summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2020-01-15move initialize_config_defaults to conf.crofl0r
2019-12-21implement detection and denial of endless connection loopsrofl0r
it is quite easy to bring down a proxy server by forcing it to make connections to one of its own ports, because this will result in an endless loop spawning more and more connections, until all available fds are exhausted. since there's a potentially infinite number of potential DNS/ip addresses resolving to the proxy, it is impossible to detect an endless loop by simply looking at the destination ip address and port. what *is* possible though is to record the ip/port tuples assigned to outgoing connections, and then compare them against new incoming connections. if they match, the sender was the proxy itself and therefore needs to reject that connection. fixes #199.
2019-12-21do hostname resolution only when it is absolutely necessary for ACL checkrofl0r
tinyproxy used to do a full hostname resolution whenever a new client connection happened, which could cause very long delays (as reported in #198). there's only a single place/scenario that actually requires a hostname, and that is when an Allow/Deny rule exists for a hostname or domain, rather than a raw IP address. since it is very likely this feature is not very widely used, it makes absolute sense to only do the costly resolution when it is unavoidable.
2019-12-21move sockaddr_union to sock.hrofl0r
2019-12-21log.c: protect logging facility with a mutexrofl0r
since the write syscall is used instead of stdio, accesses have been safe already, but it's better to use a mutex anyway to prevent out- of-order writes.
2019-12-21conf.c: merely warn on encountering recently obsoleted config itemsrofl0r
if we don't handle these gracefully, pretty much every existing config file will fail with an error, which is probably not very friendly. the obsoleted config items can be made hard errors after the next release.
2019-12-21conf.c: pass lineno to handler funcsrofl0r
2019-12-21simplify codebase by using one thread/conn, instead of preforked procsrofl0r
the existing codebase used an elaborate and complex approach for its parallelism: 5 different config file options, namely - MaxClients - MinSpareServers - MaxSpareServers - StartServers - MaxRequestsPerChild were used to steer how (and how many) parallel processes tinyproxy would spin up at start, how many processes at each point needed to be idle, etc. it seems all preforked processes would listen on the server port and compete with each other about who would get assigned the new incoming connections. since some data needs to be shared across those processes, a half- baked "shared memory" implementation was provided for this purpose. that implementation used to use files in the filesystem, and since it had a big FIXME comment, the author was well aware of how hackish that approach was. this entire complexity is now removed. the main thread enters a loop which polls on the listening fds, then spins up a new thread per connection, until the maximum number of connections (MaxClients) is hit. this is the only of the 5 config options left after this cleanup. since threads share the same address space, the code necessary for shared memory access has been removed. this means that the other 4 mentioned config option will now produce a parse error, when encountered. currently each thread uses a hardcoded default of 256KB per thread for the thread stack size, which is quite lavish and should be sufficient for even the worst C libraries, but people may want to tweak this value to the bare minimum, thus we may provide a new config option for this purpose in the future. i suspect that on heavily optimized C libraries such a musl, a stack size of 8-16 KB per thread could be sufficient. since the existing list implementation in vector.c did not provide a way to remove a single item from an existing list, i added my own list implementation from my libulz library which offers this functionality, rather than trying to add an ad-hoc, and perhaps buggy implementation to the vector_t list code. the sblist code is contained in an 80 line C file and as simple as it can get, while offering good performance and is proven bugfree due to years of use in other projects.
2019-11-27Use gai_strerror() to report errors of getaddrinfo() and getnameinfo()Martin Kutschker
2019-06-14fix usage of stathost in combination with basic authrofl0r
http protocol requires different treatment of proxy auth vs server auth. fixes #246
2019-05-05filter file: Don't ignore lines with leading whitespace (#239)Janosch Hoffmann
The new code skips leading whitespaces before removing trailing whitespaces and comments. Without doing this, lines with leading whitespace are treated like empty lines (i.e. they are ignored).
2018-12-15child.c: properly initialize fdset for each select() call (#216)rofl0r
it was reported that because the fdset was only initialized once, tinyproxy would fail to properly listen on more than one interface. closes #214 closes #127
2018-11-23Basic Auth: allow almost all possible characters for user/passVasily
previously was restricted to alphanumeric chars only.
2018-09-01Remove unused authors.c/authors.h and generation mechanism.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01main: remove the "-l" switch to display the license and authorsMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-05-29fix socks5 upstream user/pass subnegotiation checkrofl0r
RFC 1929 specifies that the user/pass auth subnegotation repurposes the version field for the version of that specification, which is 1, not 5. however there's quite a good deal of software out there which got it wrong and replies with version 5 to a successful authentication, so let's just accept both forms - other socks5 client programs like curl do the same. closes #172
2018-03-29fix basicauth string comparisonrofl0r
closes #160
2018-03-27html-error: Make a switch fallthrough explicitMichael Adam
This silences a gcc v7 compile warning. Signed-off-by: Michael Adam <obnox@samba.org>
2018-03-23upstream: Fix case of empty string domain.Michael Adam
Found by compiler note. Signed-off-by: Michael Adam <obnox@samba.org>
2018-03-23install tinyproxy to bin/, not /sbinrofl0r
sbin/ is meant for programs only usable by root, but in tinyproxy's case, regular users can and *should* use tinyproxy; meaning it is preferable from a security PoV to use tinyproxy as regular user.
2018-02-27make bind option usable with transparent proxy toorofl0r
closes #15 for real. the previous patch that was merged[0] was halfbaked and only removed the warning part of the original patch from openwrt[1], but didn't actually activate bind support. further it invoked UB by removing the return value from the function, if transparent proxy support was compiled in. [0]: d97d486d53ce214ae952378308292f333b8c7a36 [1]: https://gitlab.labs.nic.cz/turris/openwrt-packages/commit/7c01da4a72e6f0b7613a86529547659ea4007eba
2018-02-27implement user/password auth for socks5 upstream proxyrofl0r
just like the rest of the socks code, this was stolen from proxychains-ng, of which i'm happen to be the maintainer of, so it's not an issue (the licenses are identical, too).
2018-02-25config: unify upstream syntax for http,socks4,socks5 and nonerofl0r
closes #50
2018-02-25rename members of proxy_type enum to have a common prefixrofl0r
and add a NONE member.
2018-02-25fix early loggingrofl0r
tinyproxy uses a curious mechanism to log those early messages that result from parsing the config file before the logging mechanism has been properly set up yet by finishing parsing of the config file: those early messages are written into a memory buffer and then are printed later on. this slipped my attention when making it possible to log to stdout in ccbbb81a.
2018-02-25make send_stored_logs staticrofl0r
2018-02-25implement HTTP basic auth for upstream proxiesrofl0r
loosely based on @valenbg1's code from PR #38 closes #38 closes #96
2018-02-25basicauth.[ch]: refactor to make basicauth_string() reusablerofl0r
2018-02-25fix possible memory leakbertliao
2018-02-23Remove #ifdef for HAVE_SYSLOG_HJohn Weldon
- syslog.h is a standard posix header, this #ifdef is an artifact accidentally left in.
2018-02-09Fix CVE-2017-11747: Create PID file before dropping privileges.Michael Adam
Resolves #106 Signed-off-by: Michael Adam <obnox@samba.org>
2018-02-06move base64 code into own filerofl0r
it will be needed to add support for upstream proxy auth.
2018-02-06Basic Auth: send correct response codes and headers acc. to rfc7235rofl0r
as reported by @natedogith1
2018-02-06add support for basic HTTP authenticationrofl0r
using the "BasicAuth" keyword in tinyproxy.conf. base64 code was written by myself and taken from my own library "libulz". for this purpose it is relicensed under the usual terms of the tinyproxy license.
2018-02-06fix types used in SOCKS4/5 support coderofl0r
the line len = buff[0]; /* max = 255 */ could lead to a negative length if the value in buff[0] is > 127.
2018-02-06add SOCKS upstream proxy support (socks4/socks5)Gonzalo Tornaria
original patch submitted in 2006 to debian mailing list: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392848%29#12 this version was rebased to git and updated by Russ Dill <russ.dill@gmail.com> in 2015 (the original patch used a different config file format). as discussed in #40. commit message by @rofl0r.
2017-12-04safe_write/read: take void* buffer for generic userofl0r
if using one of unsigned or signed char for the function prototype, one gets nasty warnings when using it with the other type. the only proper solution is to put void* into the prototype, and then specialize the pointer inside the function using an automatic variable. for exactly this reason, libc functions like read(), write(), etc use void* too.
2017-11-16log to stdout if no logfile specifiedrofl0r
some users want to run tinyproxy on an as-needed basis in a terminal, without setting it up permanently to run as a daemon/service. in such use case, it is very annoying that tinyproxy didn't have an option to log to stdout, so the user has to keep a second terminal open to `tail -f` the log. additionally, this precluded usage with runit service supervisor, which runs all services in foreground and creates logfiles from the service's stdout/stderr. since logging to stdout doesn't make sense when daemonized, now if no logfile is specified and daemon mode activated, a warning is printed to stderr once, and nothing is logged. the original idea was to fail with an error message, though some users might actually want to run tinyproxy as daemon and no logging at all.
2017-11-16do not create a pidfile, if none is specified in configrofl0r
some people want to run tinyproxy with minimal configuration from the command line (and as non-root), but tinyproxy insists on writing a pid file, which only makes sense for usage as a service, hereby forcing the user to either run it as root so it can write to the default location, or start editing the default config file to work around it. and if no pidfile is specified in the config, it frankly doesn't make sense to force creation of one anyway.
2017-11-16Issue 15 fix. PRPablo Panero
2017-03-29network: honour result of inet_ntop in get_ip_string()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2017-03-29network: let get_ip_string() return const char * instead of const charMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2017-03-29Merge pull request #66 from rofl0r/configure_trimMichael Adam
Configure trim
2017-03-29Merge pull request #67 from dmz-uk/patch-1Michael Adam
Prevent child from calling exit() on interrupt
2017-03-29Merge pull request #85 from rofl0r/fix_72Michael Adam
src/Makefile.am: fix spaces vs TAB
2017-03-27src/Makefile.am: fix spaces vs TABrofl0r
this causes a build failure on several platforms using older versions of autotools or GNU make. make[2]: Entering directory `src' Makefile:670: *** missing separator (did you mean TAB instead of 8 spaces?). Stop. make[2]: Leaving directory `src' fixes #72
2016-12-30Prevent child from calling exit() on interruptdmz-uk
A proposed fix for the logrotate SIGHUP issue.
2016-12-27Move lookup_variable into hashmap.c / hashmap.hGreg
2016-12-27Change signature for lookup_variable to take map instead of connptrGreg
2016-12-21configure: do not check for standard POSIX headersrofl0r
addresses #65