From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Mon, 4 Oct 2021 19:47:29 +0000 (-0500)
Subject: Add option to explicitly disable proxying for a rlm_rest section
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14722d86ea8f8eaa282ab0eb42b9ac70124e3493;p=thirdparty%2Ffreeradius-server.git

Add option to explicitly disable proxying for a rlm_rest section
---

diff --git a/raddb/mods-available/rest b/raddb/mods-available/rest
index 340619f2c8..caa08b22bf 100644
--- a/raddb/mods-available/rest
+++ b/raddb/mods-available/rest
@@ -196,7 +196,9 @@ rest {
 	#  |===
 	#  | Option         | Description
 	#  | `uri`          | To send the request to.
-	#  | `proxy`        | Rhe request via this server, supports `socks/http/https` uri and `:port`.
+	#  | `proxy`        | The request via this server, supports `socks/http/https` uri and `:port`.
+	#                     May be set to "none" to disable proxying, overriding any environmental
+	#		      variables set like http_proxy.
 	#  | `method`       | HTTP method to use, one of 'get', 'post', 'put', 'patch',
 	#                     'delete' or any custom HTTP method.
 	#  | `body`         | The format of the HTTP body sent to the remote server.
diff --git a/src/modules/rlm_rest/rest.c b/src/modules/rlm_rest/rest.c
index ea79f7442a..e6fe25f04f 100644
--- a/src/modules/rlm_rest/rest.c
+++ b/src/modules/rlm_rest/rest.c
@@ -193,7 +193,7 @@ fr_table_num_sorted_t const http_content_type_table[] = {
 	{ L("application/yaml"),			REST_HTTP_BODY_YAML		},
 	{ L("text/html"),				REST_HTTP_BODY_HTML		},
 	{ L("text/plain"),				REST_HTTP_BODY_PLAIN		},
-	{ L("text/x-yaml"),			REST_HTTP_BODY_YAML		},
+	{ L("text/x-yaml"),				REST_HTTP_BODY_YAML		},
 	{ L("text/xml"),				REST_HTTP_BODY_XML		},
 	{ L("text/yaml"),				REST_HTTP_BODY_YAML		}
 };
@@ -1751,7 +1751,13 @@ int rest_request_config(rlm_rest_t const *inst, rlm_rest_thread_t *t, rlm_rest_s
 	 */
 	FR_CURL_SET_OPTION(CURLOPT_URL, uri);
 	FR_CURL_REQUEST_SET_OPTION(CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
-	if (section->proxy) FR_CURL_SET_OPTION(CURLOPT_PROXY, section->proxy);
+	if (section->proxy) {
+		if (section->proxy == rest_no_proxy) {
+			FR_CURL_SET_OPTION(CURLOPT_NOPROXY, "*");
+		} else {
+			FR_CURL_SET_OPTION(CURLOPT_PROXY, section->proxy);
+		}
+	}
 	FR_CURL_SET_OPTION(CURLOPT_NOSIGNAL, 1L);
 	FR_CURL_SET_OPTION(CURLOPT_USERAGENT, "FreeRADIUS " RADIUSD_VERSION_STRING);
 
diff --git a/src/modules/rlm_rest/rest.h b/src/modules/rlm_rest/rest.h
index b1e766eae2..2a8e41d02f 100644
--- a/src/modules/rlm_rest/rest.h
+++ b/src/modules/rlm_rest/rest.h
@@ -82,6 +82,10 @@ typedef enum {
 	REST_HTTP_AUTH_NUM_ENTRIES
 } http_auth_type_t;
 
+/** Magic pointer value for determining if we should disable proxying
+ */
+extern char const *rest_no_proxy;
+
 /*
  *	Must be updated (in rest.c) if additional values are added to
  *	http_body_type_t
diff --git a/src/modules/rlm_rest/rlm_rest.c b/src/modules/rlm_rest/rlm_rest.c
index 1c0239e6ad..31fb3a837c 100644
--- a/src/modules/rlm_rest/rlm_rest.c
+++ b/src/modules/rlm_rest/rlm_rest.c
@@ -62,9 +62,33 @@ static fr_table_num_sorted_t const http_negotiation_table[] = {
 };
 static size_t http_negotiation_table_len = NUM_ELEMENTS(http_negotiation_table);
 
+/** Unique pointer used to determine if we should explicitly disable proxying
+ *
+ */
+char const *rest_no_proxy = "*";
+
+static int rest_proxy_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,
+			    CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
+{
+	static fr_table_num_sorted_t const disable_proxy_table[] = {
+		{ L("no"), 	1 },
+		{ L("false"),	1 },
+		{ L("none"),	1 }
+	};
+	static size_t disable_proxy_table_len = NUM_ELEMENTS(disable_proxy_table);
+	char const *value = cf_pair_value(cf_item_to_pair(ci));
+
+	if (fr_table_value_by_str(disable_proxy_table, value, 0) == 1) {
+		*((char *)out) = rest_no_proxy;
+	} else {
+		*((char *)out) = value;
+	}
+	return 0;
+}
+
 static const CONF_PARSER section_config[] = {
 	{ FR_CONF_OFFSET("uri", FR_TYPE_STRING | FR_TYPE_XLAT, rlm_rest_section_t, uri), .dflt = "" },
-	{ FR_CONF_OFFSET("proxy", FR_TYPE_STRING, rlm_rest_section_t, proxy) },
+	{ FR_CONF_OFFSET("proxy", FR_TYPE_STRING, rlm_rest_section_t, proxy), .func = rest_proxy_parse },
 	{ FR_CONF_OFFSET("method", FR_TYPE_STRING, rlm_rest_section_t, method_str), .dflt = "GET" },
 	{ FR_CONF_OFFSET("body", FR_TYPE_STRING, rlm_rest_section_t, body_str), .dflt = "none" },
 	{ FR_CONF_OFFSET("data", FR_TYPE_STRING | FR_TYPE_XLAT, rlm_rest_section_t, data) },
@@ -88,7 +112,7 @@ static const CONF_PARSER section_config[] = {
 };
 
 static const CONF_PARSER xlat_config[] = {
-	{ FR_CONF_OFFSET("proxy", FR_TYPE_STRING, rlm_rest_section_t, proxy) },
+	{ FR_CONF_OFFSET("proxy", FR_TYPE_STRING, rlm_rest_section_t, proxy), .func = rest_proxy_parse },
 
 	/* User authentication */
 	{ FR_CONF_OFFSET_IS_SET("auth", FR_TYPE_VOID, rlm_rest_section_t, auth),
@@ -108,7 +132,7 @@ static const CONF_PARSER xlat_config[] = {
 
 static const CONF_PARSER module_config[] = {
 	{ FR_CONF_DEPRECATED("connect_timeout", FR_TYPE_TIME_DELTA, rlm_rest_t, connect_timeout) },
-	{ FR_CONF_OFFSET("connect_proxy", FR_TYPE_STRING, rlm_rest_t, connect_proxy) },
+	{ FR_CONF_OFFSET("connect_proxy", FR_TYPE_STRING, rlm_rest_t, connect_proxy), .func = rest_proxy_parse },
 	{ FR_CONF_OFFSET("http_negotiation", FR_TYPE_VOID, rlm_rest_t, http_negotiation),
 	  .func = cf_table_parse_int, .uctx = &(cf_table_parse_ctx_t){ .table = http_negotiation_table, .len = &http_negotiation_table_len }, .dflt = "default" },