diff options
| -rw-r--r-- | libmproxy/cmdline.py | 33 | ||||
| -rw-r--r-- | libmproxy/proxy.py | 17 |
2 files changed, 14 insertions, 36 deletions
diff --git a/libmproxy/cmdline.py b/libmproxy/cmdline.py index db1ebf0d..060e0073 100644 --- a/libmproxy/cmdline.py +++ b/libmproxy/cmdline.py @@ -338,46 +338,29 @@ def common_options(parser): group = parser.add_argument_group( "Proxy Authentication", """ - Specification of which users are allowed to access the proxy and the method used for authenticating them. - If authscheme is specified, one must specify a list of authorized users and their passwords. - In case that authscheme is not specified, or set to None, any list of authorized users will be ignored. - """.strip() - ) - - group.add_argument( - "--authscheme", type=str, - action="store", dest="authscheme", default=None, choices=["none", "basic"], - help=""" - Specify the scheme used by the proxy to identify users. - If not none, requires the specification of a list of authorized users. - This option is ignored if the proxy is in transparent or reverse mode. - """.strip() - + Specify which users are allowed to access the proxy and the method + used for authenticating them. These options are ignored if the + proxy is in transparent or reverse proxy mode. + """ ) - user_specification_group = group.add_mutually_exclusive_group() - - user_specification_group.add_argument( "--nonanonymous", action="store_true", dest="auth_nonanonymous", - help="Allow access to any user as long as a username is specified. Ignores the provided password." + help="Allow access to any user long as a credentials are specified." ) user_specification_group.add_argument( "--singleuser", action="store", dest="auth_singleuser", type=str, - help="Allows access to a single user as specified by the option value. Specify a username and password in the form username:password." + metavar="USER", + help="Allows access to a a single user, specified in the form username:password." ) - user_specification_group.add_argument( "--htpasswd", action="store", dest="auth_htpasswd", type=argparse.FileType('r'), + metavar="PATH", help="Allow access to users specified in an Apache htpasswd file." ) - - - - proxy.certificate_option_group(parser) diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index 9abb9833..22e7ff63 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -544,25 +544,20 @@ def process_proxy_options(parser, options): if not os.path.exists(options.certdir) or not os.path.isdir(options.certdir): parser.error("Dummy cert directory does not exist or is not a directory: %s"%options.certdir) - if options.authscheme and (options.authscheme!='none'): - if not (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd): - parser.error("Proxy authentication scheme is specified, but no allowed user list is given.") - if options.auth_singleuser and len(options.auth_singleuser.split(':'))!=2: - parser.error("Authorized user is not given in correct format username:password") - if options.auth_nonanonymous: - password_manager = authentication.PermissivePasswordManager() - elif options.auth_singleuser: + if (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd): + if options.auth_singleuser: + if len(options.auth_singleuser.split(':')) != 2: + parser.error("Please specify user in the format username:password") username, password = options.auth_singleuser.split(':') password_manager = authentication.SingleUserPasswordManager(username, password) + elif options.auth_nonanonymous: + password_manager = authentication.PermissivePasswordManager() elif options.auth_htpasswd: password_manager = authentication.HtpasswdPasswordManager(options.auth_htpasswd) - # in the meanwhile, basic auth is the only true authentication scheme we support - # so just use it authenticator = authentication.BasicProxyAuth(password_manager, "mitmproxy") else: authenticator = authentication.NullProxyAuth(None) - return ProxyConfig( certfile = options.cert, cacert = cacert, |