1
0
mirror of https://github.com/moparisthebest/sslh synced 2024-12-22 07:18:57 -05:00
Commit Graph

31 Commits

Author SHA1 Message Date
Eero Häkkinen
717c285b31 Fix access rights checking to work with IPv6. 2015-09-27 22:14:00 +03:00
Yves Rutschle
56fdc6b4af Transparant proxy support for FreeBSD 2014-12-25 20:08:24 +01:00
Yves Rutschle
b9ddfb4c7a Support RFC5952-style IPv6 addresses 2014-12-22 18:19:02 +01:00
Ruben van Staveren
ece6e28e45 #ifdef IP_BINDANY/IPV6_BINDANY cases 2014-07-24 17:29:53 +02:00
Ruben van Staveren
e2fc091482 When transparent, make sure both connections use the same address family 2014-07-22 20:05:25 +02:00
Ruben van Staveren
e246536be2 FreeBSD way of doing transparent proxy: work in progress 2014-07-22 20:05:25 +02:00
Yves Rutschle
426797f9c0 call setgroups before setgid 2014-03-30 17:28:00 +02:00
Belobrov Andrey
ff070a6b46 Fixed possible file descriptor leak. 2014-02-14 08:32:38 +04:00
Yves Rutschle
6bcb5c83f2 libcap support: print out process capabilities at startup if verbose 2014-02-09 21:39:27 +01:00
Yves Rutschle
4dfa694e8a Merged libcap patch 2014-02-09 20:34:26 +01:00
Yves Rutschle
67c34a7460 set IP_FREEBIND if available to bind to non-existent interfaces 2014-02-09 13:29:49 +01:00
Sebastian Schmidt
009faa64b7 Implement libcap support
Use libcap for saving CAP_NET_ADMIN (if --transparent is given) over a
setuid(). We don’t need CAP_NET_BIND_SERVICE as the listening sockets
are established before dropping root.
2013-10-20 21:16:56 +02:00
Yves Rutschle
96f5d6387e new test for PROBE_AGAIN; changed deferred_data to begin_deferred_data where appropriate 2013-09-28 21:33:25 +02:00
Ondrej Kuznk
025545aee3 Fix typos and type warnings 2013-09-28 20:49:46 +02:00
Ondřej Kuzník
e4fb8b8496 defered -> deferred 2013-09-28 20:42:04 +02:00
Ondřej Kuzník
d7bbec0dc7 Simplify function signatures 2013-09-28 20:21:48 +02:00
Ondřej Kuzník
dbafd6510d Allow probes to say they cannot decide yet 2013-09-28 20:21:47 +02:00
Ondřej Kuzník
c5cd91d92c Let defer_write accumulate data 2013-09-28 20:21:47 +02:00
Mike Frysinger
2d23cdc9f4 check asprintf return value
The current asprintf usage triggers many warnings like:

sslh-main.c: In function 'print_usage':
sslh-main.c:86:17: warning: ignoring return value of 'asprintf',
	declared with attribute warn_unused_result [-Wunused-result]

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2013-09-17 00:26:44 -04:00
Mike Frysinger
b8ea0699c4 drop_privileges: fix setuid check
The code attempts to check the return of setuid, but forgets to assign
the result variable.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2013-09-17 00:23:26 -04:00
Jason Cooper
c6adb6a1e1 remove unneeded executable permissions on source files
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2013-09-16 21:56:38 +02:00
Yves Rutschle
f3c5f098ca fixed getpeername causing sslh to quit 2013-08-29 12:15:50 +02:00
Yves Rutschle
536f7dee83 Changed SOL_IP to more-portable IPPROTO_IP 2013-07-25 21:33:07 +02:00
Yves Rutschle
2781c75ff9 Added tranparent proyxing 2013-07-21 13:46:45 +02:00
Yves Rutschle
f842e2e081 v1.14: 21DEC2012
Corrected OpenVPN probe to support pre-shared secret
	mode (OpenVPN port-sharing code is... wrong). Thanks
	to Kai Ellinger for help in investigating and
	testing.

	Added an actual TLS/SSL probe.

	Added configurable --on-timeout protocol
	specification.

	Added a --anyprot protocol probe (equivalent to what
	--ssl was).

	Makefile respects the user's compiler and CFLAG
	choices (falling back to the current values if
	undefined), as well as LDFLAGS.
	(Michael Palimaka)

	Added "After" and "KillMode" to systemd.sslh.service
	(Thomas Weischuh).

	Added LSB tags to etc.init.d.sslh
	(Thomas Varis).
2013-07-10 23:19:33 +02:00
Yves Rutschle
5cd1fa1875 v1.13: 18MAY2012
Write PID file before dropping privileges.

	Added --background, which overrides 'foreground'
	configuration file setting.

	Added example systemd service file from Archlinux in
	scripts/
	https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
	(Sbastien Luttringer)
2013-07-10 23:16:50 +02:00
Yves Rutschle
9bcb2cdd7a v1.12: 08MAY2012
Added support for configuration file.

	New protocol probes can be defined using regular
	expressions that match the first packet sent by the
	client.

	sslh now connects timed out connections to the first
	configured protocol instead of 'ssh' (just make sure
	ssh is the first defined protocol).

	sslh now tries protocols in the order in which they
	are defined (just make sure sslh is the last defined
	protocol).
2013-07-10 23:15:38 +02:00
Yves Rutschle
26b4bcd089 v1.11: 21APR2012
WARNING: defaults have been removed for --user and
	--pidfile options, update your start-up scripts!

	No longer stop sslh when reverse DNS requests fail
	for logging.

	Added HTTP probe.

	No longer create new session if running in
	foreground.

	No longer default to changing user to 'nobody'. If
	--user isn't specified, just run as current user.

	No longer create PID file by default, it should be
	explicitely set with --pidfile.

	No longer log to syslog if in foreground. Logs are
	instead output to stderr.

	The four changes above make it straightforward to
	integrate sslh with systemd, and should help with
	launchd.
2013-07-10 23:14:48 +02:00
Yves Rutschle
ae008179f0 v1.10:
Fixed calls referring to sockaddr length so they work
	with FreeBSD.

	Try target addresses in turn until one works if
	there are several (e.g. "localhost:22" resolves to
	an IPv6 address and an IPv4 address and sshd does
	not listen on IPv6).

	Fixed sslh-fork so killing the head process kills
	the listener processes.

	Heavily cleaned up test suite. Added stress test
	t_load script. Added coverage (requires lcov).

	Support for XMPP (Arnaud Gendre).

	Updated README.MacOSX (Aaron Madlon-Kay).
2013-07-10 23:14:15 +02:00
Yves Rutschle
a9c9941988 v1.9: 02AUG2011
WARNING: Options changed, you'll need to update your
	start-up scripts! Log format changed, you'll need to
	update log processing scripts!

	Now supports IPv6 throughout (both on listening and
	forwarding)

	Logs now contain IPv6 addresses, local forwarding
	address, and resolves names (unless --numeric is
	specified).

	Introduced long options.

	Options -l, -s and -o replaced by their long
	counterparts.

	Defaults for SSL and SSH options suppressed (it's
	legitimate to want to use sslh to mux OpenVPN and
	tinc while not caring about SSH nor SSL).

	Bind to multiple addresses with multiple -p options.

	Support for tinc VPN (experimental).

	Numeric logging option.
2013-07-10 23:13:32 +02:00
Yves Rutschle
80f76c6fc5 v1.8:
Changed log format to make it possible to link
	connections to subsequent logs from other services.

	Updated CentOS init.d script (Andre Krajnik).

	Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
	propagated to the child process, so we set up signals after
	the fork.) (Franois FRITZ)

	Added -o "OpenVPN" and OpenVPN probing and support.

	Added single-threaded, select(2)-based version.

	Added support for "Bold" SSH clients (clients that speak first)
	Thanks to Guillaume Ricaud for spotting a regression
	bug.

	Added -f "foreground" option.

	Added test suite. (only tests connexions. No test for libwrap,
	setsid, setuid and so on) and corresponding 'make
	test' target.

	Added README.MacOSX (thanks Aaron Madlon-Kay)

	Documented use with proxytunnel and corkscrew in
	README.
2013-07-10 23:12:42 +02:00