Run Proxy-Auto-Detect script from main process

This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.

2 files changed, 10 insertions, 1 deletions

diff --git a/methods/basehttp.cc b/methods/basehttp.cc
index 0eb617f89..59399c8bc 100644
--- a/methods/basehttp.cc
+++ b/methods/basehttp.cc
@@ -573,6 +573,13 @@ int BaseHttpMethod::Loop()
       // Connect to the server
       if (Server == 0 || Server->Comp(Queue->Uri) == false)
       {
+	 if (!Queue->Proxy().empty())
+	 {
+	    URI uri = Queue->Uri;
+	    std::cerr << "Setting "
+		      << "Acquire::" + uri.Access + "::proxy::" + uri.Host << " to " << Queue->Proxy() << std::endl;
+	    _config->Set("Acquire::" + uri.Access + "::proxy::" + uri.Host, Queue->Proxy());
+	 }
 	 Server = CreateServerState(Queue->Uri);
 	 setPostfixForMethodNames(::URI(Queue->Uri).Host.c_str());
 	 AllowRedirect = ConfigFindB("AllowRedirect", true);
diff --git a/methods/http.cc b/methods/http.cc
index fc22180d3..cbc77f477 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -427,7 +427,9 @@ bool HttpServerState::Open()
    Persistent = true;
    
    // Determine the proxy setting
-   AutoDetectProxy(ServerName);
+   // Used to run AutoDetectProxy(ServerName) here, but we now send a Proxy
+   // header in the URI Acquire request and set "Acquire::"+uri.Access+"::proxy::"+uri.Host
+   // to it in BaseHttpMethod::Loop()
    string SpecificProxy = Owner->ConfigFind("Proxy::" + ServerName.Host, "");
    if (!SpecificProxy.empty())
    {