Commit Graph

747 Commits

Author SHA1 Message Date
Soner Tari
a51cc7de57 Update RSA key size comments 2019-03-26 18:31:51 +03:00
Soner Tari
ea532a9464 Update with sslsplit develop ssl ctx improvements 2019-03-26 15:54:42 +03:00
Soner Tari
bee1a82bfc Improve error log messages and comments 2019-03-25 18:13:46 +03:00
Soner Tari
44b125f77e Avoid malloc/free for vars of known sizes 2019-03-25 03:39:15 +03:00
Soner Tari
d0ad45e74d Fix autossl userauth: srvdst should call userauth and redirect too 2019-03-24 22:28:43 +03:00
Soner Tari
040d00b546 Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash)
Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode
Remove now redundant pxy_fd_readcb() function
2019-03-24 15:57:03 +03:00
Soner Tari
98c1186cb8 Improve documentation, and simplify code 2019-03-24 01:31:19 +03:00
Soner Tari
ad38b68ad7 Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list
Debug print pending ssl conns list
Remove redundant asprintf() calls and vars
Rename fields and fix whitespace
2019-03-23 23:34:38 +03:00
Soner Tari
50740b9f77 Remove redundant ctx fields, rename vars, rearrange code, and improve documentation 2019-03-23 20:48:40 +03:00
Soner Tari
42eb887ebb Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now 2019-03-23 00:09:18 +03:00
Soner Tari
072dbe2611 Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak
Remove redundant logging call
2019-03-22 19:19:39 +03:00
Soner Tari
bf67b617c2 Keep track of ssl conns waiting for the first packet, and remove them if they time out
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
2019-03-22 15:21:39 +03:00
Soner Tari
dc788862a9 Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events
Rearrange and fix fd close locations and conn termination
2019-03-21 06:06:56 +03:00
Soner Tari
6f2cf92e51 Do not pass BEV_OPT_THREADSAFE flag to bufferevent new socket/filter functions anymore: Multithreading issues seems to be solved now 2019-03-19 17:17:57 +03:00
Soner Tari
e145ca6eed Refactor add/remove conn/child code
Fix whitespace
2019-03-19 02:54:48 +03:00
Soner Tari
cc0b94c17f Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
2019-03-18 03:59:40 +03:00
Soner Tari
17122fa6a8 Always keep thr load and conns list in sync 2019-03-17 18:57:33 +03:00
Soner Tari
c43e359a1b Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong 2019-03-16 23:19:48 +03:00
Soner Tari
3147723774 Add attribs, enclose debug params between debug macros, and improve documentation 2019-03-16 00:44:12 +03:00
Soner Tari
dcaaa49f90 Improve documentation and use better names 2019-03-15 15:39:15 +03:00
Soner Tari
362a87ac6d Update documentation 2019-03-15 02:38:08 +03:00
Soner Tari
79ad5e86cc Fix expired conn handling, signal 6 crash: Do not lock conn thr mutex twice while freeing expired conns
Fix passthrough mode: Do not SSL_free() srvdst ssl anymore and do not add conn to thr conns list twice
2019-03-15 00:20:53 +03:00
Soner Tari
bf513b1c37 Improvements 2019-03-14 21:21:07 +03:00
Soner Tari
844e68116a Move userauth from thrmgr thread to conn handling threads, and do not enable r/w callbacks until userauth succeeds
Lock conn thread instead of thrmgr thread while adding conns (giant thrmgr lock versus conn thread level locks), so add conn thread mutex and remove thrmgr mutex
Offload thrmgr thread by moving many conn related setup to conn handling threads
Fix signal 6 crash caused by calling pxy_thrmgr_timer_cb() while failed conn is being freed, so use conn thread mutexes and defer adding conn to thr conn list until conn setup succeeds
Other fixes, improvements, and clean-up
2019-03-14 03:47:03 +03:00
Soner Tari
2f3fda5367 Do not try to close conns on the thrmgr thread after setting event callbacks and/or socket connect
Use strncpy() instead of memcpy(), to limit max size with dest buffer
2019-03-13 17:11:54 +03:00
Soner Tari
7b11eb15fa Update copyright year to 2019 2019-03-13 14:42:40 +03:00
Soner Tari
7eb0ebc814 Refactor fd usage code for code reuse 2019-03-12 21:41:16 +03:00
Soner Tari
56c3bdf5d8 Do not try to term/close conns on the thrmgr thread after setting event callbacks and/or socket connect 2019-03-12 19:36:30 +03:00
Soner Tari
76a599d464 Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r) 2019-03-11 02:41:16 +03:00
Soner Tari
96ecd8e4c3 Pass BEV_OPT_THREADSAFE to bufferevent_socket_new() and similar functions, otherwise if we are out of fds, we get signal 10 or 6 crashes sometimes, nothing else seems to work 2019-03-11 01:56:09 +03:00
Soner Tari
3a6f797917 Do not forget to reset sqlite stmt if userdb is busy or locked, otherwise we get stuck and go out of fds too
Check retval of event_add() calls
Reduce frequency of userdb atime updates by not updating until idle time reaches more than half of user timeout value, otherwise privsep server can get very busy causing locked userdb
Do not care about multiple matches of IP addresses in arp cache on OpenBSD either
Performance and code reuse improvements, simplifications
2019-03-10 04:26:00 +03:00
Soner Tari
0d49ba56db Enable user auth support on Linux 2019-03-09 18:17:05 +03:00
Soner Tari
4f4b41d5ad Add user and proto validation info to connection logs 2019-03-09 01:09:08 +03:00
Soner Tari
56ddbcb5c8 Update version to 0.5.10 2019-03-08 20:24:08 +03:00
Soner Tari
b6f2203495 Validate proxyspec protocols http, pop3, and smtp 2019-03-07 23:14:53 +03:00
Soner Tari
f3e7a359a6 Update documentation with user auth feature 2019-03-06 22:43:43 +03:00
Soner Tari
6f37661772 Enable user auth for all supported protos or proxyspec types 2019-03-06 01:09:02 +03:00
Soner Tari
fcd24a2cbe Do not terminate redirected connection until src outbuf is empty, otherwise 302 redirection may not have been sent yet 2019-03-05 19:11:08 +03:00
Soner Tari
1f451aa04d Change user db table name to users, change mac column name to ether
Clean up
2019-03-02 03:44:14 +03:00
Soner Tari
c37bcc6de1 Add UserDBPath and UserTimeout options 2019-03-02 02:52:48 +03:00
Soner Tari
fd52ba0c56 Refactor, handle error conditions, and clean up 2019-03-02 02:04:53 +03:00
Soner Tari
cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
2019-03-01 02:08:24 +03:00
Soner Tari
fb25c45c66 Clean-up 2019-02-16 17:52:57 +03:00
Soner Tari
304207e9e9 Add initial user database support using sqlite3 2019-02-16 17:29:14 +03:00
Soner Tari
19f68a2800 Fix documentation 2019-02-03 22:48:20 +03:00
Soner Tari
588122b512 Explain support for remote listening programs in README 2019-01-07 01:05:48 +03:00
Soner Tari
e132b12d79 Support remote listening programs using ua and ra proxyspec options, address of remote listening program that decrypted packets are diverted to and address SSLproxy is listening for returned packets from remote listening program, respectively 2019-01-06 18:09:17 +03:00
Soner Tari
c0a943beb6 Release v0.5.9 2018-12-11 21:58:45 +03:00
Soner Tari
87403615f9 Remove now unnecessary UNUSED attributes 2018-12-01 00:36:03 +03:00
Soner Tari
670f609d7a Refactor logging code and fix memory leak 2018-11-30 14:28:51 +03:00