Add Windows proxy autodetection#222
Conversation
|
|
||
| if len(matchingClients) == 0 { | ||
| return fmt.Errorf("Unable to find match for '" + filter + "'\n") | ||
| return fmt.Errorf("Unable to find match for '%s'\n", filter) |
There was a problem hiding this comment.
Random change? This should be %q anyway
| } | ||
|
|
||
| return fmt.Errorf("Unable to find match for '" + filter + "'") | ||
| return fmt.Errorf("Unable to find match for '%s'", filter) |
| io.Copy(conn, file) | ||
| } | ||
|
|
||
| func readRawDownloadName(conn net.Conn) (string, error) { |
There was a problem hiding this comment.
This seems to be code from another PR
|
|
||
| if len(config.GOARCH) != 0 && !validArchs[config.GOARCH] { | ||
| return "", fmt.Errorf("GOARCH supplied is not valid: " + config.GOARCH) | ||
| return "", fmt.Errorf("GOARCH supplied is not valid: %s", config.GOARCH) |
| </body> | ||
| </html>` | ||
|
|
||
| func logDownloadTiming(path, remoteAddr, step string, started time.Time, acceptedAt time.Time, hasAccept bool) { |
| acceptedAt, hasAccept := downloadConnAcceptedAt(req) | ||
|
|
||
| httpDownloadLog := logger.NewLog(fmt.Sprintf("%s:%q", req.RemoteAddr, req.Host)) | ||
| httpDownloadLog := logger.NewLog(fmt.Sprintf("%s:%q", remoteAddr, req.Host)) |
| Version: string(sshConn.ClientVersion()), | ||
| Timestamp: time.Now(), | ||
| Transport: connMetadata.Transport, | ||
| PublicKeyFingerprint: sshConn.Permissions.Extensions["pubkey-fp"], |
| "time" | ||
| ) | ||
|
|
||
| type timedConn struct { |
| if transportName == "" { | ||
| transportName = "http" | ||
| } | ||
| metadata := m.metadataFromRequest(req, realConn.RemoteAddr(), transportName) |
|
|
||
| if proto == protocols.HTTPDownload { | ||
| if acceptedAt, ok := AcceptedAt(newConnection); ok { | ||
| log.Printf("download mux routed remote=%s since_tcp_accept=%s", newConnection.RemoteAddr(), time.Since(acceptedAt)) |
| echo "Seeding authorized_keys...\n" | ||
| echo $SEED_AUTHORIZED_KEYS > /data/authorized_keys | ||
| echo "Seeding authorized_keys..." | ||
| printf '%s\n' "$SEED_AUTHORIZED_KEYS" > /data/authorized_keys |
|
Hi, Thanks for your PR. This is an enormous number of changes, and from what I can see this is more like 4 different PRs rolled into one. I absolutely love your work with the upgrades to the windows proxy, and the other PR you've opened around making the download more robust. However this PR does far too much all in one go, I need you to chunk this up so I can understand each individual change. Also please dont introduce random changes like moving from |
|
Hi! You're right, this branch picked up unrelated work from my fork's main. I'll rebuild it from The raw download, mux metadata/logging, docker-entrypoint cleanup, and unrelated formatting changes should stay out of this PR and be split separately if needed. |
8132a2b to
a91aa78
Compare
|
Updated the branch. This PR is now rebuilt from The previous unrelated raw download, mux/logging, docker-entrypoint, and formatting changes should now be out of this PR. |
Summary
This adds Windows proxy autodetection for standalone clients and generated clients using
--auto-proxy/link --auto-proxy.The client reads the current user's WinINET manual proxy settings from:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsOnly the manual
ProxyServervalue is used. PAC (AutoConfigURL) and WPAD (AutoDetect) are intentionally not evaluated.How proxy autodetection works
proxy.local:8080.http=proxy.local:8080;https=secure-proxy.local:8443;socks=socks.local:1080.http://,https://, andsocks5://.httpandhttpsentries as HTTP proxy endpoints when no explicit proxy URL scheme is present.socksentries as SOCKS5 endpoints when no explicit proxy URL scheme is present.ftpandDIRECTentries because the client does not use FTP proxying and direct connection is already the first normal attempt.Proxy candidate order is target-aware:
http/ws: prefer the WinINET HTTP proxy first.https/tls/wss: prefer the WinINET Secure/HTTPS proxy first.Fallback behavior
ProxyEnable=1) and no explicit--proxyis set, the best matching detected proxy becomes the primary proxy.--proxyis set, the explicit proxy remains primary and detected WinINET proxies are fallback candidates.ProxyEnable=0) butProxyServerstill has values, those values are not used as primary. They are only tried after the direct or explicitly configured connection fails.*_PROXYenvironment variables.proxy.local:8080andhttp://proxy.local:8080.Validation
go test ./internal/clientGOOS=windows GOARCH=amd64 go test ./internal/clientgo vet ./internal/clientGOOS=linux GOARCH=amd64 go test -c ./internal/clientGOOS=darwin GOARCH=amd64 go test -c ./internal/clientgo test -vet=off ./cmd/client ./internal/server/commands ./internal/server/webservergit diff --check upstream/main..HEADThe server package check uses
-vet=offbecause upstream currently has unrelatedfmt.Errorfnon-constant format string vet findings. Those formatting-only changes are intentionally kept out of this feature PR.