Commit Graph

871 Commits

Author SHA1 Message Date
Soner Tari
ef2edff60a Improve string comparisons
We need case-insensitive comparison validating POP3 and SMTP commands.
Define macro function to check string equality.
2020-05-12 01:28:41 +03:00
Soner Tari
ac4285cef1 Fix POP3 and SMTP protocol validation, thanks to the new testproxy e2e tests
Add testproxy e2e tests for POP3 and SMTP protocol validation.

We have detected that POP3 and SMTP protocol validation was broken
thanks to these new testproxy e2e tests. This is yet another example why
e2e tests are important.
2020-05-11 17:01:38 +03:00
Soner Tari
f3ac5ee4f2 Move passsite flag to sslctx
The passsite flag is ssl specific.
2020-05-10 21:53:24 +03:00
Soner Tari
f8580d6ac7 Update news
This is the first SSLproxy specific changelog.
2020-05-09 22:16:44 +03:00
Soner Tari
313da5cfca Add -A DefaultLeafCert option
Rename LeafCerts to LeafKey, TargetCertDir to LeafCertDir, CRL to
LeafCRLURL
2020-05-09 22:14:50 +03:00
Soner Tari
aba07a53ee Disable conn ids unless debugging
We don't need parent or child ids unless debugging. IDLE and EXPIRED
conn logs do not need to report ids either. Ids are useful only in
detailed debug logs.
2020-05-08 01:11:50 +03:00
Soner Tari
5285b9e433 Fix valgrind REDIR warning about strncpy(), use memcpy() instead
REDIR: 0x562c100 (libc.so.6:__strncpy_ssse3) redirected to 0x4c32fb0
(strncpy)
The src strings are not NULL terminated at the correct positions.
2020-05-07 14:06:09 +03:00
Soner Tari
11f92e3ce8 Add unique child id, set to the children count of parent conn
This is necessary to uniquely identify child conns. The src fd of child
conns was possibly not unique. We use this id in debug logs only.
Also relocate the update code related with this id.
2020-05-07 13:45:13 +03:00
Soner Tari
519e82a624 Warn unused result of max() 2020-05-07 13:38:50 +03:00
Soner Tari
be80523036 Use the new inline max() function instead of MAX() macro function in sslproxy
Do not pass pxy_thr_print_children() or bufferevent_getfd() to MAX() or
util_max() macro functions as params, or else they are called twice.
Since MAX() macro call duplicates params, do not call it nested either,
or else we get very long macro expansions.
2020-05-07 00:10:42 +03:00
Soner Tari
e63d6dd3aa Remove BEV_OPT_THREADSAFE in lp too
thrmgr and conn handling threads in lp are cleanly decoupled now.
2020-05-06 23:54:50 +03:00
Soner Tari
d611ec727d Do not close fd -1, true for tcp conns too 2020-05-06 23:51:45 +03:00
Soner Tari
8a96565d99 Zero out msg buf as in sslsplit
ce5f409dbe
("Zero all bytes when passing file descriptors over AF_UNIX sockets",
2018-11-12)

Also, bufferevent_getfd() returns -1 if no file descriptor is associated
with the bufferevent.
2020-05-06 12:45:55 +03:00
Soner Tari
128838c70f Fix -g flag for lp, use Mk/buildinfo.mk of sslproxy
This is necessary to detect the .git folder at the project root. So
remove Mk/buildinfo.mk of lp.
2020-05-06 02:08:23 +03:00
Soner Tari
3e706ea022 Fix leaks and errors reported by valgrind
Free vars.
Finalize sqlite3 statements.
Close sqlite3 db.
Init memory.
Do not close fd -1.

Some of these may be harmless, but we fix them anyway. Now valgrind
reports 0 "lost" memory, but some "still reachable", both for sslproxy
and lp.
2020-05-06 02:06:08 +03:00
Soner Tari
1d75bfb17f Fix a possible sync issue between thr load and conn children list on error
Refactor and rename functions, struct fields, and vars
Simplify if conditions and fix/improve logs
Clean up
2020-05-05 15:42:41 +03:00
Soner Tari
757ed35687 Do not use privsep to open socket for child listener
We don't need a privsep call to open a socket for child listener,
because listener port of child conns are assigned by the system, hence
are from non-privileged range above 1024.
So the open privsep socket is used only to update user atime now.
2020-05-05 00:50:37 +03:00
Soner Tari
14cfd3286b Update ctime and first atime on conn handling thr, not on thrmgr
This offloads the thrmgr by saving a time() call.
Also remove an unnecessary NULL assignment.
2020-05-04 21:30:50 +03:00
Soner Tari
71dff82305 Terminate conn on socket connect error
And rename a function.
2020-05-04 21:05:35 +03:00
Soner Tari
18c882ad37 Refactor and rename assign/attach conn to thr functions
And fix comments.
2020-05-04 12:16:03 +03:00
Soner Tari
f069637fda Include errno.h in pxyconn.c too to fix travis issue 2020-05-04 00:21:42 +03:00
Soner Tari
61edeeedb1 Include errno.h, revert log.h to fix travis issue 2020-05-04 00:16:12 +03:00
Soner Tari
906d961168 Fix travis issue due to errno
errno and EMFILE are provided by <unistd.h>, but we need log.h anyway,
which includes logger.h, and which includes <unistd.h> in turn.
2020-05-04 00:05:17 +03:00
Soner Tari
6c5165fa6e Update lp with sslproxy changes and clean up 2020-05-03 23:28:21 +03:00
Soner Tari
d3c3059c26 Remove ctx evbase and dnsbase
We already have thr in conn ctx to access its evbase and dnsbase.
2020-05-03 23:20:38 +03:00
Soner Tari
8786b9fda7 Remove pending ssl conns list and in_thr_conns flag
We have carried almost all conn init tasks from thrmgr to conn handling
thread. So we immediately add the conn to the conn list of its thr,
which renders both pending ssl conns list and in_thr_conns flag useless.
2020-05-03 21:05:12 +03:00
Soner Tari
98cda54c47 Reduce and improve debug logs 2020-05-03 16:52:43 +03:00
Soner Tari
c8371e7b3d Decouple thrmgr and conn handling thr on error too
Also add/fix comments, fix debug logs and mistakes.
2020-05-03 14:30:32 +03:00
Soner Tari
229ea2fe0a Convert linked lists to doubly linked lists, so keep track of previous node
The only time we go over the linked list is to check idle or expired
connections, or to print debug info. Otherwise, mostly what we need is
to add and remove list nodes. Removing a list node becomes a very simple
task if we keep track of the previous node too. So now we also keep
record of prev node, and update prev node as we add and remove nodes.
All three linked lists we use benefit from this data structure
improvement, making it very fast to remove a list node.

Another benefit of this change is that we don't need to identify conns
with their id numbers or child conns with their src fds. So now we
directly delete them, without needing to check their ids or fds.
2020-05-03 00:37:19 +03:00
Soner Tari
cc5d877711 Remove BEV_OPT_THREADSAFE
thrmgr and conn handling threads are cleanly decoupled now. So we don't
need BEV_OPT_THREADSAFE anymore.
2020-05-02 19:03:09 +03:00
Soner Tari
f77a7630d5 Disable thr mutex
Do we need a thr mutex? This mutex is for thread-safe access to
thr.load. But thrmgr read-accesses thr.load, and write-accesses are by
thr only. So can we really live without it?
2020-05-02 18:55:22 +03:00
Soner Tari
8b27cfce95 Decouple code for thrmgr and conn handling threads, so create pxythr.c/h 2020-05-02 17:56:40 +03:00
Soner Tari
aab56d42a9 Switch to conn handling thread even earlier
So now we do a couple of expensive tasks on conn handling threads, not
on thrmgr: Add the conn to its thread conn list, check fd usage, nat
lookup dst, and make string src addr.
2020-05-01 23:50:05 +03:00
Soner Tari
033cb732ac Decouple conn init from fd readcb 2020-05-01 14:54:01 +03:00
Soner Tari
191109951d Switch from thrmgr to connection handling thread asap
This prevents possible multithreading issues between thrmgr and conn
handling threads. So we can remove and clean up the code and comments
related with such possible issues now. For example, we can add the conn
to its thread list earlier, and we can handle errors immediately, thanks
to this early switch to conn handling threads. This also helps achieve
cleaner code.
2020-05-01 12:23:16 +03:00
Soner Tari
03453fc76b Refactor to free the buf asap 2020-05-01 12:05:49 +03:00
Soner Tari
0bfe5584e4 Simplify logs printed by *_main and *_main_va macros
Since the *_main and *_main_va macros always pass 0 as fd, and the other
macros fd > 0, we can simplify the main macros.
2020-04-25 22:36:02 +03:00
Soner Tari
05654e3bee Avoid possible crashes caused by passing NULL pointers to str*() functions 2020-04-18 11:28:55 +03:00
Soner Tari
a1f24e26d0 Clean up 2020-04-17 22:14:19 +03:00
Soner Tari
fd3aa5a394 Update lp with sslproxy changes, fix dst events
Enable dst r/w events before socket connect.
Improve verbose debug logs using common header fields to better identify
connections.
Create function macros for fine* debug logs.
2020-04-17 19:36:41 +03:00
Soner Tari
554fd3bd3a Improve code reuse, reduce code, clean up whitespace 2020-04-17 15:31:30 +03:00
Soner Tari
ea57aebf15 Fix mailto 2020-04-17 14:19:03 +03:00
Soner Tari
20eb2533d1 Fix autossl crash upon protocol error, need fuzzing tests
This happens if there was no autossl handshake prior to ClientHello,
e.g. no STARTTLS message. This is perhaps due to the SSL handshake of a
direct SSL connection, i.e. invalid protocol.
We should not crash upon protocol errors, hence the need for fuzzing
tests.
2020-04-17 11:10:28 +03:00
Soner Tari
efa2b48b94 Disable autossl passthrough
Autossl passthrough crashes with signal 10.
2020-04-16 23:04:23 +03:00
Soner Tari
2b702495b0 Remove comixwall.org 2020-04-16 15:33:50 +03:00
Soner Tari
5c2ac6d1bf Remove writecb for srvdst except for passthrough, remove srvdst_connected and dst_connected flags, clean up autossl
We don't do anything in srvdst writecb except for passhtrough mode.
We handle srvdst and dst connect tasks in connectcb for them by
arranging connect events correctly, so we don't need any extra flags.
Correct connect ordering helps us remove code checking if bev exists.
There were a lot of unnecessary code in autossl. Tcp and ssl code are
decoupled now.
2020-04-16 15:23:42 +03:00
Soner Tari
a24ac850b4 Fix readcb and writecb before connected
Do not enable srvdst readcb until connected
Enable read and write callbacks only after connected
2020-04-16 11:59:18 +03:00
Soner Tari
64c0078ecb Update comments about writecb before connected 2020-04-15 22:04:18 +03:00
Soner Tari
a0d74baa43 Update copyright year to 2020 2020-04-14 18:12:16 +03:00
Soner Tari
a34c953ef0 Validate the response from the smtp server to protect the client
Because we directly relay the packets from the server to the client
until we receive the first packet from the client, at which time we xfer
srvdst to the first child conn and effectively disable this readcb,
hence start diverting packets to the listening program.
Improve documentation.
2020-04-14 17:56:47 +03:00