Commit Graph

62 Commits

Author SHA1 Message Date
PsychoMario
b34336ab4b moved to develop branch 2014-12-12 17:03:06 +00:00
PsychoMario
4f310a877a implemented -W to write original certs 2014-12-09 21:43:05 +00:00
PsychoMario
13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa fix mutual exclusivity, sprintf->asprintf 2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864 added exclusivity with -K, man page and -h 2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9 naive implementation with -X, no help, validation, logging 2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
39e9c898e5 Move default cipher suite spec to defaults.h 2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
5ac565f5df Note that -j impacts -S and -F 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
ab466aafb7 Allow -u root with pf proxyspecs on OS X 2014-11-28 10:03:29 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h
Issue:		#52
2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655 Fix version output on local procinfo availability 2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
a027f87c1c Check if -u and -m user and group exist immediately 2014-11-23 22:52:09 +01:00
Daniel Roethlisberger
2d97659a6b Check if args to -j and -S are directories 2014-11-23 15:46:37 +01:00
Daniel Roethlisberger
86397dac89 Break at 80 cols 2014-11-23 15:45:55 +01:00
Daniel Roethlisberger
5fd1d7de9c Rename flags for clarity 2014-11-21 12:03:08 +01:00
Daniel Roethlisberger
fcd008df4b Unify asprintf error handling 2014-11-17 19:11:27 +01:00
Daniel Roethlisberger
544b93a9ab Add procinfo status to -V 2014-11-14 16:30:07 +01:00
Daniel Roethlisberger
150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 2014-11-14 16:20:07 +01:00
Daniel Roethlisberger
0d07aeff7e Don't automatically drop to nobody if logspec is used 2014-11-13 23:38:59 +01:00
Daniel Roethlisberger
38314ea16d Formatting changes 2014-11-13 23:38:46 +01:00
Landon Fuller
7ce301a60f
Fix incorrect format specifiers used in the -F usage example. 2014-11-07 16:49:00 -07:00
Landon Fuller
02c6e6e605
Adopt the new oom_die() usage. 2014-11-07 16:44:47 -07:00
Landon Fuller
a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 2014-11-07 16:43:09 -07:00
Daniel Roethlisberger
206c688219 Refactor SSL/TLS debug code 2014-11-05 21:18:53 +01:00
Daniel Roethlisberger
601cdf5b52 Add SSL/TLS protocol selection debug code 2014-11-05 20:41:41 +01:00
Daniel Roethlisberger
6b0e47dc89 Allow more control over used SSL/TLS versions
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
2014-11-05 20:06:11 +01:00
Daniel Roethlisberger
cc6cb59485 Rewrite Mac OS X support to use proper XNU headers
Move from one set of headers per major OS X release to one set of
headers per XNU release.  Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.

Issue:		#39
2014-10-30 22:01:55 +00:00
Daniel Roethlisberger
42efb4a980 Slightly improve user experience for new option -m 2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac Further improving OOM handling in early stages of main() 2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid
Add support for specifying an explicit group when dropping privileges.
2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f Handle strdup() failure in early stages of main()
Issue:		#38
Reported by:	Markus Elfring
2014-10-23 12:49:12 +02:00
Landon Fuller
e6aa76b844 Implement automatic creation of parent directories. 2014-10-18 17:02:53 -06:00
Landon Fuller
06c61c16ed Add support for specifying log paths as a specialized format string.
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
2014-10-18 16:40:22 -06:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges.
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
13ed7f8425 Slightly improve error logging on log init failure
Issue:		#13
Reported by:	vinies
2014-01-06 19:03:29 +01:00
Daniel Roethlisberger
ca923ee7f1 Update copyright notices to 2014 2014-01-06 14:09:18 +01:00
Daniel Roethlisberger
ac9a2613e0 Only generate RSA leaf key if CA key present
Issue:          #9
Reported by:    ceear
2013-05-27 00:17:36 +02:00
Daniel Roethlisberger
c972501063 Update copyright notices 2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
711448759c Bind to ports before dropping privileges
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.

Issue:          #8
Reported by:    Ian Grispan
2013-04-24 17:17:23 +02:00
Daniel Roethlisberger
005ebd1b95 Fix syslog for more error cases
Also fix issue #6 for target certificate loading error cases.
2012-10-23 23:04:22 +02:00
Daniel Roethlisberger
bb15224d11 Flush error queue prior to exiting
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit().  Addresses issue #6
2012-10-23 21:30:11 +02:00
Daniel Roethlisberger
7713f82b62 Move more log writes after log initialization 2012-10-17 00:24:26 +02:00
Daniel Roethlisberger
1995dc4b89 Reinitialize SSL mutexes after fork
See issue #5.
2012-10-17 00:11:53 +02:00
Daniel Roethlisberger
067521924a Cleanup tgcrt loading to protect mutexes from fork
See issue #5.
2012-10-17 00:10:47 +02:00