Bug #82094 for Net-FTPSSL: Adding support for HTTP proxy to Net::FTPSSL 0.22

> .Hello Mr. Leach, > > I would like to contribute a new feature to your Net::FTPSSL package. > I have added support for an http proxy to your module. Here are > the > modifications that I added as a unified diff. 2 Files were changed > FTPSSL.pm, and MakeFile.PL > > Index: FTPSSL.pm > =================================================================== > --- FTPSSL.pm (revision 5094) > +++ FTPSSL.pm (revision 5119) > @@ -21,6 +21,7 @@ > use File::Copy; > use Time::Local; > use Sys::Hostname; > +use Net::HTTPTunnel; > use Carp qw( carp croak ); > use Errno qw/ EINTR /; > @@ -118,6 +119,12 @@ > my $emulate_bug = $arg->{EmulateBug} || 0; # Undocumented > feature. > > + # > + # HTTP Proxy parameters > + # > + my $proxyHost = $arg->{ProxyHost}; > + my $proxyPort = $arg->{ProxyPort} || 3128; > + > # Determine where to write the Debug info to ... > my $pv = sprintf ("%s [%vd]", $], $^V); # The version of perl! > if ( $use_logfile ) { > @@ -172,19 +179,43 @@ > # We start with a clear connection, because I don't know if the > # connection will be implicit or explicit or remain clear after > all. > + my $socket; > my %socketArgs = ( PeerAddr => $host, > PeerPort => $port, > Proto => 'tcp', > Timeout => $timeout > ); > $socketArgs{LocalAddr} = $localaddr if (defined $localaddr); > + if (defined($proxyHost)) { > + # > + # Set the proxy parameters for the future data connections. > + # > + Net::SSLeay::set_proxy($proxyHost, $proxyPort); > - my $socket = IO::Socket::INET->new ( %socketArgs ) > + $socket = Net::HTTPTunnel->new('proxy-host' => $proxyHost, > + 'proxy-port' => $proxyPort, > + 'remote-host' => $host, > + 'remote-port' => $port) > + or > + return _croak_or_return (undef, $die, $dbg_flg, > + "Can't open HTTP Proxy > tunnel connection ($proxyHost:$proxyPort) to ($host:$port)"); > +# $socket = IO::Socket::INET->new_from_fd($tunnel, 'r+'); > +# $socket->timeout($timeout); > + } else { > + > + $socket = IO::Socket::INET->new ( %socketArgs ) > or > return _croak_or_return (undef, $die, $dbg_flg, > - "Can't open tcp connection! > ($host:$port)"); > + "Can't open tcp connection! > ($host:$port)"); > + } > - $socket->autoflush(1); > + if ($socket->can('autoflush')) { > + $socket->autoflush(1); > + } else { > + my $oldFh = select $socket; > + $| = 1; > + select $oldFh; > + } > ${*$socket}{debug} = $debug; > ${*$socket}{Croak} = $die; > @@ -276,6 +307,8 @@ > ${*$obj}{type} = MODE_ASCII; > ${*$obj}{data_prot} = $data_prot; > ${*$obj}{Croak} = $die; > + ${*$obj}{ProxyPort} = $proxyPort; > + ${*$obj}{ProxyHost} = $proxyHost if defined($proxyHost); > ${*$obj}{FixPutTs} = ${*$obj}{FixGetTs} = $pres_ts; > ${*$obj}{OverridePASV} = $pasvHost; > ${*$obj}{dcsc_mode} = FTPS_PASV; > @@ -500,14 +533,26 @@ > "Can't open private data connection to > $host:$port"); > } elsif ( ${*$self}{data_prot} eq DATA_PROT_CLEAR ) { > - my %socketArgs = %{${*$self}{mySocketOpts}}; > - $socketArgs{PeerAddr} = $host; > - $socketArgs{PeerPort} = $port; > + if (exists(${*$self}{ProxyHost})) { > + my $proxyHost = ${*$self}{ProxyHost}; > + my $proxyPort = ${*$self}{ProxyPort}; > + $socket = Net::HTTPTunnel->new('proxy-host' => > $proxyHost, > + 'proxy-port' => > $proxyPort, > + 'remote-host' => $host, > + 'remote-port' => $port) > + or return $self->_croak_or_return (0, > + "Can't open HTTP Proxy tunnel data > connection ($proxyHost:$proxyPort) to ($host:$port)"); > + #$socket = IO::Socket::INET->new_from_fd($tunnel, "r+"); > + #$socket->timeout(${*$self}{timeout}); > + } else { > + my %socketArgs = %{${*$self}{mySocketOpts}}; > + $socketArgs{PeerAddr} = $host; > + $socketArgs{PeerPort} = $port; > - $socket = IO::Socket::INET->new( %socketArgs ) or > + $socket = IO::Socket::INET->new( %socketArgs ) or > return $self->_croak_or_return (0, > "Can't open clear data connection to > $host:$port"); > - > + } > } else { > # TODO: Fix so DATA_PROT_SAFE & DATA_PROT_CONFIDENTIAL work. > return $self->_croak_or_return (0, "Currently doesn't support > mode ${*$self}{data_prot} for data channels to $host:$port"); > @@ -544,8 +589,16 @@ > return $self->_croak_or_return (0, "Currently doesn't support > mode ${*$self}{data_prot} for data channels."); > } > - $io->autoflush (1); > + if ($io->can('autoflush')) { > + $io->autoflush(1); > + } else { > + my $oldFh = select $io; > + $| = 1; > + select $oldFh; > + } > + delete(${*$self}{data_ch}); > + > # $self->_debug_print_hash ("host", "port", ${*$self}{data_prot}, > $io); > return ( $io ); > @@ -599,7 +652,12 @@ > $dati .= $tmp; > } > - $io->close(); > + if ($io->can('close')) { > + $io->close(); > + } else { > + close($io); > + undef($io); > + } > # To catch the expected "226 Closing data connection." > if ( $self->response() != CMD_OK ) { > @@ -798,7 +856,7 @@ > } > } # End else ASCII ... > - unless ($pos) { > + unless ($pos) { > return $self->_croak_or_return (0, > "System seek error before Truncation: > $!"); > } > @@ -987,7 +1045,12 @@ > print STDERR ". done! (" . $self->_fmt_num ($total) . " byte(s))\n" > if (${*$self}{trace}); > - $io->close(); > + if ($io->can('close')) { > + $io->close(); > + } else { > + close($io); > + undef($io); > + } > # To catch the expected "226 Closing data connection." > if ( $self->response() != CMD_OK ) { > @@ -1423,8 +1486,14 @@ > } > } > - $io->close(); > + if ($io->can('close')) { > + $io->close(); > + } else { > + close($io); > + undef($io); > + } > + > # To catch the expected "226 Closing data connection." > if ( $self->response() != CMD_OK ) { > return $self->_croak_or_return (); > @@ -2528,7 +2597,7 @@ > sub _close_LOG > { > - my $self = shift; > + my $self = shift; > if ( defined $self && exists ${*$self}{ftpssl_filehandle} ) { > my $FILE = ${*$self}{ftpssl_filehandle}; > @@ -2554,12 +2623,12 @@ > use Net::FTPSSL; > - my $ftps = Net::FTPSSL->new('ftp.yoursecureserver.com', > + my $ftps = Net::FTPSSL->new('ftp.yoursecureserver.com', > Encryption => EXP_CRYPT, > - Debug => 1) > + Debug => 1) > or die "Can't open > ftp.yoursecureserver.com\n$Net::FTPSSL::ERRSTR"; > - $ftps->login('anonymous', 'user@localhost') > + $ftps->login('anonymous', 'user@localhost') > or die "Can't login: ", $ftps->last_message(); > $ftps->cwd("/pub") or die "Can't change directory: " . $ftps- > @@ -3002,7 +3071,7 @@ > to security concerns it is recommended that you do not use this > method.> > If the version of I<IO::Socket::SSL> you have installed is too old, > this > -function will not work since I<stop_SSL> won't be defined (like in > v1.08). So > +function will not work since I<stop_SSL> won't be defined (like in > v1.08). So > it is recommended that you be on at least I<version 1.18> or later if > you plan > on using this function. > Index: Makefile.PL > =================================================================== > --- Makefile.PL (revision 5094) > +++ Makefile.PL (revision 5119) > @@ -6,7 +6,7 @@ > NAME => 'Net::FTPSSL', > VERSION_FROM => 'FTPSSL.pm', # finds $VERSION > # e.g., Module::Name => > 1.1 > - PREREQ_PM => { IO::Socket::SSL => 1.08, > Net::SSLeay::Handle => 0.0, File::Basename => 0.0, File::Copy => > 0.0, Time::Local => 0.0, Sys::Hostname => 0.0 }, > + PREREQ_PM => { IO::Socket::SSL => 1.08, > Net::SSLeay::Handle => 0.0, File::Basename => 0.0, File::Copy => > 0.0, Time::Local => 0.0, Sys::Hostname => 0.0, Net::HTTPTunnel => > 0.51 }, > ($] >= 5.005 ? ## Add these new keywords supported since > 5.005 > (ABSTRACT_FROM => 'FTPSSL.pm', # retrieve abstract > from module > AUTHOR => 'Curtis Leach <cleach at cpan dot org>') : > ()), > > Should you have any questions or concerns please do not hesitate to > contact me > Robert Denault > Programmeur-analyste principal II/ Senior Programmer-Analyst II > TELUS Solutions en santé | avec l'expertise d'Emergis > TELUS Health Solutions | backed by Emergis > T : (450) 928 6000 x 3740 > T : 1 (866) 363 7447 x 3740 > robert.denault@telus.com > telussante.com telushealth.com > > [cid:image001.gif@01CDDD2D.233B0630] > Le présent courriel et tout document joint sont destinés uniquement à > la personne ou à l'entité à qui il est adressé et peut contenir des > renseignements confidentiels. Si vous n'êtes pas le destinataire > visé, veuillez nous en informer sans délai et détruire le courriel > et les documents ainsi que toute copie qui en aurait été faite. > Merci. > This message and any accompanying attachments are intended only for > the person(s) to whom this message is addressed and may contain > privileged, proprietary and/or confidential information. Any > unauthorized use, disclosure, reproduction or distribution of this > message or its attachments is strictly prohibited. If you have > received this message in error, please notify the sender > immediately and permanently delete or destroy this message, > including any attachments. Thank you. > . >

> Hello Curtis, > > I assume the testing would involved running the your > package test suite? Would there be any other tests involved? I > should be able to run some tests. All the tests would be execute > on Red Hat servers and using Squid as the proxy. > > > Should you > have any questions or concerns please do not hesitate to contact me > Robert Denault > Programmeur-analyste principal II/ Senior > Programmer-Analyst II > TELUS Solutions en santé | avec l’expertise > d’Emergis > TELUS Health Solutions | backed by Emergis T : (450) > 928 6000 x 3740 > T : 1 (866) 363 7447 x 3740 > robert.denault@telus.com > telussante.com  telushealth.com > Le présent courriel et tout document joint sont destinés uniquement > à la personne ou à l’entité à qui il est adressé et peut contenir > des renseignements confidentiels. Si vous n’êtes pas le > destinataire visé, veuillez nous en informer sans délai et détruire > le courriel et les documents ainsi que toute copie qui en aurait > été faite. Merci. > This message and any accompanying attachments > are intended only for the person(s) to whom this message is > addressed and may contain privileged, proprietary and/or > confidential information. Any unauthorized use, disclosure, > reproduction or distribution of this message or its attachments is > strictly prohibited. If you have received this message in error, > please notify the sender immediately and permanently delete or > destroy this message, including any attachments. Thank you. > . >

> Hello Curtis, > > > > I started testing your new version with the http > proxy integration. I have attaché the logs from the first series > of tests. I ran into some issues when using the a clear command > channel with a proxy(proxy_test_trace_log_new.txt), and an implicit > connection with a clear data channel through the proxy > (proxy_ftp_test_trace_log_new.txt). > > > > Error occurs around line > 146 of 10-complex.t in the check_for_pasv_issue subroutine. > I have also added the other trace file the 10-complex.t script > generated with my other attempts. > > > > > > I also noticed that > the calls made on the close of the data channels in the new version > do not include a check for can close. I had added these because > the clear data channel when going through the http proxy > (Net::HTTPTunnel) do not support the close method, and had to be > closed using close($io). > > > > I like your idea of using the > my_flush. Same idea would work with the data channel close. I > looking at the can close code I saw I also missed one in the list > method (see below). > > > > [cid:image001.png@01CE05E2.93D59940] > Should you have any questions or concerns please do not hesitate to > contact me > > Robert Denault > > Programmeur-analyste principal II/ > Senior Programmer-Analyst II > > TELUS Solutions en santé | avec > l’expertise d’Emergis > > TELUS Health Solutions | backed by Emergis > T : (450) 928 6000 x 3740 > > T : 1 (866) 363 7447 x 3740 > robert.denault@telus.com > > telussante.com telushealth.com > Le présent courriel et tout document joint sont destinés uniquement > à la personne ou à l’entité à qui il est adressé et peut contenir > des renseignements confidentiels. Si vous n’êtes pas le > destinataire visé, veuillez nous en informer sans délai et détruire > le courriel et les documents ainsi que toute copie qui en aurait > été faite. Merci. > > This message and any accompanying attachments > are intended only for the person(s) to whom this message is > addressed and may contain privileged, proprietary and/or > confidential information. Any unauthorized use, disclosure, > reproduction or distribution of this message or its attachments is > strictly prohibited. If you have received this message in error, > please notify the sender immediately and permanently delete or > destroy this message, including any attachments. Thank you. > > . > -----Message d'origine----- > De : Curtis Leach via RT [mailto:bug- > Net-FTPSSL@rt.cpan.org] > Envoyé : February 1, 2013 8:44 PM > À : > Robert-Jean Denault > Objet : [rt.cpan.org #82094] Adding support > for HTTP proxy to Net::FTPSSL 0.22 > > > > <URL: > https://rt.cpan.org/Ticket/Display.html?id=82094 > > > > > Hi > Robert, > > > > I just got finished adding it the proxy prompts to > my test case. Try it out during your testing if you like. > Curtis > > > > On Fri Feb 01 10:58:10 2013, Robert- > jean.Denault@telus.com<mailto:Robert-jean.Denault@telus.com> wrote: > > > tests around the > > things go. > > > > > Programmeur-analyste principal II/ Senior > > Analyst II > > > d’Emergis > > > > robert.denault@telus.com<mailto:robert.denault@telus.com> >

> Hi Robert, > > Thanks for your help with your test results and comments last time. > It's a bit tough to test things out when you don't have a server to > test directly against. > > I made the recommended "close()" changes and I think I finally found > the bug that was causing 10-complex.t to barf! There were a few typos > in the code that Perl was treating as undefs instead of errors. > > Could you please test things out again & let me know if this patch > finally works? I'm hoping to be able to respond more quickly now that > the craziness at the paying job is slowing down again. > > Curtis > > On Fri Feb 08 14:19:38 2013, Robert-jean.Denault@telus.com wrote: