Commit Graph

29 Commits

Author SHA1 Message Date
Soner Tari
58eb907d69 Separate global and proxyspec opts 2019-07-12 14:40:04 +03:00
Soner Tari
bee1a82bfc Improve error log messages and comments 2019-03-25 18:13:46 +03:00
Soner Tari
44b125f77e Avoid malloc/free for vars of known sizes 2019-03-25 03:39:15 +03:00
Soner Tari
072dbe2611 Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak
Remove redundant logging call
2019-03-22 19:19:39 +03:00
Soner Tari
0d49ba56db Enable user auth support on Linux 2019-03-09 18:17:05 +03:00
Soner Tari
fd52ba0c56 Refactor, handle error conditions, and clean up 2019-03-02 02:04:53 +03:00
Soner Tari
cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
2019-03-01 02:08:24 +03:00
Soner Tari
fb25c45c66 Clean-up 2019-02-16 17:52:57 +03:00
Soner Tari
304207e9e9 Add initial user database support using sqlite3 2019-02-16 17:29:14 +03:00
Soner Tari
52d37297b6 Update with sslsplit develop changes, especially content logging
Change SIGHUP to behave like SIGUSR1
2018-11-03 18:23:31 +03:00
Soner Tari
5a4b8974bf Add fall through comment for missing break in case statement, as gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 complains about it now
Break out of for loop if max token is reached
2018-08-01 21:38:12 +03:00
Soner Tari
9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues
Add VerifyPeer and AllowWrongHost options
2018-01-18 03:18:53 +03:00
Soner Tari
a1c5d05143 Add support for log priority to error logs, so syslogd prints the correct prio for error logs now 2017-10-15 01:39:30 +03:00
Soner Tari
077e97dbba Add more CRITICAL error logs
Fix some logs
Clean-up
2017-08-24 21:52:56 +03:00
Soner Tari
1a6eab50a5 Tidy and clean logs up
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
2017-08-13 04:36:33 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
2017-07-25 16:07:39 +03:00
Soner Tari
09e1c858b9 Refactoring to remove mctx 2017-07-14 22:34:15 +03:00
Soner Tari
133584361f Rename and clean-up 2017-07-13 00:45:12 +03:00
Soner Tari
9858928b73 Add debug levels, initial 2017-06-15 19:07:37 +03:00
Soner Tari
d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
0506024587 Update copyright notices to 2016 2016-03-25 12:19:23 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Daniel Roethlisberger
f16783cee2 Move cert writer to logger thread using privsep
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
2014-12-13 23:52:17 +01:00
Daniel Roethlisberger
e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h
Issue:		#52
2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
25e3145d1f Add missing headers to fix build on FreeBSD 8.4 2014-11-25 00:10:51 +01:00
Daniel Roethlisberger
476967ccdc Add SIGUSR1 to the signals forwarded by the parent 2014-11-24 23:32:37 +01:00
Daniel Roethlisberger
0e0a465f5d Fix build on OpenBSD by adding missing includes 2014-11-24 22:49:02 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00