler.proxy_open(self, req, proxy, type_)
123 125
124 126 def _gen_sendfile(orgsend):
125 127 def _sendfile(self, data):
126 128 # send a file
127 129 if isinstance(data, httpconnectionmod.httpsendfile):
128 130 # if auth required, some data sent twice, so rewind here
129 131 data.seek(0)
130 132 for chunk in util.filechunkiter(data):
131 133 orgsend(self, chunk)
132 134 else:
133 135 orgsend(self, data)
134 136 return _sendfile
135 137
136 138 has_https = hasattr(urllib2, 'HTTPSHandler')
137 139 if has_https:
138 140 try:
139 141 _create_connection = socket.create_connection
140 142 except AttributeError:
141 143 _GLOBAL_DEFAULT_TIMEOUT = object()
142 144
143 145 def _create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT,
144 146 source_address=None):
145 147 # lifted from Python 2.6
146 148
147 149 msg = "getaddrinfo returns an empty list"
148 150 host, port = address
149 151 for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM):
150 152 af, socktype, proto, canonname, sa = res
151 153 sock = None
152 154 try:
153 155 sock = socket.socket(af, socktype, proto)
154 156 if timeout is not _GLOBAL_DEFAULT_TIMEOUT:
155 157 sock.settimeout(timeout)
156 158 if source_address:
157 159 sock.bind(source_address)
158 160 sock.connect(sa)
159 161 return sock
160 162
161 163 except socket.error, msg:
162 164 if sock is not None:
163 165 sock.close()
164 166
165 167 raise socket.error, msg
166 168
167 169 class httpconnection(keepalive.HTTPConnection):
168 170 # must be able to send big bundle as stream.
169 171 send = _gen_sendfile(keepalive.HTTPConnection.send)
170 172
171 173 def connect(self):
172 174 if has_https and self.realhostport: # use CONNECT proxy
173 175 self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
174 176 self.sock.connect((self.host, self.port))
175 177 if _generic_proxytunnel(self):
176 178 # we do not support client x509 certificates
177 179 self.sock = sslutil.ssl_wrap_socket(self.sock, None, None)
178 180 else:
179 181 keepalive.HTTPConnection.connect(self)
180 182
181 183 def getresponse(self):
182 184 proxyres = getattr(self, 'proxyres', None)
183 185 if proxyres:
184 186 if proxyres.will_close:
185 187 self.close()
186 188 self.proxyres = None
187 189 return proxyres
188 190 return keepalive.HTTPConnection.getresponse(self)
189 191
190 192 # general transaction handler to support different ways to handle
191 193 # HTTPS proxying before and after Python 2.6.3.
192 194 def _generic_start_transaction(handler, h, req):
193 195 if hasattr(req, '_tunnel_host') and req._tunnel_host:
194 196 tunnel_host = req._tunnel_host
195 197 if tunnel_host[:7] not in ['http://', 'https:/']:
196 198 tunnel_host = 'https://' + tunnel_host
197 199 new_tunnel = True
198 200 else:
199 201 tunnel_host = req.get_selector()
200 202 new_tunnel = False
201 203
202 204 if new_tunnel or tunnel_host == req.get_full_url(): # has proxy
203 205 u = util.url(tunnel_host)
204 206 if new_tunnel or u.scheme == 'https': # only use CONNECT for HTTPS
205 207 h.realhostport = ':'.join([u.host, (u.port or '443')])
206 208 h.headers = req.headers.copy()
207 209 h.headers.update(handler.parent.addheaders)
208 210 return
209 211
210 212 h.realhostport = None
211 213 h.headers = None
212 214
213 215 def _generic_proxytunnel(self):
214 216 proxyheaders = dict(
215 217 [(x, self.headers[x]) for x in self.headers
216 218 if x.lower().startswith('proxy-')])
217 219 self._set_hostport(self.host, self.port)
218 220 self.send('CONNECT %s HTTP/1.0\r\n' % self.realhostport)
219 221 for header in proxyheaders.iteritems():
220 222 self.send('%s: %s\r\n' % header)
221 223 self.send('\r\n')
222 224
223 225 # majority of the following code is duplicated from
224 226 # httplib.HTTPConnection as there are no adequate places to
225 227 # override functions to provide the needed functionality
226 228 res = self.response_class(self.sock,
227 229 strict=self.strict,
228 230 method=self._method)
229 231
230 232 while True:
231 233 version, status, reason = res._read_status()
232 234 if status != httplib.CONTINUE:
233 235 break
234 236 while True:
235 237 skip = res.fp.readline().strip()
236 238 if not skip:
237 239 break
238 240 res.status = status
239 241 res.reason = reason.strip()
240 242
241 243 if res.status == 200:
242 244 while True:
243 245 line = res.fp.readline()
244 246 if line == '\r\n':
245 247 break
246 248 return True
247 249
248 250 if version == 'HTTP/1.0':
249 251 res.version = 10
250 252 elif version.startswith('HTTP/1.'):
251 253 res.version = 11
252 254 elif version == 'HTTP/0.9':
253 255 res.version = 9
254 256 else:
255 257 raise httplib.UnknownProtocol(version)
256 258
257 259 if res.version == 9:
258 260 res.length = None
259 261 res.chunked = 0
260 262 res.will_close = 1
261 263 res.msg = httplib.HTTPMessage(cStringIO.StringIO())
262 264 return False
263 265
264 266 res.msg = httplib.HTTPMessage(res.fp)
265 267 res.msg.fp = None
266 268
267 269 # are we using the chunked-style of transfer encoding?
268 270 trenc = res.msg.getheader('transfer-encoding')
269 271 if trenc and trenc.lower() == "chunked":
270 272 res.chunked = 1
271 273 res.chunk_left = None
272 274 else:
273 275 res.chunked = 0
274 276
275 277 # will the connection close at the end of the response?
276 278 res.will_close = res._check_close()
277 279
278 280 # do we have a Content-Length?
279 281 # NOTE: RFC 2616, S4.4, #3 says we ignore this if tr_enc is "chunked"
280 282 length = res.msg.getheader('content-length')
281 283 if length and not res.chunked:
282 284 try:
283 285 res.length = int(length)
284 286 except ValueError:
285 287 res.length = None
286 288 else:
287 289 if res.length < 0: # ignore nonsensical negative lengths
288 290 res.length = None
289 291 else:
290 292 res.length = None
291 293
292 294 # does the body have a fixed length? (of zero)
293 295 if (status == httplib.NO_CONTENT or status == httplib.NOT_MODIFIED or
294 296 100 <= status < 200 or # 1xx codes
295 297 res._method == 'HEAD'):
296 298 res.length = 0
297 299
298 300 # if the connection remains open, and we aren't using chunked, and
299 301 # a content-length was not provided, then assume that the connection
300 302 # WILL close.
301 303 if (not res.will_close and
302 304 not res.chunked and
303 305 res.length is None):
304 306 res.will_close = 1
305 307
306 308 self.proxyres = res
307 309
308 310 return False
309 311
310 312 class httphandler(keepalive.HTTPHandler):
311 313 def http_open(self, req):
312 314 return self.do_open(httpconnection, req)
313 315
314 316 def _start_transaction(self, h, req):
315 317 _generic_start_transaction(self, h, req)
316 318 return keepalive.HTTPHandler._start_transaction(self, h, req)
317 319
318 320 if has_https:
319 321 class httpsconnection(httplib.HTTPSConnection):
320 322 response_class = keepalive.HTTPResponse
321 323 # must be able to send big bundle as stream.
322 324 send = _gen_sendfile(keepalive.safesend)
323 325 getresponse = keepalive.wrapgetresponse(httplib.HTTPSConnection)
324 326
325 327 def connect(self):
326 328 self.sock = _create_connection((self.host, self.port))
327 329
328 330 host = self.host
329 331 if self.realhostport: # use CONNECT proxy
330 332 _generic_proxytunnel(self)
331 333 host = self.realhostport.rsplit(':', 1)[0]
332 334 self.sock = sslutil.ssl_wrap_socket(
333 335 self.sock, self.key_file, self.cert_file,
334 336 **sslutil.sslkwargs(self.ui, host))
335 337 sslutil.validator(self.ui, host)(self.sock)
336 338
337 339 class httpshandler(keepalive.KeepAliveHandler, urllib2.HTTPSHandler):
338 340 def __init__(self, ui):
339 341 keepalive.KeepAliveHandler.__init__(self)
340 342 urllib2.HTTPSHandler.__init__(self)
341 343 self.ui = ui
342 344 self.pwmgr = passwordmgr(self.ui)
343 345
344 346 def _start_transaction(self, h, req):
345 347 _generic_start_transaction(self, h, req)
346 348 return keepalive.KeepAliveHandler._start_transaction(self, h, req)
347 349
348 350 def https_open(self, req):
349 351 # req.get_full_url() does not contain credentials and we may
350 352 # need them to match the certificates.
351 353 url = req.get_full_url()
352 354 user, password = self.pwmgr.find_stored_password(url)
353 355 res = httpconnectionmod.readauthforuri(self.ui, url, user)
354 356 if res:
355 357 group, auth = res
356 358 self.auth = auth
357 359 self.ui.debug("using auth.%s.* for authentication\n" % group)
358 360 else:
359 361 self.auth = None
360 362 return self.do_open(self._makeconnection, req)
361 363
362 364 def _makeconnection(self, host, port=None, *args, **kwargs):
363 365 keyfile = None
364 366 certfile = None
365 367
366 368 if len(args) >= 1: # key_file
367 369 keyfile = args[0]
368 370 if len(args) >= 2: # cert_file
369 371 certfile = args[1]
370 372 args = args[2:]
371 373
372 374 # if the user has specified different key/cert files in
373 375 # hgrc, we prefer these
374 376 if self.auth and 'key' in self.auth and 'cert' in self.auth:
375 377 keyfile = self.auth['key']
376 378 certfile = self.auth['cert']
377 379
378 380 conn = httpsconnection(host, port, keyfile, certfile, *args, **kwargs)
379 381 conn.ui = self.ui
380 382 return conn
381 383
382 384 class httpdigestauthhandler(urllib2.HTTPDigestAuthHandler):
383 385 def __init__(self, *args, **kwargs):
384 386 urllib2.HTTPDigestAuthHandler.__init__(self, *args, **kwargs)
385 387 self.retried_req = None
386 388
387 389 def reset_retry_count(self):
388 390 # Python 2.6.5 will call this on 401 or 407 errors and thus loop
389 391 # forever. We disable reset_retry_count completely and reset in
390 392 # http_error_auth_reqed instead.
391 393 pass
392 394
393 395 def http_error_auth_reqed(self, auth_header, host, req, headers):
394 396 # Reset the retry counter once for each request.
395 397 if req is not self.retried_req:
396 398 self.retried_req = req
397 399 self.retried = 0
398 400 # In python < 2.5 AbstractDigestAuthHandler raises a ValueError if
399 401 # it doesn't know about the auth type requested. This can happen if
400 402 # somebody is using BasicAuth and types a bad password.
401 403 try:
402 404 return urllib2.HTTPDigestAuthHandler.http_error_auth_reqed(
403 405 self, auth_header, host, req, headers)
404 406 except ValueError, inst:
405 407 arg = inst.args[0]
406 408 if arg.startswith("AbstractDigestAuthHandler doesn't know "):
407 409 return
408 410 raise
409 411
410 412 class httpbasicauthhandler(urllib2.HTTPBasicAuthHandler):
411 413 def __init__(self, *args, **kwargs):
412 414 urllib2.HTTPBasicAuthHandler.__init__(self, *args, **kwargs)
413 415 self.retried_req = None
414 416
415 417 def reset_retry_count(self):
416 418 # Python 2.6.5 will call this on 401 or 407 errors and thus loop
417 419 # forever. We disable reset_retry_count completely and reset in
418 420 # http_error_auth_reqed instead.
419 421 pass
420 422
421 423 def http_error_auth_reqed(self, auth_header, host, req, headers):
422 424 # Reset the retry counter once for each request.
423 425 if req is not self.retried_req:
424 426 self.retried_req = req
425 427 self.retried = 0
426 428 return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed(
427 429 self, auth_header, host, req, headers)
428 430
429 431 handlerfuncs = []
430 432
431 433 def opener(ui, authinfo=None):
432 434 '''
433 435 construct an opener suitable for urllib2
434 436 authinfo will be added to the password manager
435 437 '''
436 438 if ui.configbool('ui', 'usehttp2', False):
437 439 handlers = [httpconnectionmod.http2handler(ui, passwordmgr(ui))]
438 440 else:
439 441 handlers = [httphandler()]
440 442 if has_https:
441 443 handlers.append(httpshandler(ui))
442 444
443 445 handlers.append(proxyhandler(ui))
444 446
445 447 passmgr = passwordmgr(ui)
446 448 if authinfo is not None:
447 449 passmgr.add_password(*authinfo)
448 450 user, passwd = authinfo[2:4]
449 451 ui.debug('http auth: user %s, password %s\n' %
450 452 (user, passwd and '*' * len(passwd) or 'not set'))
451 453
452 454 handlers.extend((httpbasicauthhandler(passmgr),
453 455 httpdigestauthhandler(passmgr)))
454 456 handlers.extend([h(ui, passmgr) for h in handlerfuncs])
455 457 opener = urllib2.build_opener(*handlers)
456 458
457 459 # 1.0 here is the _protocol_ version
458 460 opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
459 461 opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
460 462 return opener
461 463
462 464 def open(ui, url_, data=None):
463 465 u = util.url(url_)
464 466 if u.scheme:
465 467 u.scheme = u.scheme.lower()
466 468 url_, authinfo = u.authinfo()
467 469 else:
468 470 path = util.normpath(os.path.abspath(url_))
469 471 url_ = 'file://' + urllib.pathname2url(path)
470 472 authinfo = None
471 473 return opener(ui, authinfo).open(url_, data)
General Comments 0
You need to be logged in to leave comments. Login now