Commit Graph

292 Commits

Author SHA1 Message Date
Daniel Roethlisberger
ed99fc0260 Use NULL instead of '\0' to avoid type conversion 2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc Update documentation after merge of #34 2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447 Merge pull request #34 from swills/master
add DESTDIR, MANDIR to install target
2014-10-21 14:44:11 +02:00
Landon Fuller
93ab726671 Merge branch 'macosx-process-info' into fix-macosx 2014-10-18 20:43:56 -06:00
Landon Fuller
f36b06f8c1 Fix stupid bug caused by leaving the path string as non-NULL terminated on initialization.
This failed visibly when the allocated buffer did not already
lead with \0.
2014-10-18 20:41:43 -06:00
Landon Fuller
7c0c39cb2c Merge branch 'macosx-process-info' into fix-macosx 2014-10-18 17:11:29 -06:00
Landon Fuller
e6aa76b844 Implement automatic creation of parent directories. 2014-10-18 17:02:53 -06:00
Landon Fuller
06c61c16ed Add support for specifying log paths as a specialized format string.
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
2014-10-18 16:40:22 -06:00
Landon Fuller
8350b1deb0 Plumb user/group/path information through the logging API. 2014-10-18 14:35:49 -06:00
Landon Fuller
5ed49c4985 Implement user and group name lookup. 2014-10-18 14:16:50 -06:00
Landon Fuller
52d979e29d Add a standard API for fetching process name, uid, and gid. 2014-10-18 13:46:44 -06:00
Landon Fuller
9204418c80 Thread pid lookup support through the NAT API.
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
2014-10-18 13:16:02 -06:00
Steve Wills
b8c8cb73ed add DESTDIR, MANDIR to install target
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
2014-10-18 17:32:22 +00:00
Landon Fuller
bcc74385ab Log the full process path, rather than the MAXCOMLEN-max process name. 2014-10-18 02:34:46 -06:00
Landon Fuller
55e8da7653 Wire up lookup of the local process/socket originating the proxied connection.
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
2014-10-18 02:23:25 -06:00
Landon Fuller
cb6ffeaa9d Merge branch 'fix-macosx' into macosx-process-info 2014-10-18 00:40:29 -06:00
Landon Fuller
c412425ce1 Merge branch 'specify-custom-gid' into fix-macosx 2014-10-18 00:38:50 -06:00
Landon Fuller
a8687e0737 Merge branch 'macosx-yosemite' into fix-macosx 2014-10-18 00:38:38 -06:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges.
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
7a5147cddf Add libproc to the build configuration. 2014-10-18 00:09:26 -06:00
Landon Fuller
8ef5011fcb Enable Mac OS X 10.10 feature detection
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0 Special device nodes may be needed for -j to work 2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5 Don't rely on OpenSSL to pull in string.h
Obtained from:	OpenBSD port patches
2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc Fix segmentation fault when using -t without a CA
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7 Fix glob to be compatible with /bin/dash 2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18 Improve dependency tracking for targets/ certs 2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec Add targets to .PHONY 2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7 Add unit test for sys_dir_eachfile()
Issue:		#19
Reported by:	Miroslav Stampar
2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe SSLsplit master 2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc SSLsplit 0.4.8 release 2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0 Update NEWS 2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372 Add libevent2 test for the weirdness that is issue #17 2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705 Detect when libevent cannot parse resolv.conf
Issue:		#17
Reported by:	Florian Schaefer
2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3 Remove duplicates from FEATURES 2014-01-14 23:44:23 +01:00
Daniel Roethlisberger
e1d8a2a965 Lint fix: define some variables in smaller scope 2014-01-14 17:37:57 +01:00
Daniel Roethlisberger
cd358e245a Make session.pem generation more portable 2014-01-14 17:37:17 +01:00
Daniel Roethlisberger
716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 2014-01-14 17:35:56 +01:00
Daniel Roethlisberger
6b99bde4fb Only use -pthread on non-Darwin systems 2014-01-14 17:29:32 +01:00
Daniel Roethlisberger
ba991dcdf8 Minor overhaul of the Mac OS X hacks 2014-01-14 17:28:59 +01:00
Daniel Roethlisberger
24e57d2a12 Add .gitattributes and cleanup .gitignore
Exclude development-only files from the distribution tarball.
2014-01-14 17:14:23 +01:00
Daniel Roethlisberger
23d7b7fe8d Update README for the APSL components 2014-01-14 01:23:09 +01:00
Daniel Roethlisberger
d4d249fb87 Update NEWS 2014-01-14 00:46:52 +01:00
Daniel Roethlisberger
a5660fa3c9 Update NEWS 2014-01-14 00:29:45 +01:00
Daniel Roethlisberger
2235e1aad9 Fix memory leak in fake cert generation code
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
2014-01-13 23:56:59 +01:00
Daniel Roethlisberger
05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 2014-01-13 23:33:31 +01:00
Daniel Roethlisberger
202b1270e3 Create session.pem without Internet connectivity
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
2014-01-11 21:49:05 +01:00