scripts/oe-git-proxy

#!/bin/bash

# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses socat
# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
#
# Example ALL_PROXY values:
# ALL_PROXY=socks://socks.example.com:1080
# ALL_PROXY=https://proxy.example.com:8080
#
# Copyright (c) 2013, Intel Corporation.
# All rights reserved.
#
# AUTHORS
# Darren Hart <dvhart@linux.intel.com>

# Locate the netcat binary
SOCAT=$(which socat 2>/dev/null)
if [ $? -ne 0 ]; then
	echo "ERROR: socat binary not in PATH" 1>&2
	exit 1
fi
METHOD=""

# Test for a valid IPV4 quad with optional bitmask
valid_ipv4() {
	echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
	return $?
}

# Convert an IPV4 address into a 32bit integer
ipv4_val() {
	IP="$1"
	SHIFT=24
	VAL=0
	for B in ${IP//./ }; do
		VAL=$(($VAL+$(($B<<$SHIFT))))
		SHIFT=$(($SHIFT-8))
	done
	echo "$VAL"
}

# Determine if two IPs are equivalent, or if the CIDR contains the IP
match_ipv4() {
	CIDR=$1
	IP=$2

	if [ -z "${IP%%$CIDR}" ]; then
		return 0
	fi

	# Determine the mask bitlength
	BITS=${CIDR##*/}
	[ "$BITS" != "$CIDR" ] || BITS=32
	if [ -z "$BITS" ]; then
		return 1
	fi

	IPVAL=$(ipv4_val $IP)
	IP2VAL=$(ipv4_val ${CIDR%%/*})

	# OR in the unmasked bits
	for i in $(seq 0 $((32-$BITS))); do
		IP2VAL=$(($IP2VAL|$((1<<$i))))
		IPVAL=$(($IPVAL|$((1<<$i))))
	done

	if [ $IPVAL -eq $IP2VAL ]; then
		return 0
	fi
	return 1
}

# Test to see if GLOB matches HOST
match_host() {
	HOST=$1
	GLOB=$2

	if [ -z "${HOST%%$GLOB}" ]; then
		return 0
	fi

	# Match by netmask
	if valid_ipv4 $GLOB; then
		HOST_IP=$(gethostip -d $HOST)
		if valid_ipv4 $HOST_IP; then
			match_ipv4 $GLOB $HOST_IP
			if [ $? -eq 0 ]; then
				return 0
			fi
		fi
	fi

	return 1
}

# If no proxy is set or needed, just connect directly
METHOD="TCP:$1:$2"

if [ -z "$ALL_PROXY" ]; then
	exec $SOCAT STDIO $METHOD
fi

# Connect directly to hosts in NO_PROXY
for H in ${NO_PROXY//,/ }; do
	if match_host $1 $H; then
		exec $SOCAT STDIO $METHOD
	fi
done

# Proxy is necessary, determine protocol, server, and port
PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*\).*/\1/')
# For backwards compatibility, this allows the port number to be followed by /?
# in addition to the customary optional /
PORT=$(echo $ALL_PROXY | sed -e 's/.*:\([0-9]*\)\(\/?\?\)\?$/\1/')
if [ "$PORT" = "$ALL_PROXY" ]; then
	PORT=""
fi

if [ "$PROTO" = "socks" ] || [ "$PROTO" = "socks4a" ]; then
	if [ -z "$PORT" ]; then
		PORT="1080"
	fi
	METHOD="SOCKS4A:$PROXY:$1:$2,socksport=$PORT"
elif [ "$PROTO" = "socks4" ]; then
	if [ -z "$PORT" ]; then
		PORT="1080"
	fi
	METHOD="SOCKS4:$PROXY:$1:$2,socksport=$PORT"
else
	# Assume PROXY (http, https, etc)
	if [ -z "$PORT" ]; then
		PORT="8080"
	fi
	METHOD="PROXY:$PROXY:$1:$2,proxyport=$PORT"
fi

exec $SOCAT STDIO $METHOD