- Added patch by Fred Donck <fd0 at donck dot com> to store proxy username

and password in environment variables. Security fix ------------ - Modified cmdline.c to allow passing of proxyuser and proxypass as environment variables to prevent other users on same machine from snooping sensitive info. -U for env var that contains the proxy user -S for env var that contains the proxy user's password git-svn-id: https://proxytunnel.svn.sourceforge.net/svnroot/proxytunnel/trunk/proxytunnel@57 bc163920-b10d-0410-b2c5-a5491ca2ceef
2026-01-23 10:36:13 +00:00 · 2004-09-30 09:30:38 +00:00 · 2004-09-30 09:30:38 +00:00 · b011269c3c
commit b011269c3c
parent 55df6bc79a
5 changed files with 78 additions and 11 deletions
--- a/14
+++ b/14
@ -1,3 +1,17 @@
+Changes to proxytunnel version 1.2.0 -- Thu Sep 30 11:22:03 CEST 2004
+
+- Added patch by Fred Donck <fd0 at donck dot com> to store proxy username
+  and password in environment variables.
+
+  Security fix
+  ------------
+
+  - Modified cmdline.c to allow passing of proxyuser and proxypass as
+    environment variables to prevent other users on same machine from
+    snooping sensitive info.
+    -U for env var that contains the proxy user
+    -S for env var that contains the proxy user's password
+
 Changes to proxytunnel version 1.1.4 -- Wed Jun 23 21:05:35 CEST 2004

 - Small solaris fix
--- a/1
+++ b/1
@ -11,6 +11,7 @@ people.
 	Martin Senft <martin@illicon.de>	- Solaris patches
 	Andrew Griffiths <nullptr@tasmail.com>	- String format fixes
 	Dieter Heiliger <dieter.heiliger@gmx.de>- User-agent header idea
+	Fred Donck <fd0@donck.com>		- User/Pass Env Vars


 Furthermore we would like to thank the wonderful people at SourceForge
--- a/20
+++ b/20
@ -3,8 +3,8 @@ proxytunnel
 -----------

 Author:		Jos Visser <josv@osp.nl>, Mark Janssen <maniac@maniac.nl>
-Date: 		Wed Jun 23 21:06:26 CEST 2004
-Version:	1.1.4
+Date: 		Thu Sep 30 11:22:03 CEST 2004
+Version:	1.2.0

 Hi all,

@ -22,7 +22,7 @@ Proxytunnel is very easy to use, when running proxytunnel with the help
 option it specifies it's command-line options.

 $ ./proxytunnel --help
-Proxytunnel 1.0.7
+Proxytunnel 1.2.0
 Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl>

 Purpose:
@ -32,16 +32,26 @@ Usage: Proxytunnel [OPTIONS]...
   -h         --help              Print help and exit
   -V         --version           Print version and exit
   -i         --inetd             Run from inetd (default=off)
+   -a INT     --standalone=INT    Run as standalone daemon on specified port
   -u STRING  --user=STRING       Username to send to HTTPS proxy for auth
   -s STRING  --pass=STRING       Password to send to HTTPS proxy for auth
+   -U STRING  --uservar=STRING    Env var with Username for HTTPS proxy auth
+   -S STRING  --passvar=STRING    Env var with Password for HTTPS proxy auth
   -g STRING  --proxyhost=STRING  HTTPS Proxy host to connect to
   -G INT     --proxyport=INT     HTTPS Proxy portnumber to connect to
   -d STRING  --desthost=STRING   Destination host to built the tunnel to
   -D INT     --destport=INT      Destination portnumber to built the tunnel to
+   -H STRING  --header=STRING     Add STRING to HTTP headers sent to proxy
   -n         --dottedquad        Convert destination hostname to dotted quad
   -v         --verbose           Turn on verbosity (default=off)
   -q         --quiet             Suppress messages  (default=off)

+Examples:
+Proxytunnel [ -h | -V ]
+Proxytunnel -i [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]
+Proxytunnel -i [ -U envvar -S envvar ] -g host -G port -d host -D port [ -n ] [ -v | -q ]
+Proxytunnel -a port [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]
+

 To use this program with OpenSSH to connect to a host somewhere, create
 a $HOME/.ssh/config file with the following content:
@ -62,7 +72,9 @@ With:
 - 443			The port number of the SSH daemon on mybox.athome.nl

 If your proxy doesn't require the username and password for using it,
-you can skip these options.
+you can skip these options. If you are on a 'shared' system it's recommendable
+to store your proxy user/password data in environment variables and then tell
+proxytunnel which variables to check for this data.

 If you want to run proxytunnel from inetd add the '--inetd' option.

--- a/cmdline.c
+++ b/cmdline.c
@ -59,6 +59,8 @@ cmdline_parser_print_help (void)
 #endif
 "   -u STRING  --user=STRING       Username to send to HTTPS proxy for auth\n"
 "   -s STRING  --pass=STRING       Password to send to HTTPS proxy for auth\n"
+"   -U STRING  --uservar=STRING    Env var with Username for HTTPS proxy auth\n"
+"   -S STRING  --passvar=STRING    Env var with Password for HTTPS proxy auth\n"
 "   -g STRING  --proxyhost=STRING  HTTPS Proxy host to connect to\n"
 "   -G INT     --proxyport=INT     HTTPS Proxy portnumber to connect to\n"
 "   -d STRING  --desthost=STRING   Destination host to built the tunnel to\n"
@ -71,7 +73,8 @@ cmdline_parser_print_help (void)
  printf( "\nExamples:\n"
 "%s [ -h | -V ]\n"
 "%s -i [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]\n"
-"%s -a port [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]\n", PACKAGE, PACKAGE, PACKAGE );
+"%s -i [ -U envvar -S envvar ] -g host -G port -d host -D port [ -n ] [ -v | -q ]\n"
+"%s -a port [ -u user -s pass ] -g host -G port -d host -D port [ -n ] [ -v | -q ]\n", PACKAGE, PACKAGE, PACKAGE, PACKAGE );


 #ifndef HAVE_GETOPT_LONG
@ -134,6 +137,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
  clear_args();

  optarg = 0;
+  char * tmp_env_var;

 #ifdef HAVE_GETOPT_LONG
  optind = 1;
@ -152,6 +156,8 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
        { "version",	0, NULL, 'V' },
        { "user",	1, NULL, 'u' },
        { "pass",	1, NULL, 's' },
+        { "uservar",	1, NULL, 'U' },
+        { "passvar",	1, NULL, 'S' },
        { "proxyhost",	1, NULL, 'g' },
        { "proxyport",	1, NULL, 'G' },
        { "desthost",	1, NULL, 'd' },
@ -165,9 +171,9 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
        { NULL,	0, NULL, 0 }
      };

-      c = getopt_long (argc, argv, "hVia:u:s:g:G:d:D:H:nvq", long_options, &option_index);
+      c = getopt_long (argc, argv, "hVia:u:s:U:S:g:G:d:D:H:nvq", long_options, &option_index);
 #else
-      c = getopt( argc, argv, "hVia:u:s:g:G:d:D:H:nvq" );
+      c = getopt( argc, argv, "hVia:u:s:U:S:g:G:d:D:H:nvq" );
 #endif

      if (c == -1) break;	/* Exit from `while (1)' loop.  */
@ -209,7 +215,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
        case 'u':	/* Username to send to HTTPS proxy for authentication.  */
          if (args_info->user_given)
            {
-              fprintf (stderr, "%s: `--user' (`-u') option given more than once\n", PACKAGE);
+              fprintf (stderr, "%s: `--user' (`-u') or `--uservar' (`-U') option given more than once\n", PACKAGE);
              clear_args ();
              exit (1);
            }
@ -217,10 +223,27 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
          args_info->user_arg = gengetopt_strdup (optarg);
          break;

+        case 'U':	/* Env Var with Username to send to HTTPS proxy for authentication.  */
+          if (args_info->user_given)
+            {
+              fprintf (stderr, "%s: `--user' (`-u') or `--uservar' (`-U') option given more than once\n", PACKAGE);
+              clear_args ();
+              exit (1);
+            }
+	  tmp_env_var = getenv(optarg) ;
+	  if (!tmp_env_var) {
+	      fprintf (stderr, "%s Invalid environment variable\n", optarg) ;
+	      clear_args ();
+	      exit (1);
+	  }
+          args_info->user_given = 1;
+          args_info->user_arg = gengetopt_strdup (tmp_env_var);
+          break;
+
        case 's':	/* Password to send to HTTPS proxy for authentication.  */
          if (args_info->pass_given)
            {
-              fprintf (stderr, "%s: `--pass' (`-s') option given more than once\n", PACKAGE);
+              fprintf (stderr, "%s: `--pass' (`-s') or `--passvar' (`-S') option given more than once\n", PACKAGE);
              clear_args ();
              exit (1);
            }
@ -228,6 +251,23 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
          args_info->pass_arg = gengetopt_strdup (optarg);
          break;

+        case 'S':	/* Env Var with Password to send to HTTPS proxy for authentication.  */
+          if (args_info->pass_given)
+            {
+              fprintf (stderr, "%s: `--pass' (`-s') or `--passvar' (`-S') option given more than once\n", PACKAGE);
+              clear_args ();
+              exit (1);
+            }
+	  tmp_env_var = getenv(optarg) ;
+	  if (!tmp_env_var) {
+	      fprintf (stderr, "%s Invalid environment variable\n", optarg) ;
+	      clear_args ();
+	      exit (1);
+	  }
+          args_info->user_given = 1;
+          args_info->user_arg = gengetopt_strdup (tmp_env_var);
+          break;
+
        case 'g':	/* HTTPS Proxy host to connect to.  */
          if (args_info->proxyhost_given)
            {
--- a/config.h
+++ b/config.h
@ -1,4 +1,4 @@
-/* Proxytunnel - (C) 2001-2002 Jos Visser / Mark Janssen    */
+/* Proxytunnel - (C) 2001-2004 Jos Visser / Mark Janssen    */
 /* Contact:                  josv@osp.nl / maniac@maniac.nl */

 /*
@ -17,7 +17,7 @@
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

-#define VERSION	"1.1.4"
+#define VERSION	"1.2.0"
 #define PACKAGE	"Proxytunnel"
 #define PURPOSE "Build generic tunnels through HTTPS proxies"
 #define AUTHORS "Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl>"