From 80b6f00a70abff139eb674b7c20d19e3fc607cfb Mon Sep 17 00:00:00 2001 From: Sam Uong Date: Sun, 26 May 2024 20:50:59 +1000 Subject: [PATCH 1/4] Close response body before moving on to next request/response --- proxy.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy.go b/proxy.go index e3a2f90..ac5eda5 100644 --- a/proxy.go +++ b/proxy.go @@ -203,8 +203,8 @@ func (ph ProxyHandler) proxyRequest(w http.ResponseWriter, req *http.Request, au } return } - defer resp.Body.Close() if resp.StatusCode == http.StatusProxyAuthRequired && auth != nil { + resp.Body.Close() log.Printf("[%d] Got %q response, retrying with auth", id, resp.Status) _, err = rd.Seek(0, io.SeekStart) if err != nil { @@ -217,9 +217,9 @@ func (ph ProxyHandler) proxyRequest(w http.ResponseWriter, req *http.Request, au w.WriteHeader(http.StatusBadGateway) return } - defer resp.Body.Close() } } + defer resp.Body.Close() copyResponseHeaders(w, resp) w.WriteHeader(resp.StatusCode) _, err = io.Copy(w, resp.Body) From f79580ba155bf3404645af26a3f2cf3d9e32d387 Mon Sep 17 00:00:00 2001 From: Sam Uong Date: Sun, 26 May 2024 21:50:06 +1000 Subject: [PATCH 2/4] Another one --- authenticator.go | 1 + 1 file changed, 1 insertion(+) diff --git a/authenticator.go b/authenticator.go index 5b56cc9..4015b0c 100644 --- a/authenticator.go +++ b/authenticator.go @@ -50,6 +50,7 @@ func (a authenticator) do(req *http.Request, rt http.RoundTripper) (*http.Respon log.Printf("Expected response with status 407, got %s", resp.Status) return resp, nil } + resp.Body.Close() challenge, err := base64.StdEncoding.DecodeString( strings.TrimPrefix(resp.Header.Get("Proxy-Authenticate"), "NTLM ")) if err != nil { From 1887e0ac067a32efb032be5da360fed28d9e239d Mon Sep 17 00:00:00 2001 From: Sam Uong Date: Tue, 28 May 2024 21:38:39 +1000 Subject: [PATCH 3/4] Update copyright message --- authenticator.go | 2 +- proxy.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/authenticator.go b/authenticator.go index 4015b0c..9341984 100644 --- a/authenticator.go +++ b/authenticator.go @@ -1,4 +1,4 @@ -// Copyright 2019, 2021 The Alpaca Authors +// Copyright 2019, 2021, 2024 The Alpaca Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/proxy.go b/proxy.go index ac5eda5..c5596a9 100644 --- a/proxy.go +++ b/proxy.go @@ -1,4 +1,4 @@ -// Copyright 2019, 2021, 2022, 2023 The Alpaca Authors +// Copyright 2019, 2021, 2022, 2023, 2024 The Alpaca Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. From 5b0766501a51f57533b6c7fb0e51d9402cb2b87d Mon Sep 17 00:00:00 2001 From: Sam Uong Date: Tue, 28 May 2024 21:43:10 +1000 Subject: [PATCH 4/4] Include the Microsoft copyright notice and MIT license text --- authenticator.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/authenticator.go b/authenticator.go index 9341984..7ba598a 100644 --- a/authenticator.go +++ b/authenticator.go @@ -75,6 +75,28 @@ func (a authenticator) String() string { // copyrighted (2016) by Microsoft and licensed under the MIT License: // https://github.com/Azure/go-ntlmssp/blob/66371956d46c8e2133a2b72b3d320e435465011f/LICENSE. +// The MIT License (MIT) +// +// Copyright (c) 2016 Microsoft +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. + // https://github.com/Azure/go-ntlmssp/blob/66371956d46c8e2133a2b72b3d320e435465011f/nlmp.go#L21-L25 func getNtlmHash(password []byte) string { hash := md4.New()