Enable user auth for all supported protos or proxyspec types

protoautossl.c

@@ -173,6 +173,10 @@ protoautossl_bev_readcb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 
 	protoautossl_ctx_t *autossl_ctx = ctx->protoctx->arg;
 
+	if (prototcp_try_send_userauth_msg(bev, ctx)) {
+		return;
+	}
+
 	if (autossl_ctx->clienthello_search) {
 		if (protoautossl_peek_and_upgrade(ctx)) {
 			return;

protohttp.c

@@ -534,6 +534,7 @@ protohttp_bev_readcb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 		} else {
 			evbuffer_add_printf(bufferevent_get_output(bev), redirect, ctx->opts->user_auth_url);
 		}
+		ctx->sent_userauth_msg = 1;
 		return;
 	}
 

protopassthrough.c

@@ -145,6 +145,10 @@ protopassthrough_bev_readcb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 		return;
 	}
 
+	if (prototcp_try_send_userauth_msg(bev, ctx)) {
+		return;
+	}
+
 	evbuffer_add_buffer(bufferevent_get_output(ctx->srvdst.bev), bufferevent_get_input(bev));
 	pxy_try_set_watermark(bev, ctx, ctx->srvdst.bev);
 }
@@ -174,6 +178,10 @@ protopassthrough_bev_writecb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 	log_dbg_level_printf(LOG_DBG_MODE_FINEST, "protopassthrough_bev_writecb_src: ENTER, fd=%d\n", ctx->fd);
 #endif /* DEBUG_PROXY */
 
+	if (prototcp_try_close_unauth_conn(bev, ctx)) {
+		return;
+	}
+
 	// @attention srvdst.bev may be NULL
 	if (ctx->srvdst.closed) {
 		if (pxy_try_close_conn_end(&ctx->src, ctx)) {

prototcp.c

@@ -244,6 +244,22 @@ prototcp_fd_readcb(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
 	pxy_conn_connect(ctx);
 }
 
+int
+prototcp_try_send_userauth_msg(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
+{
+	if (ctx->opts->user_auth && !ctx->user) {
+#ifdef DEBUG_PROXY
+		log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_try_send_userauth_msg: Sending userauth message, fd=%d\n", ctx->fd);
+#endif /* DEBUG_PROXY */
+
+		pxy_discard_inbuf(bev);
+		evbuffer_add_printf(bufferevent_get_output(bev), USERAUTH_MSG, ctx->opts->user_auth_url);
+		ctx->sent_userauth_msg = 1;
+		return 1;
+	}
+	return 0;
+}
+
 static void NONNULL(1)
 prototcp_bev_readcb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 {
@@ -257,6 +273,10 @@ prototcp_bev_readcb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 		return;
 	}
 
+	if (prototcp_try_send_userauth_msg(bev, ctx)) {
+		return;
+	}
+
 	struct evbuffer *inbuf = bufferevent_get_input(bev);
 	struct evbuffer *outbuf = bufferevent_get_output(ctx->dst.bev);
 
@@ -378,6 +398,30 @@ prototcp_bev_readcb_dst_child(struct bufferevent *bev, pxy_conn_child_ctx_t *ctx
 	pxy_try_set_watermark(bev, ctx->conn, ctx->src.bev);
 }
 
+int
+prototcp_try_close_unauth_conn(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
+{
+	if (ctx->opts->user_auth && !ctx->user) {
+		size_t outbuflen = evbuffer_get_length(bufferevent_get_output(bev));
+		if (outbuflen > 0) {
+#ifdef DEBUG_PROXY
+			log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_try_close_unauth_conn: Not closing unauth conn, outbuflen=%zu, fd=%d\n", outbuflen, ctx->fd);
+#endif /* DEBUG_PROXY */
+		} else if (ctx->sent_userauth_msg) {
+#ifdef DEBUG_PROXY
+			log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_try_close_unauth_conn: Closing unauth conn, fd=%d\n", ctx->fd);
+#endif /* DEBUG_PROXY */
+			pxy_conn_term(ctx, 1);
+		} else {
+#ifdef DEBUG_PROXY
+			log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_try_close_unauth_conn: Not sent userauth msg yet, fd=%d\n", ctx->fd);
+#endif /* DEBUG_PROXY */
+		}
+		return 1;
+	}
+	return 0;
+}
+
 static void NONNULL(1)
 prototcp_bev_writecb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 {
@@ -385,18 +429,7 @@ prototcp_bev_writecb_src(struct bufferevent *bev, pxy_conn_ctx_t *ctx)
 	log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_bev_writecb_src: ENTER, fd=%d\n", ctx->fd);
 #endif /* DEBUG_PROXY */
 
-	if (ctx->opts->user_auth && !ctx->user) {
-		size_t outbuflen = evbuffer_get_length(bufferevent_get_output(bev));
-		if (outbuflen > 0) {
-#ifdef DEBUG_PROXY
-			log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_bev_writecb_src: Not closing redirected conn, outbuflen=%zu, fd=%d\n", outbuflen, ctx->fd);
-#endif /* DEBUG_PROXY */
-		} else {
-#ifdef DEBUG_PROXY
-			log_dbg_level_printf(LOG_DBG_MODE_FINEST, "prototcp_bev_writecb_src: Closing redirected conn, fd=%d\n", ctx->fd);
-#endif /* DEBUG_PROXY */
-			pxy_conn_term(ctx, 1);
-		}
+	if (prototcp_try_close_unauth_conn(bev, ctx)) {
 		return;
 	}
 

prototcp.h

@@ -34,6 +34,9 @@
 
 void prototcp_fd_readcb(evutil_socket_t, short, void *);
 
+int prototcp_try_send_userauth_msg(struct bufferevent *, pxy_conn_ctx_t *) NONNULL(1);
+int prototcp_try_close_unauth_conn(struct bufferevent *, pxy_conn_ctx_t *) NONNULL(1);
+
 void prototcp_bev_writecb(struct bufferevent *, void *) NONNULL(1);
 
 void prototcp_bev_eventcb_eof_src(struct bufferevent *, pxy_conn_ctx_t *) NONNULL(1,2);

pxyconn.c

@@ -1590,12 +1590,6 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
 redirect:
 	sqlite3_reset(ctx->thr->get_user);
 
-	// @todo Make this a callback function for different protos?
-	// Redirect http only
-	if (!ctx->spec->http) {
-		goto memout;
-	}
-
 	if (ctx->ev) {
 		event_free(ctx->ev);
 		ctx->ev = NULL;

pxyconn.h

@@ -54,6 +54,8 @@
 #define SSLPROXY_KEY		"SSLproxy:"
 #define SSLPROXY_KEY_LEN	strlen(SSLPROXY_KEY)
 
+#define USERAUTH_MSG		"You must authenticate to access the Internet at %s"
+
 typedef struct pxy_conn_child_ctx pxy_conn_child_ctx_t;
 
 typedef void (*fd_readcb_func_t)(evutil_socket_t,  short, void *);
@@ -279,6 +281,7 @@ struct pxy_conn_ctx {
 	unsigned int identify_user_count;
 	char *user;
 	char *ether;
+	unsigned int sent_userauth_msg : 1;
 
 #ifdef HAVE_LOCAL_PROCINFO
 	/* local process information */