Commit Graph

196 Commits

Author SHA1 Message Date
rofl0r
39132b9787 rename members of proxy_type enum to have a common prefix
and add a NONE member.
2018-02-25 23:52:23 +00:00
rofl0r
bf76aeeba1 implement HTTP basic auth for upstream proxies
loosely based on @valenbg1's code from PR #38

closes #38
closes #96
2018-02-25 15:13:45 +00:00
rofl0r
bd04ed00d8 Basic Auth: send correct response codes and headers acc. to rfc7235
as reported by @natedogith1
2018-02-06 16:57:02 +00:00
rofl0r
8db511b9bf add support for basic HTTP authentication
using the "BasicAuth" keyword in tinyproxy.conf.

base64 code was written by myself and taken from my own library "libulz".
for this purpose it is relicensed under the usual terms of the tinyproxy
license.
2018-02-06 16:57:02 +00:00
rofl0r
7a3fd81a8d fix types used in SOCKS4/5 support code
the line

    len = buff[0]; /* max = 255 */

could lead to a negative length if the value in buff[0] is > 127.
2018-02-06 16:11:39 +00:00
Gonzalo Tornaria
8906b0734e add SOCKS upstream proxy support (socks4/socks5)
original patch submitted in 2006 to debian mailing list:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392848%29#12

this version was rebased to git and updated by Russ Dill <russ.dill@gmail.com>
in 2015 (the original patch used a different config file format).

as discussed in #40.

commit message by @rofl0r.
2018-02-06 16:11:39 +00:00
Stephan Leemburg
c5da1cc934 Continue with forward proxy if ReverseOnly is not true and no mapping available (#35)
allow non-reverse mappings if reverseonly is not enabled
2016-09-10 19:22:45 +02:00
Michael Adam
800c3a250c BB#110 Increase number of hash buckets from 32 to 256.
This should make hash processing generally faster.

There is a treadeoff between memory footprint and
speed of processing. 10 KB instead of 1.2 KB of
hash table per process should not be a huge problem
even on very limited current systems.

Who really needs to stick to 32 buckets could
recompile. We could also think about making
this configurable at some point.

Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13 01:41:56 +01:00
Michael Adam
545463c75d BB#110 limit the number of headers per request to prevent DoS
Based on patch provided by gpernot@praksys.org on bugzilla.

Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13 01:28:07 +01:00
Michael Adam
76bd008cf9 reqs: fix typo in a debug message in get_request_entity()
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23 11:59:47 +01:00
Michael Adam
3710accf72 reqs: Fix CID 1130969 (part 3) - unchecked return value from library.
Check the return value of socket_blocking (fcntl) at the
end of relay_connection() for client socket.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 21:56:39 +01:00
Michael Adam
e07c363df2 reqs: Fix CID 1130969 (part 2) - unchecked return value from library.
Check the return value of socket_blocking (fcntl) at the
end of relay_connection().

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 21:44:12 +01:00
Michael Adam
c82840bfcb reqs: Fix CID 1130972 - remove logically dead code.
url == NULL is caught above.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 18:58:19 +01:00
Michael Adam
0a99803425 reqs: Fix CID 1130967 - unchecked return value from library.
Check the return code of fcntl via socket_blocking
in pull_client_data().

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 18:49:45 +01:00
Michael Adam
9efa5799f0 reqs: Fix CID 1130968 - unchecked return value from library
Check the return code of fcntl via socket_nonblocking
in pull_client_data()

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 18:49:45 +01:00
Michael Adam
c27b6d15e2 reqs: rename a variable.
ret will be used in enclosing scope.
so rename this special varibale.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 18:49:45 +01:00
Michael Adam
68bd0b61b5 reqs: fix CID 1130969 - unchecked return code from library
Effectively, the return code of fcntl was not checked
by not checking the return code of socket_nonblocking()
for the server fd.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 17:35:59 +01:00
Michael Adam
2004abc1e3 reqs: fix CID 1130970 - unchecked return code from library
Effectively, the return code of fcntl was not checked
by not checking the return code of socket_nonblocking()
for the client fd.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22 17:35:54 +01:00
Michael Adam
0f18e4fc3a BB#106: remove now unused extract_ssl_url.
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16 15:26:06 +01:00
Michael Adam
9f43cfd488 BB#106: fix CONNECT requsts with IPv6 literal addresses as host.
Use extract_url instead of the old extract_ssl_url:
extract_url is generic and handles ipv6 literal addresses correctly.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16 15:25:44 +01:00
Michael Adam
98f77ef8c7 BB#106: add default_port argument to extract_http_url and rename it to extract_url
There is in fact nothing http-specific any more about this function, hence
the rename. The input has been stripped of the <proto>:// header anyways.

This in preparation of fixing bug BB#106: ssl fails with literal ipv6 addrs.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16 15:09:48 +01:00
Michael Adam
69c348ce6d req: move a variable into the scope where it is used in extract_http_url()
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16 13:10:03 +01:00
Michael Adam
bb2e894e0d BB#116: fix invalid free when connecting to ipv6 literal address
When removing the '[' and ']' characers from the ipv6 literal address, make sure
the pointer that is later free'd stays a malloced pointer by memmoving the
string one place left.

Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16 13:07:19 +01:00
Mukund Sivaraman
7378c97524 Surround IPv6 literals with [] in Host: headers 2011-02-07 18:00:39 +05:30
Mukund Sivaraman
2d02e2211e Handle IPv6 literals in URLs correctly 2011-02-04 20:28:48 +05:30
Daniel Egger
62443a6391 [BB#95] Fix FilterURLs with transparent proxy support.
Pass a pointer to a char pointer to do_transparent_proxy so the reassembled URL
will actually end up back in the caller where it is needed for filtering
decisions. This fixes the problem that a tinyproxy configured with the
transparent proxy functionality and "FilterURLs Yes" would filter on everything
but the domain.

Signed-off-by: daniel.egger@sphairon.com
Signed-off-by: Michael Adam <obnox@samba.org>
2010-12-01 22:25:44 +01:00
Michael Adam
12026c32de Fix bug #55: Read request entity before sending error page to client.
https://www.banu.com/bugzilla/show_bug.cgi?id=55

This is achieved by streamlining handle_connection, adding
a common cleanup-and-exit poing ("done") and a common
failure exit point ("fail") that reads any pending data
from the client fd first before trying to send back
data (error page or stats page).

The new function get_request_entity that is used here,
does not honour any content-length header. It just calls
select on the client-fd and gets any data that is there
to read.

Michael
2010-01-10 02:17:37 +01:00
Michael Adam
6c9a647576 reqs:handle_connection: untangle assignment from check
Michael
2010-01-10 01:49:14 +01:00
Michael Adam
e1e9e53d45 reqs:process_client_headers: polish logic flow a bit.
Michael
2010-01-10 01:49:14 +01:00
Michael Adam
0bfc0e90c1 reqs: simply process_request a bit: create common fail exit point
Michael
2010-01-10 01:49:14 +01:00
Mukund Sivaraman
9c0c3d5ced [BB#17] Add custom HTTP request headers to outgoing HTTP requests 2010-01-08 22:05:17 +05:30
Michael Adam
7290691142 Move definition of "struct config_s" from main.h to conf.h
Michael
2009-12-07 22:33:27 +01:00
Michael Adam
4c0a4d985f Add connect_ports list to config struct instead of keeping extra global var.
Michael
2009-12-07 00:22:52 +01:00
Michael Adam
c981b246ce Move handling of connect_ports list to its own source module.
Michael
2009-12-07 00:22:52 +01:00
Michael Adam
8cb182e1b8 Add access_list to the config struct instead of a global variable in acl.c.
Change insert_acl, check_acl and flush_access_list to take a corresponding
argument.

Michael
2009-12-07 00:22:46 +01:00
Michael Adam
4a8ea0d23b upstream: Add upstream list parameter to upstream_get()
to abstract it from the concrete list in the config struct.
Now upstream.c does not use any reference to config any more.

Michael
2009-12-07 00:22:36 +01:00
Michael Adam
fd987e97f0 move handling of upstream list to new module upstream.{c,h}
Michael
2009-12-06 13:17:18 +01:00
Michael Adam
56ba3d45bd upstream: refactor assembly of upstream out of upstream_add
Michael
2009-12-06 13:17:18 +01:00
Mukund Sivaraman
0480185d07 Use capitalized name in error messages 2009-12-04 05:41:36 +05:30
Mukund Sivaraman
ec4b4d979f Use NULL for pointers 2009-11-17 02:40:03 +05:30
Michael Adam
7671ac1ae2 Don't add "Via:" header when DisableViaHeader == Yes. 2009-10-11 01:27:24 +02:00
Mukund Sivaraman
931b038b27 Use safer string functions 2009-10-02 15:21:42 +05:30
Michael Adam
2beaac96d3 handle_connection: make logic clearer when deciding whether to use connect/ssl
Michael
2009-09-28 11:24:33 +02:00
Mukund Sivaraman
630d44e67b [BB#10] Do not filter out transfer-encoding header 2009-09-27 16:27:51 +05:30
Michael Adam
eecf145dbb conf: turn XTinyproxy into a boolean option
This is what it actually is.

The string value was used in earlier versions to compare
against the uri->authority string. But not as a list of
sites to create an X-Tinyproxy header for, as the tinyproxy.conf
template states...

Michael
2009-09-27 12:32:31 +02:00
Mukund Sivaraman
1586b39138 Don't ignore retval of read() in reqs.c 2009-09-27 08:09:22 +05:30
Michael Adam
b95f7b9ffb Print a http error when the client headers could not be retrieved.
A ususal case here is that the headers were buggy, e.g. a line
without a ":" to separate the header field name from the value.
Previous behaviour was to silently return a blank page.

Michael
2009-09-20 22:24:18 +02:00
Michael Adam
fcb053a77c Revert "Remove unused parameter from process_request()"
This reverts commit f3312c22a0.

The "hashofheaders" argument to process_request() is needed
for building with reverse support or with transparent support.

Michael
2009-09-20 21:58:52 +02:00
Mukund Sivaraman
919eedc7f9 Remove inline keyword from static functions
The compiler inlines static functions as necessary anyway.
No more inline keywords exist in Tinyproxy source code. We want to
avoid using this keyword anyway.
2009-09-20 13:58:50 +05:30
Mukund Sivaraman
f3312c22a0 Remove unused parameter from process_request() 2009-09-15 04:11:58 +05:30