Daniel Roethlisberger
c4b22efa5a
Fix segmentation fault for aborted connections
2014-11-27 23:19:54 +01:00
Daniel Roethlisberger
9341f25e6d
Explicitly support Yosemite 10.10.1 with XNU 2782.1.97
2014-11-27 22:11:12 +01:00
Daniel Roethlisberger
47abb0030d
Update clean target for newer clang build artefacts
2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
43c0f57eec
Update NEWS.md for feature/privsep
2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
e69b13f2eb
SIGUSR1 re-opens -l/-L log files; add defaults.h
...
Issue: #52
2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655
Fix version output on local procinfo availability
2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
a9bd438756
Minor updates to manual page
2014-11-25 23:38:05 +01:00
Daniel Roethlisberger
12ff6e6ddf
Merge https://github.com/fix-macosx/sslsplit
...
Conflicts:
GNUmakefile
main.c
2014-11-25 00:24:58 +01:00
Daniel Roethlisberger
25e3145d1f
Add missing headers to fix build on FreeBSD 8.4
2014-11-25 00:10:51 +01:00
Daniel Roethlisberger
476967ccdc
Add SIGUSR1 to the signals forwarded by the parent
2014-11-24 23:32:37 +01:00
Daniel Roethlisberger
0e0a465f5d
Fix build on OpenBSD by adding missing includes
2014-11-24 22:49:02 +01:00
Daniel Roethlisberger
c01ace1261
Introduce privilege separation architecture
...
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets. Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations. This is also a
preparation for -l/-L logfile reopening through SIGUSR1.
This means that -S and -F are no longer relative to chroot() if used
with -j. This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
b3f4d25619
Make log_fini() more robust
2014-11-24 21:34:08 +01:00
Daniel Roethlisberger
a027f87c1c
Check if -u and -m user and group exist immediately
2014-11-23 22:52:09 +01:00
Daniel Roethlisberger
db80d3460c
Remove spurious UNUSED attribute
2014-11-23 17:27:57 +01:00
Daniel Roethlisberger
a09f42a507
Handle EINTR in sys_sendmsgfd() and sys_recvmsgfd()
2014-11-23 15:49:03 +01:00
Daniel Roethlisberger
2d97659a6b
Check if args to -j and -S are directories
2014-11-23 15:46:37 +01:00
Daniel Roethlisberger
86397dac89
Break at 80 cols
2014-11-23 15:45:55 +01:00
Daniel Roethlisberger
762bd0cba1
Rename shortcut flag for clarity
2014-11-23 15:44:20 +01:00
Daniel Roethlisberger
53096b2e61
Add util_max()
2014-11-22 02:09:32 +01:00
Daniel Roethlisberger
71743feaa1
Add functions to send/recv UNIX dgram socket msgs and fds
2014-11-22 02:09:07 +01:00
Daniel Roethlisberger
65f56f634d
Improve error handling on logging calls
2014-11-21 17:42:10 +01:00
Daniel Roethlisberger
98520c8091
Remove old struct definition
2014-11-21 16:45:45 +01:00
Daniel Roethlisberger
c24d32e9e5
Remove obsolete preinit code
2014-11-21 16:41:57 +01:00
Daniel Roethlisberger
25edad1b6a
Merge branch 'rewrite/logthr'
2014-11-21 16:21:02 +01:00
Daniel Roethlisberger
d1d6d295df
Fixing error-case memory leaks in uid/gid lookups
2014-11-21 16:19:36 +01:00
Daniel Roethlisberger
b5e3856a97
Move open() and mkdir() to logger thread
2014-11-21 16:10:37 +01:00
Daniel Roethlisberger
5fd1d7de9c
Rename flags for clarity
2014-11-21 12:03:08 +01:00
Daniel Roethlisberger
77942a7abb
Fix compiler warning on type conversion
2014-11-19 22:54:11 +01:00
Daniel Roethlisberger
007823b16e
Fix connect logging for corner cases
2014-11-19 22:39:51 +01:00
Daniel Roethlisberger
80af8f7d52
Fix SSL_METHOD* const mismatch on OpenSSL < 1.0.0
2014-11-19 22:38:21 +01:00
Daniel Roethlisberger
125163a003
Add local process lookup on FreeBSD using sysctl() API
2014-11-19 22:30:01 +01:00
Daniel Roethlisberger
7b8ba7310d
Fix uid/gid lookup where sysconf(_SC_GETPW_R_SIZE_MAX) fails
...
On some platforms, sysconf(_SC_GETPW_R_SIZE_MAX) compiles but never
succeeds (e.g. FreeBSD 8.4). Fix this by dynamically enlarging an
initially small buffer until it is large enough, and reuse the
determined buffer size on subsequent calls to the same function.
2014-11-20 09:38:14 +01:00
Daniel Roethlisberger
c35e40a597
Update NEWS.md for OpenSSL 0.9.8y bug workaround
2014-11-20 09:38:13 +01:00
Daniel Roethlisberger
341d6b77d1
Use SSL_get_certificate() hack for OpenSSL 0.9.8y
...
OpenSSL 0.9.8y also crashes in OpenSSL's SSL_get_certificate() on a
NULL pointer dereference. Fix by also using the direct access hack
developed for OpenSSL 1.0.0k and 1.0.1e with OpenSSL 0.9.8y.
2014-11-19 20:01:42 +01:00
Daniel Roethlisberger
e1156a3482
Make awk regexp more robust
2014-11-17 23:50:16 +01:00
Daniel Roethlisberger
352b199166
Remove spurious space in netfilter output
2014-11-17 23:41:21 +01:00
Daniel Roethlisberger
c5b8fd127f
Add version and ciphersuite to connect and debug log
2014-11-17 19:14:29 +01:00
Daniel Roethlisberger
077fb8c348
Handle other address families and abort when found
2014-11-17 19:13:03 +01:00
Daniel Roethlisberger
fcd008df4b
Unify asprintf error handling
2014-11-17 19:11:27 +01:00
Daniel Roethlisberger
ec9cc5fb23
Fix usr/grp test with Linux id
2014-11-16 22:47:42 +01:00
Daniel Roethlisberger
b1ec5d0e09
Improve log_content_open() error handling
2014-11-16 22:31:54 +01:00
Daniel Roethlisberger
6f2f0af0c3
Fix usr/grp formatting unit test when id fails
2014-11-16 22:30:50 +01:00
Daniel Roethlisberger
328e3320f9
Fix build for !HAVE_LOCAL_PROCINFO
2014-11-16 21:57:33 +01:00
Daniel Roethlisberger
18c3e055e3
Refactor recursive mkdir() into sys_mkpath()
2014-11-16 21:53:47 +01:00
Daniel Roethlisberger
8c71970f33
Add unit test for sys_user_str and sys_group_str
2014-11-16 20:30:55 +01:00
Daniel Roethlisberger
84dfba04f2
Update manual page
2014-11-16 20:15:19 +01:00
Daniel Roethlisberger
e022b2af26
Add local process information to connect log
2014-11-16 20:11:25 +01:00
Daniel Roethlisberger
08ca5b2891
Also print pid if lookup (partially or fully) fails
2014-11-16 19:37:35 +01:00
Daniel Roethlisberger
48e00cf947
Remove stubs that should never be used
2014-11-16 00:07:10 +01:00
