@@ -3,7 +3,7 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

 $Id$

-2005.11.xx -- Version 2.1-beta8

+2005.12.xx -- Version 2.1-beta8

 * --remap-usr1 will now also remap signals thrown during

   initialization.

@@ -17,6 +17,8 @@ $Id$

 * Fixed typo in manage.c where inline function declaration

   was declared without the "static" keyword (David Stipp).

 * Patch to support --topology subnet on Mac OS X (Mathias Sundman).

+* Added --auto-proxy directive to auto-detect HTTP or SOCKS

+  proxy settings (currently Windows only).

 2005.11.12 -- Version 2.1-beta7

@@ -29,7 +31,8 @@ $Id$

   but actually would only accept /29 or less.

 * Extend byte counters to 64 bits (M. van Cuijk).

 * PKCS#11 fixes (Alon Bar-Lev).

-

+* Removed redundant base64 code.

+	

 2005.11.02 -- Version 2.0.5

 * Fixed bug in Linux get_default_gateway function

@@ -127,8 +127,7 @@ EXTRA_DIST = \

 	plugin \

         management \

         pkcs11-headers \

-	cryptoki-win32.h \

-	ieproxy.c ieproxy.h

+	cryptoki-win32.h

 dist-hook:

 	cd $(distdir) && for i in $(EXTRA_DIST) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done

@@ -39,7 +39,7 @@

 #include "syshead.h"

-#if NTLM

+#ifdef ENABLE_HTTP_PROXY

 #include "base64.h"

@@ -48,16 +48,6 @@

 static char base64_chars[] = 

     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

-static int 

-pos(char c)

-{

-    char *p;

-    for (p = base64_chars; *p; p++)

-	if (*p == c)

-	    return p - base64_chars;

-    return -1;

-}

-

 int 

 base64_encode(const void *data, int size, char **str)

 {

@@ -96,6 +86,18 @@ base64_encode(const void *data, int size, char **str)

     return strlen(s);

 }

+#if NTLM

+

+static int 

+pos(char c)

+{

+    char *p;

+    for (p = base64_chars; *p; p++)

+	if (*p == c)

+	    return p - base64_chars;

+    return -1;

+}

+

 #define DECODE_ERROR 0xffffffff

 static unsigned int

@@ -141,6 +143,8 @@ base64_decode(const char *str, void *data)

     return q - (unsigned char *) data;

 }

+#endif /* NTLM */

+

 #else

 static void dummy(void) {}

 #endif

@@ -31,12 +31,10 @@

  * SUCH DAMAGE.

  */

-/* $KTH: base64.h,v 1.2 1999/12/02 16:58:45 joda Exp $ */

-

 #ifndef _BASE64_H_

 #define _BASE64_H_

-#if NTLM

+#ifdef ENABLE_HTTP_PROXY

 int base64_encode(const void *data, int size, char **str);

 int base64_decode(const char *str, void *data);

@@ -621,6 +621,18 @@ buf_parse (struct buffer *buf, const int delim, char *line, const int size)

 }

 /*

+ * Print a string which might be NULL

+ */

+const char *

+np (const char *str)

+{

+  if (str)

+    return str;

+  else

+    return "[NULL]";

+}

+

+/*

  * Classify and mutate strings based on character types.

  */

@@ -553,8 +553,9 @@ xor (uint8_t *dest, const uint8_t *src, int len)

 }

 /*

- * Classify and mutate strings based on character types.

+ * Print a string which might be NULL

  */

+const char *np (const char *str);

 /*#define CHARACTER_CLASS_DEBUG*/

@@ -102,6 +102,12 @@ init_remote_list (struct context *c)

 void

 context_init_1 (struct context *c)

 {

+#ifdef ENABLE_HTTP_PROXY

+  bool did_http = false;

+#else

+  const bool did_http = false;

+#endif

+

   context_clear_1 (c);

   packet_id_persist_init (&c->c1.pid_persist);

@@ -145,20 +151,24 @@ context_init_1 (struct context *c)

 #endif

 #ifdef ENABLE_HTTP_PROXY

-  if (c->options.http_proxy_options)

+  if (c->options.http_proxy_options || c->options.auto_proxy_info)

     {

       /* Possible HTTP proxy user/pass input */

       c->c1.http_proxy = new_http_proxy (c->options.http_proxy_options,

+					 c->options.auto_proxy_info,

 					 &c->gc);

+      if (c->c1.http_proxy)

+	did_http = true;

     }

 #endif

 #ifdef ENABLE_SOCKS

-  if (c->options.socks_proxy_server)

+  if (!did_http && (c->options.socks_proxy_server || c->options.auto_proxy_info))

     {

       c->c1.socks_proxy = new_socks_proxy (c->options.socks_proxy_server,

 					   c->options.socks_proxy_port,

 					   c->options.socks_proxy_retry,

+					   c->options.auto_proxy_info,

 					   &c->gc);

     }

 #endif

@@ -78,7 +78,6 @@ HEADERS = \

 	fragment.h \

         gremlin.h \

 	helper.h \

-	ieproxy.h \

 	init.h \

 	integer.h \

 	interval.h \

@@ -137,7 +136,6 @@ OBJS =  base64.o \

         fragment.o \

 	gremlin.o \

 	helper.o \

-	ieproxy.o \

 	init.o \

 	interval.o \

         list.o \

@@ -101,6 +101,7 @@ openvpn \- secure IP tunnel daemon.

 [\ \fB\-\-auth\-user\-pass\-verify\fR\ \fIscript\fR\ ]

 [\ \fB\-\-auth\-user\-pass\fR\ \fIup\fR\ ]

 [\ \fB\-\-auth\fR\ \fIalg\fR\ ]

+[\ \fB\-\-auto\-proxy\fR\ ]

 [\ \fB\-\-bcast\-buffers\fR\ \fIn\fR\ ]

 [\ \fB\-\-ca\fR\ \fIfile\fR\ ]

 [\ \fB\-\-ccd\-exclusive\fR\ ]

@@ -597,7 +598,19 @@ as the

 number of retries of connection attempt (default=infinite).

 .\"*********************************************************

 .TP

-.B --http-proxy server port [authfile] [auth-method]

+.B --auto-proxy

+Try to sense HTTP or SOCKS proxy settings automatically.

+If no settings are present, a direct connection will be attempted.

+If both HTTP and SOCKS settings are present, HTTP will be preferred.

+If the HTTP proxy server requires a password, it will be queried from

+stdin or the management interface.  If the underlying OS doesn't support an API for

+returning proxy settings, a direct connection will be attempted.

+Currently, only Windows clients support this option via the

+InternetQueryOption API.

+This option exists in OpenVPN 2.1 or higher.

+.\"*********************************************************

+.TP

+.B --http-proxy server port [authfile|'auto'] [auth-method]

 Connect to remote host through an HTTP proxy at address

 .B server

 and port

@@ -608,7 +621,15 @@ is a file containing a username and password on 2 lines, or

 "stdin" to prompt from console.

 .B auth-method

-should be one of "none", "basic", or "ntlm". 

+should be one of "none", "basic", or "ntlm".

+

+The

+.B auto

+flag causes OpenVPN to automatically determine the

+.B auth-method

+and query stdin or the management interface for

+username/password credentials, if required.  This flag

+exists on OpenVPN 2.1 or higher.

 .\"*********************************************************

 .TP

 .B --http-proxy-retry

@@ -857,6 +878,8 @@ of the TAP-Win32 driver.  When used on *nix, requires that the tun

 driver supports an

 .BR ifconfig (8)

 command which sets a subnet instead of a remote endpoint IP address.

+

+This option exists in OpenVPN 2.1 or higher.

 .\"*********************************************************

 .TP

 .B --tun-ipv6

@@ -1175,8 +1198,7 @@ bypasses the tunnel

 (Available on Windows clients, may not be available

 on non-Windows clients).

-Using the def1 flag is highly recommended, and is currently

-planned to become the default by OpenVPN 2.1.

+Using the def1 flag is highly recommended.

 .\"*********************************************************

 .TP

 .B --link-mtu n

@@ -97,12 +97,18 @@ static const char usage_message[] =

   "                    between connection retries (default=%d).\n"

   "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"

   "--connect-retry-max n : Maximum connection attempt retries, default infinite.\n"

+#ifdef GENERAL_PROXY_SUPPORT

+  "--auto-proxy    : Try to sense proxy settings (or lack thereof) automatically.\n"

+#endif

 #ifdef ENABLE_HTTP_PROXY

-  "--http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at\n"

-  "                  address s and port p.  If proxy authentication is required,\n"

+  "--http-proxy s p [up] [auth] : Connect to remote host\n"

+  "                  through an HTTP proxy at address s and port p.\n"

+  "                  If proxy authentication is required,\n"

   "                  up is a file containing username/password on 2 lines, or\n"

   "                  'stdin' to prompt from console.  Add auth='ntlm' if\n"

   "                  the proxy requires NTLM authentication.\n"

+  "--http-proxy s p 'auto': Like the above directive, but automatically determine\n"

+  "                         auth method and query for username/password if needed.\n"

   "--http-proxy-retry     : Retry indefinitely on HTTP proxy errors.\n"

   "--http-proxy-timeout n : Proxy timeout in seconds, default=5.\n"

   "--http-proxy-option type [parm] : Set extended HTTP proxy options.\n"

@@ -1537,8 +1543,8 @@ options_postprocess (struct options *options, bool first_time)

     msg (M_USAGE, "--remote MUST be used in TCP Client mode");

 #ifdef ENABLE_HTTP_PROXY

-  if (options->http_proxy_options && options->proto != PROTO_TCPv4_CLIENT)

-    msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");

+  if ((options->http_proxy_options || options->auto_proxy_info) && options->proto != PROTO_TCPv4_CLIENT)

+    msg (M_USAGE, "--http-proxy or --auto-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");

 #endif

 #if defined(ENABLE_HTTP_PROXY) && defined(ENABLE_SOCKS)

@@ -3675,67 +3681,78 @@ add_option (struct options *options,

 	}

       options->proto = proto;

     }

-#ifdef ENABLE_HTTP_PROXY

-  else if (streq (p[0], "http-proxy") && p[1])

+#ifdef GENERAL_PROXY_SUPPORT

+  else if (streq (p[0], "auto-proxy"))

     {

-      struct http_proxy_options *ho;

+      char *error = NULL;

       VERIFY_PERMISSION (OPT_P_GENERAL);

+      options->auto_proxy_info = get_proxy_settings (&error, &options->gc);

+      if (error)

+	msg (M_WARN, "PROXY: %s", error);

+    }

+  else if (streq (p[0], "show-proxy-settings"))

+    {

+      struct auto_proxy_info *pi;

+      char *error = NULL;

-      if (streq (p[1], "auto"))

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      pi = get_proxy_settings (&error, &options->gc);

+      if (pi)

 	{

-	  struct http_proxy_options hpo;

-	  bool status;

-	  char *error = NULL;

-

-	  p[4] = p[3];

-	  p[3] = p[2];

-	  p[1] = p[2] = NULL;

-	  CLEAR (hpo);

-	  

-	  status = get_http_proxy_settings (&hpo, &error, &options->gc);

-	  if (status)

-	    {

-	      ho = init_http_options_if_undefined (options);

-	      ho->server = hpo.server;

-	      ho->port = hpo.port;

-	    }

-	  else

-	    {

-	      if (error)

-		msg (M_WARN, "http-proxy auto error: %s", error);

-	      goto err;

-	    }

+	  msg (M_INFO|M_NOPREFIX, "HTTP Server: %s", np(pi->http.server));

+	  msg (M_INFO|M_NOPREFIX, "HTTP Port: %d", pi->http.port);

+	  msg (M_INFO|M_NOPREFIX, "SOCKS Server: %s", np(pi->socks.server));

+	  msg (M_INFO|M_NOPREFIX, "SOCKS Port: %d", pi->socks.port);

 	}

-      else

-	{

-	  int port;

-	  if (!p[2])

-	    {

-	      msg (msglevel, "http-proxy port number not defined");

-	      goto err;

-	    }

-	  port = atoi (p[2]);

-	  if (!legal_ipv4_port (port))

-	    {

-	      msg (msglevel, "Bad http-proxy port number: %s", p[2]);

-	      goto err;

-	    }

+      if (error)

+	msg (msglevel, "Proxy error: %s", error);

+#ifdef WIN32

+      show_win_proxy_settings (M_INFO|M_NOPREFIX);

+#endif

+      openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */

+    }

+#endif /* GENERAL_PROXY_SUPPORT */

+#ifdef ENABLE_HTTP_PROXY

+  else if (streq (p[0], "http-proxy") && p[1])

+    {

+      struct http_proxy_options *ho;

-	  ho = init_http_options_if_undefined (options);

+      VERIFY_PERMISSION (OPT_P_GENERAL);

-	  ho->server = p[1];

-	  ho->port = port;

-	}

+      {

+	int port;

+	if (!p[2])

+	  {

+	    msg (msglevel, "http-proxy port number not defined");

+	    goto err;

+	  }

+	port = atoi (p[2]);

+	if (!legal_ipv4_port (port))

+	  {

+	    msg (msglevel, "Bad http-proxy port number: %s", p[2]);

+	    goto err;

+	  }

+	

+	ho = init_http_options_if_undefined (options);

+	

+	ho->server = p[1];

+	ho->port = port;

+      }

       if (p[3])

 	{

-	  ho->auth_method_string = "basic";

-	  ho->auth_file = p[3];

-

-	  if (p[4])

+	  if (streq (p[3], "auto"))

+	    ho->auth_retry = true;

+	  else

 	    {

-	      ho->auth_method_string = p[4];

+	      ho->auth_method_string = "basic";

+	      ho->auth_file = p[3];

+

+	      if (p[4])

+		{

+		  ho->auth_method_string = p[4];

+		}

 	    }

 	}

       else

@@ -3778,29 +3795,6 @@ add_option (struct options *options,

 	  msg (msglevel, "Bad http-proxy-option or missing parameter: '%s'", p[1]);

 	}

     }

-  else if (streq (p[0], "show-http-proxy-settings"))

-    {

-      struct http_proxy_options po;

-      bool status;

-      char *error = NULL;

-

-      VERIFY_PERMISSION (OPT_P_GENERAL);

-      CLEAR (po);

-      status = get_http_proxy_settings (&po, &error, &options->gc);

-      if (status)

-	{

-	  msg (M_INFO|M_NOPREFIX, "Server: %s", po.server);

-	  msg (M_INFO|M_NOPREFIX, "Port: %d", po.port);

-	}

-      else

-	{

-	  if (error)

-	    msg (msglevel, "Proxy error: %s", error);

-	  else

-	    msg (msglevel, "Proxy settings are undefined");

-	}

-      openvpn_exit (OPENVPN_EXIT_STATUS_GOOD); /* exit point */

-    }  

 #endif

 #ifdef ENABLE_SOCKS

   else if (streq (p[0], "socks-proxy") && p[1])

@@ -250,6 +250,10 @@ struct options

   struct route_option_list *routes;

   bool route_nopull;

+#ifdef GENERAL_PROXY_SUPPORT

+  struct auto_proxy_info *auto_proxy_info;

+#endif

+

 #ifdef ENABLE_HTTP_PROXY

   struct http_proxy_options *http_proxy_options;

 #endif

@@ -28,8 +28,6 @@

 #include "config.h"

 #endif

-#ifdef ENABLE_HTTP_PROXY

-

 #include "syshead.h"

 #include "common.h"

@@ -38,6 +36,7 @@

 #include "socket.h"

 #include "fdmisc.h"

 #include "proxy.h"

+#include "base64.h"

 #include "ntlm.h"

 #ifdef WIN32

@@ -46,55 +45,7 @@

 #include "memdbg.h"

-#ifdef WIN32

-

-bool

-get_http_proxy_settings (struct http_proxy_options *p, char **err, struct gc_arena *gc)

-{

-  bool ret = false;

-  const char *result;

-

-  p->server = NULL;

-  p->port = 0;

-  getIeHttpProxyError = NULL;

-  if (err)

-    *err = NULL;

-

-  result = getIeHttpProxy ();

-  if (result)

-    {

-      char addr_str[128];

-      char port_str[16];

-      struct buffer in;

-      buf_set_read (&in, (const uint8_t *)result, strlen (result));

-      if (buf_parse (&in, ':', addr_str, sizeof (addr_str))

-	  && buf_parse (&in, ':', port_str, sizeof (port_str)))

-	{

-	  p->server = string_alloc (addr_str, gc);

-	  p->port = atoi (port_str);

-	  ret = true;

-	}

-      free ((void *)result);

-    }

-  else if (getIeHttpProxyError)

-    {

-      if (err)

-	*err = string_alloc (getIeHttpProxyError, gc);

-    }

-  return ret;

-}

-

-#else

-

-bool

-get_http_proxy_settings (struct http_proxy_options *p, char **err, struct gc_arena *gc)

-{

-  if (err)

-    *err = string_alloc ("HTTP proxy detection not supported on this OS", gc);

-  return false;

-}

-

-#endif

+#ifdef ENABLE_HTTP_PROXY

 /* cached proxy username/password */

 static struct user_pass static_proxy_user_pass;

@@ -246,42 +197,12 @@ send_crlf (socket_descriptor_t sd)

 uint8_t *

 make_base64_string2 (const uint8_t *str, int src_len, struct gc_arena *gc)

 {

-  static const char base64_table[] =

-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

-

-  uint8_t *buf;

-  const uint8_t *src;

-  uint8_t *dst;

-  int bits, data, dst_len;

-

-  /* make base64 string */

-  dst_len = (src_len + 2) / 3 * 4;

-  buf = gc_malloc (dst_len + 1, false, gc);

-  bits = data = 0;

-  src = str;

-  dst = buf;

-  while (dst_len--)

-    {

-      if (bits < 6)

-	{

-	  data = (data << 8) | *src;

-	  bits += 8;

-	  src++;

-	}

-      *dst++ = base64_table[0x3F & (data >> (bits - 6))];

-      bits -= 6;

-    }

-  *dst = '\0';

-

-  /* fix-up tail padding */

-  switch (src_len % 3)

-    {

-    case 1:

-      *--dst = '=';

-    case 2:

-      *--dst = '=';

-    }

-  return buf;

+  uint8_t *ret = NULL;

+  char *b64out = NULL;

+  ASSERT (base64_encode ((const void *)str, src_len, &b64out) >= 0);

+  ret = (uint8_t *) string_alloc (b64out, gc);

+  free (b64out);

+  return ret;

 }

 uint8_t *

@@ -300,18 +221,67 @@ username_password_as_base64 (const struct http_proxy_info *p,

   return (const char *)make_base64_string ((const uint8_t*)BSTR (&out), gc);

 }

+static void

+get_user_pass_http (struct http_proxy_info *p, const bool force)

+{

+  if (!static_proxy_user_pass.defined || force)

+    {

+      get_user_pass (&static_proxy_user_pass,

+		     p->options.auth_file,

+		     "HTTP Proxy",

+		     GET_USER_PASS_MANAGEMENT);

+      p->up = static_proxy_user_pass;

+    }

+}

+

 struct http_proxy_info *

 new_http_proxy (const struct http_proxy_options *o,

+		struct auto_proxy_info *auto_proxy_info,

 		struct gc_arena *gc)

 {

   struct http_proxy_info *p;

-  ALLOC_OBJ_CLEAR_GC (p, struct http_proxy_info, gc);

+  struct http_proxy_options opt;

+

+  if (auto_proxy_info)

+    {

+      if (o && o->server)

+	{

+	  /* if --http-proxy explicitly given, disable auto-proxy */

+	  auto_proxy_info = NULL;

+	}

+      else

+	{

+	  /* if no --http-proxy explicitly given and no auto settings, fail */

+	  if (!auto_proxy_info->http.server)

+	    return NULL;

-  if (!o->server)

+	  if (o)

+	    {

+	      opt = *o;

+	    }

+	  else

+	    {

+	      CLEAR (opt);

+	  

+	      /* These settings are only used for --auto-proxy */

+	      opt.timeout = 5;

+	      opt.http_version = "1.0";

+	    }

+

+	  opt.server = auto_proxy_info->http.server;

+	  opt.port = auto_proxy_info->http.port;

+	  opt.auth_retry = true;

+

+	  o = &opt;

+	}

+    }

+

+  if (!o || !o->server)

     msg (M_FATAL, "HTTP_PROXY: server not specified");

   ASSERT (legal_ipv4_port (o->port));

+  ALLOC_OBJ_CLEAR_GC (p, struct http_proxy_info, gc);

   p->options = *o;

   /* parse authentication method */

@@ -332,11 +302,7 @@ new_http_proxy (const struct http_proxy_options *o,

   /* only basic and NTLM authentication supported so far */

   if (p->auth_method == HTTP_AUTH_BASIC || p->auth_method == HTTP_AUTH_NTLM)

     {

-      get_user_pass (&static_proxy_user_pass,

-		     o->auth_file,

-		     "HTTP Proxy",

-		     GET_USER_PASS_MANAGEMENT);

-      p->up = static_proxy_user_pass;

+      get_user_pass_http (p, true);

     }

 #if !NTLM

@@ -348,7 +314,7 @@ new_http_proxy (const struct http_proxy_options *o,

   return p;

 }

-void

+bool

 establish_http_proxy_passthru (struct http_proxy_info *p,

 			       socket_descriptor_t sd, /* already open to proxy */

 			       const char *host,       /* openvpn server remote */

@@ -362,6 +328,12 @@ establish_http_proxy_passthru (struct http_proxy_info *p,

   char get[80];

   int status;

   int nparms;

+  bool ret = false;

+

+  /* get user/pass if not previously given or if --auto-proxy is being used */

+  if (p->auth_method == HTTP_AUTH_BASIC

+      || p->auth_method == HTTP_AUTH_NTLM)

+    get_user_pass_http (p, false);

   /* format HTTP CONNECT message */

   openvpn_snprintf (buf, sizeof(buf), "CONNECT %s:%d HTTP/%s",

@@ -519,7 +491,21 @@ establish_http_proxy_passthru (struct http_proxy_info *p,

 	  ASSERT (0); /* No NTLM support */

 #endif

 	}

-      else goto error;

+      else if (p->auth_method == HTTP_AUTH_NONE && p->options.auth_retry)

+	{

+	  /*

+	   * Proxy needs authentication, but we don't have a user/pass.

+	   * Now we will change p->auth_method and return true so that

+	   * our caller knows to call us again on a newly opened socket.

+	   * JYFIXME: This code needs to check proxy error output and set

+	   * JYFIXME: p->auth_method = HTTP_AUTH_NTLM if necessary.

+	   */

+	  p->auth_method = HTTP_AUTH_BASIC;

+	  ret = true;

+	  goto done;

+	}

+      else

+	goto error;

     }

@@ -527,7 +513,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p,

   if (nparms < 1 || status != 200)

     {

       msg (D_LINK_ERRORS, "HTTP proxy returned bad status");

-#if 0 

+#if 0

       /* DEBUGGING -- show a multi-line HTTP error response */

       while (true)

 	{

@@ -556,17 +542,221 @@ establish_http_proxy_passthru (struct http_proxy_info *p,

     msg (M_INFO, "HTTP PROXY: lookahead: %s", format_hex (BPTR (lookahead), BLEN (lookahead), 0));

 #endif

+ done:

   gc_free (&gc);

-  return;

+  return ret;

  error:

   /* on error, should we exit or restart? */

   if (!*signal_received)

     *signal_received = (p->options.retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- HTTP proxy error */

   gc_free (&gc);

-  return;

+  return ret;

 }

 #else

 static void dummy(void) {}

 #endif /* ENABLE_HTTP_PROXY */

+

+#ifdef GENERAL_PROXY_SUPPORT

+

+#ifdef WIN32

+

+#if 0

+char *

+get_windows_internet_string (const DWORD dwOption, struct gc_arena *gc)

+{

+  DWORD size = 0;

+  char *ret = NULL;

+

+  /* Initially, get size of return buffer */

+  InternetQueryOption (NULL, dwOption, NULL, &size);

+  if (size)

+    {

+      /* Now get actual info */

+      ret = (INTERNET_PROXY_INFO *) gc_malloc (size, false, gc);

+      if (!InternetQueryOption (NULL, dwOption, (LPVOID) ret, &size))

+	ret = NULL;

+    }

+  return ret;

+}

+#endif

+

+static INTERNET_PROXY_INFO *

+get_windows_proxy_settings (struct gc_arena *gc)

+{

+  DWORD size = 0;

+  INTERNET_PROXY_INFO *ret = NULL;

+

+  /* Initially, get size of return buffer */

+  InternetQueryOption (NULL, INTERNET_OPTION_PROXY, NULL, &size);

+  if (size)

+    {

+      /* Now get actual info */

+      ret = (INTERNET_PROXY_INFO *) gc_malloc (size, false, gc);

+      if (!InternetQueryOption (NULL, INTERNET_OPTION_PROXY, (LPVOID) ret, &size))

+	ret = NULL;

+    }

+  return ret;

+}

+

+static const char *

+parse_windows_proxy_setting (const char *str, struct auto_proxy_info_entry *e, struct gc_arena *gc)

+{

+  char buf[128];

+  const char *ret = NULL;

+  struct buffer in;

+

+  CLEAR (*e);

+

+  buf_set_read (&in, (const uint8_t *)str, strlen (str));

+

+  if (strchr (str, '=') != NULL)

+    {

+      if (buf_parse (&in, '=', buf, sizeof (buf)))

+	ret = string_alloc (buf, gc);

+    }

+	

+  if (buf_parse (&in, ':', buf, sizeof (buf)))

+    e->server = string_alloc (buf, gc);

+

+  if (e->server && buf_parse (&in, '\0', buf, sizeof (buf)))

+    e->port = atoi (buf);

+

+  return ret;

+}

+

+static void

+parse_windows_proxy_setting_list (const char *str, const char *type, struct auto_proxy_info_entry *e, struct gc_arena *gc)

+{

+  struct gc_arena gc_local = gc_new ();

+  struct auto_proxy_info_entry el;

+

+  CLEAR (*e);

+  if (type)

+    {

+      char buf[128];

+      struct buffer in;

+

+      buf_set_read (&in, (const uint8_t *)str, strlen (str));

+      if (strchr (str, '=') != NULL)

+	{

+	  while (buf_parse (&in, ' ', buf, sizeof (buf)))

+	    {

+	      const char *t = parse_windows_proxy_setting (buf, &el, &gc_local);

+	      if (t && !strcmp (t, type))

+		goto found;

+	    }

+	}

+    }

+  else

+    {

+      if (!parse_windows_proxy_setting (str, &el, &gc_local))

+	goto found;

+    }

+  goto done;

+

+ found:

+  if (el.server && el.port > 0)

+    {

+      e->server = string_alloc (el.server, gc);

+      e->port = el.port;

+    }

+

+ done:

+  gc_free (&gc_local);

+}

+

+static const char *

+win_proxy_access_type (const DWORD dwAccessType)

+{

+  switch (dwAccessType)

+    {

+    case INTERNET_OPEN_TYPE_DIRECT:

+      return "INTERNET_OPEN_TYPE_DIRECT";

+    case INTERNET_OPEN_TYPE_PROXY:

+      return "INTERNET_OPEN_TYPE_PROXY";

+    default:

+      return "[UNKNOWN]";

+    }

+}

+

+void

+show_win_proxy_settings (const int msglevel)

+{

+  INTERNET_PROXY_INFO *info;

+  struct gc_arena gc = gc_new ();

+

+  info = get_windows_proxy_settings (&gc);

+  msg (msglevel, "PROXY INFO: %s %s",

+       win_proxy_access_type (info->dwAccessType),

+       info->lpszProxy ? info->lpszProxy : "[NULL]");

+

+  gc_free (&gc);