139 lines
3.3 KiB
Bash
Executable File
139 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# oe-git-proxy is a simple tool to be via GIT_PROXY_COMMAND. It uses BSD netcat
|
|
# to make SOCKS5 or HTTPS proxy connections. It uses ALL_PROXY to determine the
|
|
# proxy server, protocol, and port. It uses NO_PROXY to skip using the proxy for
|
|
# a comma delimited list of hosts, host globs (*.example.com), IPs, or CIDR
|
|
# masks (192.168.1.0/24). It is known to work with both bash and dash shells.
|
|
#
|
|
# BSD netcat is provided by netcat-openbsd on Ubuntu and nc on Fedora.
|
|
#
|
|
# Example ALL_PROXY values:
|
|
# ALL_PROXY=socks://socks.example.com:1080
|
|
# ALL_PROXY=https://proxy.example.com:8080
|
|
#
|
|
# Copyright (c) 2013, Intel Corporation.
|
|
# All rights reserved.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
#
|
|
# AUTHORS
|
|
# Darren Hart <dvhart@linux.intel.com>
|
|
|
|
# Locate the netcat binary
|
|
NC=$(which nc 2>/dev/null)
|
|
if [ $? -ne 0 ]; then
|
|
echo "ERROR: nc binary not in PATH"
|
|
exit 1
|
|
fi
|
|
METHOD=""
|
|
|
|
# Test for a valid IPV4 quad with optional bitmask
|
|
valid_ipv4() {
|
|
echo $1 | egrep -q "^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}(/(3[0-2]|[1-2]?[0-9]))?$"
|
|
return $?
|
|
}
|
|
|
|
# Convert an IPV4 address into a 32bit integer
|
|
ipv4_val() {
|
|
IP="$1"
|
|
SHIFT=24
|
|
VAL=0
|
|
for B in ${IP//./ }; do
|
|
VAL=$(($VAL+$(($B<<$SHIFT))))
|
|
SHIFT=$(($SHIFT-8))
|
|
done
|
|
echo "$VAL"
|
|
}
|
|
|
|
# Determine if two IPs are equivalent, or if the CIDR contains the IP
|
|
match_ipv4() {
|
|
CIDR=$1
|
|
IP=$2
|
|
|
|
if [ -z "${IP%%$CIDR}" ]; then
|
|
return 0
|
|
fi
|
|
|
|
# Determine the mask bitlength
|
|
BITS=${CIDR##*/}
|
|
if [ -z "$BITS" ]; then
|
|
return 1
|
|
fi
|
|
|
|
IPVAL=$(ipv4_val $IP)
|
|
IP2VAL=$(ipv4_val ${CIDR%%/*})
|
|
|
|
# OR in the unmasked bits
|
|
for i in $(seq 0 $((32-$BITS))); do
|
|
IP2VAL=$(($IP2VAL|$((1<<$i))))
|
|
IPVAL=$(($IPVAL|$((1<<$i))))
|
|
done
|
|
|
|
if [ $IPVAL -eq $IP2VAL ]; then
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
# Test to see if GLOB matches HOST
|
|
match_host() {
|
|
HOST=$1
|
|
GLOB=$2
|
|
|
|
if [ -z "${HOST%%$GLOB}" ]; then
|
|
return 0
|
|
fi
|
|
|
|
# Match by netmask
|
|
if valid_ipv4 $GLOB; then
|
|
HOST_IP=$(gethostip -d $HOST)
|
|
if valid_ipv4 $HOST_IP; then
|
|
match_ipv4 $GLOB $HOST_IP
|
|
if [ $? -eq 0 ]; then
|
|
return 0
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
return 1
|
|
}
|
|
|
|
# If no proxy is set, just connect directly
|
|
if [ -z "$ALL_PROXY" ]; then
|
|
exec $NC -X connect "$@"
|
|
fi
|
|
|
|
# Connect directly to hosts in NO_PROXY
|
|
for H in ${NO_PROXY//,/ }; do
|
|
if match_host $1 $H; then
|
|
METHOD="-X connect"
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ -z "$METHOD" ]; then
|
|
# strip the protocol and the trailing slash
|
|
PROTO=$(echo $ALL_PROXY | sed -e 's/\([^:]*\):\/\/.*/\1/')
|
|
PROXY=$(echo $ALL_PROXY | sed -e 's/.*:\/\/\([^:]*:[0-9]*\).*/\1/')
|
|
if [ "$PROTO" = "socks" ]; then
|
|
METHOD="-X 5 -x $PROXY"
|
|
elif [ "$PROTO" = "https" ]; then
|
|
METHOD="-X connect -x $PROXY"
|
|
fi
|
|
fi
|
|
|
|
exec $NC $METHOD "$@"
|