| #!/bin/bash |
| |
| # oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses socat |
| # to make SOCKS5 or HTTPS proxy connections. |
| # It uses ALL_PROXY or all_proxy or http_proxy to determine the proxy server, |
| # protocol, and port. |
| # It uses NO_PROXY to skip using the proxy for a comma delimited list of |
| # hosts, host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24). It |
| # is known to work with both bash and dash shells. |
| # |
| # Example ALL_PROXY values: |
| # ALL_PROXY=socks://socks.example.com:1080 |
| # ALL_PROXY=https://proxy.example.com:8080 |
| # |
| # Copyright (c) 2013, Intel Corporation. |
| # All rights reserved. |
| # |
| # AUTHORS |
| # Darren Hart <dvhart@linux.intel.com> |
| |
| # Locate the netcat binary |
| SOCAT=$(which socat 2>/dev/null) |
| if [ $? -ne 0 ]; then |
| echo "ERROR: socat binary not in PATH" 1>&2 |
| exit 1 |
| fi |
| METHOD="" |
| |
| # Test for a valid IPV4 quad with optional bitmask |
| valid_ipv4() { |
| echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$" |
| return $? |
| } |
| |
| # Convert an IPV4 address into a 32bit integer |
| ipv4_val() { |
| IP="$1" |
| SHIFT=24 |
| VAL=0 |
| for B in ${IP//./ }; do |
| VAL=$(($VAL+$(($B<<$SHIFT)))) |
| SHIFT=$(($SHIFT-8)) |
| done |
| echo "$VAL" |
| } |
| |
| # Determine if two IPs are equivalent, or if the CIDR contains the IP |
| match_ipv4() { |
| CIDR=$1 |
| IP=$2 |
| |
| if [ -z "${IP%%$CIDR}" ]; then |
| return 0 |
| fi |
| |
| # Determine the mask bitlength |
| BITS=${CIDR##*/} |
| [ "$BITS" != "$CIDR" ] || BITS=32 |
| if [ -z "$BITS" ]; then |
| return 1 |
| fi |
| |
| IPVAL=$(ipv4_val $IP) |
| IP2VAL=$(ipv4_val ${CIDR%%/*}) |
| |
| # OR in the unmasked bits |
| for i in $(seq 0 $((32-$BITS))); do |
| IP2VAL=$(($IP2VAL|$((1<<$i)))) |
| IPVAL=$(($IPVAL|$((1<<$i)))) |
| done |
| |
| if [ $IPVAL -eq $IP2VAL ]; then |
| return 0 |
| fi |
| return 1 |
| } |
| |
| # Test to see if GLOB matches HOST |
| match_host() { |
| HOST=$1 |
| GLOB=$2 |
| |
| if [ -z "${HOST%%$GLOB}" ]; then |
| return 0 |
| fi |
| |
| # Match by netmask |
| if valid_ipv4 $GLOB; then |
| for HOST_IP in $(getent ahostsv4 $HOST | grep ' STREAM ' | cut -d ' ' -f 1) ; do |
| if valid_ipv4 $HOST_IP; then |
| match_ipv4 $GLOB $HOST_IP |
| if [ $? -eq 0 ]; then |
| return 0 |
| fi |
| fi |
| done |
| fi |
| |
| return 1 |
| } |
| |
| # If no proxy is set or needed, just connect directly |
| METHOD="TCP:$1:$2" |
| |
| [ -z "${ALL_PROXY}" ] && ALL_PROXY=$all_proxy |
| [ -z "${ALL_PROXY}" ] && ALL_PROXY=$http_proxy |
| |
| if [ -z "$ALL_PROXY" ]; then |
| exec $SOCAT STDIO $METHOD |
| fi |
| |
| # Connect directly to hosts in NO_PROXY |
| for H in ${NO_PROXY//,/ }; do |
| if match_host $1 $H; then |
| exec $SOCAT STDIO $METHOD |
| fi |
| done |
| |
| # Proxy is necessary, determine protocol, server, and port |
| # extract protocol |
| PROTO=${ALL_PROXY%://*} |
| # strip protocol:// from string |
| ALL_PROXY=${ALL_PROXY#*://} |
| # extract host & port parts: |
| # 1) drop username/password |
| PROXY=${ALL_PROXY##*@} |
| # 2) remove optional trailing /? |
| PROXY=${PROXY%%/*} |
| # 3) extract optional port |
| PORT=${PROXY##*:} |
| if [ "$PORT" = "$PROXY" ]; then |
| PORT="" |
| fi |
| # 4) remove port |
| PROXY=${PROXY%%:*} |
| |
| # extract username & password |
| PROXYAUTH="${ALL_PROXY%@*}" |
| [ "$PROXYAUTH" = "$ALL_PROXY" ] && PROXYAUTH= |
| [ -n "${PROXYAUTH}" ] && PROXYAUTH=",proxyauth=${PROXYAUTH}" |
| |
| if [ "$PROTO" = "socks" ] || [ "$PROTO" = "socks4a" ]; then |
| if [ -z "$PORT" ]; then |
| PORT="1080" |
| fi |
| METHOD="SOCKS4A:$PROXY:$1:$2,socksport=$PORT" |
| elif [ "$PROTO" = "socks4" ]; then |
| if [ -z "$PORT" ]; then |
| PORT="1080" |
| fi |
| METHOD="SOCKS4:$PROXY:$1:$2,socksport=$PORT" |
| else |
| # Assume PROXY (http, https, etc) |
| if [ -z "$PORT" ]; then |
| PORT="8080" |
| fi |
| METHOD="PROXY:$PROXY:$1:$2,proxyport=${PORT}${PROXYAUTH}" |
| fi |
| |
| exec $SOCAT STDIO "$METHOD" |