Commit Graph

23 Commits

Author SHA1 Message Date
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
352b199166 Remove spurious space in netfilter output 2014-11-17 23:41:21 +01:00
Daniel Roethlisberger
6adaf00540 Fix pid_t removal for non-pf engines 2014-11-14 01:00:12 +01:00
Daniel Roethlisberger
c3922d9852 Refactor process lookup out of NAT engine code
Local process lookup is independent of the NAT engine used, it depends
only on the operating system's process enumeration API.  Moving the code
out of NAT lookup also makes it work for static and SNI proxyspecs.
2014-11-14 00:41:27 +01:00
Daniel Roethlisberger
18aca24a2c Return 0 with pid -1 if no process matches 2014-11-13 23:59:18 +01:00
Daniel Roethlisberger
8c21170cd3 Break lines to 80 cols 2014-11-13 23:58:58 +01:00
Daniel Roethlisberger
d9d8674792 Fix memory leak in libproc lookup code 2014-11-10 20:44:26 +01:00
Landon Fuller
9204418c80 Thread pid lookup support through the NAT API.
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
2014-10-18 13:16:02 -06:00
Landon Fuller
bcc74385ab Log the full process path, rather than the MAXCOMLEN-max process name. 2014-10-18 02:34:46 -06:00
Landon Fuller
55e8da7653 Wire up lookup of the local process/socket originating the proxied connection.
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
2014-10-18 02:23:25 -06:00
Landon Fuller
7a5147cddf Add libproc to the build configuration. 2014-10-18 00:09:26 -06:00
Daniel Roethlisberger
a42db4d3fe Also undefine rdport in Mac pf support hack 2014-01-10 15:09:21 +01:00
Daniel Roethlisberger
6643d832d9 Add experimental support for pf on Mac OS X
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
2014-01-10 15:03:13 +01:00
Daniel Roethlisberger
ca923ee7f1 Update copyright notices to 2014 2014-01-06 14:09:18 +01:00
Daniel Roethlisberger
c972501063 Update copyright notices 2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
6b4b121da2 Fix address family check in netfilter NAT lookup
Use src_addr instead of the (yet to be set) dst_addr for determining the
address family.  Fixes issue #4.
2012-09-27 17:30:19 +02:00
Daniel Roethlisberger
6106940e0c Omit nat_getsockname_lookup_cb() unless it is used 2012-08-06 08:33:39 +02:00
Daniel Roethlisberger
fda4f57aa7 Remove unused IPv6 code for netfilter NAT engine 2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
f76077c00f Undefine IPv6 compat defs to fix nat_version()
For Linux netfilter, IPV6_ORIGINAL_DST and SOL_IPV6 are defined to
SO_ORIGINAL_DST and SOL_IP respectively if they are not defined by the
system headers (they aren't defined on vanilla kernels).  Undefine these
compatibility definitions after use, in order not to mess up the
diagnostic output of nat_version().
2012-04-13 21:14:33 +02:00
Daniel Roethlisberger
4cfdef405a Initial import of sslsplit-0.4.2 2012-04-13 14:47:30 +02:00