bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: bughz:1.4
Branches Tags
bughz:master
bughz:rofl0r-patch-1
bughz:ragel
bughz:tp-1.10.x
bughz:1.8
bughz:1.6
bughz:1.4
bughz:1.11.2
bughz:1.11.1
bughz:1.11.0
bughz:1.11.0-rc1
bughz:1.10.0
bughz:1.8.4
bughz:1.8.3
bughz:1.8.2
bughz:1.8.1
bughz:1.8.0
bughz:1.7.1
bughz:1.6.5
bughz:1.6.4
bughz:1.6.3
bughz:1.7.0
bughz:1.6.2
bughz:1.6.1
bughz:1.6.0
bughz:1.6.0rc3
bughz:1.6.0rc2
bughz:1.6.0rc1
bughz:1.6.0pre4
bughz:1.6.0pre3
bughz:1.6.0pre2
bughz:1.6.0pre1
bughz:1.5.3
bughz:1.5.3rc1
bughz:1.5.2
bughz:1.5.2rc2
bughz:1.5.2rc1
bughz:1.5.1
bughz:1.5.1rc4
bughz:1.5.1rc3
bughz:1.5.1rc2
bughz:1.5.1rc1
bughz:1.5.1pre6
bughz:1.5.1pre5
bughz:1.5.1pre4
bughz:1.5.1pre3
bughz:1.5.1pre2
bughz:1.5.1pre1
bughz:1.5.0
bughz:1.5.0rc10
bughz:1.5.0rc8
bughz:1.5.0rc7
bughz:1.5.0rc6
bughz:1.5.0rc5
bughz:1.5.0rc4
bughz:1.5.0rc3
bughz:1.5.0rc2
bughz:1.5.0rc1
bughz:1.5.0pre6
bughz:1.5.0pre5
bughz:1.5.0pre4
bughz:1.5.0pre3
bughz:1.5.0pre1
bughz:1.4.4pre1
bughz:1.5.0pre2
bughz:1.4.3
bughz:1.4.3pre7
bughz:1.4.3pre6
bughz:1.4.2.2
bughz:1.4.2.1
bughz:1.4.2
bughz:1.4.1.5
bughz:1.4.1.4
bughz:1.4.1.3
bughz:1.4.1.2
bughz:1.4.1.1
bughz:1.4.1
bughz:1.4.0pre6
bughz:1.4.0pre5
bughz:1.4.0pre4
bughz:1.4.0pre3
bughz:1.4.0pre1
bughz:start
bughz:show
...
pull from: bughz:master
Branches Tags
bughz:master
bughz:rofl0r-patch-1
bughz:ragel
bughz:tp-1.10.x
bughz:1.8
bughz:1.6
bughz:1.4
bughz:1.11.2
bughz:1.11.1
bughz:1.11.0
bughz:1.11.0-rc1
bughz:1.10.0
bughz:1.8.4
bughz:1.8.3
bughz:1.8.2
bughz:1.8.1
bughz:1.8.0
bughz:1.7.1
bughz:1.6.5
bughz:1.6.4
bughz:1.6.3
bughz:1.7.0
bughz:1.6.2
bughz:1.6.1
bughz:1.6.0
bughz:1.6.0rc3
bughz:1.6.0rc2
bughz:1.6.0rc1
bughz:1.6.0pre4
bughz:1.6.0pre3
bughz:1.6.0pre2
bughz:1.6.0pre1
bughz:1.5.3
bughz:1.5.3rc1
bughz:1.5.2
bughz:1.5.2rc2
bughz:1.5.2rc1
bughz:1.5.1
bughz:1.5.1rc4
bughz:1.5.1rc3
bughz:1.5.1rc2
bughz:1.5.1rc1
bughz:1.5.1pre6
bughz:1.5.1pre5
bughz:1.5.1pre4
bughz:1.5.1pre3
bughz:1.5.1pre2
bughz:1.5.1pre1
bughz:1.5.0
bughz:1.5.0rc10
bughz:1.5.0rc8
bughz:1.5.0rc7
bughz:1.5.0rc6
bughz:1.5.0rc5
bughz:1.5.0rc4
bughz:1.5.0rc3
bughz:1.5.0rc2
bughz:1.5.0rc1
bughz:1.5.0pre6
bughz:1.5.0pre5
bughz:1.5.0pre4
bughz:1.5.0pre3
bughz:1.5.0pre1
bughz:1.4.4pre1
bughz:1.5.0pre2
bughz:1.4.3
bughz:1.4.3pre7
bughz:1.4.3pre6
bughz:1.4.2.2
bughz:1.4.2.1
bughz:1.4.2
bughz:1.4.1.5
bughz:1.4.1.4
bughz:1.4.1.3
bughz:1.4.1.2
bughz:1.4.1.1
bughz:1.4.1
bughz:1.4.0pre6
bughz:1.4.0pre5
bughz:1.4.0pre4
bughz:1.4.0pre3
bughz:1.4.0pre1
bughz:start
bughz:show

1423 Commits
1.4 ... master

Author SHA1 Message Date
rofl0r
cea0ebe657 tinyproxy.conf.5: explain what a site_spec looks like 2025-01-06 19:25:57 +00:00
rofl0r
05f6e4e000 basic auth: fix error status 401 vs 407 
if tinyproxy serves as a HTTP server (i.e. when serving stats),
use error code 401, else error code 407.

fixes #532
 2024-11-04 12:57:04 +01:00
rofl0r
c04ba4711a reqs: don't compile upstream code if feature disabled 
fixes warning about implicit function declaration which is by default
treated as an error starting with GCC14.

closes #560
 2024-10-19 09:26:37 +00:00
Robert Grumann
73da8a35a3
conf: add BasicAuthRealm feature (#547) 
makes BasicAuth realm string editable in config file.

closes #235
 2024-07-14 13:38:25 +02:00
James McKinney
d652ed8538
Omit the version number from headers and HTML responses (#543) 
Omit the version number from headers, HTML responses, and templates
 2024-06-20 10:51:29 +02:00
rofl0r
72b93f6d4b CI: update release workflow to non-deprecated actions 
github continues to deprecate actions and idioms in their CI system.
hopefully these changes will last for a while and maintaining a simple
CI task doesn't turn into a neverending story.
 2024-06-16 13:12:25 +00:00
Mohamed Akram
942d0c6b03 Use appropriate installation path variables 2024-06-02 20:42:49 +02:00
rofl0r
dd49e975a0 release 1.11.2 2024-05-08 18:22:55 +00:00
rofl0r
e69788b761
Add SECURITY.md 
given the catastrophic way TALOS Intelligence "communicated" with upstream
(i.e. by probably sending a single mail to an unused email address),
it's probably best to explicitly document how to approach upstream
when a security issue is discovered.
 2024-05-05 20:56:17 +02:00
rofl0r
12a8484265 fix potential UAF in header handling (CVE-2023-49606) 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889

this bug was brought to my attention today by the debian tinyproxy
package maintainer. the above link states that the issue was known
since last year and that maintainers have been contacted, but if
that is even true then it probably was done via a private email
to a potentially outdated email address of one of the maintainers,
not through the channels described clearly on the tinyproxy homepage:

> Feel free to report a new bug or suggest features via github issues.
> Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.

no github issue was filed, and nobody mentioned a vulnerability on
the mentioned IRC chat. if the issue had been reported on github or
IRC, the bug would have been fixed within a day.
 2024-05-05 10:37:29 +00:00
rofl0r
92289d5a4c main: print filename of config file used on (re)load 2024-05-01 23:48:37 +00:00
strongleong
c4df45b7e4 BasicAuth: Added logging for failed login attemps 
closes #514
 2023-11-12 15:05:38 +00:00
Victor Kislov
84285b640d
BasicAuth: Accept special chars in username and password (#516) 
Co-authored-by: Victor Kislov <victork@primis.tech>
 2023-11-02 19:24:42 +00:00
rofl0r
c834073968 fix CI by running apt update 2023-10-16 00:06:15 +01:00
rofl0r
1289d8afc8 conf: use case-independent match for Filtertype parameter 2023-10-13 19:54:26 +00:00
rofl0r
2935519eb7 fix omission to reset socklen parameter for accept() 
since accept() uses the socklen parameter as in/out, after processing
an IPv4 the socklen fed to it waiting for the next client was only
the length of sockaddr_in, so if a connection from an IPv6 came in
the client sockaddr was only partially filled in.
this caused wrongly printed ipv6 addresses in log, and failure to
match them correctly against the acl.

closes #495
 2023-06-07 18:57:05 +00:00
rofl0r
d7c20e663f tinyproxy.conf.5: document syntax for upstream IPv6 addresses 
follow-up to 2bec15ee40
 2023-05-25 19:42:02 +00:00
ivanwick
1e615e66a9
tinyproxy.conf.5: document config strings that require double quotes (#493) 
* tinyproxy.conf.5: document config strings that require double quotes

String config values matched by the STR regex must be enclosed in double
quotes

Edit descriptions for brevity

conf.c: move boolean arguments comment before BOOL group

addresses #491

* Revert conf.c: move boolean arguments comment before BOOL group
 2023-05-24 15:06:15 +01:00
Mario-Klebsch
2bec15ee40
Allow configuring IPv6 address for upstream proxy (#492) 
* Added support to configure IPv6 upstream proxy servers using bracket syntax.
* Added regular expression for IPv6 scope identifier to re for IPv6 address.
 2023-05-23 14:04:48 +01:00
rofl0r
ef60434b39 docs: typo fix 
closes #487
 2023-03-20 20:36:01 +00:00
rofl0r
31339cb161 tinyproxy.conf.5: update text for bind directive 
the existing text was sort of misleading as it was written in a
pre-HTTPS era.

addressing #475
 2023-02-01 15:46:58 +00:00
rofl0r
470cc0863d conf: fix potential crash with invalid input data 
closes #474
 2023-02-01 13:32:45 +00:00
rofl0r
6ffd9af2c7 hsearch: fix potential UB (pointer arithmetics on nullptr) 
closes #471
addresses #470
 2023-02-01 13:16:58 +00:00
rofl0r
3764b85514 prevent junk from showing up in error page in invalid requests 
fixes #457
 2022-09-08 15:18:04 +00:00
rofl0r
84f203fb1c fix reversepath directive using https url giving misleading error 
it's not possible to use a https url in a ReversePath directive, without
removing the security provided by https, and would require adding a
dependency on a TLS library like openssl and a lot of code complexity
to fetch the requested resource via https and relay it back to the client.

in case the reversepath directive kicked in, but the protocol wasn't
recognized, and support for transparent proxying built-in, the code
wrongfully tried to turn the request into a trans request, leading
to a bogus rewritten url like http://localhost:8888https://www.endpoint.com
and an error message that we're trying to connect to the machine the
proxy runs on.

now instead use the generic code that signals an invalid protocol/url
was used.

closes #419
 2022-08-20 14:43:24 +00:00
rofl0r
121be4a74e echo http protocol version on CONNECT request response 
while at it, the function doing it was renamed from the misleading
ssl name to what it actually does.
also inlined the strings that were previously defined as macros.

addressing #152
 2022-07-15 23:43:13 +00:00
rofl0r
8b373f804e update html documentation, add quickstart section 2022-05-30 19:10:27 +00:00
rofl0r
90adf28663 release 1.11.1 2022-05-27 14:08:03 +00:00
rofl0r
ea75e79609 CI: add github workflow to build release tarball 2022-05-27 14:06:16 +00:00
rofl0r
d6ee3835f0 configure: use release tarball provided gperf file 2022-05-27 14:06:16 +00:00
rofl0r
d9e38babb7 add gperf generated files to make dist 2022-05-27 14:06:16 +00:00
rofl0r
77cd87efef print error message if errorfile is configured but can't be opened 
also, don't use fopen(NULL) if usage of errorfiles is not configured.
 2022-05-27 12:48:41 +00:00
rofl0r
7d1e86ccae don't try to send 408 error to closed client socket 
read_request_line() is exercised on the client's fd, and it fails
when the client closed the connection. therefore it's wrong
to send an error message to the client in this situation.
additionally, the error message states that the server closed
the connection.

might fix #383
 2022-05-02 14:50:42 +00:00
rofl0r
235b1c10a7 implement filtertype keyword and fnmatch-based filtering 
as suggested in #212, it seems the majority of people don't understand
that input was expected to be in regex format and people were using
filter lists containing plain hostnames, e.g. `www.google.com`.

apart from that, using fnmatch() for matching is actually a lot less
computationally expensive and allows to use big blacklists without
incurring a huge performance hit.

the config file now understands a new option `FilterType` which can
be one of `bre`, `ere` and `fnmatch`.
The `FilterExtended` option was deprecated in favor of it.
It still works, but will be removed in the release after the next.
 2022-05-02 13:13:40 +00:00
Tristan Stenner
26db3f6cc9 Allow "XTinyProxy No" with xtinyproxy disabled 2022-05-02 08:32:54 +01:00
dr|z3d
14d31ed63f Prettify stats.html 2022-04-22 06:13:38 +00:00
rofl0r
c63028d675 bind_socket(): improve log output 
bind_socket most often fails due to having wrong address family,
so it's helpful to see which one was used.
 2022-03-01 15:17:32 +00:00
rofl0r
9718be09c1 reload_logging: fix returning possibly uninitialized value 
introduced in 17d3733be3

may fix #422
 2022-02-16 02:28:11 +00:00
Malte S. Stretz
479df8ecec Add test case for unavailable upstream 2022-02-13 21:46:03 +00:00
Malte S. Stretz
1576ee279f Return 5xx when upstream is unreachable 
Currently a 404 is returned for a misconfigured or unavailable upstream
server.  Since that's a server error it should be a 5xx instead; a 404
is confusing when used as a forward proxy and might even be harmful when
used as a reverse proxy.

It is debatable if another 5xx code might be better; the misconfigured
situation might better be a 500 whereas the connection issue could be
a 503 instead (as used eg. in haproxy).
 2022-02-13 21:46:03 +00:00
rofl0r
eced6822f8 properly deal with client sending chunked data 
this fixes OPTIONS requests sent from apache SVN client using their
native HTTP proxy support.

closes #421

tested with `svn info http://svnmir.bme.freebsd.org/ports/`
 2022-02-13 21:11:37 +00:00
rofl0r
17d3733be3 main: fix logging being disabled after reload conf fails 
fixes #417
 2022-01-26 12:13:22 +00:00
rofl0r
79d0b0fa79 fix timeout not being applied to outgoing connections 
the fix in 0b9a74c290 was incomplete, as it
applied the socket timeout only to the socket received from accept(), but
not to sockets created for outgoing connections.
 2022-01-20 20:25:42 +00:00
rofl0r
d3d8943fe4 update website footer re: freenode 2021-09-22 12:14:58 +00:00
rofl0r
f0c291e1da README.md: freenode is dead, long live libera 
since freenode.net doesn't even serve a website anymore, it's safe to
finally announce the switch.
 2021-09-22 12:07:33 +00:00
Aaron M. Ucko
207f790314 Fix FTBFS on hurd-i386: run_tests.sh duplicates build path. 2021-09-22 13:05:12 +01:00
rofl0r
c1023f6821 fix regression failing to parse dotted netmask in upstream 
introduced in 979c737f9b.
when refactoring the "site-spec" parsing code i failed to realize that
the code dealing with acl allow/deny directives didn't provide the
option to specify netmasks in dotted ipv4 notation, unlike the code
in the upstream parser. since both scenarios now use the same parsing,
both dotted notation and CIDR slash-notation are possible.

while at it, removed the len parameter from fill_netmask_array() which
provided the illusion the array length could be of variable size.

fixes #394
 2021-08-23 14:00:05 +00:00
rofl0r
39d7bf6c70 improve error message for "Error reading readable client_fd" 
maybe this helps to track down the cause of #383.
 2021-07-23 20:17:18 +01:00
rofl0r
e91e48dd60
add an issue template (#387) 
as it's unproductive to be getting the same bug report for old tinyproxy versions over and over, and people not even stating which version they're using, this new issue template makes people
aware of what information to include when filing an issue request.
 2021-07-21 14:29:20 +01:00
rofl0r
563978a3ea socks4 upstream: add safety check for hostname length 2021-06-25 02:55:22 +01:00
rofl0r
7ea9f80d3f fix segfault in socks4 upstream with unresolvable hostname 
using a socks4 tor upstream with an .onion url resulted in
gethostbyname() returning NULL and a subsequent segfault.
not only did the code not check the return value of gethostbyname(),
that resolver API itself isn't threadsafe.

as pure SOCKS4 supports only IPv4 addresses, and the main SOCKS4
user to this date is tor, we just use SOCKS4a unconditionally and
pass the hostname to the proxy without trying to do any local name
resolving.

i suspect in 2021 almost all SOCKS4 proxy servers in existence use
SOCKS4a extension, but should i be wrong on this, i prefer issue
reports to show up and implement plain SOCKS4 fallback only when
i see it is actually used in practice.
 2021-06-25 02:43:00 +01:00
rofl0r
bc81b4d9e8 put an end to LINE_MAX issues 
for some reason, getting this macro is really hard across platforms,
requiring either different feature test macros or even the right order
of included headers, and its usage caused several build failures in the
past. fix it once and for all by just using 1024 as max line length if
the macro can't be retrieved.

closes #382
 2021-06-24 22:55:33 +01:00
rofl0r
558e3f748d configure.ac: remove unneeded "defs" linker flag 
the flag was added in 753010f571 without
explanation, and according to my research it is used to make the linker
report undefined symbols when linking a shared library.
since we don't build any shared libs, this isn't needed at all, but
reportedly causes issues with cygwin (#382).
 2021-06-23 16:59:55 +01:00
Alex Wied
7168a42624 Include limits.h to fix build on OSX 2021-05-13 01:15:13 +01:00
Michael Adam
60bf8b9e4d github actions: don't run "make test" on macos it currenctly fails 
Signed-off-by: Michael Adam <obnox@samba.org>
 2021-05-13 01:02:43 +01:00
Michael Adam
2db9a2a00f github actions: add macos tests 
Signed-off-by: Michael Adam <obnox@samba.org>
 2021-05-13 01:38:10 +02:00
Michael Adam
132a55cefb Fix github actions 
Signed-off-by: Michael Adam <obnox@samba.org>
 2021-05-12 22:50:15 +02:00
Michael Adam
e81d7767d3 Add github actions workflow for new CI 
Signed-off-by: Michael Adam <obnox@samba.org>
 2021-05-12 22:39:30 +02:00
rofl0r
7af5b1a553 manpage: improve FilterDefaultDeny paragraph 2021-05-10 00:25:50 +01:00
rofl0r
aeb7b19c53 conf: do not warn about missing user directive unless root 
there's no point in printing a warning if the program is already started
as a restricted user.
 2021-05-10 00:03:43 +01:00
rofl0r
9d815f69a4 filter: hard error when filter file doesn't exist 2021-05-09 23:41:49 +01:00
rofl0r
cc47fbf1f7 manpage: URL-based filtering is no longer recommended 2021-05-09 17:53:52 +01:00
rofl0r
a869e71ac3 add support for outgoing connections with HTTP/1.1 
since there are numerous changes in HTTP/1.1, the proxyserver will
stick to using HTTP/1.0 for internal usage, however when a connection
is requested with HTTP/1.x from now on we will duplicate the minor revision
the client requested, because apparently some servers refuse to accept
HTTP/1.0

addresses #152.
 2021-04-16 14:51:01 +01:00
rofl0r
979c737f9b make upstream site-spec ipv6 compatible, refactor acl code 
the acl.c code parsing a site-spec has been factored out into a
new TU: hostspec. it was superior to the parsing code in
upstream.c in that it properly deals with both ipv4 and ipv6.

both upstream and acl now use the new code for parsing, and upstream
also for checking for a match.
acl.c still uses the old matching code as it has a lot of special case
code for specifications containing a hostname, and in case such
a spec is encountered, tries to do reverse name lookup to see if
a numeric ip matches that spec.

removing that code could break existing usecases, however since
that was never implemented for upstream nobody will miss it there.
 2021-04-16 14:46:02 +01:00
rofl0r
2529597ea0 reverse: redirect if path without trailing slash is detected 
if for example:

ReversePath = "/foo/"

and user requests "http://tinyproxy/foo" the common behaviour for HTTP
servers is to send a http 301 redirect to the correct url.
we now do the same.
 2021-04-16 14:41:40 +01:00
rofl0r
bc87de3482 Release 1.11.0 2021-04-16 13:47:21 +01:00
rofl0r
11a4f6c5cf reverse: ensure paths always end with a slash 2021-03-28 20:36:55 +01:00
rofl0r
64badd6b37 htab: prevent filling up of table with tombstones 
as pointed out by @craigbarnes [0], using the latest fix for
the tombstone issue, it's possible to provoke a situation
that causes an endless loop when all free slots in the table
are filled up with tombstones and htab_find() is called.

therefore we need to account for those as well when deciding
if there's a need to call resize() so there's never more than
75% of the table used by either dead or live items.
the resize() serves as a rehash which gets rid of all deleted
entries, and it might cause the table size to shrink if
htab_insert() is called after a lot of items have been removed.

[0]: https://github.com/rofl0r/htab/issues/1#issuecomment-800094442

testcase:

    #include <assert.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include "hsearch.h"

    #define HTAB_OOM_TEST
    #include "hsearch.c"

    static char *xstrdup(const char *str)
    {
        char *dup = strdup(str);
        assert(dup);
        return dup;
    }

    void utoa(unsigned number, char* buffer) {
            int lentest, len = 0, i, start = 0;

            lentest = number;
            do {
                    len++;
                    lentest /= 10;
            } while(lentest);
            buffer[start+len] = 0;
            do {
                    i = number % 10;
                    buffer[start+len - 1] = '0' + i;
                    number -= i;
                    len -= 1;
                    number /= 10;
            } while (number);
    }

    #define TESTSIZE 8
    #define KEEP 1

    static char* notorious[TESTSIZE];

    static void prep() {
    	srand(0);
    	char buf[16];
    	size_t filled = 0;
    	while(filled < TESTSIZE) {
    		utoa(rand(), buf);
    		size_t idx = keyhash(buf) & (TESTSIZE-1);
    		if(!notorious[idx]) {
    			notorious[idx] = xstrdup(buf);
    			++filled;
    		}
    	}
    }

    int main(void)
    {
    	struct htab *h = htab_create(TESTSIZE);
    	size_t i;
    	assert(h);

    	prep();
    	for(i=0; i<TESTSIZE; ++i) {
    		char *key = notorious[i];
    		printf("[%zu] = \"%s\"\n", i, key);
    		int r = htab_insert(h, key, HTV_N(42));
    		if(!r == 1) {
    			printf("element %zu couldn't be inserted\n", i);
    			break;
    		}
    		assert(r == 1);
    		// Ensure newly inserted entry can be found
    		assert(htab_find(h, key));
    		if(i >= KEEP) htab_delete(h, key);
    	}

    	htab_find(h, "looooop");

    	return 0;
    }
 2021-03-28 20:33:17 +01:00
rofl0r
48860bbe26 refactor html-error so send_http_headers() can take extra arg 
we already required an extra argument inside the headers sent
for 401 and 407 error responses, move those to sent_http_error_message()
and refactor send_http_headers() to always take the extra argument.
in calling sites where the extra arg isn't needed, use "".
 2021-03-28 20:24:23 +01:00
rofl0r
c4231e58bf orderedmap: fix memory leak when using orderedmap_remove() 
closes #351
 2021-03-14 16:06:10 +00:00
rofl0r
38934921c4 htab_delete(): fix failure to set tombstone 
we can't just set an item's key to zero and be done with a deletion,
because this will break the item search chain.
a deleted item requires a special marker, also known as tombstone.
when searching for an item, all slots with a tombstone need to treated
as if they were in use, but when inserting an item such a slot needs
to be filled with the new item.

a common procedure is to rehash the table when the number of deleted
items crosses a certain threshold, though for simplicity we leave this
task to the resize() function which does the same thing anyway when
the hashtable grows.

this allows to fix the issue quite elegantly and with almost no
additional overhead, so we don't penalize applications that do very
few deletions.
 2021-03-14 01:57:21 +00:00
rofl0r
4147e917d6 configure: check whether gperf is compatible 
closes #337
 2021-02-13 09:53:55 +00:00
rofl0r
adad565c03 http-message: fix UB passing long to format string expecting int 2020-10-19 20:33:04 +01:00
rofl0r
db5c0e99b4 reqs: fix UB passing ssize_t to format string expecting int 2020-10-19 20:30:10 +01:00
rofl0r
8ebbd50cb2 log: replace non-mt-safe localtime() with localtime_r() 2020-10-19 20:26:12 +01:00
rofl0r
732bdd0f56 replace usage of non-threadsafe gmtime() with gmtime_r() 
the latter is a standard POSIX function too.
 2020-10-19 20:21:26 +01:00
Anton Khirnov
3bb14e0440 Allow multiple Bind directives. 
Try all the addresses specified with Bind in order. This is necessary
e.g. for maintaining IPv4+6 connectivity while still being restricted to
one interface.
 2020-10-19 20:08:31 +01:00
Anton Khirnov
2b49ef0e0f sock: add missing format specifier to log_message() 2020-10-19 20:08:31 +01:00
rofl0r
f7c616d2b9 log.c: fix format string args 2020-10-19 20:08:31 +01:00
rofl0r
cc0a7eb9a2 html-error: move common.h inclusion back to top 
this seems to cause an implicit declaration of snprintf() thanks to
feature test macro hell.
 2020-10-19 20:08:31 +01:00
rofl0r
e20aa221ff conf: move inclusion of common.h back to the start 
otherwise the feature-test-macros won't kick in as they should.

should fix #329
 2020-10-01 15:25:35 +01:00
rofl0r
8d27503cc3 acl: fix regression using ipv6 with netmask 
introduced in 0ad8904b40

closes #327
 2020-09-30 19:23:34 +01:00
rofl0r
3950a606a4 conf: only treat space and tab as whitespace 
other characters in the [[:space:]] set can't possibly be encountered,
and this speeds up parsing by approximately 10%.
 2020-09-30 05:31:56 +01:00
rofl0r
a8944b93e7 conf: use [0-9] instead of [[:digit:]] for shorter re strings 2020-09-30 05:28:00 +01:00
rofl0r
960972865c print linenumber from all conf-emitted warnings 2020-09-30 05:21:26 +01:00
rofl0r
f55c46eb39 log: print timestamps with millisecond precision 
this allows easier time measurements for benchmarks.
 2020-09-30 05:20:09 +01:00
rofl0r
10494cab8c change loglevel of "Not running as root" message to INFO 
there's no reason to display this as warning.
 2020-09-30 05:19:16 +01:00
rofl0r
4f1a1663ff conf: remove bogus support for hex literals 
the INT regex macro supported a 0x prefix (used e.g. for port numbers),
however following that, only digits were accepted, and not the full
range of hexdigits. it's unlikely this was used, so remove it.

note that the () expression is kept, so we don't have to adjust match
number indices all over the place.
 2020-09-30 05:14:57 +01:00
rofl0r
35c8edcf73 speed up build by only including regex.h where needed 2020-09-30 05:13:45 +01:00
rofl0r
7c664ad0b2 Release 1.11.0-rc1 2020-09-27 16:22:21 +01:00
rofl0r
8594e9b8cc add conf-tokens.gperf to EXTRA_DIST 
otherwise it will be missing in `make dist`-generated tarballs.
 2020-09-27 15:55:23 +01:00
rofl0r
094db9d670 version.sh: relax regex for release tag detection 
this allows to use tag names with a custom suffix too.
 2020-09-27 15:44:50 +01:00
rofl0r
4dfac863a5 version.sh: replace -g with -git- 
git describe prefixes the sha1 commit hash with -g, which is exactly what
we're after. this change gets rid of the confusing "g" in the commit hash
and allows tag names that include "-".
 2020-09-27 15:41:54 +01:00
rofl0r
c74fe57262 transparent: workaround old glibc bug on RHEL7 
it's been reported[0] that RHEL7 fails to properly set the length
parameter of the getsockname() call to the length of the required
struct sockaddr type, and always returns the length passed if it
is big enough.

the SOCKADDR_UNION_* macros originate from my microsocks[1] project,
and facilitate handling of the sockaddr mess without nasty casts.

[0]: https://github.com/tinyproxy/tinyproxy/issues/45#issuecomment-694594990
[1]: https://github.com/rofl0r/microsocks
 2020-09-18 12:12:14 +01:00
rofl0r
d4ef2cfa62 child_kill_children(): use method that actually works 
it turned out that close()ing an fd behind the back of a thread
doesn't actually cause blocking operations to get a read/write event,
because the fd will stay valid to in-progress operations.
 2020-09-17 21:24:45 +01:00
rofl0r
da1bc1425d tune error messages to show select or poll depending on what is used 2020-09-17 21:03:51 +01:00
rofl0r
22e4898519 add autoconf test and fallback code for systems without gperf 2020-09-16 23:04:12 +01:00
rofl0r
45b238fc6f main: print error when config_init() fails 2020-09-16 21:01:02 +01:00
rofl0r
45323584a0 speed up big config parsing by 2x using gperf 2020-09-16 21:01:02 +01:00
rofl0r
caeab31fca conf.c: simplify the huge IPV6 regex 
even though the existing IPV6 regex caught (almost?) all invalid
ipv6 addresses, it did so with a huge performance penalty.
parsing a file with 32K allow or deny statement took 30 secs in
a test setup, after this change less than 3.

the new regex is sufficient to recognize all valid ipv6 addresses,
and hands down the responsibility to detect corner cases to the
system's inet_pton() function, which is e.g. called from insert_acl(),
which now causes a warning to be printed in the log if a seemingly
valid address is in fact invalid.

the new regex has been tested with 486 testcases from
http://download.dartware.com/thirdparty/test-ipv6-regex.pl
and accepts all valid ones and rejects most of the invalid ones.

note that the IPV4 regex already did a similar thing and checked only
whether the ip looks like [0-9]+.[0-9]+.[0-9]+.[0-9]+ without pedantry.
 2020-09-16 21:01:02 +01:00
rofl0r
0ad8904b40 acl.c: detect invalid ipv6 string 2020-09-16 21:00:50 +01:00
rofl0r
99ed66cbc4 conf.c: warn when encountering invalid address 2020-09-16 21:00:50 +01:00
rofl0r
880a8b0ab6 conf: use cpp stringification for STDCONF macro 2020-09-16 21:00:04 +01:00
rofl0r
551e914d24 conf: merge upstream/upstream_none into single regex/handler 2020-09-16 21:00:04 +01:00
rofl0r
bad36cd9cd move config reload message to reload_config() 
move it to before disabling logging, so a message with the correct
timestamp is printed if logging was already enabled.
also add a message when loading finished, so one can see from the
timestamp how long it took.

note that this only works on a real config reload triggered by
SIGHUP/SIGUSR1, because on startup we don't know yet where to log to.
 2020-09-16 21:00:04 +01:00
rofl0r
683a354196 remove vector remains 2020-09-16 02:39:09 +01:00
rofl0r
06c96761d5 log_message_storage: use sblist 2020-09-16 02:39:09 +01:00
rofl0r
54ae2d2a19 tests: add some AddHeader directives 2020-09-16 02:39:09 +01:00
rofl0r
e843519fb8 listen_addrs: use sblist 2020-09-16 02:39:09 +01:00
rofl0r
a5381223df basicauth: use sblist 2020-09-16 02:39:09 +01:00
rofl0r
487f2aba47 connect_ports: use sblist 2020-09-16 02:39:09 +01:00
rofl0r
e929e81a55 add_header: use sblist 
note that the old code inserted added headers at the beginning of the
list, reasoning unknown. this seems counter-intuitive as the headers
would end up in the request in the reverse order they were added,
but this was irrelevant, as the headers were originally first put
into the hashmap hashofheaders before sending it to the client.
since the hashmap didn't preserve ordering, the headers would appear
in random order anyway.
 2020-09-16 02:39:09 +01:00
rofl0r
7d33fc8e8a listen_fds: use sblist 2020-09-16 01:05:58 +01:00
rofl0r
a5890b621b run_tests_valgrind: use tougher valgrind settings 2020-09-15 23:39:04 +01:00
rofl0r
2037bc64f5 free a mem leak by statically allocating global statsbuf 2020-09-15 23:28:33 +01:00
rofl0r
d453a4c2a4 main: include loop header 2020-09-15 23:20:14 +01:00
rofl0r
192f8194e1 free() loop records too 2020-09-15 23:12:00 +01:00
rofl0r
bd92446184 use poll() where available 2020-09-15 23:12:00 +01:00
rofl0r
10cdee3bc5 prepare transition to poll() 
usage of select() is inefficient (because a huge fd_set array has to
be initialized on each call) and insecure (because an fd >= FD_SETSIZE
will cause out-of-bounds accesses using the FD_*SET macros, and a system
can be set up to allow more than that number of fds using ulimit).
for the moment we prepared a poll-like wrapper that still runs select()
to test for regressions, and so we have fallback code for systems without
poll().
 2020-09-15 23:12:00 +01:00
rofl0r
0c8275a90e refactor conns.[ch], put conn_s into child struct 
this allows to access the conn member from the main thread handling
the childs, plus simplifies the code.
 2020-09-15 23:12:00 +01:00
rofl0r
5779ba8697 hsearch: add seed to prevent another CVE-2012-3505 instance 2020-09-15 23:12:00 +01:00
rofl0r
155bfbbe87 replace leftover users of hashmap with htab 
also fixes a bug where the ErrorFile directive would create a
new hashmap on every added item, effectively allowing only
the use of the last specified errornumber, and producing memory
leaks on each config reload.
 2020-09-15 23:12:00 +01:00
rofl0r
34a8b28414 save headers in an ordered dictionary 
due to the usage of a hashmap to store headers, when relaying them
to the other side the order was not prevented.
even though correct from a standards point-of-view, this caused
issues with various programs, and it allows to fingerprint the use
of tinyproxy.

to implement this, i imported the MIT-licensed hsearch.[ch] from
https://github.com/rofl0r/htab which was originally taken from
musl libc. it's a simple and efficient hashtable implementation
with far better performance characteristic than the one previously
used by tinyproxy. additionally it has an API much more well-suited
for this purpose.

orderedmap.[ch] was implemented from scratch to address this issue.
behind the scenes it uses an sblist to store string values, and a htab
to store keys and the indices into the sblist.
this allows us to iterate linearly over the sblist and then find the
corresponding key in the hash table, so the headers can be reproduced
in the order they were received.

closes #73
 2020-09-15 23:11:59 +01:00
rofl0r
9d5ee85c3e fix free()ing of config items 
- we need to free the config after it has been succesfully loaded,
  not unconditionally before reloading.
- we also need to free them before exiting from the main program
  to have clean valgrind output.
 2020-09-15 23:11:59 +01:00
rofl0r
372d7ff824 shutdown: free children from right place 2020-09-15 22:32:42 +01:00
rofl0r
2f3a3828ac Revert "childs.c: fix minor memory leak" 
This reverts commit 6dd3806f7d.
 2020-09-15 22:25:53 +01:00
rofl0r
6dd3806f7d childs.c: fix minor memory leak 
this would leak only once on program termination, so it's no big
deal apart from having spurious reachable memory in valgrind logs.
 2020-09-15 20:02:12 +01:00
rofl0r
7eb6600aeb main: orderly shutdown on SIGINT too 
the appropriate code in the signal handler was already set up,
but for some reason the signal itself not being handled.
 2020-09-14 20:59:02 +01:00
rofl0r
7014d050d9 run_tests: make travis happy, use signal nr instead of name 2020-09-14 17:02:36 +01:00
rofl0r
ff23f3249b conf.c: include common.h 2020-09-14 17:02:36 +01:00
rofl0r
17e19a67cf run_tests: do some more extensive testing 
1) force a config reload after some initial tests.
   this will allow to identify memleaks using the valgrind test,
   as this will free all structures allocated for the config, and
   recreate them.
2) test ErrorFile directive by adding several of them.
   this should help catch regressions such as the one fixed in
   4847d8cdb3.
   it will also test memleaks in the related code paths.
3) test some scenarios that should produce errors and use the
   configured ErrorFile directives.
 2020-09-13 01:09:21 +01:00
rofl0r
c64ac9edbe fix get_request_entity() 
get_request_entity()'s purpose is to drain remaining unread bytes
in the request read pipe before handing out an error page,
and kinda surprisingly, also when connection to the stathost is
done.

in the stathost case tinyproxy just skipped proper processing and
jumped to the error handler code, and remembering whether a
connection to the stathost was desired in a variable, then doing
things a bit differently depending on whether it's set.

i tried to fix issues with get_request_entity in
88153e944f (which is basically the
right fix for the issue it tried to solve, but incomplete),
and resulting from there in 78cc5b72b1.
the latter fix wasn't quite right since we're not supposed to check
whether the socket is ready for writing, and having a return value
of 2 instead of 1 got resulted in some of the if statements not
kicking in when they should have.
this also resulted in the stathost page no longer working.

after in-depth study of the issue i realized that we only need to
call get_request_entity() when the headers aren't completely read,
additional to setting the proper connection timeout as
88153e944f already implemented.
the changes of 78cc5b72b1 have been
reverted.
 2020-09-13 00:37:19 +01:00
rofl0r
bfe59856b2 tests/webclient: return error when HTTP status > 399 2020-09-13 00:35:38 +01:00
rofl0r
4847d8cdb3 add_new_errorpage(): fix segfault accessing global config 
another fallout of the config refactoring finished by
2e02dce0c3.

apparently no one using the ErrorFile directive used git master
during the last months, as there have been no reports about this issue.
 2020-09-12 21:38:04 +01:00
rofl0r
df9074db6e vector.h: missing include <unistd.h> for ssize_t 2020-09-12 15:56:36 +01:00
rofl0r
9e40f8311f handle_connection(): print process_*_headers errno information 2020-09-10 21:13:31 +01:00
rofl0r
f1bd259e6e handle_connection: replace "goto fail" with func call 
this allows to see in a backtrace from where the error was
triggered.
 2020-09-10 14:48:39 +01:00
rofl0r
e94cbdb3a5 handle_connection(): factor out failure code 
this allows us in a next step to replace goto fail with a call to that
function, so we can see in a backtrace from where the failure was
triggered.
 2020-09-10 14:37:56 +01:00
rofl0r
b549ba5af3 remove bogus custom timeout handling code 
in networking, hitting a timeout requires that *nothing* happens during the
interval. whenever anything happens, the timeout is reset.
there's no need to do custom time calculations, it's perfectly fine to let
the kernel handle it using the select() syscall.

additionally the code added in 0b9a74c290
assures that read and write syscalls() don't block indefinitely and return
on the timeout too, so there's no need to switch sockets back and forth
between blocking/nonblocking.
 2020-09-09 12:37:23 +01:00
rofl0r
b4e3f1a896 fix negative timeout resulting in select() EINVAL 2020-09-09 11:59:40 +01:00
rofl0r
78cc5b72b1 get_request_entity: fix regression w/ CONNECT method 
introduced in 88153e944f.
when connect method is used (HTTPS), and e.g. a filtered domain requested,
there's no data on readfds, only on writefds.

this caused the response from the connection to hang until the timeout was
hit. in the past in such scenario always a "no entity" response
was produced in tinyproxy logs.
 2020-09-08 14:45:24 +01:00
rofl0r
58cfaf2659 make acl lookup 450x faster by using sblist 
tested with 32K acl rules, generated by

    for x in `seq 128` ; do for y in `seq 255` ; do \
    echo "Deny 10.$x.$y.0/24" ; done ; done

after loading the config (which is dogslow too), tinyproxy
required 9.5 seconds for the acl check on every request.
after switching the list implementation to sblist, a request
with the full acl check now takes only 0.025 seconds.
the time spent for loading the config file is identical for both
list implementations, roughly 30 seconds.

(in a previous test, 65K acl rules were generated, but every
connection required almost 2 minutes to crunch through the list...)
 2020-09-07 22:09:35 +01:00
rofl0r
ebc7f15ec7 acl: typedef access_list to acl_list_t 
this allows to switch the underlying implementation easily.
 2020-09-07 21:53:14 +01:00
rofl0r
efa5892011 check_acl: do full_inet_pton() only once per ip 
if there's a long list of acl's, doing full_inet_pton() over
and over with the same IP isn't really efficient.
 2020-09-07 20:57:16 +01:00
rofl0r
88153e944f get_request_entity: respect user-set timeout 
get_request_entity() is only called on error, for example if a client
doesn't pass a check_acl() check. in such a case it's possible that
the client fd isn't yet ready to read from.
using select() with a timeout timeval of {0,0} causes it to return
immediately and return 0 if there's no data ready to be read.
this resulted in immediate connection termination rather than returning
the 403 access denied error page to the client and a confusing
"no entity" message displayed in the proxy log.
 2020-09-07 20:49:07 +01:00
rofl0r
f720244baa README.md: describe how transparent proxying can be used 
addressing #45
 2020-09-07 18:08:57 +01:00
rofl0r
487a062fcc change loglevel of start/stop/reload messages to NOTICE 
this allows to see them when the verbose INFO loglevel is not desired.

closes #78
 2020-09-07 16:59:37 +01:00
rofl0r
23b0c84653 upstream: fix ip/mask calculation for types other than none 
the code wrongly processed the site_spec (here: domain) parameter
only when PT_TYPE == PT_NONE.
re-arranged code to process it correctly whenever passed.
additionally the mask is now also applied to the passed subnet/ip,
so a site_spec like 127.0.0.1/8 is converted into 127.0.0.0/8.
also the case where inet_aton fails now produces a proper error
message.

note that the code still doesn't process ipv6 addresses and mask.
to support it, we should use the existing code in acl.c and refactor
it so it can be used from both call sites.

closes #83
closes #165
 2020-09-07 16:11:51 +01:00
Brett Randall
559faf7957 website stylesheet: added pre margin-bottom: 20px. 
this improves rendering of literal code paragraphs.
 2020-09-07 12:34:35 +01:00
rofl0r
a8848d4bd8 html-error: substitute template variables via a regex 
previously, in order to detect and insert {variables} into error/stats
templates, tinyproxy iterated char-by-char over the input file, and would
try to parse anything inside {} pairs and treat it like a variable name.
this breaks CSS, and additionally it's dog slow as tinyproxy wrote every
single character to the client via a write syscall.
now we process line-by-line, and inspect all matches of the regex
\{[a-z]{1,32}\}. if the contents of the regex are a known variable name,
substitution is taking place. if not, the contents are passed as-is to
the client. also the chunks before and after matches are written in
a single syscall.

closes #108
 2020-09-07 04:32:13 +01:00
[anp/hsw]
17ae1b512c Do not give error while storing invalid header 2020-09-07 01:12:50 +01:00
rofl0r
d0fae11760 config parser: increase possible line length limit 
let's use POSIX LINE_MAX (usually 4KB) instead of 1KB.

closes #226
 2020-09-07 01:07:00 +01:00
rofl0r
7c37a61e00 manpages: update copyright years 2020-09-06 23:16:29 +01:00
rofl0r
65e79b84a4 update documentation about signals 2020-09-06 23:15:41 +01:00
rofl0r
8c86e8b3ae allow SIGUSR1 to be used as an alternative to SIGHUP 
this allows a tinyproxy session in terminal foreground mode to reload
its configuration without dropping active connections.
 2020-09-06 23:11:22 +01:00
rofl0r
95b1a8ea06 main.c: remove set_signal_handler code duplication 2020-09-06 23:08:10 +01:00
rofl0r
8ba0ac4e86 do not catch SIGHUP in foreground-mode 
it's quite unexpected for an application running foreground in a
terminal to keep running when the terminal is closed.
also in such a case (if file logging is disabled) there's no way to
see what's happening to the proxy.
 2020-09-06 22:46:26 +01:00
rofl0r
3da66364de configure.ac: fail if version script returns empty string 2020-09-06 20:32:52 +01:00
rofl0r
0d71223a1d send_html_file(): also set empty variables to "(unknown)" 2020-09-06 20:06:59 +01:00
rofl0r
f1a6d063b0 version.sh: fix empty result when git describe fails 
fixes an error in travis, which makes a shallow clone of 50 commits.
if the last tag is older than 50 commits, we get:
"fatal: No names found, cannot describe anything."

this caused a premature exit due to an assert error in safe_write()
on this line: assert (count > 0);

because the version variable in tinyproxy was empty.
 2020-09-06 20:04:01 +01:00
rofl0r
0d26fab317 run_tests.sh: print more diagnostic if killing tp fails 2020-09-06 17:48:14 +01:00
rofl0r
55208eb2f6 run_tests.sh: print pid if killing tp fails 2020-09-06 17:20:06 +01:00
rofl0r
ab27e4c68b configure.ac: check for all "desired" CFLAGS at once 
in case they're all accepted, which would be the case with any
halfways recent GCC, we save a lot of time over testing each flag
sequentially.
 2020-09-06 16:58:28 +01:00
rofl0r
f20681e0c6 configure.ac: remove unused checks for malloc/realloc 2020-09-06 16:40:52 +01:00
rofl0r
8685d23225 configure.ac: remove check for strdup() 
it was being used unconditionally anyway.
 2020-09-06 16:32:37 +01:00
rofl0r
36c9b93cfe transparent: remove usage of inet_ntoa(), make IPv6 ready 
inet_ntoa() uses a static buffer and is therefore not threadsafe.
additionally it has been deprecated by POSIX.

by using inet_ntop() instead the code has been made ipv6 aware.

note that this codepath was only entered in the unlikely event that
no hosts header was being passed to the proxy, i.e. pre-HTTP/1.1.
 2020-09-06 16:22:11 +01:00
rofl0r
51b8be3ee4 add tinyproxy website template to docs/web 
this allows to automatically generate the website from the current
tinyproxy.conf.5 template.

    make
    cd docs/web
    make
 2020-09-06 13:45:40 +01:00
Brett Randall
5e594e593a Added BasicAuth to tinyproxy.conf man page. 2020-09-06 12:25:46 +01:00
rofl0r
233ce6de3b filter: reduce memory usage, fix OOM crashes 
* check return values of memory allocation and abort gracefully
  in out-of-memory situations

* use sblist (linear dynamic array) instead of linked list
  - this removes one pointer per filter rule
  - removes need to manually allocate/free every single list item
    (instead block allocation is used)
  - simplifies code

* remove storage of (unused) input rule
  - removes one char* pointer per filter rule
  - removes storage of the raw bytes of each filter rule

* add line number to display on out-of-memory/invalid regex situation

* replace duplicate filter_domain()/filter_host() code with a single
  function filter_run()
  - reduces code size and management effort

with these improvements, >1 million regex rules can be loaded with
4 GB of RAM, whereas previously it crashed with about 950K.

the list for testing was assembled from
http://www.shallalist.de/Downloads/shallalist.tar.gz

closes #20
 2020-09-05 19:42:34 +01:00
rofl0r
c4dc3ba007 filter: fix documentation about rules 
the file docs/filter-howto.txt was removed, as it contained misleading
information since it was first checked in.

it suggests the syntax for filter rules is fnmatch()-like, when in
fact they need to be specified as posix regular expressions.

additionally it contained a lot of utterly unrelated and irrelevant/
outdated text.

a few examples with the correct syntax have now been added to
tinyproxy.conf.5 manpage.

closes #212
 2020-09-05 17:33:53 +01:00
Nicolai Søborg
281488a729 Change loglevel for "Maximum number of connections reached" 
I was hit by this, and did not see anything in the log, connections was just hanging.
Think warning is a better log level
 2020-09-01 15:07:03 +01:00
rofl0r
f825bea4c1 travis: asciidoc is no longer needed 2020-08-20 14:32:16 +01:00
rofl0r
a547a298c7 generate manpages with pod2man instead of a2x/asciidoc(tor) 
it turned out that the upstream section in tinyproxy.conf.5 wasn't rendered
properly, because in asciidoc items following a list item are always explicitly
appended to the last list item.
after several hours of finding a workaround, it was decided to change the
manpage generator to pod2man instead.

as pod2man ships together with any perl base install, it should be available
on almost every UNIX system, unlike asciidoc which requires installation
of a huge set of dependencies (more than 1.3 GB on Ubuntu 16.04), and the
replacement asciidoctor requires a ruby installation plus a "gem" (which is
by far better than asciidoc, but still more effort than using the already
available pod2man).

tinyproxy's hard requirement of a2x (asciidoctor) for building  from source
caused rivers of tears (and dozens of support emails/issues) in the past, but
finally we get rid of it. a tool such as a2x with its XML based bloat-
technology isn't really suited to go along with a supposedly lightweight
C program.

if it ever turns out that even pod2man is too heavy a dependency, we could
still write our own replacement in less than 50 lines of awk, as the pod
syntax is very low level and easy to parse.
 2020-08-19 22:45:37 +01:00
rofl0r
3fa53f8660 tinyproxy.conf.5: fix typo 2020-08-19 20:37:03 +01:00
rofl0r
fc681e26b8 tinyproxy.conf.5: document upstream null-routing 2020-08-19 12:16:02 +01:00
rofl0r
c984122acd tinyproxy.conf.5: clarify that upstream none makes direct connection 2020-08-19 12:07:19 +01:00
rofl0r
335477b16e upstream: allow port 0 to be specified 
this is useful to use upstream directive to null-route a specific target
domain.

e.g.
upstream http 0.0.0.0:0 ".adserver.com"
 2020-08-19 12:01:20 +01:00
rofl0r
5ba958829f add configure option to disable manpage generation 
using --disable-manpage-support it's finally possibly to disable
the formerly obligatory use of a2x to generate the manpage
documentation.

this is the final solution to the decade old problem that users need
to install the enormous asciidoc package to compile TINYproxy from
source, or otherwise get a build error, even though the vast majority
is only interested in the program itself.

solution was inspired by PR #179.

closes #179
closes #111

note that since 1.10.0 release the generated release tarball includes
the generated manpages too; in which case neither the use of a2x
nor --disable-manpage-support is required.
 2020-08-12 00:15:45 +01:00
rofl0r
e1d36d3f74 configure.ac: remove obsolete check for xsltproc 
xsltproc was once[1] used to generate AUTHORS from xml input, but
fortunately this is no longer the case.

[1]: in a time when everybody thought XML would be a Good Idea (TM)
 2020-08-11 23:35:50 +01:00
rofl0r
8a251023b2 travis: remove make distcheck 
distcheck chokes on man5/8 files still in the file tree, while the input
files (.txt) are not. these are generated by the configure script and
it would require quite some effort to get this test working.
as it is non-essential, we simply disable it.
 2020-08-11 19:51:48 +01:00
rofl0r
77853caa0a move manpages to maintainer-clean make target 
according to https://www.gnu.org/prep/standards/html_node/Standard-Targets.html#Standard-Targets
`maintainer-clean` is the proper make target for files that are distributed
in a release tarball:

> The ‘maintainer-clean’ target is intended to be used by a maintainer of the
> package, not by ordinary users.
> You may need special tools to reconstruct some of the files that
> ‘make maintainer-clean’ deletes.

this prevents users without a2x or asciidoctor from losing their ability to
recompile tinyproxy after `make clean`, but it also means that users wanting
to regenerate the documentation need to run `make maintainer-clean`.
 2020-08-11 18:00:34 +01:00
rofl0r
8ceebbf0c6 configure.ac: fix typo checking for asciidoctor in release 2020-08-11 17:50:07 +01:00
rofl0r
d9953d795d travis: run make clean before second compile 
otherwise object files will not be rebuilt with the new configure options.
this will prevent cases like db4bd162a3
where it turned out there was a build error with --enable-debug since several
git revisions.
 2020-08-11 15:51:15 +01:00
rofl0r
c2d4114427 add support for asciidoctor to generate manpages 
asciidoctor is a modern replacement for asciidoc and much more lightweight,
issuing "apt-get install asciidoc" on ubuntu 16.04 results in an attempt to
install more than 1.3 GB of dependencies.
 2020-08-11 15:25:02 +01:00
rofl0r
0b9a74c290 enforce socket timeout on new sockets via setsockopt() 
the timeout option set by the config file wasn't respected at all
so it could happen that connections became stale and were never released,
which eventually caused tinyproxy to hit the limit of open connections and
never accepting new ones.

addresses #274
 2020-07-15 09:59:25 +01:00
LucasVerneyDGE
25e2cc330c add a comment example in the filter file example 2020-07-06 12:20:58 +01:00
xiejianjun
db4bd162a3 fix check_acl compilation with --enable-debug 
regression introduced in f6d4da5d81.
this has been overlooked due to the assert macro being optimized out in
non-debug builds.
 2020-07-06 11:37:35 +01:00
rofl0r
d98aabf47f transparent: fix invalid memory access 
getsockname() requires addrlen to be set to the size of the sockaddr struct
passed as the addr, and a check whether the returned addrlen exceeds the
initially passed size (to determine whether the address returned is truncated).

with a request like "GET /\r\n\r\n" where length is 0 this caused the code
to assume success and use the values of the uninitialized sockaddr struct.
 2020-03-18 12:31:15 +00:00
rofl0r
3230ce0bc2 anonymous: fix segfault loading config item 
unlike other functions called from the config parser code,
anonymous_insert() accesses the global config variable rather than
passing it as an argument. however the global variable is only set
after successful loading of the entire config.

we fix this by adding a conf argument to each anonymous_* function,
passing the global pointer in calls done from outside the config
parser.

fixes #292
 2020-03-16 13:19:39 +00:00
rofl0r
2e02dce0c3 conf: use 2 swappable conf slots, so old config can stay valid 
... in case reloading of it after SIGHUP fails, the old config can
continue working.

(apart from the logging-related issue mentioned in 27d96df999 )
 2020-01-15 17:03:47 +00:00
rofl0r
5dd514af93 conf: fix loading of default values 
previously, default values were stored once into a static struct,
then on each reload item by item copied manually into a "new"
config struct.
this has proven to be errorprone, as additions in one of the 2
locations were not propagated to the second one, apart from
being simply a lot of gratuitous code.

we now simply load the default values directly into the config
struct to be used on each reload.

closes #283
 2020-01-15 16:57:03 +00:00
rofl0r
27d96df999 remove duplicate code calling reload_config_file() 
as a side effect of not updating the config pointer when loading
the config file fails, the "FIXME" level comment to take appropriate
action in that case has been removed. the only issue remaining
when receiving a SIGHUP and encountering a malformed config file would
now be the case that output to syslog/logfile won't be resumed, if
initially so configured.
 2020-01-15 16:35:43 +00:00
rofl0r
c63d5d26b4 access config via a pointer, not a hardcoded struct address 
this is required so we can elegantly swap out an old config for a
new one in the future and remove lots of boilerplate from config
initialization code.

unfortunately this is a quite intrusive change as the config struct
was accessed in numerous places, but frankly it should have been
done via a pointer right from the start.

right now, we simply point to a static struct in main.c, so there
shouldn't be any noticeable changes in behaviour.
 2020-01-15 16:09:41 +00:00
rofl0r
bffa705005 remove config file name item from conf struct 
since this is set via command line, we can deal with it easily
from where it is actually needed.
 2020-01-15 15:42:24 +00:00
rofl0r
180c0664aa remove godaemon member from config structure 
since this option can't be set via config file, it makes sense
to factor it out and use it only where strictly needed, e.g. in
startup code.
 2020-01-15 15:26:40 +00:00
rofl0r
eb2104e1ff log: remove special case code for daemonized mode without logfile 
if daemon mode is used and neither logfile nor syslog options specified,
this is clearly a misconfiguration issue. don't try to be smart and work
around that, so less global state information is required.
also, this case is already checked for in main.c:334.
 2020-01-15 15:22:43 +00:00
rofl0r
4fb2c14039 syslog: always use LOG_USER facility 
LOG_DAEMON isn't specified in POSIX and the gratuitously different
treatment is in the way of a planned cleanup.
 2020-01-15 15:09:37 +00:00
rofl0r
40afaeb637 move commandline parsing to main() 2020-01-15 14:45:23 +00:00
rofl0r
25205fd1f3 move initialize_config_defaults to conf.c 2020-01-15 14:17:13 +00:00
rofl0r
cd005a94ce implement detection and denial of endless connection loops 
it is quite easy to bring down a proxy server by forcing it to make
connections to one of its own ports, because this will result in an endless
loop spawning more and more connections, until all available fds are exhausted.
since there's a potentially infinite number of potential DNS/ip addresses
resolving to the proxy, it is impossible to detect an endless loop by simply
looking at the destination ip address and port.

what *is* possible though is to record the ip/port tuples assigned to outgoing
connections, and then compare them against new incoming connections. if they
match, the sender was the proxy itself and therefore needs to reject that
connection.

fixes #199.
 2019-12-21 00:43:45 +00:00
rofl0r
f6d4da5d81 do hostname resolution only when it is absolutely necessary for ACL check 
tinyproxy used to do a full hostname resolution whenever a new client
connection happened, which could cause very long delays (as reported in #198).

there's only a single place/scenario that actually requires a hostname, and
that is when an Allow/Deny rule exists for a hostname or domain, rather than
a raw IP address. since it is very likely this feature is not very widely used,
it makes absolute sense to only do the costly resolution when it is unavoidable.
 2019-12-21 00:43:45 +00:00
rofl0r
82e10935d2 move sockaddr_union to sock.h 2019-12-21 00:43:45 +00:00
rofl0r
fa2ad0cf9a log.c: protect logging facility with a mutex 
since the write syscall is used instead of stdio, accesses have been
safe already, but it's better to use a mutex anyway to prevent out-
of-order writes.
 2019-12-21 00:43:45 +00:00
rofl0r
b09d8d927d conf.c: merely warn on encountering recently obsoleted config items 
if we don't handle these gracefully, pretty much every existing config
file will fail with an error, which is probably not very friendly.

the obsoleted config items can be made hard errors after the next
release.
 2019-12-21 00:43:45 +00:00
rofl0r
1186c297b4 conf.c: pass lineno to handler funcs 2019-12-21 00:43:45 +00:00
rofl0r
b935dc85c3 simplify codebase by using one thread/conn, instead of preforked procs 
the existing codebase used an elaborate and complex approach for
its parallelism:

5 different config file options, namely

- MaxClients
- MinSpareServers
- MaxSpareServers
- StartServers
- MaxRequestsPerChild

were used to steer how (and how many) parallel processes tinyproxy
would spin up at start, how many processes at each point needed to
be idle, etc.
it seems all preforked processes would listen on the server port
and compete with each other about who would get assigned the new
incoming connections.
since some data needs to be shared across those processes, a half-
baked "shared memory" implementation was provided for this purpose.
that implementation used to use files in the filesystem, and since
it had a big FIXME comment, the author was well aware of how hackish
that approach was.

this entire complexity is now removed. the main thread enters
a loop which polls on the listening fds, then spins up a new
thread per connection, until the maximum number of connections
(MaxClients) is hit. this is the only of the 5 config options
left after this cleanup. since threads share the same address space,
the code necessary for shared memory access has been removed.
this means that the other 4 mentioned config option will now
produce a parse error, when encountered.

currently each thread uses a hardcoded default of 256KB per thread
for the thread stack size, which is quite lavish and should be
sufficient for even the worst C libraries, but people may want
to tweak this value to the bare minimum, thus we may provide a new
config option for this purpose in the future.
i suspect that on heavily optimized C libraries such a musl, a
stack size of 8-16 KB per thread could be sufficient.

since the existing list implementation in vector.c did not provide
a way to remove a single item from an existing list, i added my
own list implementation from my libulz library which offers this
functionality, rather than trying to add an ad-hoc, and perhaps
buggy implementation to the vector_t list code. the sblist
code is contained in an 80 line C file and as simple as it can get,
while offering good performance and is proven bugfree due to years
of use in other projects.
 2019-12-21 00:43:45 +00:00
rofl0r
3a7aa15834 start work on 1.11.x 2019-12-21 00:43:45 +00:00
Martin Kutschker
69c86b987b Use gai_strerror() to report errors of getaddrinfo() and getnameinfo() 2019-11-27 20:31:48 +00:00
Andre Mas
c2d3470a35 Fixes #256 Provides ::1 as allowed 2019-08-20 21:52:02 +01:00
rofl0r
734ba1d970 fix usage of stathost in combination with basic auth 
http protocol requires different treatment of proxy auth vs server auth.

fixes #246
 2019-06-14 01:18:19 +01:00
Janosch Hoffmann
e666e4a35b filter file: Don't ignore lines with leading whitespace (#239) 
The new code skips leading whitespaces before removing trailing
whitespaces and comments.
Without doing this, lines with leading whitespace are treated like empty
lines (i.e. they are ignored).
 2019-05-05 19:13:38 +01:00
rofl0r
b131f45cbb
child.c: properly initialize fdset for each select() call (#216) 
it was reported that because the fdset was only initialized once,
tinyproxy would fail to properly listen on more than one interface.

closes #214
closes #127
 2018-12-15 17:09:04 +00:00
Vasily
dc41b35333 Basic Auth: allow almost all possible characters for user/pass 
previously was restricted to alphanumeric chars only.
 2018-11-23 14:59:03 +00:00
Michael Adam
f44d0f387b build: Remove now unused TINYPROXY_UNSTABLE variable from configure 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-05 01:34:51 +02:00
rofl0r
04f68e21e7 tinyproxy.8: remove l flag from short options 2018-09-05 00:57:23 +02:00
Michael Adam
9f4ed46c0a build: add new version mechanism based on VERSION file and a version.sh script 
If this is a git checkout, and git is available, then git describe is
used. Otherwise, the new checked in VERSION file is taken for the version.

This mechanism uses a version.sh script inspired by
http://git.musl-libc.org/cgit/musl/tree/tools/version.sh

Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-05 00:56:31 +02:00
Michael Adam
a662c11b8d Release 1.10.0 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
8333a4bb1a docs: update the copyright notice in the manpages 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
e2a92ea334 Update AUTHORS 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
4c9289802a scripts: add a script to generate the AUTHORS file from git 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
3eb3c2c099 Remove xml-based AUTHORS mechanism. AUTHORS is checked in. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
a5e6d343d7 Remove unused authors.c/authors.h and generation mechanism. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
56f30a4386 main: remove the "-l" switch to display the license and authors 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
89b2c68b2b NEWS: just mention to use git log 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
Michael Adam
ec95d8b553 configure: remove unused variables 
Signed-off-by: Michael Adam <obnox@samba.org>
 2018-09-01 04:06:59 +02:00
rofl0r
c651664720 fix socks5 upstream user/pass subnegotiation check 
RFC 1929 specifies that the user/pass auth subnegotation repurposes the version
field for the version of that specification, which is 1, not 5.
however there's quite a good deal of software out there which got it wrong and
replies with version 5 to a successful authentication, so let's just accept both
forms - other socks5 client programs like curl do the same.

closes #172
 2018-05-29 21:59:11 +02:00
rofl0r
0aad2f5b92 fix basicauth string comparison 
closes #160
 2018-03-29 00:40:18 +01:00
Michael Adam
ae0cbfe3f2 html-error: Make a switch fallthrough explicit 
This silences a gcc v7 compile warning.

Signed-off-by: Michael Adam <obnox@samba.org>
 2018-03-27 09:36:53 +02:00
Michael Adam
badb6435d6 upstream: Fix case of empty string domain. 
Found by compiler note.

Signed-off-by: Michael Adam <obnox@samba.org>
 2018-03-23 01:45:10 +01:00
rofl0r
8d0ea71486 install tinyproxy to bin/, not /sbin 
sbin/ is meant for programs only usable by root, but in tinyproxy's
case, regular users can and *should* use tinyproxy; meaning it is
preferable from a security PoV to use tinyproxy as regular user.
 2018-03-23 01:44:53 +01:00
rofl0r
09979629c0 make bind option usable with transparent proxy too 
closes #15 for real.
the previous patch that was merged[0] was halfbaked and only removed
the warning part of the original patch from openwrt[1], but didn't
actually activate bind support. further it invoked UB by removing
the return value from the function, if transparent proxy support was
compiled in.

[0]: d97d486d53
[1]: 7c01da4a72
 2018-02-27 20:52:09 +00:00
rofl0r
a53f62a212 enable transparent proxy by default 
by having all features turned on by default, the binary is only
slightly bigger, but users of binary distros get the whole package
and don't need to compile tinyproxy by hand if they need a feature
that wasn't compiled in.
it also prevents the confusion from getting syntax errors when a
config file using those features is parsed.
another advantage is that by enabling them these features may
actually get some more testing.
 2018-02-27 20:13:35 +00:00
rofl0r
b8c6a2127d implement user/password auth for socks5 upstream proxy 
just like the rest of the socks code, this was stolen from
proxychains-ng, of which i'm happen to be the maintainer of,
so it's not an issue (the licenses are identical, too).
 2018-02-27 20:13:07 +00:00
rofl0r
e78b461607 update upstream syntax in manpage template 2018-02-25 23:52:23 +00:00
rofl0r
057cf06805 config: unify upstream syntax for http,socks4,socks5 and none 
closes #50
 2018-02-25 23:52:23 +00:00
rofl0r
9cde492d68 configure.ac: remove -pedantic 2018-02-25 23:52:23 +00:00
rofl0r
39132b9787 rename members of proxy_type enum to have a common prefix 
and add a NONE member.
 2018-02-25 23:52:23 +00:00
rofl0r
86632a91eb fix early logging 
tinyproxy uses a curious mechanism to log those early messages
that result from parsing the config file before the logging mechanism
has been properly set up yet by finishing parsing of the config file:
those early messages are written into a memory buffer and then
are printed later on. this slipped my attention when making it possible
to log to stdout in ccbbb81a.
 2018-02-25 18:35:34 +00:00
rofl0r
e1c11c47db make send_stored_logs static 2018-02-25 18:35:34 +00:00
rofl0r
bf76aeeba1 implement HTTP basic auth for upstream proxies 
loosely based on @valenbg1's code from PR #38

closes #38
closes #96
 2018-02-25 15:13:45 +00:00
rofl0r
4d9891e59e basicauth.[ch]: refactor to make basicauth_string() reusable 2018-02-25 15:13:45 +00:00
bertliao
81ea4feb2e fix possible memory leak 2018-02-25 14:56:50 +00:00
John Weldon
c7c88e9c59 Remove #ifdef for HAVE_SYSLOG_H 
- syslog.h is a standard posix header, this #ifdef is an artifact
  accidentally left in.
 2018-02-23 05:32:33 +00:00
Michael Adam
9acb0cb16c Fix CVE-2017-11747: Create PID file before dropping privileges. 
Resolves #106

Signed-off-by: Michael Adam <obnox@samba.org>
 2018-02-09 15:21:14 +01:00
rofl0r
af1d7ab510 move base64 code into own file 
it will be needed to add support for upstream proxy auth.
 2018-02-06 16:57:02 +00:00
rofl0r
bd04ed00d8 Basic Auth: send correct response codes and headers acc. to rfc7235 
as reported by @natedogith1
 2018-02-06 16:57:02 +00:00
rofl0r
8db511b9bf add support for basic HTTP authentication 
using the "BasicAuth" keyword in tinyproxy.conf.

base64 code was written by myself and taken from my own library "libulz".
for this purpose it is relicensed under the usual terms of the tinyproxy
license.
 2018-02-06 16:57:02 +00:00
rofl0r
1ebfd2a2d1 tinyproxy.conf.in: add example for SOCKS upstream 2018-02-06 16:11:39 +00:00
rofl0r
7a3fd81a8d fix types used in SOCKS4/5 support code 
the line

    len = buff[0]; /* max = 255 */

could lead to a negative length if the value in buff[0] is > 127.
 2018-02-06 16:11:39 +00:00
Gonzalo Tornaria
8906b0734e add SOCKS upstream proxy support (socks4/socks5) 
original patch submitted in 2006 to debian mailing list:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392848%29#12

this version was rebased to git and updated by Russ Dill <russ.dill@gmail.com>
in 2015 (the original patch used a different config file format).

as discussed in #40.

commit message by @rofl0r.
 2018-02-06 16:11:39 +00:00
rofl0r
116e59e933 activate reverse proxy support by default 
closes #17
 2018-02-06 15:22:22 +00:00
rofl0r
9bb699628f safe_write/read: take void* buffer for generic use 
if using one of unsigned or signed char for the function prototype, one
gets nasty warnings when using it with the other type. the only proper
solution is to put void* into the prototype, and then specialize the pointer
inside the function using an automatic variable.
for exactly this reason, libc functions like read(), write(), etc use void*
too.
 2017-12-04 11:33:01 +00:00
rofl0r
e9e0f0b4f0 configure.ac: remove -Wc++-compat 2017-11-29 19:11:04 +01:00
Brian Cain
08a9fbb041 Add example value for Log Level setting 2017-11-27 18:49:53 +01:00
rofl0r
ccbbb81aa9 log to stdout if no logfile specified 
some users want to run tinyproxy on an as-needed basis in a terminal,
without setting it up permanently to run as a daemon/service.
in such use case, it is very annoying that tinyproxy didn't have
an option to log to stdout, so the user has to keep a second terminal
open to `tail -f` the log.

additionally, this precluded usage with runit service supervisor,
which runs all services in foreground and creates logfiles from the
service's stdout/stderr.

since logging to stdout doesn't make sense when daemonized, now if
no logfile is specified and daemon mode activated, a warning is
printed to stderr once, and nothing is logged.
the original idea was to fail with an error message, though some users
might actually want to run tinyproxy as daemon and no logging at all.
 2017-11-16 19:26:14 +01:00
rofl0r
64b29c5f4e do not create a pidfile, if none is specified in config 
some people want to run tinyproxy with minimal configuration from
the command line (and as non-root), but tinyproxy insists on writing
a pid file, which only makes sense for usage as a service, hereby
forcing the user to either run it as root so it can write to the
default location, or start editing the default config file to work
around it.
and if no pidfile is specified in the config, it frankly doesn't
make sense to force creation of one anyway.
 2017-11-16 19:26:14 +01:00
Pablo Panero
d97d486d53 Issue 15 fix. PR 2017-11-16 01:21:43 +01:00
rofl0r
5062b78740 tinyproxy.conf.in: default to allow CONNECT method more broadly 
tinyproxy conservatively defaulted to allow CONNECT method only
on two ports used by SSL in the ancient past, but since HTTPS usage
got much more widespread (actually, it's now the default for the
majority of websites), it makes sense now to allow it without
restriction by default to accomodate for the new situation.
 2017-11-16 01:08:08 +01:00
Steven Conaway
caf0ff3be8 Update README.md 2017-11-16 01:05:54 +01:00
Michael Adam
86a9a6729e Merge pull request #100 from dmd/patch-1 
tinyproxy configure does not actually support enable-static
 2017-08-24 22:48:46 +02:00
Daniel M. Drucker
d67c48a49b tinyproxy configure does not actually support enable-static 
See #90 and #99
 2017-07-18 17:56:03 -04:00
Michael Adam
cb6f868739 Merge pull request #86 from obnoxxx/getipstring1 
honor result of inet_ntop in get_ip_string()
 2017-03-30 00:52:43 +02:00
Michael Adam
46cbe5357c network: honour result of inet_ntop in get_ip_string() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2017-03-29 23:57:08 +02:00
Michael Adam
a71cebb094 network: let get_ip_string() return const char * instead of const char 
Signed-off-by: Michael Adam <obnox@samba.org>
 2017-03-29 23:56:48 +02:00
Michael Adam
f149b62475 Merge pull request #66 from rofl0r/configure_trim 
Configure trim
 2017-03-29 23:26:45 +02:00
Michael Adam
3f6179a1fd Merge pull request #67 from dmz-uk/patch-1 
Prevent child from calling exit() on interrupt
 2017-03-29 09:19:55 +02:00
Michael Adam
2c574e9afe Merge pull request #85 from rofl0r/fix_72 
src/Makefile.am: fix spaces vs TAB
 2017-03-29 09:15:22 +02:00
rofl0r
aade379acb src/Makefile.am: fix spaces vs TAB 
this causes a build failure on several platforms using older versions
of autotools or GNU make.

make[2]: Entering directory `src'
Makefile:670: *** missing separator (did you mean TAB instead of 8 spaces?).  Stop.
make[2]: Leaving directory `src'

fixes #72
 2017-03-27 18:57:01 +01:00
Michael Adam
1e93411810 Merge pull request #59 from gmp216/pull 
Fix OS X build
 2017-01-04 16:21:27 +01:00
Greg
1b8a6ef561 configure.ac: add conditional for -z,defs 2017-01-04 09:19:04 -05:00
Greg
802a6aa93f Added conditional for xmllint by testing "a2x" without the -L flag. 2017-01-04 09:18:20 -05:00
Michael Adam
302738dee5 Merge pull request #71 from gmp216/lookup 
Move lookup_variable from html-error.c to hashmap.c
 2017-01-04 13:59:14 +01:00
dmz-uk
f9024c7186 Prevent child from calling exit() on interrupt 
A proposed fix for the logrotate SIGHUP issue.
 2016-12-30 10:16:19 +00:00
Greg
fdb1aae3a9 Move lookup_variable into hashmap.c / hashmap.h 2016-12-27 12:23:51 -05:00
Greg
540069551d Change signature for lookup_variable to take map instead of connptr 2016-12-27 12:18:16 -05:00
Michael Adam
e4ae0d10d2 Merge pull request #70 from obnoxxx/compile 
add 'compile' to gitignore
 2016-12-24 03:09:33 +01:00
Michael Adam
06281857a4 Merge pull request #69 from obnoxxx/readme 
README: mention --enable-reverse configure option
 2016-12-24 03:07:57 +01:00
Michael Adam
6c98f2cc27 add 'compile' to gitignore 
it's generated by autogen

Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-24 03:04:50 +01:00
Michael Adam
ff880a5e13 README: mention --enable-reverse configure option 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-24 03:02:27 +01:00
Michael Adam
67fc3b54ba Merge pull request #68 from obnoxxx/travis 
Enable travis-ci: add .travis.yml
 2016-12-24 03:01:34 +01:00
Michael Adam
841fed4afd Enable travis-ci: add .travis.yml 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-24 02:54:26 +01:00
rofl0r
c98f1cd25a configure: remove checks for standard types 2016-12-21 21:16:06 +00:00
rofl0r
c3cc308cc8 configure: remove checks for standard POSIX funcs 
addresses #65
 2016-12-21 21:16:06 +00:00
rofl0r
81a93f9e4f configure: do not check for standard POSIX headers 
addresses #65
 2016-12-21 21:01:37 +00:00
rofl0r
39c92a3f70 configure: do not check for standard C headers 
addresses #65
 2016-12-21 20:45:06 +00:00
Michael Adam
90df510932 Merge pull request #63 from rofl0r/fix_manpage_gen 
ship manpages as part of the dist tarball
 2016-12-20 22:27:11 +01:00
rofl0r
909528e29c ship manpages as part of the dist tarball 
`make dist` now creates the manpages and puts them into the tarball, so
the user does not need to have `a2x` installed to build them.

closes #2
 2016-12-20 21:06:20 +00:00
Michael Adam
4e0951afd9 Merge pull request #62 from obnoxxx/bundle-readme-md 
build: add README.md to the bundled files
 2016-12-20 19:28:59 +01:00
Michael Adam
2f4e6403f9 build: add README.md to the bundled files 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:26:48 +01:00
Michael Adam
1bb255c3f8 Merge pull request #61 from obnoxxx/cleanup-readme 
Cleanup readme and fix installation instructions
 2016-12-20 19:24:28 +01:00
Michael Adam
85c73d68bd Add placeholder ChangeLog to keep automake happy 
Closes #60

Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:22:17 +01:00
Michael Adam
7f3fe02d47 README: update install instructions 
Closes #30

Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:22:17 +01:00
Michael Adam
271c4ecdcb README: add README pointing to README.md to make automake happy 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:22:17 +01:00
Michael Adam
0d3ca13398 README: Rename README --> README.md 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:04:56 +01:00
Michael Adam
82ce991b3d REAMDE: convert README to github markdown 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:04:47 +01:00
Michael Adam
af6e236521 README: cleanup readme from legacy content 
Signed-off-by: Michael Adam <obnox@samba.org>
 2016-12-20 19:04:43 +01:00
Michael Adam
e541456ee7 Merge pull request #36 from obnoxxx/issue-21 
build: remove foreign from AM_INIT_AUTOMAKE - generate INSTALL again
 2016-09-11 00:16:30 +02:00
Michael Adam
60e5fc7c57 build: remove foreign from AM_INIT_AUTOMAKE - generate INSTALL again 
Closes #21

Signed-off-by: Michael Adam <obnox@samba.org>
 2016-09-11 00:11:21 +02:00
Stephan Leemburg
c5da1cc934 Continue with forward proxy if ReverseOnly is not true and no mapping available (#35) 
allow non-reverse mappings if reverseonly is not enabled
 2016-09-10 19:22:45 +02:00
John Spencer
186bbc3efb configure.ac: remove check for broken regex which breaks crosscompilation 
in the unlikely case that the user's C library has broken regex support,
she should probably update to a bugfree version.
in its full consequence, checking if individual functions works basically
require to test every single function in use, which is nonsensical.
since this check required to compile and run a code sample on the host,
it cannot be checked in cross-compile scenarios and as it defaulted to yes
(broken), causes build failure in any such scenario.

closes #1

Signed-off-by: John Spencer <maillist-tinyproxy@barfooze.de>
Reviewed-by: Michael Adam <obnox@samba.org>
 2016-01-19 22:50:20 +01:00
Michael Adam
b036d2e055 Merge pull request #6 from rofl0r/url 
update URL
 2016-01-03 23:58:17 +01:00
rofl0r
ee83293285 update URL 2016-01-03 21:16:21 +00:00
Michael Adam
800c3a250c BB#110 Increase number of hash buckets from 32 to 256. 
This should make hash processing generally faster.

There is a treadeoff between memory footprint and
speed of processing. 10 KB instead of 1.2 KB of
hash table per process should not be a huge problem
even on very limited current systems.

Who really needs to stick to 32 buckets could
recompile. We could also think about making
this configurable at some point.

Signed-off-by: Michael Adam <obnox@samba.org>
 2014-12-13 01:41:56 +01:00
Michael Adam
545463c75d BB#110 limit the number of headers per request to prevent DoS 
Based on patch provided by gpernot@praksys.org on bugzilla.

Signed-off-by: Michael Adam <obnox@samba.org>
 2014-12-13 01:28:07 +01:00
Michael Adam
308305d827 BB#110 secure the hashmaps by adding a seed 
Based on a patch provided by gpernot@praksys.org on bugzilla.

Signed-off-by: Michael Adam <obnox@samba.org>
 2014-12-13 01:21:02 +01:00
Peter H. Froehlich
ab6255393d BB#110 Replace hash function with Dan Bernstein's. 
This hash function distributes much better than the
original one. The effect is not as visible with
hashes taken modulo 32 than with a bigger modulus,
but it is there. And larger number of buckets migh
become possible in the future...

Reviewed-by: Michael Adam <obnox@samba.org>
 2014-12-13 01:20:56 +01:00
Mukund Sivaraman
24087f743a Remove suggester (see Banu RT #138) 2014-05-01 13:58:54 +05:30
Michael Adam
b59ecd0c66 buffer: fix log message in read_buffer(). 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-23 12:21:59 +01:00
Michael Adam
ffa3a56ab8 buffer: reduce indentation in read_buffer() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-23 12:09:59 +01:00
Michael Adam
76bd008cf9 reqs: fix typo in a debug message in get_request_entity() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-23 11:59:47 +01:00
Michael Adam
b3ac7d2c7b transparent: make transparent support compile after introduction of multi Listen 
I seem to have forgotten to compile with transparent support enabled...
This belongs to the fix for bug BB#63.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-23 00:18:04 +01:00
Michael Adam
b92d70be07 child: remove use of config.listen_addrs in child_listening_sockets() 
This was accidentially used instead of the function parameter listen_addrs
This still belongs to the fix for bug BB#63.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-23 00:17:55 +01:00
Michael Adam
3710accf72 reqs: Fix CID 1130969 (part 3) - unchecked return value from library. 
Check the return value of socket_blocking (fcntl) at the
end of relay_connection() for client socket.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 21:56:39 +01:00
Michael Adam
e07c363df2 reqs: Fix CID 1130969 (part 2) - unchecked return value from library. 
Check the return value of socket_blocking (fcntl) at the
end of relay_connection().

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 21:44:12 +01:00
Michael Adam
c82840bfcb reqs: Fix CID 1130972 - remove logically dead code. 
url == NULL is caught above.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:58:19 +01:00
Michael Adam
49c55ed26c network: Fix CID 113095 - unchecked return value from library 
Check return of "recv" in readline().

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:54:22 +01:00
Michael Adam
198600ce42 child: check return code of socket_blocking for accept in child_main 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:49:45 +01:00
Michael Adam
38ef36d998 child: Fix CID 1130966 - unchecked return value from library 
check the return code of fcntl via socket_nonblocking
on the listen sockets in child_main()

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:49:45 +01:00
Michael Adam
0a99803425 reqs: Fix CID 1130967 - unchecked return value from library. 
Check the return code of fcntl via socket_blocking
in pull_client_data().

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:49:45 +01:00
Michael Adam
9efa5799f0 reqs: Fix CID 1130968 - unchecked return value from library 
Check the return code of fcntl via socket_nonblocking
in pull_client_data()

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:49:45 +01:00
Michael Adam
c27b6d15e2 reqs: rename a variable. 
ret will be used in enclosing scope.
so rename this special varibale.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 18:49:45 +01:00
Michael Adam
68bd0b61b5 reqs: fix CID 1130969 - unchecked return code from library 
Effectively, the return code of fcntl was not checked
by not checking the return code of socket_nonblocking()
for the server fd.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 17:35:59 +01:00
Michael Adam
2004abc1e3 reqs: fix CID 1130970 - unchecked return code from library 
Effectively, the return code of fcntl was not checked
by not checking the return code of socket_nonblocking()
for the client fd.

Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 17:35:54 +01:00
Michael Adam
a244c1d4aa conf: Fix CID 1130973 - resource leak. 
Found by coverity.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-22 16:08:47 +01:00
Michael Adam
0f18e4fc3a BB#106: remove now unused extract_ssl_url. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 15:26:06 +01:00
Michael Adam
9f43cfd488 BB#106: fix CONNECT requsts with IPv6 literal addresses as host. 
Use extract_url instead of the old extract_ssl_url:
extract_url is generic and handles ipv6 literal addresses correctly.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 15:25:44 +01:00
Michael Adam
98f77ef8c7 BB#106: add default_port argument to extract_http_url and rename it to extract_url 
There is in fact nothing http-specific any more about this function, hence
the rename. The input has been stripped of the <proto>:// header anyways.

This in preparation of fixing bug BB#106: ssl fails with literal ipv6 addrs.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 15:09:48 +01:00
Michael Adam
69c348ce6d req: move a variable into the scope where it is used in extract_http_url() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 13:10:03 +01:00
Michael Adam
bb2e894e0d BB#116: fix invalid free when connecting to ipv6 literal address 
When removing the '[' and ']' characers from the ipv6 literal address, make sure
the pointer that is later free'd stays a malloced pointer by memmoving the
string one place left.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 13:07:19 +01:00
Michael Adam
7e1d8154de build: check for memmove 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 13:07:09 +01:00
Michael Adam
836d4534d6 sock: add debug messages to opensock() 
log entering opensock and successful return of getaddrinfo.
This allows to detect dns timeouts from looking at the logs.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-16 11:30:07 +01:00
Michael Adam
e82080a5f6 [BB#63] conf: Allow multiple Listen statements in the config. 
This introduces a list (vector) of addresses instead of
having just one address string.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
d0732f9ade [BB#81] allow listening on multiple families when no Listen is provided in config 
This is achieved by not stopping at the first result of getaddrinfo
that we managed to listen on: Without "Listen" in the config, we
call getraddrinfo with NULL address. With AI_PASSIVE, this gives results
for both IPv4 and IPv6 wildcard addresses (if both are supported).

This lets tinyproxy listen on both IPv4 and IPv6 wildcard if the system
supports them.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
e40b91974a sock: add a starting debug message to listen_sock() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
22587d3d41 sock: update introductory comment for listen_sock() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
0698e4d180 sock: set IPV6_V6ONLY on the socket before binding an IPv6 address 
so that we can bind wildcard for both IPv4 and IPv6.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
d7f67768eb sock: factor listening on one socket out of the gai-result-loop in listen_sock() 
for clarity of the code

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
157879d4f6 sock: in listen_sock(), move variable for setsockopt() into scope 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
a7898a2c98 sock: log each result of getaddrinfo() in listen_sock() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
947e255d19 sock: in listen_sock(), add a log message for when bind() has failed 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
b41d140984 sock: in listen_sock(), detect and log failure to call setsockopt() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
5392e9829c sock: in listen_sock(), add debug message when socket() call failed. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
fa26ad4d56 sock: move listen() into the getaddrinfo result loop in listen_sock() 
This also reverses the exit logic of the loop.
It prepares listening on multiple addresses.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
2ebfd456ef child: use a list of listen_fds instead of one single listenfd. 
This prepares listenting on multiple sockets, which will be ussed to
fix listening on the wildcard (listen on both ipv6 and ipv4) and
help add the support for multiple Listen statements in the config

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
070d621534 child: add addr argument to child_listening_sock(). 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
2bd919f01e sock: add addr argument to listen_sock() 
instead of using config.ipAddr internally.
This is in preparation to make it possible
to call it for multiple addresses.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
7eea1638bc sock/child: remove global variable addrlen. 
This changes listen_sock() to not return the
addrlen of the used address from getaddrinfo call
to the caller, stored in global addrlen in child.c.

This was only used to be able to allocate enough space for the
arguments to the later accept call depending on whether
IPv4 or IPv6 is used.

This removes the need to pass this info by always allocating
sizeof(struct sockaddr_storage) instead, which is enough
to carry both sockaddr_in and sockaddr_in6.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
4bbd6e8626 [BB#109] Fix crash (infinite loop) when writing to log file fails. 
Fall back to syslog logging in that case.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Michael Adam
d652681e8a log: remove extra newline characters in log messages. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2013-11-09 13:34:33 +01:00
Gaudenz Steinlin
c8b8247f70 [BB#115] Drop supplementary groups 
Supplementary groups are inherited from the calling process. Drop all
supplementary groups if the "Group" configuration directive is set to
change to a different user. Otherwise the process may have more rights
than expected.

Reviewed-by: Michael Adam <obnox@samba.org>
 2013-11-01 06:38:53 +01:00
Michael Adam
3cc59ec3be [BB#112] build: fix build with autoconf >= 2.69 
Use AC_CONFIG_HEADERS instead of obsolete AM_CONFIG_HEADER.

Signed-off-by: Michael Adam <obnox@samba.org>
 2013-04-09 22:35:20 +02:00
Mukund Sivaraman
983d241db6 Update authors 2012-01-23 16:32:35 +05:30
Mukund Sivaraman
2e4ea496b3 build: Prepend to LDFLAGS instead of replacing its contents 2012-01-23 16:25:24 +05:30
Mukund Sivaraman
e5fd1fd556 Make .xz compressed dist targets too 2011-09-11 11:52:21 +05:30
Mukund Sivaraman
32563a4ed6 Bug #103: Move files installed in /etc/ to /etc/tinyproxy/ 2011-08-23 14:46:04 +05:30
Mukund Sivaraman
ec86c15d5a Minor whitespace fix 2011-08-16 17:44:17 +05:30
Mukund Sivaraman
e8426f6662 [BB#90]: Fix bug in ACL netmask generation 
Thanks to John Horne who diagnosed this issue and found the problem.
 2011-03-04 14:47:05 +05:30
Mukund Sivaraman
97b9984484 Validate port number specified in Port directive 
This was asked in bug #90 comment #8.
 2011-03-04 14:07:07 +05:30
Mukund Sivaraman
5ad24ba99d Update URLs of Tinyproxy 2011-02-28 12:36:05 +05:30
Mukund Sivaraman
7378c97524 Surround IPv6 literals with [] in Host: headers 2011-02-07 18:00:39 +05:30
Mukund Sivaraman
2d02e2211e Handle IPv6 literals in URLs correctly 2011-02-04 20:28:48 +05:30
Michael Adam
8fd3808ad3 [BB#95] remove two comments that have become wrong by the fix. 2010-12-01 22:25:44 +01:00
Daniel Egger
62443a6391 [BB#95] Fix FilterURLs with transparent proxy support. 
Pass a pointer to a char pointer to do_transparent_proxy so the reassembled URL
will actually end up back in the caller where it is needed for filtering
decisions. This fixes the problem that a tinyproxy configured with the
transparent proxy functionality and "FilterURLs Yes" would filter on everything
but the domain.

Signed-off-by: daniel.egger@sphairon.com
Signed-off-by: Michael Adam <obnox@samba.org>
 2010-12-01 22:25:44 +01:00
Michael Adam
58ac635a17 README: correctly list --enable-transparent 
--enable-transparent-proxy was renamed to --enable-transparent
in August 2004... :-)
 2010-12-01 21:40:07 +01:00
Michael Adam
b672ca03fe [BB#91] Fix upstream proxy support. 
Patch by Jordi Mallach.
 2010-08-24 22:47:35 +02:00
Michael Adam
52cad36352 upstream: clarify debug messages 
There are frequent questions "what does 'No proxy for ...' mean?"
on the mailing list and IRC. Be more specific. (No upstream proxy ...)
Correspondingly, log "Found upstream proxy ... for ..."
 2010-08-24 22:46:10 +02:00
Mukund Sivaraman
691415a8f9 [BB#74] Create log and pid files after we drop privs 2010-06-02 10:36:05 +05:30
Mukund Sivaraman
56257d3da3 Remove excessive code 2010-06-02 10:11:17 +05:30
Mukund Sivaraman
df9e6d3163 Add authors to authors.xml and regen 2010-06-01 08:16:53 +05:30
John van der Kamp
a7933bdd36 [BB#89] Don't recompile regular expressions 
This is a modification of a patch originally written by
John van der Kamp <john@kirika.demon.nl> at
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579427#12>

The modification was done by the committer.
 2010-06-01 07:54:55 +05:30
Mukund Sivaraman
50e3a0f6d9 Fix typo in manpage 2010-05-30 10:01:36 +05:30
Mukund Sivaraman
f84fb98766 Precompute network addresses for increased performance 2010-05-30 08:08:04 +05:30
Mukund Sivaraman
0963c4c71f Minor indent of code 2010-05-30 08:01:14 +05:30
Mukund Sivaraman
7c39cdfe1d Use complete sentences in the manpages 2010-04-22 21:14:27 +05:30
Jordi Mallach
7da3e4854c [BB#83] Use output of id instead of $USER 2010-04-21 21:02:57 +05:30
Dmitry Semyonov
7edb6e047c Fix crash in send_stored_logs() 2010-04-21 20:35:50 +05:30
Mukund Sivaraman
d30ee746a7 Revert "main: drop privileges right after reading the config" 
This reverts commit 7a9abc2a04. It should
fix the issue in bug #87.
 2010-04-21 20:10:56 +05:30
Mukund Sivaraman
1e0ad98f7f Just fix the support URLs 2010-03-28 10:33:38 +05:30
Mukund Sivaraman
34088e2175 Revert "Update Tinyproxy website URLs" 
This reverts commit b108162dfb.
 2010-03-28 10:27:40 +05:30
Mukund Sivaraman
b108162dfb Update Tinyproxy website URLs 2010-03-27 08:22:51 +05:30
Mukund Sivaraman
d37a6b2c12 Revert "Revert "Pass address family when binding to outgoing socket"" 
This reverts commit 70885bf029. It looks
like bug #69 needs this fix after all.
 2010-03-09 17:08:37 +05:30
Mukund Sivaraman
2f86b79d85 Use AI_PASSIVE flag to make tinyproxy listen on wildcard interface 
Signed-off-by: Michael Adam <obnox@samba.org>
 2010-03-03 01:03:45 +01:00
Michael Adam
243526d493 Comment out the LogFile and PidFile options in the example tinyproxy.conf. 
These are compiled in defaults now.

Michael
 2010-03-02 23:41:37 +01:00
Michael Adam
e87c856487 change the default pid file location to "@LOCALSTATEDIR@/run/tinyproxy/tinyproxy.pid" 
I.e., add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user.
The subdirectory can be used to give the tinyproxy user
write permission.

Michael
 2010-03-02 23:39:30 +01:00
Michael Adam
cfa5792880 change the default log file location to "@LOCALSTATEDIR@/log/tinyproxy/tinyproxy.log" 
i.e. add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user
the subdirectory can be used to give the tinyproxy user
write permission.

Michael
 2010-03-02 23:39:21 +01:00
Michael Adam
f640c6fbb1 main: some tabs->spaces 2010-03-02 22:17:34 +01:00
Michael Adam
fcf5fd2129 main: move a log message. 2010-03-02 22:05:28 +01:00
Michael Adam
7a9abc2a04 main: drop privileges right after reading the config 
This is the second part of fixing bug #74.
I lets tinyproxy create its log and pid files as the
user as which it is running, so that later on at SIGHUP,
the log file can successfully be reopened.

Michael
 2010-03-02 22:02:46 +01:00
Michael Adam
2235a97f05 main: separate loading of config and setup_logging at startup 
This is the first part of a fix for bug #74
(making reloading of config work if running as non-privileged user)

Michael
 2010-03-02 21:57:03 +01:00
Michael Adam
f923649a11 tinyproxy.conf: fix LogFile to proper CamelCase for consistency 2010-02-23 08:06:55 +01:00
Michael Adam
3f1632603c tests: fix bug #80: keep track of errors in return codes 
Michael
 2010-02-23 00:18:29 +01:00
Michael Adam
7c15563430 tests: fix a typo in run_tests.sh 2010-02-23 00:17:21 +01:00
Michael Adam
ee1f1e38f2 test: add make target "make valgrind-test-wait" 2010-02-22 23:31:40 +01:00
Michael Adam
752e4419a6 tests: add a new make target "make test-wait" 2010-02-22 23:17:39 +01:00
Michael Adam
d133eee36b tests: Fix bug #79. Finish "make test" without waiting for user input. 
Old behaviour is preserved by passing in the environment variable
TINYPROXY_TESTS_WAIT=yes.

Michael
 2010-02-22 23:12:51 +01:00
Mukund Sivaraman
2f6840fd85 Use format string when logging messages 2010-02-19 21:04:02 +05:30
Mukund Sivaraman
719b5f6049 Fix pkgdatadir path in tinyproxy.conf 2010-02-18 00:30:19 +05:30
Mukund Sivaraman
907a6c2420 Display upstream proxy support in usage message 2010-02-17 23:11:45 +05:30
Mukund Sivaraman
c6d4c68c99 Update help text a little 2010-02-17 00:29:29 +05:30
Mukund Sivaraman
3efcfd2345 Also install AUTHORS file in doc directory 2010-01-26 13:26:32 +05:30
Mukund Sivaraman
a9b42c491f Install README and NEWS in doc directory 2010-01-26 12:24:41 +05:30
Mukund Sivaraman
9434b27cc1 Remove bogus static qualifiers for these auto variables 2010-01-25 23:40:03 +05:30
Mukund Sivaraman
2d85a69e49 Remove unnecessary cast to (void **) 
Fixes a compiler warning about dereferencing type-punned pointers.
 2010-01-25 21:36:18 +05:30
Mukund Sivaraman
0697a9047d Remove obsolete ChangeLog file 2010-01-25 21:16:39 +05:30
Mukund Sivaraman
41d80861e3 Fix typo in manpage 2010-01-25 19:35:30 +05:30
Mukund Sivaraman
19b9bff888 Fix compiler warning about dereferencing type-punned pointers 2010-01-25 13:06:58 +05:30
Mukund Sivaraman
13eb2258e0 Don't check for overlength strings 2010-01-25 12:47:13 +05:30
Mukund Sivaraman
2447e38618 Minor text updates 2010-01-24 11:17:20 +05:30
Mukund Sivaraman
d9d66e6280 Minor text updates to the patch section 2010-01-24 11:07:28 +05:30
Mukund Sivaraman
70885bf029 Revert "Pass address family when binding to outgoing socket" 
This reverts commit 65ef313cc4.
This patch could've been the reason for BB#69.
 2010-01-21 06:29:15 +05:30
Mukund Sivaraman
9b9d8c10f8 Reformat README for asciidoc 2010-01-19 19:12:24 +05:30
Mukund Sivaraman
b08420ec13 List all authors when license is requested 
(Not just recent authors.)
 2010-01-19 19:04:39 +05:30
Mukund Sivaraman
e11a01f0b1 Add more authors 2010-01-19 19:03:36 +05:30
Mukund Sivaraman
7ac13d7924 Change to for loop 2010-01-19 05:14:06 +05:30
Mukund Sivaraman
edea7e37d0 Show authors and documenters when license is requested 2010-01-18 19:05:31 +05:30
Mukund Sivaraman
f3fe3d8e79 Add authors.* files to EXTRA_DIST 2010-01-18 18:45:13 +05:30
Mukund Sivaraman
510655e447 Make note about auto-generated file an asciidoc comment 2010-01-18 18:42:10 +05:30
Mukund Sivaraman
9e7dac7996 Update AUTHORS file for dual roles 2010-01-18 18:35:59 +05:30
Mukund Sivaraman
b21270ffa5 Move documenters under Documentation section 2010-01-18 17:45:32 +05:30
Mukund Sivaraman
84d5926bdb Do better asciidoc formatting of AUTHORS file 2010-01-18 17:41:42 +05:30
Mukund Sivaraman
8631a9d531 Update the AUTHORS file 
This uses an XML based system now to store author names.
We also keep a pre-generated AUTHORS file checked in.
 2010-01-18 17:35:51 +05:30
Mukund Sivaraman
d396e5592b Remove completed items from TODO list 2010-01-18 16:01:08 +05:30
Mukund Sivaraman
ff2a7a2bdc Reset the NEWS file for the master branch 2010-01-17 21:05:13 +05:30
Mukund Sivaraman
26cfec06a0 Bump master version to 1.9.0 2010-01-17 19:21:22 +05:30
Michael Adam
9c500d06f2 Fix bug #68: Allow all ports for CONNECT at absence of ConnectPort in config. 2010-01-17 13:41:02 +01:00
Mukund Sivaraman
aea157d7c9 Bump version to 1.8.0 2010-01-17 14:30:06 +05:30
Mukund Sivaraman
9c68b94136 Do an openlog() on fallback to syslog 2010-01-17 14:27:49 +05:30
Mukund Sivaraman
26b4ab07a4 Remove extra argument to log_message() 2010-01-17 14:27:19 +05:30
Mukund Sivaraman
a34ce8f4f9 Remove ret variable as 0 is always returned 2010-01-17 14:26:56 +05:30
Mukund Sivaraman
e2b367a169 Remove unused label 2010-01-17 14:26:08 +05:30
Michael Adam
8070023643 log: when opening the log file fails, fall back to syslog logging. 2010-01-17 01:10:21 +01:00
Michael Adam
54a613b9db conf: reduce indentation in load_config_file() 
This replaces a do { ... } while (0) with break statements
ba gotos. Imho, this is much clearer.

Michael
 2010-01-16 13:26:18 +01:00
Mukund Sivaraman
d3df735f89 Add author sections to the manpages 2010-01-16 16:42:02 +05:30
Mukund Sivaraman
74334a7700 Add see-also sections to the manpages 2010-01-16 16:40:48 +05:30
Mukund Sivaraman
09d11ace60 Fix leak of file handle in load_config_file() 2010-01-16 11:09:14 +05:30
Mukund Sivaraman
bf820013df Use HTTPS link in URLs to Tinyproxy websites 2010-01-16 10:22:22 +05:30
Mukund Sivaraman
21c6164910 Bump version number in override too 2010-01-16 10:18:14 +05:30
Mukund Sivaraman
6da10fa438 Fix text about bug reporting 2010-01-16 10:17:13 +05:30
Mukund Sivaraman
bbccb57929 Fix case of Bugzilla product name 2010-01-16 10:17:07 +05:30
Mukund Sivaraman
5980512a08 Rename version 1.7.2 to 1.8.0 in NEWS 2010-01-15 22:28:14 +05:30
Mukund Sivaraman
3700e1fc5b Add old NEWS for 1.7.0 2010-01-14 13:59:35 +05:30
Mukund Sivaraman
46deecdb53 Fix case 2010-01-14 13:40:12 +05:30
Mukund Sivaraman
eb67b4c407 Fix typos and elaborate some NEWS items 2010-01-14 13:30:54 +05:30
Mukund Sivaraman
ee17131bdf Fix list of 1.7.2 contributors 2010-01-14 13:23:35 +05:30
Mukund Sivaraman
fa45b3cb79 Revert list of 1.7.1 contributors to what it was before 2010-01-14 13:21:55 +05:30
Mukund Sivaraman
d3b1619b06 Add a separate contributors section for version 1.7.2 2010-01-14 13:20:51 +05:30
Mukund Sivaraman
3101d7ebb4 Fix version number in NEWS file 2010-01-14 13:20:15 +05:30
Michael Adam
157a79216f NEWS: add David Shanks to the list of contributors. 2010-01-14 08:34:09 +01:00
Michael Adam
a61f6018f2 NEWS: document some more new features in the release notes 
Michael
 2010-01-14 08:33:11 +01:00
Michael Adam
a639f3fca2 NEWS: add list of bugs fixed since 1.7.1 
Muks: please verify - thes are current the fixed bugs
with milestone 1.8.0 (i.e. the renamed 1.7.2).

I hope this is correct!
I also hope this was the intended scheme - have bug
lists per version section. Please feel free to edit...

Michael
 2010-01-14 08:25:44 +01:00
Michael Adam
3baa5f6f7c NEWS: mention change of XTinyProxy to be a global bool 
Michael
 2010-01-14 08:14:01 +01:00
David Shanks
184d07e47c check_numeric_acl() should return -1 when IPs don't match. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2010-01-14 07:46:31 +01:00
Michael Adam
8963c84dad NEWS: move the changes after 1.7.1 to new section 1.7.2 
Michael
 2010-01-13 23:26:20 +01:00
Michael Adam
7e9a022c74 NEWS: reformulate and elaborate some items. 
Michael
 2010-01-13 21:28:38 +01:00
Michael Adam
7ca792043c update NEWS 
* mention config reload and upon HUP
* log-reopen (not trunc!) upon HUP
* file-logging as default

Michael
 2010-01-13 21:25:03 +01:00
Michael Adam
028cad3c3b NEWS: add Mathew Mrosko as contributor. 2010-01-13 17:11:54 +01:00
Michael Adam
5e387e6ee7 log: turn tabs into spaces =) 
Michael
 2010-01-13 00:58:55 +01:00
Michael Adam
dc86ebaf28 log: change internal logic to choose syslog over file logging. 
Now that there is always a log file set, we just check for
syslog being set to TRUE and in that case use syslog logging,
file logging otherwiese.

Michael
 2010-01-13 00:57:32 +01:00
Michael Adam
fa0c4963e9 conf: add a default for PidFile: LOCALSTATEDIR/run/tinyproxy.pid 
Michael
 2010-01-13 00:30:50 +01:00
Michael Adam
9fec507daf log: remove a (now) useless fprintf in setup_logging. 
Now that there is a default value for LogFile, the case
that neither the log file name nor syslog is configured
can not happen any more.

Michael
 2010-01-13 00:23:48 +01:00
Michael Adam
74b0b63da8 conf: set default LogFile to LOCALSTATEDIR/log/tinyproxy.log 
Michael
 2010-01-13 00:21:39 +01:00
Michael Adam
fb07cb380c Export configure variable localstatedir to C as define LOCALSTATEDIR. 
So that it can be used for default values of some paths later on.

Michael
 2010-01-13 00:16:02 +01:00
Mukund Sivaraman
d6a247cc04 Make bzip2 compressed dist tarballs 
We publish bzip2 compressed tarballs starting with the 1.8.x releases.
 2010-01-11 04:17:26 +05:30
Michael Adam
bcca20a3e6 log: remove an fprintf "not configured" error message in setup_logging(). 
Now that we exit early when !logging_initialized, this
can actually not happen anymore anyways: When logging is
initialized, it was also properly configured.

Michael
 2010-01-10 19:29:33 +01:00
Michael Adam
1dd1c2796a log: shortcut return in shutdown_logging() if logging_initialized == false 
This does for instance happen at startup when logging has not yet been set up.

Michael
 2010-01-10 19:24:23 +01:00
Mukund Sivaraman
65ef313cc4 Pass address family when binding to outgoing socket 2010-01-10 19:51:24 +05:30
Michael Adam
b106091343 Happy new year 2010! 2010-01-10 13:53:03 +01:00
Michael Adam
594df6bf43 Happy new year 2010! 2010-01-10 13:52:17 +01:00
Michael Adam
52e333af0b Happy new year 2010! 2010-01-10 13:51:33 +01:00
Michael Adam
12026c32de Fix bug #55: Read request entity before sending error page to client. 
https://www.banu.com/bugzilla/show_bug.cgi?id=55

This is achieved by streamlining handle_connection, adding
a common cleanup-and-exit poing ("done") and a common
failure exit point ("fail") that reads any pending data
from the client fd first before trying to send back
data (error page or stats page).

The new function get_request_entity that is used here,
does not honour any content-length header. It just calls
select on the client-fd and gets any data that is there
to read.

Michael
 2010-01-10 02:17:37 +01:00
Michael Adam
6c9a647576 reqs:handle_connection: untangle assignment from check 
Michael
 2010-01-10 01:49:14 +01:00
Michael Adam
e1e9e53d45 reqs:process_client_headers: polish logic flow a bit. 
Michael
 2010-01-10 01:49:14 +01:00
Michael Adam
0bfc0e90c1 reqs: simply process_request a bit: create common fail exit point 
Michael
 2010-01-10 01:49:14 +01:00
Mukund Sivaraman
9c0c3d5ced [BB#17] Add custom HTTP request headers to outgoing HTTP requests 2010-01-08 22:05:17 +05:30
Mukund Sivaraman
b96a3a3250 Fix case in log message 2010-01-06 11:54:57 +05:30
Mukund Sivaraman
e5abe844d1 Use named lists to match rest of the document 2010-01-03 20:50:07 +05:30
Mukund Sivaraman
9e79e9975f Modify description of LogLevel in manpage 2010-01-03 20:46:37 +05:30
Mukund Sivaraman
70e8197344 Use proper asciidoc formatting in manpage 2010-01-03 20:14:43 +05:30
Mukund Sivaraman
34f9e5f95e Fix caps in manpage 2010-01-03 20:14:29 +05:30
Mukund Sivaraman
e42d1cf9fd Use a configure arg to request regex checking 
Disabling the regex check seems to be required during cross-compiles,
where it's not possible to test the target's regex library at
compile time.
 2010-01-03 13:52:00 +05:30
Mukund Sivaraman
8077fd8936 Reindent the last configure.ac changes 2010-01-03 13:41:49 +05:30
Mathew Mrosko
df08d801fe build: allow a forcing build with "broken" regex. 
The configure would fail when cross compiling due to the regex check
automatically failing for cross compilation. Since you can't run the
regex binary check, assuming the regex library on the target platform is
working would be the only way to get the build working, or adding a
force for people to control based on their build environment.

Signed-off-by: Michael Adam <obnox@samba.org>
 2010-01-02 00:10:17 +01:00
Michael Adam
e0fabc6127 log: confess - add my (C) after substantial changes. 
Michael
 2009-12-23 00:33:31 +01:00
Michael Adam
5e8c8508ef conf: confess - add my (C) after substantial changes. 
Michael
 2009-12-23 00:33:21 +01:00
Michael Adam
4a11f9f08f log: remove unneeded truncate_log_file(). 
Michael
 2009-12-23 00:31:56 +01:00
Michael Adam
c07cd2e44e Use shutdown_logging() in main(). 
Michael
 2009-12-23 00:31:56 +01:00
Michael Adam
71a035d619 Use reload_config() in main() to load config and init logging. 
Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
bc10479452 log: fix log_message so do only one write before the fsync. 
This way the logging from the various child processes does not
get clobbered up. Formerly, the different write portions
(time stamp, message, newline) would get mixed from the
various child processes' log messages.

Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
adf4640104 log: add start/end debug messages for "sending stored logs". 
Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
0466526b1d Add warning comments to SIGHUP handlers, that we ignore the retrun code of reload_config(). 
This can actually fail, and we probably need some way to handle this.
Like an emergency error exit or so...

Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
8346a20aa0 Don't truncate the log file in the SIGHUP handler. 
Logging is re-initialized by reload_config() now.
And truncation is wrong anyways: A syslog mechanism will
move the current log file and the reopen-action will just
create a new empty log file upon SIGHUP.

Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
fb2e65f40b enhance reload_config to correctly re-initialize the logging subsystem. 
This includes reopening the log file (in append mode).
Also switching from syslog to logfile and visa versa are included
when called from the SIGHUP handler.

Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
c4b9454807 log: enhance close_log_file to reset logfile_fd to -1 after closing 
Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
f3c8424515 log.c: remove superfluous uses of #ifdef HAVE_SYSLOG_H 
When this code is hit, availability of syslog has already
been checked (when reading the config file). So config.syslog == TRUE
only when HAVE_SYSLOG_H is defined.

So I remove the preprocessor checks which only clobber the logic
and make the code harder to read (IMHO).

Michael
 2009-12-23 00:31:55 +01:00
Michael Adam
2c14f89bfc main: remove global bool processed_config_file. 
This seemed out of place. Now the information is
stored in the correct places (as log.c:logging_initialized).

This way, we will be able to cleanly re-initialize
logging during config reload (SIGHUP) in subsequent
commits.

Michael
 2009-12-23 00:27:32 +01:00
Michael Adam
210e82d08d log: call send_stored_logs in setup_logging instead of in main(). 
This is where it actually belongs.

Michael
 2009-12-23 00:27:32 +01:00
Michael Adam
891846f23e log: add boolean local variable logging_initialized. 
This controls whether log_messages should write to the
log file / syslog or rather to the log_message_storage.
This will make the global processed_config_file variable
from main unneccessary in the next step.

Michael
 2009-12-23 00:27:26 +01:00
Michael Adam
649b2c0683 log: add function shutdown_logging(). 
Michael
 2009-12-23 00:27:26 +01:00
Michael Adam
479562ad2b reload config upon SIGHUP 
Michael
 2009-12-22 00:15:00 +01:00
Michael Adam
91492773b1 conf: add a log messate ("reloading config file") 
Michael
 2009-12-22 00:15:00 +01:00
Michael Adam
e9baa2977c conf: adapt a log message (add quotes to string value) 
Michael
 2009-12-22 00:15:00 +01:00
Michael Adam
f7419c60be conf: elaborate a comment 
Michael
 2009-12-22 00:15:00 +01:00
Michael Adam
93dfb1ac5b conf: change a log message (to be more reasonable?) 
Michael
 2009-12-22 00:15:00 +01:00
Michael Adam
8bf91ce80f main: add convenience wrapper reload_config() for reload_config_file() 
Michael
 2009-12-22 00:14:59 +01:00
Michael Adam
72632f6569 conf.h: add "extern" to prototype of reload_config_file 
Michael
 2009-12-22 00:14:59 +01:00
Michael Adam
6ea160ffff conf: make free_config static 
Michael
 2009-12-22 00:14:59 +01:00
Michael Adam
c15434df2b conf: make load_config_file static. 
Michael
 2009-12-22 00:14:59 +01:00
Michael Adam
d3d31b434a conf: rename reload_config --> reload_config_file 
Michael
 2009-12-22 00:14:59 +01:00
Mukund Sivaraman
6a5faa0bec Remove AM_MAINTAINER_MODE 2009-12-08 10:52:17 +05:30
Michael Adam
d522221668 Fix restarting of tinyproxy: call setsockopt with REUSEADDR _before_ calling bind 
Somehow this got moved too far down in the ipv6 changes.
Thanks to Mathew Mrosko for helping me debugging this.

Michael
 2009-12-08 01:24:31 +01:00
Michael Adam
5bba62bcde Fix the build with --enable-transaparent after conf changes. 
Michael
 2009-12-07 23:42:55 +01:00
Michael Adam
0ba5cbea4f fix build with "--enable-reverse" after conf changes 
Michael
 2009-12-07 23:40:24 +01:00
Michael Adam
7290691142 Move definition of "struct config_s" from main.h to conf.h 
Michael
 2009-12-07 22:33:27 +01:00
Michael Adam
34e4be193e main.h: fix tabs ---> spaces 
Michael
 2009-12-07 22:33:27 +01:00
Michael Adam
4b54fc203f conf: remove direct use of config from reload_config() 
The "conf" argument has to be used.

Michael
 2009-12-07 22:33:27 +01:00
Michael Adam
ad2f478c46 conf: remove direct reference to config from load_config_file() 
This has to use the parameter "conf".

Michael
 2009-12-07 22:33:26 +01:00
Michael Adam
947d85cefc Use reload_config() in main. 
Michael
 2009-12-07 01:11:35 +01:00
Michael Adam
0d0de2fcc5 Add reload_config() - (re-)load the config file, keeping defaults. 
This allows for later reloading the config at SIGHUP (e.g.).
First the old config data is freed, then the defaults that
are given as a parameter are copied over in a rather clumsy
manual fashion (maybe something more clever can be done here)
and finally, the actual config file is loaded.

Michael
 2009-12-07 01:11:35 +01:00
Michael Adam
2ccebf7a95 main: Move setup_logging to after the config post-processing checks. 
Michael
 2009-12-07 00:40:25 +01:00
Michael Adam
dcbf99d334 Add free_config() - free all config data. 
Michael
 2009-12-07 00:32:22 +01:00
Michael Adam
1360f530f1 Don't make config_file const in the config struct. 
Michael
 2009-12-07 00:32:22 +01:00
Michael Adam
d0a91c2f9b Add the anonymous_map hasmap to the config struct. 
Michael
 2009-12-07 00:22:53 +01:00
Michael Adam
fa073543c4 Add free_connect_ports_list(). 
Michael
 2009-12-07 00:22:52 +01:00
Michael Adam
4c0a4d985f Add connect_ports list to config struct instead of keeping extra global var. 
Michael
 2009-12-07 00:22:52 +01:00
Michael Adam
c981b246ce Move handling of connect_ports list to its own source module. 
Michael
 2009-12-07 00:22:52 +01:00
Michael Adam
8cb182e1b8 Add access_list to the config struct instead of a global variable in acl.c. 
Change insert_acl, check_acl and flush_access_list to take a corresponding
argument.

Michael
 2009-12-07 00:22:46 +01:00
Michael Adam
6266197e92 acl: add function flush_access_list(). 2009-12-07 00:22:46 +01:00
Michael Adam
2e6999df4a Add free_reversepath_list(). 
Michael
 2009-12-07 00:22:46 +01:00
Michael Adam
3f1201c8b3 Add a reversepath argument to reversepath_get(). 
This abstracts the setter/getter functions for the reversepath
list from the concrete list in config.reversepath_list.

Michael
 2009-12-07 00:22:46 +01:00
Michael Adam
624d146cd6 Add reversepath_list parameter to reversepath_add. 
Michael
 2009-12-07 00:22:36 +01:00
Michael Adam
21aa3ecf60 upstream: add free_upstream_list () 
Michael
 2009-12-07 00:22:36 +01:00
Michael Adam
4a8ea0d23b upstream: Add upstream list parameter to upstream_get() 
to abstract it from the concrete list in the config struct.
Now upstream.c does not use any reference to config any more.

Michael
 2009-12-07 00:22:36 +01:00
Michael Adam
22fba83df2 upstream: add upstream list parameter to upstream_add() 
to abstract it from the concrete list in the config struct.

Michael
 2009-12-07 00:22:28 +01:00
Michael Adam
fd987e97f0 move handling of upstream list to new module upstream.{c,h} 
Michael
 2009-12-06 13:17:18 +01:00
Michael Adam
56ba3d45bd upstream: refactor assembly of upstream out of upstream_add 
Michael
 2009-12-06 13:17:18 +01:00
Michael Adam
34dbeb3626 main/conf: add maxidletimeout to initialize_config_defaults 
But keep the resetting check after processing the conf file.

Michael
 2009-12-06 01:57:04 +01:00
Michael Adam
c853cec164 main: fix tab -> spaces 
Michael
 2009-12-06 01:57:04 +01:00
Michael Adam
073233b9f1 conf: move setting of default stathost to initialize_config_defaults() 
Michael
 2009-12-06 01:56:59 +01:00
Michael Adam
055c11f63c conf: fix tab->spaces 
Michael
 2009-12-06 01:55:53 +01:00
Michael Adam
f60aa47715 conf: allow set_string_arg to overwrite previous values (i.e. don't leak) 
Michael
 2009-12-06 01:55:53 +01:00
Michael Adam
5e399a7e17 main: use safestrdup instead of strdup in process_cmdline 
Michael
 2009-12-06 01:55:53 +01:00
Mukund Sivaraman
0480185d07 Use capitalized name in error messages 2009-12-04 05:41:36 +05:30
Michael Adam
607e8ec0e7 acl: split initialization of the access_list out into a function 2009-11-17 17:30:19 +01:00
Mukund Sivaraman
ec4b4d979f Use NULL for pointers 2009-11-17 02:40:03 +05:30
Michael Adam
a664dee4f6 set_string_arg: Remove unneccesary check for determining the return code. 2009-11-16 21:52:34 +01:00
Mukund Sivaraman
45a56e468d Remove excessive copying 2009-11-17 02:20:27 +05:30
Mukund Sivaraman
d7fada25e5 Make position into an enum 2009-11-17 01:52:23 +05:30
Mukund Sivaraman
4b6a25ac06 Use snprintf() with size of the portstr buf 2009-11-17 01:44:21 +05:30
Mathew Mrosko
238e3ffb34 Fix format string warnings 
C90 doesn't support z modifier in printf's, so cast values
to (unsigned long) which should be the same size as size_t
on both ILP32 and LP64.
 2009-11-16 21:50:40 +05:30
Mukund Sivaraman
2f05d8dd32 Fix typo in log string 2009-11-14 18:57:31 +05:30
Michael Adam
fba81e4174 conf: refactor loading of config file out into load_config_file() 
and make config_compile and config_parse static to conf.c

Michael
 2009-11-14 12:13:10 +01:00
Michael Adam
a09dd9cd00 main: add a config struct argument to process_cmdline. 
Michael
 2009-11-14 12:13:10 +01:00
Michael Adam
8945d9f0ae main: put initialization of config defaults into a function of its own 
Michael
 2009-11-14 12:13:10 +01:00
Michael Adam
ea2eaef173 extract setup of the logging subsystem into a function of its own. 
Signed-off-by: Michael Adam <obnox@samba.org>
 2009-11-14 12:13:10 +01:00
Michael Adam
d8da7f55f7 main: move initialization of default config values closer together 
Michael
 2009-11-14 12:13:10 +01:00
Mukund Sivaraman
9274b5556e Remove packaging related items 2009-11-14 16:40:46 +05:30
Mukund Sivaraman
c42fbaaf80 Make asciidoc a requirement for building Tinyproxy 
asciidoc is necessary as the version number is added during
configure into the asciidoc manpage sources. So simply bundling
a pre-generated manpage won't do.
 2009-11-14 16:34:06 +05:30
Mukund Sivaraman
2061a18313 Revert "Don't cleanup generated and dist'ed manpages" 
This reverts commit 276ca8369d.
 2009-11-14 16:16:49 +05:30
Mukund Sivaraman
66abbbe72d Use located a2x binary instead of hard-coded name 2009-11-14 15:47:51 +05:30
Mukund Sivaraman
e71b3e08a6 Mark all generated stuff with silent rules 2009-11-14 15:47:21 +05:30
Mukund Sivaraman
d8062ed35f Enable silent rules by default 2009-11-14 15:43:18 +05:30
Mukund Sivaraman
276ca8369d Don't cleanup generated and dist'ed manpages 2009-11-14 15:40:57 +05:30
Michael Adam
feea6db815 daemon.c: fix #if NDEBUG --> #ifdef NDEBUG 
Thanks to Mathew Mrosko for pointing that out.
 2009-11-10 17:59:40 +01:00
Michael Adam
c3f29ce4ac gitignore etc/tinyproxy.conf - it is generated 2009-11-10 17:12:16 +01:00
Michael Adam
444ad35250 intentation: convert a tab to spaces 
Michael
 2009-11-10 13:59:07 +01:00
Michael Adam
c0c6db0a5e Update etc/Makefile.am to substitute TINYPROXY_STATHOST 
Maybe, it would be better to have a two stage process here:

1. Have AC_SUBST from configure substitute as many variables
   as possible in  a fist stage
   tinyproxy.conf.tmpl.in --> tinyproxy.conf.tmp

2. Have make substitute those remaining paths that can not be
   substituted reasonable by configure due to the internal
   workings of automake.

Michael
 2009-11-10 13:58:08 +01:00
Michael Adam
6f56738ab0 tinyproxy.conf: add a comment documenting StatHost 
Michael
 2009-11-10 13:58:08 +01:00
Michael Adam
41dd25d8e6 docs: update description of STATHOST in tinyproxy(8) 
Michael
 2009-11-10 13:58:08 +01:00
Michael Adam
cbb179ef0b docs: document StatHost in tinyproxy.conf(5) 
Michael
 2009-11-10 13:58:07 +01:00
Michael Adam
e54a3827df configure: AC_SUBST TINYPROXY_STATHOST, not only define it for config.h 
Michael
 2009-11-10 13:58:07 +01:00
Michael Adam
fd879e45c8 conf: fix reverspath parsing: the string in the 2nd arg is actually the inner match 
this fixes bug #64, https://www.banu.com/bugzilla/show_bug.cgi?id=64

the quotes of the string were part of the revers path after parseing.

Michael
 2009-11-10 01:17:27 +01:00
Michael Adam
f63c29c886 conf: make the WS optional too, before the optional 2nd argument to reversepath 
Michael
 2009-11-10 01:17:27 +01:00
Michael Adam
60d738626b conf: fix ipv6 regex patterns, take three 
This extends the pattern by an alternative where there are no double colons.
This is for instance the case for and IPv6 address of the form
1111:222:33:4:55:666:7777:888

Michael
 2009-11-10 00:55:39 +01:00
Michael Adam
4292fe7795 Fix a segfault in insert_acl and checks against string-type acls 
The "address" member of struct acl_s is a union of a char *
and the numeric ip. So freeing the string after appending it to the
vector list is bad in two respects:

1. If the acl type was numeric, then this could (and would)
   lead to a segfault due to the numeric IP data interpreted
   as pointer to the string to be freed.

2. If the acl type was string, then the acl inserted into the
   list contained a reference to this address string that
   was freed. So in the worst case dereferencing this freed
   string could segfault, or at least this could lead to
   unexpectedly failing acl checks.

Michael
 2009-11-10 00:37:57 +01:00
Michael Adam
2b73e2183f conf: fix the IPV6 regex patterns, take two 
The patterns should not end with the end of line marker,
since they might be part of a continuing pattern,
say of the form ipv6address/mask (used for allow/deny)

Michael
 2009-11-09 23:26:46 +01:00
Michael Adam
f4f14419c4 conf: fix the IPV6 regex patterns 
These are not matched against the beginning of a line
but somewhere in the middle (as in "listen <IPv6 address>").

Michael
 2009-11-09 13:53:44 +01:00
Mukund Sivaraman
cd834de190 Close listenfd upon errors 2009-11-09 11:16:38 +05:30
Mukund Sivaraman
c8c9abc669 Fix validation of IPv6 addresses 2009-11-09 02:44:14 +05:30
Mukund Sivaraman
6f93737d8e Bump micro version 2009-11-09 01:14:03 +05:30
Mukund Sivaraman
c978015af1 Add IPV6 support to listen_sock() 2009-11-09 01:13:41 +05:30
Michael Adam
25057baf54 propagate reload of filter file to child procs by sending HUP signals 2009-10-25 23:33:37 +01:00
Michael Adam
3474de599f Change child_kill_children() to take the signal as an argument. 2009-10-25 23:33:37 +01:00
Michael Adam
1b4d130cf5 child: handle SIGHUP in the child by reloading the filter file 2009-10-25 23:33:37 +01:00
Michael Adam
b837e65b21 use new filter_reload() in child_main_loop() 2009-10-25 23:33:37 +01:00
Michael Adam
83987babd3 filter: add function filter_reload() 2009-10-25 23:33:37 +01:00
Michael Adam
79527fb6f7 gitignore add file tags (from ctags) 2009-10-25 23:33:37 +01:00
Michael Adam
f43dd6ae18 TODO: add a reference to a bugzilla entry 2009-10-13 23:52:02 +02:00
Michael Adam
cbaa4b9fd2 tests:webclient: add option to send a request entity (body) 2009-10-12 02:01:25 +02:00
Michael Adam
e793a729f6 Clean tinyproxy.conf in make clean. 2009-10-11 13:21:13 +02:00
Michael Adam
582a8dc624 Fix make distcheck with tinyproxy.conf.in 
(Fixes make install and out of tree builds)

Thanks to muks for the top_srcdir bit!
 2009-10-11 13:19:36 +02:00
Michael Adam
7b8171fe01 tests: add commented out DisableViaHeader to tinyproxy conf in the tests. 2009-10-11 02:00:44 +02:00
Michael Adam
db7f340b3a Document DisableViaHeader in the tinyproxy.conf(5) manpage. 2009-10-11 02:00:44 +02:00
Michael Adam
1c0bda0e7c Document DisableViaHeader in the tinyproxy.conf template. 2009-10-11 02:00:32 +02:00
Michael Adam
7671ac1ae2 Don't add "Via:" header when DisableViaHeader == Yes. 2009-10-11 01:27:24 +02:00
Michael Adam
f208b1222b Add a boolean config option "DisableViaHeader". 2009-10-11 01:13:15 +02:00
Michael Adam
f46aeca9a5 Fix a typo in the tinyproxy.conf template. 2009-10-10 22:25:03 +02:00
Michael Adam
03b8e8bc19 Fix another typo in the tinyproxy.conf(5) manpage. 2009-10-10 22:24:02 +02:00
Michael Adam
add2685a55 Fix a typo in the tinyproxy.conf(5) manpage. 2009-10-10 22:23:28 +02:00
Michael Adam
cbe52ca43c tests:webserver: correctly answer http/0.9 requests by sending no headers 
Michael
 2009-10-10 20:57:07 +02:00
Michael Adam
07d993cbc1 acl: Fix "comparison between signed and unsigned" warning on 32bit 
This reads the mask bits as an unsigned int instead of as signend.
This is also what mask bits really are - there is no negative mask. :-)

Michael
 2009-10-10 01:11:53 +02:00
Michael Adam
a89d987e8a Use size_t not ssize_t for len argument. This is always >= 0. 2009-10-10 01:11:10 +02:00
Michael Adam
1fda61b5a0 generate etc/tinyproxy.conf from a tinyproxy.conf.in template 
This is a first cut at providing a tinyproxy.conf file with
more useful default or example directories. It uses datadir,
sysconfdir and localstatedir.

Because automake is a little special here, this template can
not simply be processed by configure (AC_CONFIG_FILES(...)),
as these variables can only be used like this in makefiles.
Instead, we need a little sed-processor in the Makfile in etc/.

Michael
 2009-10-10 00:58:55 +02:00
Mukund Sivaraman
641e5823c0 Use ssize_t for len argument 2009-10-09 13:50:12 +05:30
Michael Adam
eb4d01cc46 add muks' and my (C) to the main.c boilerplate comment. 
Michael
 2009-10-07 01:08:03 +02:00
Michael Adam
297274ca15 main: add muks and me to the license output (tinyproxy -l) 
Michael
 2009-10-07 01:06:05 +02:00
Mukund Sivaraman
8ff437236f Add items to TODO 2009-10-02 15:55:42 +05:30
Mukund Sivaraman
eab4ae000b url variable modified in do_transparent_proxy() is not the url variable in the caller 2009-10-02 15:27:43 +05:30
Mukund Sivaraman
931b038b27 Use safer string functions 2009-10-02 15:21:42 +05:30
Mukund Sivaraman
323a4d0147 Clean up html_send_file () 
- Make function return from one place
 - Move inbuf to the heap
 2009-10-02 13:01:32 +05:30
Mukund Sivaraman
21c8d7a7ed Add more bugs to NEWS 2009-09-28 19:08:54 +05:30
Mukund Sivaraman
92378a9085 docs: Fix typos in tinyproxy.conf manpage 2009-09-28 18:51:42 +05:30
Mukund Sivaraman
03c8a415e3 Add note about build system to NEWS 2009-09-28 18:37:40 +05:30
Mukund Sivaraman
afcd38536b docs: Fix case 2009-09-28 16:26:19 +05:30
Michael Adam
5a77c9744a docs: document the reverse proxying options in tinyproxy.conf(5) 2009-09-28 12:18:52 +02:00
Michael Adam
f0cbc35ca9 docs: document ConnectPort in tinyproxy.conf(5) 2009-09-28 11:37:54 +02:00
Michael Adam
9ff9bd18fe docs: document Anonymous in tinproxy.conf(5) 2009-09-28 11:35:20 +02:00
Michael Adam
f1e5360ef1 docs: document the filtering options in tinyproxy.conf(5) 2009-09-28 11:24:34 +02:00
Michael Adam
33872928d5 docs: document ViaProxyName in tinyproxy.conf(5) 2009-09-28 11:24:34 +02:00
Michael Adam
8c31287805 docs: document Allow and Deny in tinyproxy.conf(5) 2009-09-28 11:24:34 +02:00
Michael Adam
42b072b863 docs: document MaxRequestsPerChild in tinyproy.conf(5) 2009-09-28 11:24:34 +02:00
Michael Adam
553b95b3ed docs: document StartServers in tinyproxy.conf(5) 2009-09-28 11:24:34 +02:00
Michael Adam
9574bf0855 docs: document MinSpareServers and MaxSpareServers in tinyproxy.conf(5) 
Michael
 2009-09-28 11:24:33 +02:00
Michael Adam
bc1b7def01 docs: document "MaxClients" in tinyproxy.conf(5) 
Michael
 2009-09-28 11:24:33 +02:00
Michael Adam
078040731c docs:document "Upstream"/"No Upstream" in the tinyproxy.conf manpage 
Michael
 2009-09-28 11:24:33 +02:00
Michael Adam
5198ae644b conf: beautify one formatting in the directives array. 
Michael
 2009-09-28 11:24:33 +02:00
Michael Adam
2beaac96d3 handle_connection: make logic clearer when deciding whether to use connect/ssl 
Michael
 2009-09-28 11:24:33 +02:00
Mukund Sivaraman
f08f0218af Include limits.h for LONG_MAX and LONG_MIN 
Not including limits.h caused an issue when building on FreeBSD.
 2009-09-28 13:41:36 +05:30
Mukund Sivaraman
f0263c5823 Fix version in NEWS file 2009-09-27 19:25:51 +05:30
Mukund Sivaraman
e58f392e57 Add NEWS for 0.7.1 2009-09-27 19:24:11 +05:30
Mukund Sivaraman
44e32f15d7 Remove section on debugging from README 2009-09-27 19:09:51 +05:30
Mukund Sivaraman
bf38e2e68b Update README to asciidoc format 2009-09-27 19:08:46 +05:30
Mukund Sivaraman
630d44e67b [BB#10] Do not filter out transfer-encoding header 2009-09-27 16:27:51 +05:30
Michael Adam
4668ae9e06 tests: set XTinyproxy Yes in the test setup 
Michael
 2009-09-27 12:52:39 +02:00
Michael Adam
7710dc4a8c conf: make xtinyproxy BOOL in the directives array, too 
Michael
 2009-09-27 12:48:48 +02:00
Michael Adam
c8a0a1efdc docs:tinyproxy.conf(5): fix a typo. 
Michael
 2009-09-27 12:41:30 +02:00
Michael Adam
95f2584883 docs: document XTinyproxy in the tinyproxy.conf manpage. 
Michael
 2009-09-27 12:40:44 +02:00
Michael Adam
577e95880e tinyproxy.conf: Update the description of XTinyproxy (it is a bool). 
Michael
 2009-09-27 12:35:16 +02:00
Michael Adam
eecf145dbb conf: turn XTinyproxy into a boolean option 
This is what it actually is.

The string value was used in earlier versions to compare
against the uri->authority string. But not as a list of
sites to create an X-Tinyproxy header for, as the tinyproxy.conf
template states...

Michael
 2009-09-27 12:32:31 +02:00
Michael Adam
0539be08b4 tests: fix infinite loop "waiting for 3 seconds..." in bash 
Michael
 2009-09-27 12:07:54 +02:00
Michael Adam
79e994dd97 tests:webclient: allow HTTP/1.0 requests with methods other than GET 
Michael
 2009-09-27 11:18:52 +02:00
Michael Adam
039537cbe7 make: add targets "test" and "valgrind-test" 
These simply run the corresponding test scripts.
Needs to be extended.

Michael
 2009-09-27 11:18:52 +02:00
Mukund Sivaraman
2fd7417f56 Modify usage help text shown when Tinyproxy is run with -h 2009-09-27 08:09:24 +05:30
Mukund Sivaraman
1cdec54029 build: Reverse maintainer mode test 
This is so that if this variable name changes in the future,
Tinyproxy would still build without aborting on -Werror.
 2009-09-27 08:09:24 +05:30
Mukund Sivaraman
54f4e8a91f Use correct format string for POSIX pid_t in pidfile_create() 
This patch also adds a gtk-doc comment for pidfile_create().
 2009-09-27 08:09:24 +05:30
Mukund Sivaraman
43d0af85af Remove obsolete comment 2009-09-27 08:09:24 +05:30
Mukund Sivaraman
1c72d8f063 build: Run configure in autogen.sh 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
38c20cd867 Add explicit casts for c++ mode in transparent-proxy.c 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
c8be0250cd Fix use of uninitialized variable 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
0dda30295e Add explicit casts for c++ mode in reverse-proxy.c 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
00931dfc68 build: Add -Werror to CFLAGS during maintainer mode builds 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
3f0ccdef3c strdup() the default stathost in config struct as it can be freed 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
0ecb688269 Don't ignore retval of ftruncate() in utils.c 2009-09-27 08:09:23 +05:30
Mukund Sivaraman
1586b39138 Don't ignore retval of read() in reqs.c 2009-09-27 08:09:22 +05:30
Mukund Sivaraman
003df7454a Don't ignore retval of write() in log.c 2009-09-27 08:09:22 +05:30
Mukund Sivaraman
616c03a9fb Don't ignore retval of ftruncate() in log.c 2009-09-27 08:09:22 +05:30
Mukund Sivaraman
fc7415a5b0 Include debugging functions only when debug mode is used 2009-09-27 08:09:22 +05:30
Mukund Sivaraman
d102ed4ed3 Don't ignore retval of chdir() 2009-09-27 08:09:22 +05:30
Michael Adam
50c781d0c9 build: import the AM_SILENT_RULES if available, but default to verbose. 
Automake 1.11 (and I think 1.10b already) offers the AM_SILENT_RULES macro.
This adds switches --quiet, --enable-silent-rules and --disable-silent-rules
to configure.

--quiet makes the configure run itself quite.
--enable-silent-rules makes the compile process less verbose:
  for a file that is compiled without errors or warnings, a simple
  "CC     main.o" is printed (e.g.). Compiler warnings and errors
  are printed of course.
  This makes it much easier (IMHO) to spot build problems.
--disable-silent-rules turns the silent rules off

I have set it up such that the default for tinyproxy is to build
in verbose mode (i.e. with silent rules disabled). This prints
the whole compile call command line for each source file compiled,
precisely as before.

You can also control verbose/non-verbose mode at "make" time, i.e.
after configure has run, by calling "make V=0 ..." or "make V=1 ..."
for running in silent and verbose mode, respectively.

If the version automake used to create configure is too old,
the result is unaltered, compared to the result before this change.

Wow - this is a long commit message for a 1-liner.
But since I discussed this with Mukund earlier, and he did
not seem to be too fond if this, I felt the need to justify
this change... :-)

Michael
 2009-09-22 13:09:25 +02:00
Michael Adam
e8cbd7088c docs:tinyproxy.conf: document "PidFile". 
Michael
 2009-09-22 00:22:19 +02:00
Michael Adam
7b07477ebd docs:tinyproxy.conf: document LogFile, Syslog, and LogLevel 
Michael
 2009-09-22 00:19:12 +02:00
Michael Adam
93219ea0db docs:tinyproxy.conf: describe ErrorFile and DefaultErrorFile and StatFile 
Somehow, I don't quite get the asciidoc formatting yet.
I can't get the extra paragraph on templates to look nice
in the manpage output.
But at least there is some content...

Michael
 2009-09-22 00:05:23 +02:00
Michael Adam
92c64cabc1 tests: use the debug.html file as DefaultErrorFile in the tests. 
Michael
 2009-09-21 09:42:47 +02:00
Mukund Sivaraman
df6e8ae046 Fix warning about format string not being a string literal 2009-09-21 10:04:09 +05:30
Mukund Sivaraman
f0cc213c5a Remove trailing comma from acl_type enum 2009-09-21 09:59:11 +05:30
Mukund Sivaraman
e9f8212560 Suppress gcc warnings about variadic macros 2009-09-21 09:57:29 +05:30
Mukund Sivaraman
0cc707b3ff Rename conffile.[ch] to conf.[ch] 2009-09-21 09:41:59 +05:30
Mukund Sivaraman
9d5a15ed2d [BB#18] Fix pointer aliasing issues 
The changes were suggested by ians on the Banu forums.
 2009-09-21 09:16:58 +05:30
Mukund Sivaraman
d7ae6e4653 build: Add -ansi and --std=c89 to CFLAGS 2009-09-21 09:14:51 +05:30
Mukund Sivaraman
eccc765057 Remove trailing comma from filter_policy_t 2009-09-21 07:32:38 +05:30
Michael Adam
b424ec2865 configure: fix a typo in the tinyproxy version definition. 
Michael
 2009-09-20 22:26:41 +02:00
Michael Adam
b95f7b9ffb Print a http error when the client headers could not be retrieved. 
A ususal case here is that the headers were buggy, e.g. a line
without a ":" to separate the header field name from the value.
Previous behaviour was to silently return a blank page.

Michael
 2009-09-20 22:24:18 +02:00
Michael Adam
fcb053a77c Revert "Remove unused parameter from process_request()" 
This reverts commit f3312c22a0.

The "hashofheaders" argument to process_request() is needed
for building with reverse support or with transparent support.

Michael
 2009-09-20 21:58:52 +02:00
Michael Adam
87f7a79e89 tests:webclient: fix default version (string, not number...) 
Michael
 2009-09-20 13:24:06 +02:00
Michael Adam
2208bebeac tinyproxy.conf: add a comment referring to the tinyproxy.conf(5) manpage 
Michael
 2009-09-20 11:01:30 +02:00
Michael Adam
30cb3f89ab tinyproxy.conf: update description of User/Group 
Michael
 2009-09-20 10:58:18 +02:00
Mukund Sivaraman
ad8f0feb4f build: Remove obsolete/unused macros 2009-09-20 14:14:27 +05:30
Mukund Sivaraman
23464e88ad Remove unnecessary vfork.h include 2009-09-20 14:08:14 +05:30
Mukund Sivaraman
73409c9fe1 build: Remove use of the obsolete AC_TYPE_SIGNAL macro 
C89 compilers use void return type for signal handler functions.
 2009-09-20 14:03:56 +05:30
Mukund Sivaraman
919eedc7f9 Remove inline keyword from static functions 
The compiler inlines static functions as necessary anyway.
No more inline keywords exist in Tinyproxy source code. We want to
avoid using this keyword anyway.
 2009-09-20 13:58:50 +05:30
Mukund Sivaraman
403fd7cc25 build: Remove obsolete/unused macros 2009-09-20 13:54:57 +05:30
Mukund Sivaraman
0978decbac build: Rename autoconf variable 2009-09-20 13:45:47 +05:30
Mukund Sivaraman
a1725f6297 Better handle the debugging flags 2009-09-20 13:38:53 +05:30
Mukund Sivaraman
1a5d1b4833 build: Remove profiling related CFLAGS 
These can be specified manually by a developer when necessary. Such flags
do not belong in a generic distribution.
 2009-09-20 13:37:09 +05:30
Mukund Sivaraman
753010f571 build: Update CFLAGS and also check if they are supported 
Also, enable all warnings by default, whether it is a debug
build or not.
 2009-09-20 13:32:46 +05:30
Mukund Sivaraman
07ad8ad1b2 Remove unnecessary CFLAGS initialization 2009-09-20 13:19:22 +05:30
Mukund Sivaraman
1196cc11b9 Remove unnecessary prefix test 2009-09-20 13:12:57 +05:30
Mukund Sivaraman
abafcf08ab Remove the target system information when the version is displayed 
If we require information about the runtime environment, it can be
found using the uname program. And binutils can tell about what the
tinyproxy binary contains. Tinyproxy doesn't have to report this
information.
 2009-09-20 12:40:52 +05:30
Mukund Sivaraman
90e7d07f44 Remove ability to change the name of the default configuration file 
This feature will only confuse us during support, if users come to
us with a Tinyproxy build which has a differently named default config
file. This feature is not that useful anyway.
 2009-09-20 12:33:47 +05:30
Mukund Sivaraman
6f9fa5287f Remove obsolete SOCKS related entries from configure.ac 
These were probably never supported, and we shouldn't claim that
we support SOCKS when we don't.
 2009-09-20 12:21:59 +05:30
Mukund Sivaraman
fbc0549540 Remove unused statements from configure.ac 2009-09-20 12:14:02 +05:30
Mukund Sivaraman
851ef02fbe build: Generate more version related variables 2009-09-20 12:13:26 +05:30
Mukund Sivaraman
e33fb9f77b docs: Make formatting changes in tinyproxy.conf manpage 2009-09-20 11:55:47 +05:30
Mukund Sivaraman
9dfe1f1a56 docs: Further describe User and Group keys in tinyproxy.conf manpage 2009-09-20 11:53:44 +05:30
Mukund Sivaraman
9f0bf550af Revert "docs: extend description of the User and Group parameters." 
This reverts commit b6433522eb.
 2009-09-20 11:50:47 +05:30
Michael Adam
371e13e44f docs: document Listen, Bind, Bindsame, and Timeout in tinyproxy.conf(5) 
Michael
 2009-09-20 01:54:06 +02:00
Michael Adam
b6433522eb docs: extend description of the User and Group parameters. 
Michael
 2009-09-20 01:54:06 +02:00
Mukund Sivaraman
f7d494d9f7 doc: Add initial description in tinyproxy.conf manpage 2009-09-19 23:04:04 +05:30
Mukund Sivaraman
0def858576 docs: Add placeholder for tinyproxy.conf manpage 2009-09-19 09:57:24 +05:30
Michael Adam
4d4f7d2a09 tests:webclient: add copyright notice to the pod documentation. 
Michael
 2009-09-17 00:25:57 +02:00
Michael Adam
d1c8a68375 tests:webserver: Add copyright notice to the pod documentation. 
Michael
 2009-09-17 00:25:57 +02:00
Michael Adam
aae8ae5d8d tests:webclient: reduce duplication. 
Michael
 2009-09-17 00:25:57 +02:00
Michael Adam
b7d9256a7a tests:webclient: add a --dry-run mode that prints the request to stdout 
and does not connect to the server at all.

Michael
 2009-09-16 22:35:35 +02:00
Michael Adam
4ef7901115 tests:webclient: extend webclient to support HTTP/0.9, 1.0 and 1.1 requests. 
Enable spcifying HTTP protocol version on command line ( --http-version).
Enable specifying method (GET, CONNECT, ...) on the command line (--method).
Add POD documentation.
Use pod2usage() to print help message.

Michael
 2009-09-16 22:35:35 +02:00
Michael Adam
b5a69151fa tests: add Makefile.am to tests/ and tests/scripts dir (for packaging) 
Michael
 2009-09-16 22:35:35 +02:00
Michael Adam
f648d82edc tests: prepare tinyproxy for filter file usage in tests. 
Michael
 2009-09-15 02:25:10 +02:00
Michael Adam
574a65c28e filter: un-linebreak after un-indent... 
Michael
 2009-09-15 02:25:10 +02:00
Michael Adam
c240ca3bcc child: move log messagte in child_main_loop() to a less irritating place. 
Michael
 2009-09-15 02:25:10 +02:00
Michael Adam
93b00446b9 filter: reduce indentation in filter_init by 16 characters by using return. 
Michael
 2009-09-15 02:25:09 +02:00
Mukund Sivaraman
9594b8889e Revert "Fix constness of stathost" 
This reverts commit 42d2e10c93.
 2009-09-15 04:14:26 +05:30
Mukund Sivaraman
f3312c22a0 Remove unused parameter from process_request() 2009-09-15 04:11:58 +05:30
Mukund Sivaraman
551e041638 Make takesig() into a static function 2009-09-15 04:09:34 +05:30
Mukund Sivaraman
42d2e10c93 Fix constness of stathost 2009-09-15 04:08:26 +05:30
Mukund Sivaraman
83ebd74d87 Minor indenting changes 
Also changed the text "configuration file" to read "config file".
 2009-09-15 04:07:06 +05:30
Mukund Sivaraman
d243515fa7 Return instead of exit() at end of main() 2009-09-15 04:06:26 +05:30
Mukund Sivaraman
ce55167487 Minor indenting changes 2009-09-15 03:53:35 +05:30
Mukund Sivaraman
b3065b6d18 Exit with proper status in case of bad commandline arguments 2009-09-15 03:53:18 +05:30
Mukund Sivaraman
34e23233ce Add doc for change_user() 2009-09-15 02:00:20 +05:30
Mukund Sivaraman
1d744eb4c9 Return correct error status when setuid() or setgid() fails 2009-09-15 01:55:16 +05:30
Mukund Sivaraman
56748c5e65 Extract setuid/setgid code into a function 2009-09-15 01:55:16 +05:30
Mukund Sivaraman
5ec5449194 Extract cmdline parsing code into a function 2009-09-15 01:55:16 +05:30
Michael Adam
f25b0e2872 filter: untangle assignment and check in filter_init(). 
Michael
 2009-09-14 22:18:28 +02:00
Michael Adam
c8e1696a22 conffile: reformat the directives array for readability. 
Michael
 2009-09-14 22:17:45 +02:00
Michael Adam
b6413068e2 tests:webserver: record the value of the server header field in a variable. 
Michael
 2009-09-14 22:12:30 +02:00
Mukund Sivaraman
96303e10f3 Remove unused variable 2009-09-15 01:15:27 +05:30
Mukund Sivaraman
7b9234f394 Indent code to Tinyproxy coding style 
The modified files were indented with GNU indent using the
following command:

indent -npro -kr -i8 -ts8 -sob -l80 -ss -cs -cp1 -bs -nlps -nprs -pcs \
    -saf -sai -saw -sc -cdw -ce -nut -il0

No other changes of any sort were made.
 2009-09-15 01:11:25 +05:30
Mukund Sivaraman
2cb6777592 Remove C++ wrapper from headers 
These are not necessary as Tinyproxy is pure C code, and only
to be used within Tinyproxy. It is not a library.
 2009-09-15 01:04:28 +05:30
Mukund Sivaraman
26b95f7b81 Add Tinyproxy indent script 2009-09-15 01:00:50 +05:30
Mukund Sivaraman
5d48ba3c66 docs: Fix .gitignore 2009-09-14 19:13:34 +05:30
Michael Adam
df4892d939 tests:webclient: add User-Agent header to request. 
Michael
 2009-09-14 13:30:58 +02:00
Michael Adam
8c5391ab6e tests:webserver: add handing of bad request error. 
Michael
 2009-09-14 13:30:57 +02:00
Michael Adam
78502e4565 tests:webserver: add parsing of request 
Michael
 2009-09-14 13:30:57 +02:00
Mukund Sivaraman
e06aaa5c79 Rename doc directory to docs 2009-09-14 16:56:12 +05:30
Mukund Sivaraman
0491411807 doc: Remove pre-generated manpage from repo 
A pre-generated manpage still gets EXTRA_DIST'ed in release tarballs.
 2009-09-14 16:50:49 +05:30
Mukund Sivaraman
325d12b01d doc: Don't EXTRA_DIST configure generated tinyproxy.txt 2009-09-14 16:49:56 +05:30
Mukund Sivaraman
caba182038 doc: Add .gitignore to doc/man8/ 2009-09-14 16:43:06 +05:30
Mukund Sivaraman
05ee13a649 doc: Another manpage text update 2009-09-14 16:20:10 +05:30
Mukund Sivaraman
017ba5d42f doc: Case changes and minor text updates to manpage 2009-09-14 15:51:37 +05:30
Mukund Sivaraman
00614c1523 doc: Update manpage to set missing fields 2009-09-14 15:46:18 +05:30
Michael Adam
675c7492c1 docs: update asciidoc-generated manpage tinyproxy.8 after changes. 
Michael
 2009-09-14 11:22:51 +02:00
Michael Adam
19add5471b doc: use asciidoc-auto-enumeration in list. 
Michael
 2009-09-14 11:20:07 +02:00
Michael Adam
b3e3fe6647 doc: add my c to the manpage 
Michael
 2009-09-14 11:03:34 +02:00
Michael Adam
cdb9d54dca docs: update tinyproxy manpage: elaborate template files and explain stat host. 
Michael
 2009-09-14 11:02:28 +02:00
Michael Adam
afacc3d80b tests:webserver: move parsing of request to its own function. 
(Prepare for really parsing the request...)

Michael
 2009-09-14 11:02:28 +02:00
Mukund Sivaraman
8f8f99098e packaging: Update summary and description in spec file 2009-09-13 17:26:38 +05:30
Mukund Sivaraman
b952bc6595 Remove acinclude.m4 and configure macro dir 2009-09-13 17:14:08 +05:30
Michael Adam
f1a586648e tests: test retreival of stathost page. 
Michael
 2009-09-13 01:52:26 +02:00
Michael Adam
282ec11792 tests: set stathost to 127.0.0.127 in the testsuite 
Michael
 2009-09-13 01:52:11 +02:00
Michael Adam
5a96099cde tests: print IP and port after firing up tinyproxy and webserver 
Michael
 2009-09-13 01:31:05 +02:00
Michael Adam
abb2283e2e tests:webserver: be more rfc 1945 compliant in the server-header. 
Michael
 2009-09-13 01:14:44 +02:00
Michael Adam
71f3721bb1 tests: fix run_tests.sh after templates have moved. 
Michael
 2009-09-13 01:09:44 +02:00
Mukund Sivaraman
7aa5482754 doc: Remove missing tinyproxy.conf from EXTRA_DIST 2009-09-13 04:14:21 +05:30
Mukund Sivaraman
168935344a Cleanup top-level Makefile.am 2009-09-13 04:13:21 +05:30
Mukund Sivaraman
9b6975c9eb m4macros: EXTRA_DIST m4 macros from its own directory 2009-09-13 04:12:32 +05:30
Mukund Sivaraman
49971a76b9 Remove files that are distributed anyway from EXTRA_DIST 2009-09-13 04:09:37 +05:30
Mukund Sivaraman
7b4f67ecef data: Cleanup installation of templates 2009-09-13 04:08:06 +05:30
Mukund Sivaraman
9d7bd43d8e Fix Makefile.am 2009-09-13 04:05:28 +05:30
Mukund Sivaraman
c44264ddaa doc: Move doc/tinyproxy.conf to etc/ directory 2009-09-13 04:04:18 +05:30
Mukund Sivaraman
4cbc6b0359 doc: Move doc/HTML_VARIABLES content to the manpage 2009-09-13 03:59:03 +05:30
Mukund Sivaraman
13ccc059d0 doc: Rename some files 2009-09-13 03:53:32 +05:30
Mukund Sivaraman
ce97014bc0 doc: Delete report.sh.tmpl 2009-09-13 03:49:20 +05:30
Mukund Sivaraman
f3e06436b5 doc: Move templates to data/templates/ directory 2009-09-13 03:48:24 +05:30
Mukund Sivaraman
d7296318a0 doc: Cleanup doc/Makefile.am 2009-09-13 03:40:59 +05:30
Mukund Sivaraman
a4a93917c9 doc: Use asciidoc for manpage 2009-09-13 03:32:38 +05:30
Mukund Sivaraman
31f98e9adc doc: Remove report.sh script 2009-09-13 02:55:42 +05:30
Michael Adam
6c83a49bbb tests: add a script wrapper to run tinyproxy under valgrind in the tests. 
This runs valgrind with the -q switch - i.e. the log file
tests/env/var/log/valgrind.log will only contain anything when there were
valgrind errors. (Memory leaks...)

Michael
 2009-09-11 01:10:11 +02:00
Michael Adam
26aa8648b6 tests: add support for running tinyproxy under valgrind. 
When you want to run tinyproxy under valgrind,
set the environment variable VALGRIND to some useful
valgrind command line.

Michael
 2009-09-11 01:02:52 +02:00
Michael Adam
389f5d1464 make "config_file" a const in the config struct. 
Michael
 2009-09-10 22:16:58 +02:00
Michael Adam
735c9cb70f reqs.c: fix two implicit cast warnings. 
Michael
 2009-09-10 22:12:16 +02:00
Michael Adam
408c781d14 tests: restructure run_tests into functions to make main flow clearer. 
Also prepare for modularizing the testsuite.

Michael
 2009-09-10 12:53:25 +02:00
Michael Adam
dfa1763af9 tests:run_tests: add complete GPL boilerplate. 
Michael
 2009-09-10 12:09:12 +02:00
Michael Adam
bc1da1cbb5 tests:webclient: add complete GPL boilerplate. 
Michael
 2009-09-10 12:08:17 +02:00
Michael Adam
290c4f581e tests/webserver: add complete GPL boilerplate. 
Michael
 2009-09-10 12:07:48 +02:00
Michael Adam
4d4f8bffef tests:webserver: make pid-file, log-dir and doc-root reside in /tmp by default 
So simply starting the server will work.

Michael
 2009-09-10 11:08:17 +02:00
Michael Adam
974be68476 tests/webserver: rework locking of pid file. 
Michael
 2009-09-10 11:08:17 +02:00
Michael Adam
449af292dc tests:webserver: reopen STDOUT/STDERR after locking pid file. 
Michael
 2009-09-10 11:08:08 +02:00
Michael Adam
526c70f687 tests: this is a first draft of the beginning of a test suite. 
It provisions a test envirnonment, fires up the perl web server
and tinyproxy and currently makes one direct request to the
web server and one request through tinyproxy.

This will be modularized and extended in the sequel.

Michael
 2009-09-10 01:20:59 +02:00
Michael Adam
158f8a7e15 tests: add a simple web client written in perl. 
This should be one of the test tools for writing our testsuite.

This can be used to make direct connects to web servers like so:

webclient.pl server_ip:port /path/file.html

and to make requestis via a proxy like this:

webclient.pl proxy_ip:port http://webserver:port/path/file.html

Michael
 2009-09-10 01:15:01 +02:00
Michael Adam
a39d7cd8d8 tests: add a simple webserver written in perl. 
This should be the web server to test against in the upcoming selftest suite.
This web server will evolve as the test suite grows.
Currently, it just returns a web site quoting the request and a fortune
(if fortune is installed...) for whatever request it gets.

The option to provide a document root is already present.

Michael
 2009-09-10 01:13:01 +02:00
Michael Adam
e39da7d0b2 README: Update the CONTRIBUTING section. 
* provide the git url
* mention git format-patch
* mention the #tinyproxy irc channel

Michael
 2009-09-09 10:52:17 +02:00
Michael Adam
4092c70b06 Fix compiler warnings: make const strings const in process_server_headers(). 
Michael
 2009-08-12 23:49:46 +02:00
Michael Adam
0d585dca8d Fix compiler warnings: make const strings const in process_client_headers(). 
Michael
 2009-08-12 23:49:16 +02:00
Michael Adam
c59d012d11 Fix compiler warnings: Make const strings const in remove_connection_headers() 
Michael
 2009-08-12 23:47:45 +02:00
Michael Adam
1bfe8b6bea Fix implicit cast warning in get_all_headers(). 
And untangle assignment from check.

Michael
 2009-08-09 23:30:04 +02:00
Michael Adam
3b6bc45c37 Fix two implicit cast warnings in pull_client_data(). 
Michael
 2009-08-09 23:28:36 +02:00
Michael Adam
bfca4019b7 Fix three implicit cast warnings in process_request(). 
Michael
 2009-08-09 23:08:54 +02:00
Michael Adam
43fcc9ea37 Fix implicit cast warning in upstream_add(). 
Michael
 2009-08-09 23:06:31 +02:00
Michael Adam
00fd84586c Fix implicit cast warning in extract_ssl_url(). 
Michael
 2009-08-09 23:05:28 +02:00
Michael Adam
ed23ceef64 Fix implicit cast warning in extract_http_url(). 
Michael
 2009-08-09 23:04:27 +02:00
Michael Adam
bfa2c8ed77 Fix implicit cast warning in check_allowed_connect_ports(). 
Michael
 2009-08-09 23:02:54 +02:00
Michael Adam
eb0deeb966 fix signed vs unsigned comparison warning in check_allowed_connect_ports(). 
Michael
 2009-08-09 23:01:32 +02:00
Michael Adam
caee88c774 readline(): fix 5 implicit cast warnings 
Michael
 2009-08-07 10:10:04 +02:00
Michael Adam
947e8eb838 write_message(): fix signed/unsigned comparison warning 
Michael
 2009-08-07 10:07:07 +02:00
Michael Adam
c535939a9c write_message(): fix implicit cast warnings. 
Michael
 2009-08-07 10:06:12 +02:00
Michael Adam
b450ad76ff safe_write: fix unsigned vs. signed comparison 
Michael
 2009-08-07 10:04:57 +02:00
Michael Adam
2fff622819 send_stored_logs(): remove an implicit cast warning. 
Michael
 2009-08-07 09:54:15 +02:00
Michael Adam
4434dd24f1 send_stored_logs: fix signed/unsigned comparison 
Michael
 2009-08-07 09:42:45 +02:00
Michael Adam
8a27e29f7e log_message(): remove implicit cast warning. 
Michael
 2009-08-07 09:28:35 +02:00
Michael Adam
87f5657db0 log: make const char array const. 
Michael
 2009-08-07 09:27:51 +02:00
Michael Adam
1052502b63 http_message_add_headers: make argument num_headers unsigned 
and remove signed vs. unsigned comparison warnings.

Michael
 2009-08-07 09:24:32 +02:00
Michael Adam
f99edadc92 http_message_add_headers(): fix implicit cast warning. 
Michael
 2009-08-07 09:21:28 +02:00
Michael Adam
baf634194c http_message_create(): remove two implicit cast warnings. 
Michael
 2009-08-07 09:20:28 +02:00
Michael Adam
6a35704cdb heap: make a const string const in malloc_shared_memory(). 
Michael
 2009-08-07 09:17:49 +02:00
Michael Adam
8f50875740 heap: fix an implicit cast warning. 
Michael
 2009-08-07 09:17:12 +02:00
Michael Adam
ab9e8a59e2 hashmap: fix three implicit cast warnings. 
Michael
 2009-08-07 09:16:07 +02:00
Michael Adam
181b03d729 Fix an implicit cast warning in initialize_conn(). 
Michael
 2009-08-07 09:12:42 +02:00
Michael Adam
02e7bc7545 send_html_file(): remove a discards qualifyer warning 
and untangle assignment from check.

 Michael
 2009-08-07 08:56:46 +02:00
Michael Adam
3adec81872 html-error: make read only argument const in lookup_variable(). 
Michael
 2009-08-07 08:53:26 +02:00
Michael Adam
76dadf47d3 make a const string const in send_http_error_message(). 
Michael
 2009-08-07 08:51:35 +02:00
Michael Adam
1c3c268b50 make a const string const in send_http_headers(). 
Michael
 2009-08-07 08:49:21 +02:00
Michael Adam
c8ee85702e make message argument of indicate_http_error() const. 
Michael
 2009-08-07 08:48:51 +02:00
Michael Adam
20b606b6f5 make message argument to send_http_headers() constant. 
Michael
 2009-08-07 08:44:47 +02:00
Michael Adam
251a975126 add_error_variable(): make key and data arguments const 
Michael
 2009-08-07 08:41:36 +02:00
Michael Adam
05d1b2b372 showstats(): fix an implicit cast warning. 
Michael
 2009-08-07 08:38:41 +02:00
Michael Adam
3127baa4c6 showstats(): add a const to a const string 
Michael
 2009-08-07 08:37:44 +02:00
Michael Adam
bb067eb13c init_stats(): fix implicit cast warning. 
Michael
 2009-08-07 08:36:10 +02:00
Mukund Sivaraman
6f255d0900 Update bug tracker URL 2009-08-07 05:38:46 +05:30
Mukund Sivaraman
4518e4334d Wrap len in parantheses 2009-08-07 04:30:38 +05:30
Matthew Dempsky
59d273fdcc correctly handle folded header fields 2009-08-07 03:59:10 +05:30
Mukund Sivaraman
402b662def Fix const warning 2009-08-07 03:54:08 +05:30
Mukund Sivaraman
a21cd7e3ed Rename tinyproxy.[ch] to main.[ch] 2009-08-07 03:42:53 +05:30
Matthew Dempsky
b5089fecc7 fix error message formatting 
Signed-off-by: Michael Adam <obnox@samba.org>
 2009-08-06 07:33:20 +02:00
Michael Adam
f904831acd .gitignore: ignore vi backup files 
Michael
 2009-08-05 00:28:01 +02:00
Michael Adam
2ca1f9027b add const to the key argument of anonymous_insert(). 
Michael
 2009-08-05 00:15:04 +02:00
Michael Adam
c6475974b5 add const to the key argument for anonymous_search(). 
Michael
 2009-08-05 00:14:20 +02:00
Michael Adam
caf20d786b utils: make headers constant in send_http_message() to reduce compiler warnings 
Michael
 2009-08-05 00:09:41 +02:00
Michael Adam
1cdd76af31 http_message_add_headers(): make parameter headers const. 
Michael
 2009-08-05 00:09:16 +02:00
Michael Adam
867b4c9813 filter_init(): kill implicit cast warnings by adding explicit casts. 
Michael
 2009-08-04 23:57:30 +02:00
Michael Adam
f0a46fd71c vector: remove implicit cast warning in vector_insert() by adding explicit cast 
Michael
 2009-08-04 23:52:56 +02:00
Michael Adam
5b81dec879 vector: remove implicit cast warning in vector_create() 
Michael
 2009-08-04 23:51:29 +02:00
Michael Adam
0aa45b0d34 child_pool_create(): add to explicit cats to reduce compiler warnings. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
60de38ceaa child: adapt child_config to contain unsigned integers 
as just changed in get_int_arg.

Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
b4d8c5b9bf conffile: change [sg]et_int_arg() to return unsigned long int 
This is also the parser regexp for INT in the definition.

Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
23b09947c6 conffile: add explicit cast in get_string_arg(). 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
35abbbc26d config_compile(): add an explicit cast. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
0b583194b7 config_compile(): fix as signed / unsigned comparison compiler warning. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
f52be1a2a1 conffile: fix indentation in the directives definition. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
e6ac4b28cd conffile: fix some missing initializer warnings in the directives definition. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
32c7caf710 conffile: reformat some indentation and linebreak in the directives definition. 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
8f955d5543 child: add explicit cast in child_main(). 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
50dbd61063 buffer: add explicit cast in read_buffer(). 
Michael
 2009-08-04 23:47:28 +02:00
Michael Adam
e5e665b0c6 buffer: add explicit cast in new_buffer(). 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
88dbe04c81 buffer: untangle assignment and check. 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
f5c80119ca buffer: add two explicit casts to reduce compiler warnings in makenewline(). 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
25344751eb buffer: untangle assignment from check in makenewline(). 
For better debuggability.

Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
ab4df6edb8 check_acl(): initialize "perm" to eliminate compiler warning. 
Provides safe fallback for switch statement, just in case..

Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
14a3e187ee check_acl(): remove the fd argument - it is not used. 
Host name and IP address are provided instead.

Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
64ff313260 check_acl(): fix function header comment. 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
0abd82b7e9 check_acl(): add explicit cast to return value of vector_getentry() 
to reduce compiler warnings.

Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
b9f2325c54 check_acl(): add cast to recuce compiler warning (unsigned / signed comparison) 
vector_lenth() returns < 0 if the vectore is NULL but this has been
checked before, so we can safely cast.

Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
a34276feee change vector_prepend() to take size_t len instead of ssize_t len argument. 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
67628dcc63 change vector_append() to take size_t len instead of ssize_t len argument 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
590f99ef2d vector: change vectore_insert() to take size_t len instead of ssize_t len arg 
Michael
 2009-08-04 23:47:27 +02:00
Michael Adam
c2c7245030 remove "discard const" compiler warnings with log_message(). 
Michael
 2009-08-04 23:47:26 +02:00
Michael Adam
c409e0f9d8 configure: Add more warnings to CFLAGS in debug mode 
Michael
 2009-08-04 23:47:26 +02:00
Michael Adam
04b19ac8b4 tinyproxy.conf: fix a comment typo 
Michael
 2009-08-04 01:36:22 +02:00
Mukund Sivaraman
9d971cb2d0 [BB#53] Add a GPLv2 COPYING file 
Tinyproxy is distributed under the GNU GPLv2 or above license.
If autotools are used to build Tinyproxy without this file, they
copy the system installed COPYING file which is nowadays the
GNU GPLv3 license.
 2009-08-04 04:21:46 +05:30
Michael Adam
1491483c35 tinyproxy.conf: kill some trailing spaces 
Michael
 2009-06-14 23:01:07 +02:00
Michael Adam
3ebb2ce607 autogen.sh: fix errors with new autotools. 
The following errors occurred when running ./autogen.sh :

$ ./autogen.sh
+ aclocal
configure.ac:18: warning: AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
../../lib/autoconf/specific.m4:386: AC_USE_SYSTEM_EXTENSIONS is expanded from...
../../lib/autoconf/specific.m4:332: AC_GNU_SOURCE is expanded from...
configure.ac:18: the top level
configure.ac:18: warning: AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
configure.ac:19: warning: AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
../../lib/autoconf/specific.m4:459: AC_MINIX is expanded from...
configure.ac:19: the top level
configure.ac:19: warning: AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS

and so on for autoheader and friends.
According to the autotools docs, the proper way to handle this
is to just call AC_USE_SYSTEM_EXTENSIONS.

Michael
 2009-05-29 00:09:43 +02:00
Mukund Sivaraman
0b191f16fe Indenting change 2008-12-29 13:28:02 +00:00
Mukund Sivaraman
024b317de0 Convert tabs to spaces 2008-12-08 13:39:44 +00:00
Mukund Sivaraman
6e6f992f8c Update Tinyproxy website URL 2008-12-08 12:41:44 +00:00
Mukund Sivaraman
4c1ede779e Break at 80 columns 2008-12-08 12:26:08 +00:00
Mukund Sivaraman
a257703e59 Reformat code to GNU coding style 
This is a commit which simply ran all C source code files
through GNU indent. No other modifications were made.
 2008-12-01 15:01:11 +00:00
Mukund Sivaraman
448c19077c Don't disable the creation of core files 
Creation of core files can be disabled in the OS environment such
as by using the ulimit program.
 2008-12-01 14:40:26 +00:00
Mukund Sivaraman
a37a81db2d Update Tinyproxy website URLs 2008-10-16 18:21:16 +01:00
Mukund Sivaraman
c15fc551da Tweak configure.ac a bit 2008-08-24 12:28:39 +05:30
Mukund Sivaraman
8c1beab96e Update the bugmail field 2008-08-24 12:16:08 +05:30
Mukund Sivaraman
fadb98ee55 Add more calls to umask() before mkstemp() 2008-08-24 11:47:50 +05:30
Mukund Sivaraman
82cd6c765b Move buffer to the heap due to its size 2008-08-24 11:38:59 +05:30
Mukund Sivaraman
fce253253a Set umask before mkstemp() for some versions of glibc 2008-08-24 11:27:38 +05:30
Mukund Sivaraman
62ddbd5e74 pos can never be less than 0 as it's of type size_t 
Also fix the type which is passed in from various places.
 2008-08-24 10:58:16 +05:30
Mukund Sivaraman
90c1bb4b73 Remove useless check as data can't be NULL at this point 2008-08-24 10:45:29 +05:30
Mukund Sivaraman
039273c134 Add whitespace 2008-07-30 18:56:15 +05:30
Mukund Sivaraman
f613cec7ad Update the bug-report field 2008-07-30 18:53:55 +05:30
Mukund Sivaraman
fc06880f81 Add missing comma 2008-07-14 18:20:43 +05:30
Mukund Sivaraman
7c1c547fc8 Change bug report address to email address in AC_INIT 2008-07-14 18:17:41 +05:30
Mukund Sivaraman
aa95c34004 Allow numeric uid/gids in User and Group directives 
This change allows numeric uid/gids to be specified in the User and
Group directives in tinyproxy.conf. Formerly, only username and group
names were accepted. This fixes bug #15, which was created after
looking at a case on the OpenWrt wiki.

X-Banu-Bugzilla-Ids: 15
 2008-07-14 17:40:20 +05:30
Mukund Sivaraman
2fe213d777 Fix error variable names that stats.html expects 2008-07-14 17:14:12 +05:30
Mukund Sivaraman
7e5ac7c58a Fix a regression where empty error variables caused strlen() to crash 
This fixes a regression (bug #16) introduced in
95c1f39f60, where a NULL check was
removed. This caused NULL error variable values to be sent to
add_error_variable() in which strlen() segfaulted.

With this fix, custom stats pages should be displayed properly.

X-Banu-Bugzilla-Ids: 16
 2008-07-14 17:13:06 +05:30
Mukund Sivaraman
7bdd47d030 Make the embedded error message display valid XHTML too 
Also fix the information that is displayed.
 2008-07-14 15:47:00 +05:30
Mukund Sivaraman
7b9e178a76 Add version info in embedded stats page 2008-07-14 15:46:05 +05:30
Mukund Sivaraman
7f12f71f94 Add error number as a template parameter for error pages 2008-07-14 15:31:14 +05:30
Mukund Sivaraman
8b26558254 Make the embedded stats message display valid XHTML too 2008-07-14 15:09:02 +05:30
Mukund Sivaraman
74f5c3e417 Spruce up error page footers a bit 2008-07-14 15:02:41 +05:30
Mukund Sivaraman
4caa397ec5 Replace h2 with h1 for the main heading 2008-07-14 14:32:02 +05:30
Mukund Sivaraman
4f0b24ff9a Remove ltmain.sh from dist target 2008-07-14 14:30:32 +05:30
Mukund Sivaraman
fea8dafe0c Remove title attribute 2008-07-14 14:28:17 +05:30
Mukund Sivaraman
922e0be574 Update error pages to valid XHTML format 
Also change some text and how the messages are displayed,
to look better.
 2008-07-14 11:58:19 +05:30
Mukund Sivaraman
7751efc218 Remove unused autoconf macro calls 2008-07-14 11:31:13 +05:30
Mukund Sivaraman
7bac0827f6 Fix tinyproxy homepage link 2008-06-20 12:42:18 +05:30
Mukund Sivaraman
1b99c216fe Remove Id tag from configure.ac 2008-06-19 21:36:46 +05:30
Mukund Sivaraman
20a7e61360 Removed obsolete ignore rules 2008-06-19 21:33:20 +05:30
Mukund Sivaraman
7dcb5f9061 Include values.h to use LONG_MAX and LONG_MIN 2008-06-17 13:44:42 +05:30
Robert James Kaes
c8cf89a954 Add strtol conversion error checking 
Moved the strtol() call into fill_netmask_array() and added additional
error checking to ensure that the strtol() call succeeded.

Error checking code taken from strtol() manpage.

Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
 2008-06-17 13:32:20 +05:30
Robert James Kaes
51fb15be2c Refactored netmask array fill with range check 
When building a numeric ACL with netmask, range check the supplied
value.  In addition, the code to walk the array has been extracted and
"simplified".

Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
 2008-06-17 13:31:04 +05:30
Mukund Sivaraman
95c1f39f60 Don't check the value to be inserted as it's already checked 
This change primarily avoids a gcc warning where timebuf
is never non-NULL. There is no need to check the value to be
inserted as it's checked inside hashmap_insert().

This changeset also lets error return values from hashmap_insert()
propogate instead of clamping them to -1 (not that these are
currently used anyway).
 2008-06-10 09:51:23 +05:30
Robert James Kaes
5ea289d82e Moved transparent proxy code into its own file 
Extracted the transparent proxy logic from reqs.c and placed it into a
separate file.

Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
 2008-06-09 10:01:14 +05:30
Mukund Sivaraman
445e4cb09c Change tinyproxy Bugzilla component to product 2008-06-04 09:45:50 +05:30
Robert James Kaes
b092de72f8 Ignore profiling generated files 
The *.pcno files are generated as part of the profiling code.

Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
 2008-06-03 21:51:02 +05:30
Mukund Sivaraman
8938b9cd86 Another minor README update 2008-05-24 16:49:32 +05:30
Mukund Sivaraman
2038d4ca8c Updated README 2008-05-24 16:48:45 +05:30
Mukund Sivaraman
e7ecb1dabb Added .gitignore entries 2008-05-24 16:35:46 +05:30
Mukund Sivaraman
8949675e5d Updated toplevel Makefile.am to reflect recent automake changes 2008-05-24 16:34:15 +05:30
Mukund Sivaraman
cc1f04ecba Updated copyright header in Makefile.am 2008-05-24 16:24:12 +05:30
Mukund Sivaraman
6f9ee262e5 Removed unnecessary LDFLAGS variable 2008-05-24 16:21:29 +05:30
Mukund Sivaraman
06a08b28de Quoted TP_ARG_ENABLE 2008-05-24 16:19:42 +05:30
Mukund Sivaraman
20ad96495c configure.ac changes 2008-05-24 16:17:29 +05:30
Mukund Sivaraman
868a4561fe Restructured automake macros 2008-05-24 16:13:40 +05:30
Mukund Sivaraman
b0a3568de0 Renamed htmlerror.[ch] to html-error.[ch] 2008-05-24 13:47:14 +05:30
Mukund Sivaraman
249d4b7f33 Updated copyright, license notices in source code 
The notices have been changed to a more GNU look. Documentation
comments have been separated from the copyright header. I've tried to
keep all copyright notices intact. Some author contact details have
been updated.
 2008-05-24 13:35:49 +05:30
Mukund Sivaraman
b441485b5e Fixed links in spec file 2008-05-05 16:22:30 +05:30
Mukund Sivaraman
eb7c535d4e Updated .gitignore files 2008-05-03 13:21:54 +05:30
Jeremy Hinegardner
fa7ecaca6d Sync Fedora initscript and specfile 2008-05-01 19:47:58 +05:30
Mukund Sivaraman
b110332ed3 Free arg before returning, or it'll leak 2008-03-30 17:56:45 -07:00
Mukund Sivaraman
ff72f5426e Free entry_buffer or it'll be leaked 
vector_append() calls vector_insert() which makes a copy
of the passed buffer, so the caller can free its buffer.
 2008-03-30 17:51:51 -07:00
Mukund Sivaraman
12501d599c Fixed leaks of va_lists 2008-03-30 17:43:32 -07:00
Mukund Sivaraman
bd8f8807ff Generate RPM spec file from .spec.in file 2008-03-30 17:18:58 -07:00
Mukund Sivaraman
6a6a3b0409 Added Makefile.am in packaging dirs 2008-03-30 17:12:26 -07:00
Mukund Sivaraman
e6d9bb2150 Removed old RPM packaging files 2008-03-30 17:01:29 -07:00
Jeremy Hinegardner
14edbda9f0 Added Fedora packaging files 2008-03-30 16:59:11 -07:00
Mukund Sivaraman
e229b36083 Moved RPM packaging dir to top-level 2008-03-30 16:48:47 -07:00
Mukund Sivaraman
d9c41d4e4d Removed obsolete packaging patch file 2008-03-30 16:41:10 -07:00
Mukund Sivaraman
13cf5ae0d5 Do not allow anyone except localhost by default 2008-03-30 16:39:35 -07:00
Mukund Sivaraman
d0ae798f71 Made the default group nobody 2008-03-30 16:38:44 -07:00
Mukund Sivaraman
44d91bdf6b Removed obsolete lexer/parser files 2008-03-30 16:33:08 -07:00
Andrew Stribblehill
fdf7e4ea8b Added more patterns to .gitignore 2008-03-19 15:11:13 -07:00
Mukund Sivaraman
b11c74637f Fixed format string warnings 2008-03-13 15:09:30 -07:00
Mukund Sivaraman
fc62283164 Removed the clean target from the src directory 
This was overriding the automake clean target to clean up
files like *.o by default.
 2008-03-13 15:09:26 -07:00
Mukund Sivaraman
8848b647d7 Corrected datatype of salen to fix compiler warning 2008-03-13 15:09:21 -07:00
Mukund Sivaraman
0ac647ab98 Added missing ltmain.sh 2008-03-13 15:09:09 -07:00
Mukund Sivaraman
2db8c8f2d1 Added empty NEWS file that's required by autotools now 2008-03-13 15:07:47 -07:00
Mukund Sivaraman
31766cce90 Renamed file to replace underscores in it with dashes 2008-03-13 15:07:43 -07:00
Mukund Sivaraman
d5472ec0bd Renamed file to replace underscores in it with dashes 2008-03-13 15:07:37 -07:00
Mukund Sivaraman
376caf8f25 Renamed .cvsignore to .gitignore 2008-03-13 15:07:29 -07:00
Mukund Sivaraman
e2ef2479d8 Renamed bootstrap to autogen.sh 2008-03-13 15:07:15 -07:00
Robert James Kaes
2f5118046d Added support for UPSTREAM directive. 
Included the basic grammar and handler functions for the "upstream" and
"no upstream" directives.  I still need to update the grammar to match
_all_ the possibilities documented in the tinyproxy.conf file, but at
least it now does as much as the old config parser.
 2005-11-04 05:15:47 +00:00
Robert James Kaes
72e1731092 Reformatted the reverse and filter configuration blocks. If either 
section is not enabled at compile time, it should not be included in the
object file.
 2005-11-04 01:31:41 +00:00
Robert James Kaes
ffec04c65e Fixed up whitespace formatting of the config file directives. Also 
added blank lines to group related directives.
 2005-11-04 00:47:07 +00:00
Robert James Kaes
bed712ffa7 Added the typecheck.m4 macro file to improve type checking support in 
the configure.ac script.  The various typedefs are checked in a larger
collection of locations.
 2005-08-16 14:22:39 +00:00
Robert James Kaes
4c58663041 * [Refactor] Moved Reverse Proxy Code 
Moved the reverse proxy code from reqs.c into it's own files
(reverse_proxy.c).  The code in reqs.c is way too complicated, so I
want to move unrelated code into their own files to simplify the main
concepts in reqs.c.
 2005-08-16 04:03:19 +00:00
Robert James Kaes
808bdbd1e9 * [Indent] Fixed typedef Formatting 
Added the list of tinyproxy typedefs to the indent command to have them
formatted correctly as well.
 2005-08-15 18:35:09 +00:00
Robert James Kaes
c0299e1868 * [Indent] Ran Source Through indent 
I re-indented the source code using indent with the following options:

indent -kr -bad -bap -nut -i8 -l80 -psl -sob -ss -ncs

There are now _no_ tabs in the source files, and all indentation is
eight spaces.  Lines are 80 characters long, and the procedure type is
on it's own line.  Read the indent manual for more information about
what each option means.
 2005-08-15 03:54:31 +00:00
Robert James Kaes
38f0b3a103 * Specified Correct typedef in getsock_ip() 
Changed the variable type for the namelen variable to the correct
socklen_t type.  The configure script already checked for it, but for
some reason I never got around to actually using it in this function.
 2005-07-12 20:34:26 +00:00
Robert James Kaes
a59117c7ca * Updated Copyright Email Addresses 
Updated the copyright email addresses for Robert James Kaes.  The
users.sourceforge.net address should always exist.
 2005-07-12 17:39:44 +00:00
Robert James Kaes
6042483a0e Removed the proxy-* headers from the list of headers to skip. Since 
tinyproxy does not prompt for any proxy information from the client, it
should not be eating the proxy headers.  They are most likely needed by
an upstream proxy.
 2005-07-06 21:44:08 +00:00
Robert James Kaes
51096e2944 * [1118363] Proxy reverse order of headers 
Changed the internal implementation of the hashmap to maintain the
  insert order if the same key is repeated.  The insertion is still
  constant since we keep track of the head and tail of the bucket
  chain.
 2005-05-03 20:34:54 +00:00
Robert James Kaes
bf172f9242 Replaced all the AC_ARG_ENABLE calls with calls to our own 
TP_ARG_ENABLE macro.  Except for the transparent proxy option, all the
other options remain identical.  To enable transparent proxy support
use only --enable-transparent, rather than the old
--enable-transparent-proxy.
 2004-08-24 18:43:17 +00:00
Robert James Kaes
7e91fdd975 Added config/argenable.m4 to the list of configuration files needed by 
the autoconf system.
 2004-08-24 18:41:18 +00:00
Robert James Kaes
7af47907be Initial checkin of the TP_ARG_ENABLE macro. This macro extends the 
default AC_ARG_ENABLE macro to do better error checking of the input
values.
 2004-08-24 18:40:21 +00:00
Robert James Kaes
ab270dc35c Moved the autoconf/automake configuration files into the config 
directory, so inform autoconf of this (the AC_CONFIG_AUX_DIR and
AC_CONFIG_MACRO_DIR macros.)

Also added a bunch of portability tests discovered by autoscan.
 2004-08-24 16:41:11 +00:00
Robert James Kaes
c3b2bf38e2 Moved all the autoconf/automake configuration information into the 
config directory.
 2004-08-24 16:39:29 +00:00
Robert James Kaes
893aed8eef Removed the "releases.txt" file from the distribution. It didn't 
really add anything, so there's no point in having it.
 2004-08-24 16:38:42 +00:00
Robert James Kaes
019b91c3f9 (takesig): Fixed the return type to use the autoconf defined 
RETSIGTYPE.  This is portable, while simply using "void" is not.
 2004-08-24 16:36:22 +00:00
Robert James Kaes
c446e19003 Added code to handle HTTP/0.9 simple GET requests. 2004-08-24 16:35:27 +00:00
Robert James Kaes
79d40a536a (get_bool_arg): Moved the initialization of "p" _before_ the assert() 
calls.  The code doesn't compile under gcc 2.95 otherwise.  (I'm
surprised it compiles under gcc 3.3 without a problem.)
 2004-08-24 16:34:22 +00:00
Robert James Kaes
35196f7d8e Changed some of the variable types so that the code compiles cleanly 
on other operating systems.  (Used cf.sourceforge.net as the test
system for cross compiling.)
 2004-08-24 16:33:00 +00:00
Robert James Kaes
d41260fe2d Fixed up the acl_s structure so that it compiles correctly under 
gcc 2.95.
 2004-08-24 16:31:45 +00:00
Robert James Kaes
337af524dd Bootstrap the autoconf system 2004-08-20 19:56:05 +00:00
Robert James Kaes
7b0f1fe562 Moved the configuration information into it's own directory to avoid 
cluttering up the root directory.
 2004-08-20 16:01:31 +00:00
Robert James Kaes
93fbb5ff49 Changed the calls to the config_compile() and config_parse() 
functions.  Also, if the "logfile" directive is used, it will now
override use of the syslog system.  Added an error message if neither
is defined.
 2004-08-14 03:21:28 +00:00
Robert James Kaes
5c02939533 (log_message): Added a fsync() call after each line outputted to the 
log file.
 2004-08-14 03:20:01 +00:00
Robert James Kaes
c5307363be Reorganized the source code. Added the missing reverse proxy 
directives.  Added a bunch of comments to clarify how the code works.
 2004-08-14 03:18:41 +00:00
Robert James Kaes
9f4323a562 Removed the last code relating to the old configuration parsing 
system.  The grammar.y and scanner.l files still need to be removed.
 2004-08-14 00:37:51 +00:00
Robert James Kaes
52562b49df Removed the grammar.y and scanner.l files from the list of files 
required by tinyproxy.
 2004-08-13 21:04:24 +00:00
Robert James Kaes
febb521bfd Added some error logging information for directives that are 
conditionally compiled.  Still need to add info messages for the
directives.
 2004-08-13 21:03:58 +00:00
Robert James Kaes
1d2e4fc2c3 Change the code to use the new config_parse() method rather than the 
flex/bison based configuration system.
 2004-08-13 21:03:11 +00:00
Robert James Kaes
9d04667848 Added the new configuration parsing system (conffile.c and 
conffile.h.)  The new system is intended to replace the existing
grammar.y and scanner.l files.  I don't want to depend on flex/bison
any longer.
 2004-08-13 20:19:50 +00:00
Robert James Kaes
b3943c21f2 (check_allowed_connect_ports): By default DENY any CONNECT requests 
unless explicitly allowed by a configuration directive.
 2004-08-12 20:15:04 +00:00
Robert James Kaes
28dd133623 (add_xtinyproxy_header): Removed the runtime error checking of the 
connptr->server_fd variable and moved it into an assert since we
should never be called with invalid data.  Also made the function an
inline function since it's only called in one place.
 2004-08-12 19:57:15 +00:00
Robert James Kaes
924da17c17 Completely rewrote the ACL functionality. The new system is intended 
to handle IPv6 style addresses along with the existing IPv4 and string
addresses.  In addition, the hand-rolled "list" code has been replaced
with a vector (code reuse.)  Also, the code should be a little easier
to understand (relatively speaking.)

I do need to add some kind of testing framework (in general) to check
that the new code does work with all the formats that will be thrown
at it.
 2004-08-11 20:09:20 +00:00
Robert James Kaes
fd4b67bbb4 (strip_username_password): Removed one of the pointer variables since 
it's no longer needed.  Reorganized the function to make it more
obvious what was actually being done.
 2004-08-11 02:49:05 +00:00
Robert James Kaes
badc7673d0 Merged in changes from 1.6.3 2004-08-10 21:24:24 +00:00
Robert James Kaes
18df4910a4 Added the "BindSame" configure directive from Oswald Buddenhagen. 
This allows tinyproxy to respond to a request bound to the same
interface that the request came in on.  As Oswald explains:

  "attached is a patch that adds the BindSame option. it causes
  binding an outgoing connection to the ip address of the respective
  incoming connection. that way one can simulate an entire proxy farm
  with a single instance of tinyproxy on a multi-homed machine."

Cool.
 2004-04-27 18:53:14 +00:00
Robert James Kaes
3b961ec66b (init_stats): Fixed a memset bug, where the structure was not cleared 
properly.  (The sizeof "struct stat" was being used rather than the
proper "struct stat_s".  On my system, "struct stat" is 88 bytes long,
while "struct stat_s" is 20 bytes long.  Quite a difference!)
 2004-04-27 18:48:53 +00:00
Robert James Kaes
095d0d0142 These files list all the other files that CVS should ignore. It makes 
looking at the CVS status information a little cleaner.
 2004-04-27 18:28:45 +00:00
Robert James Kaes
5ecd9157ce Converted the various socket functions to work with both IPv4 and IPv6 
addresses.
 2004-02-18 20:18:53 +00:00
Robert James Kaes
c21df1ea0f Added two functions: 
- get_ip_string() converts a binary network address into either a
   dotted-decimal IPv4 address, or a IPv6 hex-string
 - full_inet_pton() converts a numeric character string into an IPv6
   network address (binary form).  It's like the system inet_pton()
   function, but it will work with bot IPv4 and IPv6 character
   strings.

These functions are required for the conversion to Internet protocol
independence.  (Or to put it more clearly: allow tinyproxy to work in
an IPv6 network.)
 2004-02-18 20:17:18 +00:00
Robert James Kaes
02893c3489 Rewrote the "early history" of the project, and added a section for 
"major" addition authors.
 2004-02-17 19:49:54 +00:00
Robert James Kaes
aee5a63849 Removed unnecessary casts (mostly dealing with memory allocation.) I 
should never have added them in the first place.  They don't really
buy anything, and they can hide bugs.
 2004-02-13 21:27:42 +00:00
Robert James Kaes
bf22966f55 (strip_return_port): Patch from "alex" to strip the port from the host 
string and return the port.  I cleaned up and added error handling to
the code, but it's basically "alex"'s fix.

(extract_http_url): Rewrote this function to remove all the sscanf()
calls.  It's much easier to just split on the path slash (if it's
present) and then strip the user name/password and port from the host
string.  Less code, handles more cases!
 2004-02-04 19:57:40 +00:00
Robert James Kaes
47df93b8f3 # Updated change log 2004-01-26 19:19:31 +00:00
Robert James Kaes
0a8e4e4d8d Added reverse proxy support from Kim Holviala. His comments regarding 
this addition follow:

  The patch implements a simple reverse proxy (with one funky extra
  feature). It has all the regular features: mapping remote servers to local
  namespace (ReversePath), disabling forward proxying (ReverseOnly) and HTTP
  redirect rewriting (ReverseBaseURL).

  The funky feature is this: You map Google to /google/ and the Google front
  page opens up fine. Type in stuff and click "Google Search" and you'll get
  an error from tinyproxy. Reason for this is that Google's form submits to
  "/search" which unfortunately bypasses our /google/ mapping (if they'd
  submit to "search" without the slash it would have worked ok). Turn on
  ReverseMagic and it starts working....

  ReverseMagic "hijacks" one cookie which it sends to the client browser.
  This cookie contains the current reverse proxy path mapping (in the above
  case /google/) so that even if the site uses absolute links the reverse
  proxy still knows where to map the request.

  And yes, it works. No, I've never seen this done before - I couldn't find
  _any_ working OSS reverse proxies, and the commercial ones I've seen try
  to parse the page and fix all links (in the above case changing "/search"
  to "/google/search"). The problem with modifying the html is that it might
  not be parsable (very common) or it might be encoded so that the proxy
  can't read it (mod_gzip or likes).

  Hope you like that patch. One caveat - I haven't coded with C in like
  three years so my code might be a bit messy.... There shouldn't be any
  security problems thou, but you never know. I did all the stuff out of my
  memory without reading any RFC's, but I tested everything with Moz, Konq,
  IE6, Links and Lynx and they all worked fine.
 2004-01-26 19:11:52 +00:00
Robert James Kaes
f2d846d057 Merged in changes from the 1.6.2 release. (Fixes for the filtering code 
and the HTML installation script.)
 2003-10-17 16:11:00 +00:00
Robert James Kaes
27d93b1f08 Merged in missing $(DESTDIR) in tinyproxy-html-files rules bug fix 
from the stable branch.
 2003-08-14 15:16:50 +00:00
Robert James Kaes
a13ca8271e Incorporated patches from Marc Silver to improve the readability and 
understandability of the documentation.
 2003-08-07 16:50:55 +00:00
Robert James Kaes
d2098f638f tinyproxy no longer includes a fall-back regular expression library, 
so these files needed to be modified to only use the system's
installed regular expression library.
 2003-08-07 16:32:12 +00:00
Robert James Kaes
d72fa83245 Removed the included regular expression library, since it should come 
standard on any reasonably modern system.
 2003-08-07 16:29:54 +00:00
Robert James Kaes
7eb4eba381 # Merged in changes from the stable 1.6 branch. 2003-08-07 15:31:20 +00:00
Robert James Kaes
630b99334c Patch from Marc Silver to improve the readability and accuracy of the 
tinyproxy man page.
 2003-08-05 21:14:43 +00:00
Robert James Kaes
fd23cd4aed # Fixed a comment to actually reflect what the function does. 2003-08-05 16:11:59 +00:00
Robert James Kaes
26ad896676 Added the cookie header to the documented list of headers to allow 
through.
 2003-08-05 16:11:06 +00:00
Robert James Kaes
a117ed9cb0 Included patches from Steven Young to use the hashmap functionality to 
manage the HTML error pages.  It simplifies the source, and also make
the object file smaller.  Nice.  Also added any casting from (void*)
to ensure that the code compiles using a C++ compiler.
 2003-08-01 00:14:34 +00:00
Robert James Kaes
15870a9582 Added appropriate casts (void*) casts to allow the code to compile 
cleanly using a C++ compiler.

Changed the servers_waiting variable to an unsigned int, since the
number of servers waiting can never be negative, and added an assert()
to ensure this invariant.
 2003-07-31 23:44:52 +00:00
Robert James Kaes
bc77dfb492 (debugging_realloc): Removed the assert for the NULL pointer, since 
realloc() can take a NULL pointer, as defined by the realloc() man
page.

Fixed the cast in both safefree() macros to compile cleaning using a
C++ compiler.
 2003-07-31 23:42:51 +00:00
Robert James Kaes
5a2af49e58 Fixed the cast in both safefree() macros to compile cleaning using a 
C++ compiler.
 2003-07-31 23:41:26 +00:00
Robert James Kaes
8a6a94db0a # Fixed a preprocessor test (misspelled __cplusplus) 2003-07-31 23:40:16 +00:00
Robert James Kaes
6aaa863432 Added appropriate casts from (void*) so that the code will compile 
cleanly with a C++ compiler.  (Tested using GCC 3.3)
 2003-07-31 23:38:28 +00:00
Robert James Kaes
ab02f47a29 # Bumped up the version number because of a maintenance release (to fix 
a problem with the scanner.c file.
 2003-07-24 15:13:00 +00:00
Robert James Kaes
7115a37f23 # Updated ChangeLog 2003-07-14 17:45:11 +00:00
Robert James Kaes
a748265b50 # Bumped up version number. 2003-07-14 17:43:26 +00:00
Robert James Kaes
7c96935552 (indicate_http_error): Added calls to va_end() before leaving the 
function.
 2003-07-14 17:42:43 +00:00
Robert James Kaes
09aa3d6409 # Updated the ChangeLog 2003-06-26 18:33:13 +00:00
Robert James Kaes
717be92385 # Bumped up the version number and made sure to only add the debugging 
flags to flex if it really is flex.
 2003-06-26 18:31:16 +00:00
Robert James Kaes
a4cd3eb9ec # Removed the debugging information. 2003-06-26 18:26:10 +00:00
Robert James Kaes
a8798e999b # Added debugging flags for the flex scanner. 2003-06-26 18:23:01 +00:00
Robert James Kaes
1cb032a934 (upstream_add): Rewrote the function to actually handle the various 
types of upstream configurations correctly.  Hopefully, the code is
also a little clearer in it's implementation.
 2003-06-26 18:19:57 +00:00
Robert James Kaes
988f243286 # Removed the STRING_ADDRESS token since it was conflicting with the 
IDENTIFIER directive and also the keyword directives.
 2003-06-26 18:17:09 +00:00
Robert James Kaes
db142b6e23 Modified the patterns to allow the new upstream directives to work as 
defined in the tinyproxy.conf documentation.
 2003-06-26 18:16:09 +00:00
Robert James Kaes
2736a19518 (debugging_free): Rather than assert on a NULL pointer, log the NULL 
pointer and return.
 2003-06-26 18:14:13 +00:00
Robert James Kaes
93ac7d8824 # Bumped up the version number. 2003-06-25 18:23:11 +00:00
Robert James Kaes
61a6ca82db # Updated the changelog 2003-06-25 18:22:37 +00:00
Robert James Kaes
ddcac5ae09 Added a test to define INADDR_NONE if it's not present. For example, 
SunOS (solaris 2.8) does not include this define.  [Thank to Ben
Hartshorne for pointing this out.]
 2003-06-25 18:20:22 +00:00
Robert James Kaes
d2f5f5c564 Changed the calls to "ps" and "grep" to use a more portable syntax. 2003-06-25 18:18:19 +00:00
Robert James Kaes
66fc80e922 # Bumped up the version number. 2003-06-23 21:15:04 +00:00
Robert James Kaes
8b8d3b1477 # Added a bit more description to describe where to look for the error 
HTML files.  In the future the installation script should modify the
  tinyproxy.conf file.
 2003-06-23 21:14:32 +00:00
Robert James Kaes
5ba1325ef5 # Updated ChangeLog 2003-06-20 18:01:26 +00:00
Robert James Kaes
4c9141aac6 Removed the "ViaHeader" directive and replaced it with the 
"ViaProxyName" directive.  The "Via" HTTP header is _required_ by the
HTTP spec, so the code has been changed to always send the header.
However, including the proxy's host name could be considered a
security threat, so the "ViaProxyName" directive is used to set the
token sent in the "Via" header.  If the directive is not enabled the
proxy's host name will be used.
 2003-06-20 17:02:13 +00:00
Robert James Kaes
0d3962f1f0 # Removed the HTML error suggestion since it's been implemented with 
Steven Young's patches.  Added a suggestion for user authentication.
 2003-06-19 16:45:58 +00:00
Robert James Kaes
b081019d5a (connect_to_upstream): Fixed an off-by-one error in the snprintf() 
call used to build the URL for the upstream proxy. [Patch suggested by
David T. Pierso]
 2003-06-06 16:14:50 +00:00
Robert James Kaes
c2240df616 Remove the -O2 optimization if debugging is enabled. Also, remove the 
-g option if the code does _not_ have debugging enabled.
 2003-06-02 21:57:14 +00:00
Robert James Kaes
7f8e4647f7 Included additional examples of how to configure the upstream proxy 
support for more selective proxying.
 2003-06-02 21:56:00 +00:00
Robert James Kaes
91e082671a (upstream_get): 
(upstream_add): Added support to allow ip addresses and networks to be
used when matching an upstream proxy directive.
[Code by Peter da Silva]
 2003-06-02 21:55:14 +00:00
Robert James Kaes
ea50171a95 Changed the safefree() macro to make it safe to use a conditional 
statement, and also safe to use with a rvalue that has a side
effect.  [Bug fix recommended by Peter da Silva]
 2003-05-31 23:04:15 +00:00
Robert James Kaes
77ca1c8ce0 # Changed all the for calls to use the != test rather than < test. 
The change was recommended in the C/C++ User Journal magazine.
 2003-05-31 23:02:21 +00:00
Robert James Kaes
86c9d69086 # Updated ChangeLog 2003-05-30 16:27:57 +00:00
Robert James Kaes
983a76ecef # Bumped up the version number 2003-05-30 16:25:41 +00:00
Robert James Kaes
af5e1e29f6 # Changed the calls to vector_getentry() to use the new calling 
convention.
 2003-05-30 16:22:30 +00:00
Robert James Kaes
1955dcd47b (vector_getentry): Changed the API to return the data pointer and have 
the length returned in a argument variable pointer.  This should be a
more natural way of using the function.
 2003-05-30 16:21:48 +00:00
Robert James Kaes
c3eaebd1c5 # Added a vector_prepend() function and recoded the old vector_insert() 
to be a general "insert" for both vector_append() and vector_prepend()
 2003-05-29 21:07:22 +00:00
Robert James Kaes
8ab278998f # Renamed the vector_insert() calls to vector_append() 2003-05-29 20:48:25 +00:00
Robert James Kaes
42f9f37afc (vector_append): Renamed the vector_insert() function to more 
accurately indicate that entries are appended to the end of the
vector.
 2003-05-29 20:47:52 +00:00
Robert James Kaes
4a377a712d Improved the upstream proxy support by making the upstream proxy 
server configurable based on the destination host.  [Code written by
Peter da Silva]
 2003-05-29 19:44:00 +00:00
Robert James Kaes
2e9f27769d Added support for installing the HTML error files used by tinyproxy. 2003-05-10 23:16:45 +00:00
Robert James Kaes
5e1303ecd1 (establish_http_connection): If the port being requested is not a 
standard HTTP port (80 or 443) append the port string to the host
header; otherwise, leave the host string with only the host's domain
name.

Replaced all occurrences of constant 80 and 443 with defines HTTP_PORT
and HTTP_PORT_SSL.
 2003-05-05 16:46:05 +00:00
Robert James Kaes
ac88af1f71 Fixed a bug that would kill a child process because of an invalid 
safefree() call.  Basically, destroy_conn() was trying to free memory
not allocated by malloc.  [Fix by David T. Pierson]
 2003-05-04 04:35:10 +00:00
Robert James Kaes
65115c75c8 # Updated change log 2003-04-16 18:14:16 +00:00
Robert James Kaes
4a66257e65 # Updated version number 2003-04-16 18:12:45 +00:00
Robert James Kaes
c94bfa8223 (build_url): Rebuild the URL from the component pieces. This function 
is used by the transparent proxy code.  [Anatole Shaw]
(process_request): Fixed up the transparent proxy code so that
filtering can be done on the whole URL.  [Anatole Shaw]

(pull_client_data): Added a bug fix for Internet Explorer (IE).  IE
will leave an extra CR and LF after the data in an HTTP POST.  The new
code will eat the extra bytes if they're present.  Thanks to Yannick
Koehler for finding the bug and offering an explanation as to why it
was happening.

Changed all calls of connptr->remote_content_length to
connptr->content_length.server
 2003-04-16 18:11:58 +00:00
Robert James Kaes
648e8f1438 # Changed it again to this time use the TINYPROXY_DEBUG environment 
variable to determine whether to wait for a connection from GDB.
 2003-04-16 18:04:58 +00:00
Robert James Kaes
4a942bc59a # The programmer is now made to _explicitly_ enable the GDB support in 
the child handling function.
 2003-04-16 16:39:23 +00:00
Robert James Kaes
6ff4192069 Removed the remote_content_length field in the "conn" structure and 
replaced it with a smaller structure containing both the remote/server
and the local/client content-length fields if they're present in the
HTTP response headers.
 2003-04-16 16:37:59 +00:00
Robert James Kaes
acece1ee67 # Updated change log (should have done this _before_ the tagging of course.) 2003-04-01 16:56:41 +00:00
Robert James Kaes
82ce7176f7 Removed duplicate header tests. 2003-04-01 16:50:41 +00:00
Robert James Kaes
5f8a497f0c Reorganized some of the code, and remove some function tests for which 
results were never used.
 2003-04-01 16:46:45 +00:00
Robert James Kaes
bcf25dc67e (add_error_variable): Test whether connptr->error_variable is NULL, 
and if so call safemalloc().  This is needed since saferealloc() will
assert() if the first argument is a NULL pointer.
 2003-04-01 16:41:33 +00:00
Robert James Kaes
7cd19206cc (establish_http_connection): Always include the port number for the 
requested server.  This fixes a problem when the server is not
listening on the default port, 80.
[Fix suggested by duncan@sapio.co.uk]
 2003-03-26 16:47:30 +00:00
Robert James Kaes
63a7914830 # Moved the location of the "initializing" log message to below the 
processing of the command line options.
 2003-03-17 04:24:19 +00:00
Robert James Kaes
89ede8cd28 Create the doc/report.sh script from the new template file. 2003-03-17 04:21:11 +00:00
Robert James Kaes
232aea721c Moved the doc/report.sh script to doc/report.sh.tmpl file. The script 
is then updated by the make procedure to reflect the correct location
of the tinyproxy executable.
 2003-03-17 04:20:19 +00:00
Robert James Kaes
d2c9ffac23 Made get_html_file() and lookup_variable() static functions since they 
are only used with this file.
 2003-03-14 22:49:03 +00:00
Robert James Kaes
5faa0879ec # Added copyright notices for Steve. Reformatted the source code to 
better match the existing tinyproxy practise.  Included a few bug
  fixes from Steve.
 2003-03-14 22:45:59 +00:00
Robert James Kaes
cc90414b29 (send_http_message): Changed the function to use the new http_message 
API.
 2003-03-14 06:15:27 +00:00
Robert James Kaes
c76183a3f0 # Updated all the calls to indicate_http_error() to include a 
terminating NULL.  The va_arg() function requires it to work
  properly.
 2003-03-14 06:13:04 +00:00
Robert James Kaes
aff52c552e # Include the HTML variable substitution documentation files with the 
tarball.
 2003-03-13 22:38:09 +00:00
Robert James Kaes
1763373f29 # Updated ChangeLog with Steven Young's log of changes to include the 
variable substitution code.
 2003-03-13 22:03:24 +00:00
Robert James Kaes
75dd0b22c4 Allow the URL for the statistic page to be controlled from the 
configuration file, rather than being hard-coded in the program.
[John M Wright]
 2003-03-13 21:42:46 +00:00
Robert James Kaes
fa1480a3e1 Include example information for the new "file" directives (ErrorFile, 
DefaultErrorFile, StatFile.)  [Steven Young]
 2003-03-13 21:38:00 +00:00
Robert James Kaes
78c1ed384a # Added default HTML files for HTTP error messages and the stats 
page. [Steven Young]
 2003-03-13 21:35:58 +00:00
Robert James Kaes
a46bfdc2e0 Moved the send_http_error_message() and indicate_http_error() 
functions into the htmlerror.c file, and recoded them to use the new
variable substitution system. [Steven Young]
 2003-03-13 21:34:38 +00:00
Robert James Kaes
badd237fe6 # Added variables to config structure to keep track of the files to be 
displayed for various HTTP errors and the stats page. [Steven Young]
 2003-03-13 21:32:33 +00:00
Robert James Kaes
b06f26cba1 # Changed showstats() to use the HTML variable functions when 
possible.  It still retains the hard-coded page for when an HTML file
  is not available. [Steven Young]
 2003-03-13 21:31:03 +00:00
Robert James Kaes
cb8aaf521e # Changed calls to indicate_http_error() to use the new HTML variable 
substitution mechanism. [Steven Young]
 2003-03-13 21:29:45 +00:00
Robert James Kaes
7995027c8c # Added parser support for the error file configuration keywords 
(ErrorFile, DefaultErrorFile, StatFile) [Steven Young]
 2003-03-13 21:28:37 +00:00
Robert James Kaes
056bbf84bd # Added variables to keep track of the variables to be substituted in 
.html files displayed to the client [Steven Young]
 2003-03-13 21:27:29 +00:00
Robert James Kaes
a830af5097 # Steve Young's code to implement file based HTML error messages, 
rather than the hard coded string.
 2003-03-13 21:25:06 +00:00
Robert James Kaes
d28d9fb195 # Added htmlerror.c and htmlerror.h 2003-03-13 21:23:01 +00:00
Robert James Kaes
2057ffdb50 # Changed the wording of the header comment to remove the reference to 
"dnsserver"
 2003-03-13 19:31:09 +00:00
Robert James Kaes
99ec965544 # (child_main): If this is a debugging build output the child process 
ID and wait for 10 seconds so we have time to connect gdb to the
  child.  This is needed if we want to use gdb against the child
  process.
 2003-03-13 19:30:19 +00:00
Robert James Kaes
0a3a1d7c71 Fixed up the include order for the <sys/time.h> and <time.h> headers. 2003-03-13 16:56:28 +00:00
Robert James Kaes
e04ff12768 # Include the http_message.[ch] into the compiled tinyproxy object. 2003-03-13 05:28:46 +00:00
Robert James Kaes
686826c3b0 An API to handle HTTP messages as concrete entities. 2003-03-13 05:25:30 +00:00
Robert James Kaes
2f9370afe7 (chomp): Fixed up the code to prevent negative array access. Added 
code to make sure the supplied arguments are valid.
 2003-03-13 05:20:06 +00:00
Robert James Kaes
d98e5352c2 # Updated ChangeLog 2003-03-10 20:15:43 +00:00
Robert James Kaes
146998ee2b # Bumped up the version number and added AC_PROG_LIBTOOL to the list 
of programs searched for by configure.  This is needed since libtool
  is now a separate program from automake.
 2003-03-10 20:07:55 +00:00
Robert James Kaes
069700db50 # Added support for including source packaging files 2003-03-10 20:04:52 +00:00
Robert James Kaes
dbe4a508c8 Added the files required for creating tinyproxy RPMs for Redhat based 
systems.
 2003-03-08 20:03:37 +00:00
Robert James Kaes
20d3008c38 (main): Removed duplicate code calling the filter_destroy() function. 
Once is enough.  [Detected by John M Wright]
 2003-02-26 22:37:38 +00:00
Robert James Kaes
1155be1c15 # Fixed up some formatting to make sure the line is less than 80 
characters long
 2003-02-21 17:09:24 +00:00
Robert James Kaes
40c4d3c57a # (connect_to_upstream): Improved the preprocessor directives to make 
sure the function would compile cleanly regardless of how the
  directive was set.
 2003-01-28 21:21:55 +00:00
Robert James Kaes
8f43cd72ad # Updated changelog 2003-01-27 18:52:24 +00:00
Robert James Kaes
2f98fec1aa # Style clean up. 2003-01-27 18:45:25 +00:00
Robert James Kaes
abbf826445 (display_usage): Removed the output line mentioning that regular 
expression support was included.  It will be there always.
 2003-01-27 18:44:43 +00:00
Robert James Kaes
2fc9c76969 (connect_to_upstream): Reorganized the preprocessor directives to make 
sure the function's symbol name is stored, even if upstream was not
compiled it.  This should keep some compilers from reporting errors.
 2003-01-27 18:42:18 +00:00
Robert James Kaes
cb7e3eef04 Added support for conditionally using case sensitive filtering files. 
Code changes from James E. Flemer.
 2003-01-27 17:57:45 +00:00
Robert James Kaes
1624979f13 Moved the AH_TEMPLATE() macro for the GNU regex library to out from 
inside an if...fi test.  Thanks to James E. Flemer for supplying a
patch.

Bumped up the version number.
 2003-01-27 17:48:26 +00:00
Robert James Kaes
ba02bd7567 # Grammar fix up. Thanks to James E. Flemer for pointing it out. 2003-01-27 17:42:50 +00:00
Robert James Kaes
c33d934a59 Changed the default manual section to section 8 (administrator 
commands).
 2003-01-27 17:41:52 +00:00
Robert James Kaes
212abd64d7 (process_client_headers): Fixed inverted anonymous header logic. Fix 
comes from the FreeBSD port through James E. Flemer.
 2003-01-27 17:39:02 +00:00
Robert James Kaes
90ca9c36ff # Added the 1.5.2 release change log 2003-01-22 19:48:04 +00:00
Robert James Kaes
fbcff969d1 # Bumped up version number to 1.5.2 2003-01-22 19:46:06 +00:00
Robert James Kaes
ce71e18f4d # Updated the change log 2002-12-04 17:42:41 +00:00
Robert James Kaes
59ec5dc69f (strip_username_password): New function to remove any 
username/password part from the host URI.

(extract_http_url), (extract_ssl_url): Use the new
strip_username_password function to remove any non-host information
from the URI.
 2002-12-04 17:36:48 +00:00
Robert James Kaes
0a20bdd5b4 Removed the "bool_t" type since it conflicts with the newer C standards. 
The type was just replaced by "unsigned int" types.
 2002-12-04 17:06:14 +00:00
Robert James Kaes
02d7474a09 # Updated change log with the latest changes 2002-11-29 20:42:24 +00:00
Robert James Kaes
d069b4fce9 (extract_http_url): Removed the leading "http://" from all the tests, 
since it's skipped by the caller before the URL is passed to this
function.

(process_request): Include code to handle proxy FTP requests as
well.  This also lead to a bit of a cleanup in the calling conventions
of extract_http_url function.  tinyproxy can handle both types of
resources by skipping the leading :// part.
 2002-11-29 19:25:59 +00:00
Robert James Kaes
05b16a78db # Bumped up the version number 2002-11-26 21:45:28 +00:00
Robert James Kaes
e58343012f Included code to disable the sending of the Via header. This is now 
controlled by the ViaHeader configure directive.
 2002-11-26 21:44:43 +00:00
Robert James Kaes
c826b18437 (child_main): Cleaned up the notice string to be more clear why a 
child is being closed.
 2002-11-21 21:54:09 +00:00
Robert James Kaes
22df8c29e4 (main): Check to see if the PID file was created successfully, and if 
not report this to the user and close the program.
 2002-11-21 21:52:59 +00:00
Robert James Kaes
48df7d401c # Changed the return type for pidfile_create() to int from void. 2002-11-21 21:52:03 +00:00
Robert James Kaes
820832a647 (create_file_safely): Rather than exiting the program if there is an 
error, a negative "error code" is returned to the program.  The
various callers then need to decide what to do.

(pidfile_create): Returns an error status depending on whether the PID
file was created successfully.
 2002-11-21 21:51:34 +00:00
Robert James Kaes
6610ad0a1b Removed the documentation for the tunnel option since it's no longer 
part of the code.
 2002-11-13 17:52:18 +00:00
Robert James Kaes
a6705159a5 # Updated the changelog file to include all the changes since 1.5.1 2002-11-13 17:51:19 +00:00
Robert James Kaes
d40a4e8af7 (relay_connection): Shutdown the client socket for writing once all 
the data has been sent.
 2002-11-13 17:48:48 +00:00
Robert James Kaes
a1e24ac839 (destroy_conn): Added code to log any error messages when the sockets 
are closed.
 2002-11-13 17:47:40 +00:00
Robert James Kaes
cf138d7479 # Updated the version number to 1.5.2rc1 2002-11-13 17:23:46 +00:00
Robert James Kaes
c1fbee04ce Removed the example for the Tunnel directive since it's been removed. 2002-11-05 05:31:05 +00:00
Robert James Kaes
3b2be8ae88 Removed all the code supporting the TCP tunnelling feature of 
tinyproxy.  There is really no need for this code, since there are
perfectly good programs out there (like rinetd) which are designed for
TCP tunnelling.  tinyproxy should be a good HTTP proxy, nothing more,
and nothing less; therefore, the tunnelling code is gone.
 2002-11-03 17:10:33 +00:00
Robert James Kaes
69be2b84d7 (relay_connection): Ivan pointed out a bug with the code to send any 
remaining data to the server when the connections are being closed.
It was a one line fix.
 2002-10-17 19:27:08 +00:00
Robert James Kaes
1d39f204ca Fixed up the storing and sending of the internal tinyproxy logs prior 
to when the log file is created.  Also, the log file is created with
the proper owner permissions.
 2002-10-03 20:53:11 +00:00
Robert James Kaes
745c40650b #Style formatting change. 2002-10-03 20:50:59 +00:00
Robert James Kaes
942f22989a The internal log structure now uses a vector rather than a hash. This 
change was required to actually display all the logs in the correct
order.  Also, all log lines are stored internally while tinyproxy is
starting.  At the appropriate point all the logs are written to the
log file.
 2002-10-03 20:49:57 +00:00
Robert James Kaes
7fd291f407 Filtering is now case insensitive. 2002-10-03 20:40:39 +00:00
Robert James Kaes
2b44dbd7e4 #(makedaemon): Commented out the closing of the standard file 
descriptors since we need them to display error messages.
 2002-10-03 20:38:06 +00:00
Robert James Kaes
ac881909bf (child_main): Check to make sure memory could be allocated to handle 
the child request.
(child_main_loop): Added a call to truncate_log_file() when the log
file is to be rotated.
 2002-10-03 20:33:09 +00:00
Robert James Kaes
ef0656db3e # Added the release not to the changelog 2002-08-09 20:30:16 +00:00
Robert James Kaes
e30971a76c # Updated the version number to be 1.5.1 2002-08-09 20:28:16 +00:00
Robert James Kaes
f8b5fe53e7 (main): Fixed up a bug reported by Oswald Buddenha where the log file was being initially created with the initial user's permissions, which is obviously a problem if tinyproxy is not running as the initial user. This is now fixed by delaying the creation of the log file until _after_ tinyproxy has been switched to the user it will run as. Confused yet? 2002-07-12 17:02:02 +00:00
Robert James Kaes
632f689209 # Bumped up the version number (rc4) 2002-07-11 18:47:00 +00:00
Robert James Kaes
8a95d10be2 # Updated the ChangeLog 2002-07-11 18:46:34 +00:00
Robert James Kaes
ab574cbec0 (create_file_safely): 
(pidfile_create): Changed all the error logging to write to standard error and then exit the program.  This will prevent segmentation fault problems from occurring because the log file could not be created properly.
 2002-07-09 19:02:57 +00:00
Robert James Kaes
4932b87fc9 (malloc_shared_memory): Changed the static character array to include the ".XXXXXX" string already. This saves one system call when creating a temporary file name. 2002-07-09 18:52:32 +00:00
Robert James Kaes
01d2966cb8 Updated the "Support" section to include a link to the tinyproxy Bug Tracker system hosted by SourceForge. 2002-07-08 20:10:42 +00:00
Robert James Kaes
bf0709cd98 Removed the -D_REENTRANT C flag since tinyproxy is no longer a multi-threaded program. 2002-07-05 03:55:27 +00:00
Robert James Kaes
96c5ee9065 Updated the ChangeLog. 2002-06-27 16:30:53 +00:00
Robert James Kaes
dad3bb043a Updated the version number. 2002-06-27 16:30:38 +00:00
Robert James Kaes
e50d0c4072 (child_make): Reset the various signals to the default signal handler so that the children can be properly destroyed. 2002-06-27 16:29:21 +00:00
Robert James Kaes
0a1885deb0 Updated the ChangeLog 2002-06-18 20:10:23 +00:00
Robert James Kaes
cae69592be Updated the version number. 2002-06-18 20:08:36 +00:00
Robert James Kaes
f0d7992765 (log_message): Changed the code so that the log is opened, written, and closed whenever a message is submitted. This allows the log file to be moved away, for example a rotating the log, and yet still have the information written to the correct file name by all the children. 2002-06-15 17:37:11 +00:00
Robert James Kaes
ac5d67c11a Renamed the "log_rotation_request" boolean to "received_sighup". 
(main): Removed the log file creation code because it has been moved into the log.c file.  Also, removed the explicit fclose() for the log file since it will be close when the program has exited.
 2002-06-15 17:35:03 +00:00
Robert James Kaes
8a9db93977 (child_main_loop): Moved the filter re-initiation code into the loop. This code is activated whenever the SIGHUP signal is received. 2002-06-15 17:31:31 +00:00
Robert James Kaes
fb688a2077 Removed the "logf" FILE structure from the config structure, and also renamed the "log_rotation_request" boolean to "received_sighup". 2002-06-15 17:29:59 +00:00
Robert James Kaes
2f84b170a6 Removed the rotate_log_files() function since I'm moving to an Apache style where the _user_ needs to move the log file themselves, and tinyproxy will continue to write to the original name. This allows more flexibility for users to determine their own log rotation scheme. 2002-06-15 17:28:19 +00:00
Robert James Kaes
1f2fe53c4b Added myself to the copyright since I've made a bunch of changes to this file. 2002-06-07 19:10:05 +00:00
Robert James Kaes
1c97f7224e Added the --enable-transparent-proxy switch to the list of supported switches. 2002-06-07 18:51:34 +00:00
Robert James Kaes
5a94b8e90d Updated the ChangeLog 2002-06-07 18:48:23 +00:00
Robert James Kaes
d2de74a205 Increased the version number. 2002-06-07 18:45:58 +00:00
Robert James Kaes
7e1de2012c Added code to handle the "FilterDefaultDeny" directive. The filter_set_default_policy() function is used to select the default policy (either default allow or default deny) for the filtering code. Also, the two filtering functions now support the policy code. 2002-06-07 18:36:22 +00:00
Robert James Kaes
ff56e32e8e Added the "FilterDefaultDeny" directive to allow the user to select whether the default policy of the filter is to allow everything which isn't denied, or to deny everything which isn't allowed. 2002-06-07 18:29:41 +00:00
Robert James Kaes
f47685c861 A bunch of changes from Petr Lampa that add transparent proxy support to tinyproxy. The additional code is in process_request(), but Petr also had to change around some of the other functions (like process_client_headers and handle_connection.) Note: Right now this code has not been tested, but it is believed to work. To enable run ./configure --enable-transparent-proxy 2002-06-06 20:32:30 +00:00
Robert James Kaes
0242d89877 (filter_domain): Removed code which stripped of a port number from the host name. The "host" variable will _always_ be just the name by the time filter_domain() is called. 2002-06-06 20:30:04 +00:00
Robert James Kaes
06d38ce529 (display_usage): Added a message indicating whether transparent proxy support has been compiled in. 2002-06-06 20:28:02 +00:00
Robert James Kaes
51bbed6f76 Added the "--enable-transparent-proxy" flag and moved the AH_TEMPLATE() macros to _outside_ the "if" tests. 2002-06-06 20:27:01 +00:00
Robert James Kaes
a72fc7ad09 Added a warning message to the Bind directive stating that it will be ignored if "transparent proxy" has been compiled into tinyproxy. 2002-06-06 20:26:13 +00:00
Robert James Kaes
2b5a3625bc (send_stored_logs): Actually included the code to output the stored logs. Plus, there was a bug with how I was calling the hashmap_is_end() function. This has now been fixed. 2002-06-06 20:24:21 +00:00
Robert James Kaes
dfb83160f0 Updated ChangeLog 2002-06-05 17:24:40 +00:00
Robert James Kaes
38b2f73004 Bumped up the version number. 2002-06-05 17:06:05 +00:00
Robert James Kaes
22ffd04926 Added the "filter-howto.txt" file to the distribution. 2002-06-05 17:05:18 +00:00
Robert James Kaes
9eeaf260eb Added a short filtering HOWTO document from Patrick L. McGillan. 2002-06-05 17:04:12 +00:00
Robert James Kaes
e440dee245 (child_main): Added a DEBUG call to let me know which process has accepted a connection. This is needed for debugging using "gdb". 2002-06-05 17:02:15 +00:00
Robert James Kaes
89dee022e5 (malloc_shared_memory): Removed the assert() call for shared_file since it's now a static variable. 2002-06-05 17:01:09 +00:00
Robert James Kaes
b697ebf16b (acl_string_processing): Moved the string processing code out of check_acl() and into it's own function because it now does two (2) tests. If the ACL string is a complete host name, in other words doesn't start with a period, than a reverse DNS look-up is done on the host name and compared to the IP address of the client; otherwise, the normal text string comparison is done. 
(check_acl): Moved the string text out of the function and removed some logging code by jumping to the "Deny" code at the end of the function.
 2002-06-05 16:59:21 +00:00
Robert James Kaes
5e74b6e011 Updated the ChangeLog 2002-05-31 18:29:39 +00:00
Robert James Kaes
02f3bdf5ff Added a boolean "truncate_file" flag for the create_file_safely() function. 2002-05-31 18:27:13 +00:00
Robert James Kaes
833186b7be (create_file_safely): Added the "truncate_file" boolean flag. This is needed since I use this function for both the log file and the pid file, and they behave differently when tinyproxy is started. 
(pidfile_create): Call create_file_safely() with a TRUE "truncate_file" flag so that the file is emptied whenever the pid file is needed.
 2002-05-31 18:26:30 +00:00
Robert James Kaes
e340b3371b The log file is now opened in "append" mode so that you can restart tinyproxy without losing the log file. 2002-05-31 18:24:36 +00:00
Robert James Kaes
65d8f175b4 Updated the version number. 2002-05-31 18:09:51 +00:00
Robert James Kaes
26a983b467 (process_server_headers): Since we're stripping off the carriage return and newline, we need to add them back on when sending the response header to the client. 2002-05-31 18:09:09 +00:00
Robert James Kaes
f548ce72b2 (getpeer_information): Fixed a problem retrieving the FQDN of a host because I was passing in an incorrect parameter to gethostbyaddr(). D'oh. 2002-05-31 18:08:01 +00:00
Robert James Kaes
f3989e64cf Updated the ChangeLog for the 1.5.1pre3 release. 2002-05-29 20:57:25 +00:00
Robert James Kaes
e8de8a2e8e Updated the version number. 2002-05-29 20:55:47 +00:00
Robert James Kaes
12fc92828c (malloc_shared_memory): Removed the MMAP_ANON and open("/dev/zero") since they are not portable across a while enough spectrum of machines. Right now tinyproxy is using a "classic" temporary file method of sharing memory. This will likely be improved in the future. 2002-05-29 20:51:35 +00:00
Robert James Kaes
360deb4568 Changed the tests on the return value from malloc_shared_memory() to make tinyproxy more portable, since we can't be certain that "if (!ret_value)" would actually detect a mmap() error. 2002-05-29 20:49:55 +00:00
Robert James Kaes
de782144bd Bumped up the version number. 2002-05-29 18:15:40 +00:00
Robert James Kaes
0ef46467ad Updated ChangeLog for the 1.5.1pre2 release. 2002-05-29 18:15:08 +00:00
Robert James Kaes
9b13e9bda8 (add_header_to_connection): Removed the "double_cgi" boolean, since tinyproxy now ignores all the headers after a "double CGI" situation has occurred. 
(get_all_headers): Instead of dropping duplicate headers when the "double CGI" situation occurs, tinyproxy will now drop _all_ the headers from the "inner" HTTP response.
 2002-05-29 18:11:57 +00:00
Robert James Kaes
5fcb8553da (init_stats): Fixed a spelling mistake where the number of bytes being allocated was incorrect. 2002-05-29 17:31:01 +00:00
Robert James Kaes
e7fcb5fc7d (add_header_to_connection): Added a boolean to indicate that a "Double CGI" situation is in affect. This is needed to solve a problem with some sites (like cgi.ebay.com) where they are sending two HTTP response lines (and associated headers) with a response. 
(get_all_headers): Detect if a "Double CGI" situation has occured.
 2002-05-28 20:40:01 +00:00
Robert James Kaes
cf2bd809fb (get_all_headers): Added code to ignore a "response" line in a header. This was pointed out as being a problem with eBay (cgi.ebay.com) 
(process_server_headers): Added code to make skip blank lines before a response line.
 2002-05-28 04:53:33 +00:00
Robert James Kaes
00bf9b0346 Fixed up a problem where the tinyproxy manual page was not getting included with the distribution. 2002-05-27 15:19:34 +00:00
Robert James Kaes
36d712dc64 Updated the ChangeLog to include new changes to various files. 2002-05-27 03:06:45 +00:00
Robert James Kaes
c2712cb0bb Reformated the ChangeLog. 2002-05-27 02:01:06 +00:00
Robert James Kaes
4ce9674365 (process_request): Changed the filtering code around to handle both domains and URLs. 2002-05-27 02:00:22 +00:00
Robert James Kaes
35d3d79e92 Added into the config structure the filter_urls and filter_extended flags. 2002-05-27 01:59:28 +00:00
Robert James Kaes
d64dfc5d77 Some spelling fixes. 2002-05-27 01:58:41 +00:00
Robert James Kaes
83a1a32f2a (opensock): Changed a comment around to better state what the code is actually doing. 2002-05-27 01:57:48 +00:00
Robert James Kaes
b11015c2e1 Added a copyright for James E. Flemer since these are his changes. 
(filter_init): Added code to handle both host and URLs.  Also include code to use extended regular expressions.
(filter_domain): The old filter_url function has been renamed filter_domain().
(filter_url): This function now actually filters complete URLs.
 2002-05-27 01:56:22 +00:00
Robert James Kaes
026c7d9a3d Added support for the "FilterURLs" and "FilterExtended" directives. 
These directives were submitted by James Flemer for use with the new
filtering code.
 2002-05-27 01:52:44 +00:00
Robert James Kaes
4ba42369b9 Changes to tinyproxy relating to signals and the copyright dates. 2002-05-27 00:51:29 +00:00
Robert James Kaes
df3d88ed4e Updated the version number (pre 1) 2002-05-27 00:49:06 +00:00
Robert James Kaes
514182a05f (display_license): Updated the copyright dates 
(main): Moved the signals around so that the appropriate signal is assigned to either the children or just the parrent process.
Updated the copyright on the file.
 2002-05-27 00:46:24 +00:00
Robert James Kaes
8506b4ba33 Updated the ChangeLog. This was pulled from the CVS logs using Emacs. 
First time I've done this, but it seemed to work pretty well.
 2002-05-26 19:07:04 +00:00
Robert James Kaes
a892febac3 Removed the "DNSserver" directives since they're no longer needed. 2002-05-26 18:59:10 +00:00
Robert James Kaes
9c28c7dfe2 Removed the pthread related tests and added a test for the sys/mman.h 
header (needed for shared memory.)
 2002-05-26 18:58:19 +00:00
Robert James Kaes
9910c06bd2 Removed the "dnsserver" program all together, and changed the names of 
some of the files.
 2002-05-26 18:56:43 +00:00
Robert James Kaes
2e6ab58f37 Added the malloc_shared_memory() and calloc_shared_memory() function to 
allow the use of shared memory between all the children.
 2002-05-26 18:56:06 +00:00
Robert James Kaes
63f481c61a Spelling changes (from thread to child.) 2002-05-26 18:55:19 +00:00
Robert James Kaes
6cc0dce1b4 Removed the directives for the old DNSserver process. 2002-05-26 18:54:27 +00:00
Robert James Kaes
49b21c7e2f The stats structure has been moved into a shared memory block since it 
needs to be shared by all the children.
 2002-05-26 18:53:14 +00:00
Robert James Kaes
a67fb30bdf Removed all the code relating to the DNS API (dnsclient.h) as it's no 
longer needed with the new pre-forked model.
 2002-05-26 18:52:23 +00:00
Robert James Kaes
523f2003fa Removed the DNS API calls and replaced them with the standard 
gethostbyname() and gethostbyaddr() functions.  This is possible
because tinyproxy now uses a standard pre-forked() method.
 2002-05-26 18:51:17 +00:00
Robert James Kaes
71046cd407 Removed the "pthread" related includes. 2002-05-26 18:49:19 +00:00
Robert James Kaes
c35e56ae66 No longer using a threading model; so these files have been replaced by 
the child.c/child.h files (which use a pre-forked model.)
 2002-05-26 18:48:32 +00:00
Robert James Kaes
1fda8899b1 I didn't like the DNS co-process design so I changed tinyproxy from a 
threading model to a standard pre-forked model.  This means I don't need
the DNS co-process files.  Gone.
 2002-05-26 18:47:11 +00:00
Robert James Kaes
b3e657a00e Changed from using a threading model to a standard pre-forked model. 
Therefore the thread.c file has been removed and this file replaces it.
These files are really just the thread.c and thread.h files with all the
threading stuff replaced with fork() code.  Most of the code is identical.
 2002-05-26 18:45:26 +00:00
Robert James Kaes
391a408eee Fixed a tonne of spelling mistakes. 2002-05-24 04:45:32 +00:00
Robert James Kaes
a34db10d65 Fixed some spelling mistakes, and removed the getpeer_ip() and 
getpeer_string() functions as they've been replaced by the
getpeer_information() function.
 2002-05-24 04:44:36 +00:00
Robert James Kaes
e55c4263a8 Added the "DNSserverLocation" and "DNSserverSocket" directives 
(including their comments.)  These directives are _required_ by the
dnsserver DNS resolver.
 2002-05-23 21:32:54 +00:00
Robert James Kaes
e7b9b558e9 Moved the AC_SUBST macros all together at the end of the file. 2002-05-23 18:29:34 +00:00
Robert James Kaes
196d86fdcf A whole list of changes relating to the new "dnsserver" process and the 
reorganization of the source files.
 2002-05-23 18:29:00 +00:00
Robert James Kaes
b77fc5c860 Moved most of the function into separate files: the heap debugging 
functions are in "heap.c"; the daemon functions are in "daemon.c"; and,
the string/text functions are in "text.c".
 2002-05-23 18:28:12 +00:00
Robert James Kaes
52c15029d1 Moved all the system header includes into the common.h file. 2002-05-23 18:27:19 +00:00
Robert James Kaes
16386fbb70 Added a new signal handler to handle SIGCHLD signals because of the new 
dnsserver child process.

Changed the set signal calls to use our new set_signal_handler() function.

Added code to start the "dnsserver" child process.
 2002-05-23 18:27:01 +00:00
Robert James Kaes
478030c6ff Changed the lookup_domain() function to use the new "dnsserver" API. 
Also moved safe_write(), safe_read(), readline(), and write_message()
functions into their own file.
 2002-05-23 18:25:55 +00:00
Robert James Kaes
47ab97a347 Fixed up a spelling mistake and changed various bits of code to take 
advantage of the fact that the peer's socket information is now stored
inside the connection structure.
 2002-05-23 18:24:46 +00:00
Robert James Kaes
1f9085cef2 Added the "DNSserverLocation" and "DNSserverSocket" directives for use 
with the "dnsserver" resolver.
 2002-05-23 18:24:02 +00:00
Robert James Kaes
09b1b9b925 Added the peer's socket information to the connection structure. The 
information is passed along during the initialization of the structure.
 2002-05-23 18:23:29 +00:00
Robert James Kaes
9d0c65ad86 Fixed up the header includes for the new layout. 
Changed one line of code to make it explicit how the pointers are to be
updated.
 2002-05-23 18:22:48 +00:00
Robert James Kaes
451fad1ed2 Changed the header includes around to reflect the new source layout. 2002-05-23 18:20:27 +00:00
Robert James Kaes
e633b97957 Added code to create the "dnsserver" program, and also reorganized to 
include the various new source files.
 2002-05-23 04:43:06 +00:00
Robert James Kaes
1690c05075 Initial addition to CVS. Moved the three "text" related functions into a 
separate file.
 2002-05-23 04:42:30 +00:00
Robert James Kaes
fd3e6e84fb Initial addition to CVS. Moved the network related functions into a 
separate module.
 2002-05-23 04:41:48 +00:00
Robert James Kaes
c667952861 Initial addition to CVS. Moved all the debugging heap related functions. 2002-05-23 04:41:10 +00:00
Robert James Kaes
0b0e03fa39 Initial addition to CVS. The dnsserver process is a child executable that 
handle DNS resolving.
 2002-05-23 04:40:42 +00:00
Robert James Kaes
d22d6d181b Initial addition to CVS. These functions create an API for accessing the 
dnsserver child process.
 2002-05-23 04:40:06 +00:00
Robert James Kaes
2ee61db6af Initial addition into CVS. Moves various functions relating the daemon 
processes.  Added a portable signal handler setting function.
 2002-05-23 04:39:32 +00:00
Robert James Kaes
65cf5ea290 Initial addition to CVS. This header moves all the system includes from 
the tinyproxy.h file to here.
 2002-05-23 04:37:54 +00:00
Robert James Kaes
92f11c15aa Added "releases.txt" to the list of files which need to be included in the 
tarball.  "releases.txt" is created by a script which searches through the
ChangeLog for release information.
 2002-05-17 20:11:26 +00:00
Robert James Kaes
15ac6d24a1 Added release information for version 1.3.1 and 1.3.0 2002-05-17 20:07:49 +00:00
Robert James Kaes
44bd80e100 Added more release information. 2002-05-17 20:03:13 +00:00
Robert James Kaes
b3af1a8740 Fixed on inaccurate entry (the variable was made _signed_ to preserve the 
negative value.)  Also, added in "Released tinyproxy ..." information so
that changes between versions can be better determined.
 2002-05-17 19:32:23 +00:00
Robert James Kaes
700f129750 Set the pointer to NULL after it's been freed() 2002-05-17 16:39:35 +00:00
Robert James Kaes
e4e78e0f1b request->host might have been freed by the time we get to 
free_request_struct(), so make sure it's pointing to memory.
 2002-05-17 16:34:42 +00:00
Robert James Kaes
bb9f206529 Moved the definition of the struct buffer_s into the buffer.c file and out 
of the buffer.h file.  This also required the removal of the BUFFER_SIZE
macro, and replace it with the buffer_size() function.
 2002-05-14 00:43:38 +00:00
Robert James Kaes
d46cba8a0b Added a "tail" pointer to the vector to make insertions more efficient. 2002-05-13 23:32:16 +00:00
Robert James Kaes
16e96c79e8 Thanks to Justin Guyett for making the hashmap_insert() function use a 
constant time insert.  Explanation: new enteries are added to the _front_
of the chain, rather than search to the end.
 2002-05-13 20:02:23 +00:00
Robert James Kaes
73e3b495e0 Fixed up a potential SEGFAULT if memory for an entry could not be 
allocated.  Also, thanks to Justin Guyett for finding a problem the
hashmap_remove() function.  There was a problem where an entry's "prev"
pointer could be pointing to freed memory.

Finally, renamed all "maps" to bucket to make the source more
understandable.
 2002-05-13 18:47:46 +00:00
Robert James Kaes
f0b0990612 Fixed up the installation of the tinyproxy.conf file. The file is only 
installed if it doesn't already exist (rather than giving a make error.)
 2002-05-10 19:53:03 +00:00
Robert James Kaes
8e9fee2e10 Changed the version number to 1.5.0 2002-05-09 17:36:31 +00:00
Robert James Kaes
924b6192c1 Blocking ports has been added as well as the selective binding. 2002-05-09 16:25:32 +00:00
Robert James Kaes
a25e0a608e bumped up version number 2002-05-08 19:57:02 +00:00
Robert James Kaes
f58a34ed34 --with-config now supports absolute paths as per James Flemer's request. 2002-05-08 18:42:44 +00:00
Robert James Kaes
3138b239f6 Removed the NEWS file from the CVS since it's really a distribution file, 
not a source file.
 2002-05-08 15:55:46 +00:00
Robert James Kaes
cf2ecb83b8 Removed the request logging in the tunnel because it breaks the tunnel 
concept since it blocks waiting for information from the client before any
data from the remote is relayed.
 2002-05-08 03:29:23 +00:00
Robert James Kaes
14f83aec55 Fixed up the usage of the CFLAGS 2002-05-02 18:22:15 +00:00
Robert James Kaes
50058c1cab Proper handling of the tinyproxy.conf location within the source tree 
(needed for make distcheck.)
 2002-05-02 18:12:32 +00:00
Robert James Kaes
42ef3b86b6 Bumped up the version number. 2002-05-02 17:36:46 +00:00
Robert James Kaes
6004eca8c6 Improved the code to install all the files into their properly locations. 2002-05-02 17:35:27 +00:00
Robert James Kaes
0a1f83bbe5 tinyproxy should be installed into the /sbin directory rather than the 
/bin directory since it's a network daemon.
 2002-05-02 17:34:58 +00:00
Robert James Kaes
82f7a5cba6 Added code to figure out and install the configuration file. 2002-05-02 04:44:03 +00:00
Robert James Kaes
c89813d5d7 Bumped up the version number. 2002-04-29 16:32:20 +00:00
Robert James Kaes
fefedea577 Added the reason why servers_waiting needs to be a signed integer. 2002-04-29 16:31:16 +00:00
Robert James Kaes
3284f365b2 Check the return value of the write_message() function. 2002-04-28 20:03:53 +00:00
Robert James Kaes
ed90a4676f Added more error checking in process_client_headers() and 
process_server_headers() functions.

Also, better reporting of errors back to the client.
 2002-04-28 20:03:18 +00:00
Robert James Kaes
f79807ac11 Added extra logging information, and made sure that locks were being 
released properly.
 2002-04-28 18:32:16 +00:00
Robert James Kaes
e4fe04cbaf Clear the total array of threads before any of the threads are created. 2002-04-28 03:09:52 +00:00
Robert James Kaes
577f3cebbf Fixed up the error detection code when relating the pthread functions. 
They return 0 if OK, and a positive error code.

Cleaned up the status setting code in thread_main().

Thanks to Hans-Georg Bork for fixing the problem in thread_pool_create()
where the status wasn't set early enough to allow all the threads to be
created.

Added additional logging information to let the admin know what is
happening with the thread creation.
 2002-04-28 02:37:01 +00:00
Robert James Kaes
1a8c914dd2 Changed the len type to ssize_t because we need to detect errors in the 
recv() call.  Thanks to Tom Cross for discovering this bug.
 2002-04-26 19:33:09 +00:00
Robert James Kaes
9554989110 Bumped up the version number. 2002-04-26 16:59:44 +00:00
Robert James Kaes
1d78e63233 Added an assert in hashmap_first() 2002-04-26 16:51:29 +00:00
Robert James Kaes
e9f5b2e75f Check the return value of hashmap_first() 2002-04-26 16:50:55 +00:00
Robert James Kaes
0e7182533c Need to check the return value of hashmap_first() since it could be 
negative.
 2002-04-26 16:43:20 +00:00
Robert James Kaes
6992c74bba Check to see if request->path is actually allocated before trying to free 
it.
 2002-04-25 19:20:56 +00:00
Robert James Kaes
284def7321 Fixed up the test for the c_r library. Also, added the -D_REENTRANT 
define _always_.
 2002-04-25 19:00:03 +00:00
Robert James Kaes
7fe567da94 Changed to the hashmap module, and to the remove_connection_headers() 
function.
 2002-04-25 18:58:55 +00:00
Robert James Kaes
b4ef24844f First change all the hashmap related calls to use the new API. 
The remove_connection_headers() function now handles both the Connection
header _and_ the Proxy-Connection header.
 2002-04-25 18:58:08 +00:00
Robert James Kaes
d1031e2c8f The hashmap API changed, so this function needs to be changed as well. 2002-04-25 18:56:43 +00:00
Robert James Kaes
ce51a74045 Removed the hashmap_keys() function and added the "iterator" concept. 
This required a bunch of changes to the source (like the inclusion of the
end_iterator member variable.)  All this was required by sites like Yahoo
which send out multiple "Set-Cookie" headers.  tinyproxy needs to handle
this situation correctly.
 2002-04-25 18:55:56 +00:00
Robert James Kaes
b5df4f1cf0 hashmap_search() only takes two arguments, so removed the unneeded NULL. 2002-04-25 18:52:09 +00:00
Robert James Kaes
d7c3f23610 bind_address has been moved inside the config structure. Fixed up a 
problem where "data" was being freed even if it had not been allocated
(because of an error condition.)
 2002-04-24 16:48:34 +00:00
Robert James Kaes
335d787018 Fixed a couple of problems where tinyproxy was trying to free a memory 
block which had not been allocated.

Also, the "proxy-connection" to the list of headers we don't pass.
 2002-04-24 16:47:19 +00:00
Robert James Kaes
89ada2df28 Moved bind_address inside the config structure. 2002-04-24 16:45:45 +00:00
Robert James Kaes
e7c7c91d71 Added the "Bind" directive. 2002-04-22 19:49:40 +00:00
Robert James Kaes
c5b9ec889e Renamed the LOCKing macros and added assert debugging code. Also, moved 
the mutex initialization into a function call so that I can use an
error checking mutex once I figure out how to get it to work on my
computer.
 2002-04-22 19:41:17 +00:00
Robert James Kaes
c648ed1bc5 Added the "Bind" directive. 
Fixed up the log_message function to store messages until the log file has
been created.
"Proxy-Connection" is not sent along to the remote message.
 2002-04-22 19:37:15 +00:00
Robert James Kaes
08077cc9e1 The "Bind" directive sets a binding address which the outgoing connections 
will use.
 2002-04-22 19:35:24 +00:00
Robert James Kaes
1953348c90 Added the "Proxy-Connection" header to the list of client headers which 
are not passed along.
 2002-04-22 19:34:50 +00:00
Robert James Kaes
2ec7a4dd72 The log_message() function now stores the messages if the configuration 
file has not been read yet.  The reason for this is that we don't know
where to log the messgaes until _after_ the config file has been
processed.
 2002-04-22 19:34:20 +00:00
Robert James Kaes
60f61c8f0c Added the "Bind" directive. 2002-04-22 19:33:01 +00:00
Robert James Kaes
aa68eb8540 Whoops. The previous include only had the code conditionally removed. 
Remove for real this time.
 2002-04-18 21:54:50 +00:00
Robert James Kaes
1db154464e Removed the call to inet_aton() since the gethostbyname() function handles 
the dotted-decimal case itself.
 2002-04-18 21:53:33 +00:00
Robert James Kaes
60f0a86c75 The stats now wait until after the client has finished sending all its 
headers before sending the HTTP response back.  This should be more
standards compliant.
 2002-04-18 21:43:53 +00:00
Robert James Kaes
1691feb9bb Bumped the version number to 1.5.0rc4 2002-04-18 18:48:57 +00:00
Robert James Kaes
73a53daf38 Removed the call to hstrerror() in the getpeer_string() function. It's 
not available on all machines.
 2002-04-18 18:48:22 +00:00
Robert James Kaes
09c7acf9fc Memory leak in the hashmap_delete() function has been fixed. 2002-04-18 18:41:27 +00:00
Robert James Kaes
d14b612e13 Fixed a memory leak in the hashmap_delete function. The array of maps was 
not being deleted.
 2002-04-18 18:40:38 +00:00
Robert James Kaes
45a96fde12 Changed to vector.c and hashmap.c 
Added the debugging_strdup() function.
Fixed a memory leak in get_all_headers.
 2002-04-18 18:00:35 +00:00
Robert James Kaes
9a8d732a13 Changed all calls to strdup to safestrdup. This should provide better 
memory usage tracking.
 2002-04-18 17:59:21 +00:00
Robert James Kaes
a66aae880c Fixed a memory leak in reading in headers from the client or server. 2002-04-18 17:58:52 +00:00
Robert James Kaes
3b5a4b7362 Replaced the explicit header includes with one call to tinyproxy.h. Also, 
added the utils.h header and changed all the malloc, calloc, free, and
strdup to the appropriate safe variety.
 2002-04-18 17:57:20 +00:00
Robert James Kaes
ce4687fbf9 Added the debuggin_strdup() function and the associated safestrdup() 
macro.  Also, added asserts to the other debugging_* functions.
 2002-04-18 17:49:14 +00:00
Robert James Kaes
dc18888c83 Bumped up the version number to 1.5.0rc3 2002-04-18 17:04:38 +00:00
Robert James Kaes
43860d2469 Moved the filter_destroy() logic from inside the signal handler. It's now 
been moved to inside the main() function.
 2002-04-18 17:04:04 +00:00
Robert James Kaes
5822ec3d44 Moved the log rotation code out of the signal handler and into it's own 
function.  The signal handler now simply sets a flag which is monitored
inside the thread_main_loop() function.  The log rotation code has also
been tightened to handle any error conditions better.  Credit to Petr
Lampa for suggesting that system functions inside of a signal handler is
bad magic.
 2002-04-18 16:57:06 +00:00
Robert James Kaes
6a588826c1 Changes to configure.ac, src/sock.c, src/reqs.c, src/acl.c, src/acl.h, 
and src/thread.c
 2002-04-17 20:57:58 +00:00
Robert James Kaes
9fd6a9eaa9 Added a test for pthread_cancel() since it's not available on all 
platforms.
 2002-04-17 20:56:35 +00:00
Robert James Kaes
3e60a5b819 Removed the LOOKUP_LOCK() and LOOKUP_UNLOCK() macros since I believe I 
need locking around both gethostbyname() and gethostbyaddr() at the same
time.
 2002-04-17 20:56:13 +00:00
Robert James Kaes
1d85484c3a If the initialize_conn() function fails, close the socket and return. 
Also, changed the call to check_acl() to include the peer's IP and string
addresses.
 2002-04-17 20:55:21 +00:00
Robert James Kaes
42098699db Removed the close(connfd) call since the socket has already been closed 
from within the handle_connection() function.

Added tests to make sure pthread_create() succeeds.

Added defined tests for pthread_cancel() since it's not available on all
platforms.
 2002-04-17 20:54:26 +00:00
Robert James Kaes
44bbdb2623 Changed the check_acl() function to require the peer IP address and string 
address from the calling function.
 2002-04-17 20:52:45 +00:00
Robert James Kaes
795f4f2fe7 More spelling fixes. 2002-04-16 04:58:51 +00:00
Robert James Kaes
8defcc6225 Just general spell checking. 2002-04-16 04:14:59 +00:00
Robert James Kaes
0fb2fa7393 Various changes in the src/anonymous.c and src/reqs.c files. 2002-04-16 03:22:44 +00:00
Robert James Kaes
04da777bed Removed the duplicate calls to strlen(). 2002-04-16 03:22:16 +00:00
Robert James Kaes
0e4436a070 Tightened the lookup_domain() function. 2002-04-16 03:21:46 +00:00
Robert James Kaes
ca10b1353d Various code clean up. There is nothing new here, just mechanical changes 
to the source to either remove code which is not needed, or consolidate
common code into a common section.
 2002-04-16 03:20:43 +00:00
Robert James Kaes
c722851bce Cleaned up the return values of the two anonymous functions to make the 
code cleaner and smaller.
 2002-04-16 03:19:19 +00:00
Robert James Kaes
bdfad7a2dd Bumped up version number 2002-04-16 00:23:23 +00:00
Robert James Kaes
17ea28ccc6 Changes for chomp(), read_request_line(), and readline() 2002-04-15 04:17:17 +00:00
Robert James Kaes
4b7de22999 Added a test to make sure the "whole_buffer" could be allocated. 2002-04-15 04:16:01 +00:00
Robert James Kaes
550145d49e Changed the variable type in read_request_line() to an unsigned variable 
in order to detect negative returns.
 2002-04-15 04:14:03 +00:00
Robert James Kaes
f0b6861998 Added an assert() call to detect design errors. 2002-04-15 04:13:14 +00:00
Robert James Kaes
a5d3212751 Changed the error boolean flag into a pointer to an error string and an 
error code.  We're storing this information because tinyproxy doesn't
output the error information until _after_ the client has sent it's
information.
 2002-04-15 02:07:27 +00:00
Robert James Kaes
c86d22226f Added additional error handling for the bind() and listen() system calls 
when setting up the listening socket.
 2002-04-13 19:03:18 +00:00
Robert James Kaes
6c2d7ebaa4 Bumped up version number. 2002-04-13 17:53:55 +00:00
Robert James Kaes
be47c1791d Modified the opensock() function to respect the Listen directive. If it's 
set, bind all outgoing addresses to this local address.
 2002-04-13 05:20:19 +00:00
Robert James Kaes
1685e9ca66 Changes regarding the new ConnectPort directive. 2002-04-12 17:01:07 +00:00
Robert James Kaes
ecb249f424 Added code to support the new ConnectPort directive which is needed to 
improve security of the tinyproxy system.  This new directive allows the
admin to block CONNECT methods to illegal ports.
 2002-04-12 17:00:42 +00:00
Robert James Kaes
660e4d5687 Added the support code to process a ConnectPort configuration directive. 2002-04-12 16:59:37 +00:00
Robert James Kaes
eb1230e841 Added the description and intial settings for the ConnectPort directive. 2002-04-12 16:59:06 +00:00
Robert James Kaes
f1a451faea Added a write_via_header() function which is now used in both header 
processing functions.  Also, added a list of headers to drop in the
process server header functions.
 2002-04-12 03:09:04 +00:00
Robert James Kaes
604785be66 Bumped up the pre-version number. 2002-04-11 20:45:56 +00:00
Robert James Kaes
b18070b268 Changes to remove_connection_headers(), relay_connection(), 
process_client_headers(), and process_server_headeers().

Added the get_content_length() function.
 2002-04-11 20:45:10 +00:00
Robert James Kaes
85a82af5f5 Did a bit of consolidation by moving code into remove_connection_headers() 
and added the get_content_length() function.

The process_server_headers() function was rewritten to remove the
Connection header correctly, and also retrieve the Content-Length value.
This value is needed in the relay_connection() function since there are
some remote machines which do not properly close down the connection once
the body has been retrieved.  Thanks to James Flemer for finding a test
case for this problem.
 2002-04-11 20:44:15 +00:00
Robert James Kaes
ce06f27a35 Added the remote_content_length variable to store the number of bytes the 
remote server is supposed to be transmiting to the client.
 2002-04-11 20:27:51 +00:00
Robert James Kaes
52fa476b21 Replaced calls to AC_LIBOBJ to an ADDITIONAL_OBJECTS variable (since it's 
not being used with src/Makefile.am).  Also, rewrote the REGEX test to
better confirm to the autoconf standard.
 2002-04-11 02:57:20 +00:00
Robert James Kaes
ed30d9d329 Changed in src/Makefile.am 2002-04-10 21:52:07 +00:00
Robert James Kaes
abdfa8b2da Removed the dependency on LIBOBJS and instead use the ADDITIONAL_OBJECTS 
variable in conjunction with _DEPENDENCIES and _LDADD.  The change here
makes filter a "required" module in the sense that it will always be
compiled (to make sure it doesn't get out of date), but it will
conditionally included in the object file.
 2002-04-10 21:51:01 +00:00
Robert James Kaes
448a1b222d Bumped up the pre-version release number and removed the AC_FUNC_MEMCMP 
macro.
 2002-04-10 19:10:07 +00:00
Robert James Kaes
e3e3020c00 Removed the test for lstat() since it wants to add a lstat.o dependancy. 
I really need to got through the configure.ac file and figure out what
_really_ needs to be tested for.
 2002-04-10 17:30:08 +00:00
Robert James Kaes
a903b6d997 Added an extra new line at the end of the file to quiet picky compilers. 
:)
 2002-04-10 17:29:18 +00:00
Robert James Kaes
4fa5cef491 The malloc/free functions should be in stdlib.h, but if we can't find 
stdlib.h then try including malloc.h.  Maybe this will allow clean
compiling on some platforms.
 2002-04-09 22:02:05 +00:00
Robert James Kaes
fb616011ef More changes in the ChangeLog :) 2002-04-09 20:07:10 +00:00
Robert James Kaes
eef4559783 Removed the compare_header() function since it's been replaced by a call 
the anonymous_search().

Added a few more log_message() calls to better explain error conditions.

Fixed up a problem with X-Tinyproxy sending logic.
 2002-04-09 20:06:24 +00:00
Robert James Kaes
0c5bd57698 Added more include logic code to be more portable. 2002-04-09 20:05:15 +00:00
Robert James Kaes
7409281e34 Replaced the internally used linked list with a call to the hashmap 
module.  Code reuse is a good thing.
 2002-04-09 20:04:39 +00:00
Robert James Kaes
607e4c4c6c Fixed up the problem with the "-lc_r" inclusion code. 
_Really_ fixed up the problem with compiling under OpenBSD.
Bumped up the version number.
 2002-04-09 20:04:05 +00:00
Robert James Kaes
3c631c6e5c James Flemer cleaned up the make_netmask() function to remove the static 
table.  Very nice.
 2002-04-09 19:11:09 +00:00
Robert James Kaes
b3a5b17b7d Bumped up the version number. 2002-04-09 16:32:39 +00:00
Robert James Kaes
7e6d2bf451 New changes to configure.ac, hashmap.c, and vector.c 2002-04-09 16:32:22 +00:00
Robert James Kaes
2f54303d98 Cleaned up the include lines to be slightly more portable (I hope.) 2002-04-09 16:28:13 +00:00
Robert James Kaes
3a787ecbfa Small changes to conform to the new Autoconf standards. Also, added a 
test for the OpenBSD system which prevents the inclusion of the malloc.h
header (the functions are actually defined in stdlib.h)

I might even remove the malloc.h header altogether since the malloc/free
functions _should_ be in stdlib.h
 2002-04-09 16:27:34 +00:00
Robert James Kaes
54a84434fc Changed the version number to reflect the 1.5.0 pre-releases 2002-04-09 01:45:37 +00:00
Robert James Kaes
64e28312dc New news for the 1.5.0 release. 2002-04-09 01:45:07 +00:00
Robert James Kaes
6f06485dbd Updated the description to include the "SSL" fact. 2002-04-09 01:44:42 +00:00
Robert James Kaes
eb78e5e1f4 Added the cancelation setting to make sure the thread stops immediately. 2002-04-09 00:37:43 +00:00
Robert James Kaes
0d66719c5a Just moved the looping code from main() into thread_main_loop(). 2002-04-08 21:35:10 +00:00
Robert James Kaes
bf82c863bc Just a variable name change to make it easier to read. 2002-04-07 21:37:07 +00:00
Robert James Kaes
1d52d9d510 Updated the copyright notice. 2002-04-07 21:36:39 +00:00
Robert James Kaes
fb736ec3fb A _tonne_ of changes. It would almost be easier to just read the source 
itself to find out all the changes.  Changed the process_client_header()
function to use the hashmap and vector modules.  I've made this change to
better handle the Connection header.  The Connection header, it it's
present, lists all the headers which should _not_ be transmitted any
further along.  An HTTP/1.1 proxy must respect this.

Other changes are basically cosmetic.
 2002-04-07 21:35:59 +00:00
Robert James Kaes
5e9aa90009 Update the list of source code files to include the vector and hashmap 
files.
 2002-04-07 21:33:38 +00:00
Robert James Kaes
97a72783f5 Cleaned up some of the code to handle errors better. Also, a little bit 
easier to read in the variable department.
 2002-04-07 21:32:01 +00:00
Robert James Kaes
c654bc14d9 Changed the version number down to 1.4.4pre1 (from the more ambitious 
1.5.0pre1)
 2002-04-07 21:31:15 +00:00
Robert James Kaes
6edba0dfa6 Updated the changelog information. 2002-04-07 21:30:30 +00:00
Robert James Kaes
5b3658b122 A hashmap implementation. I use this for storing the headers from the 
client.
 2002-04-07 21:30:02 +00:00
Robert James Kaes
54f369a734 Added the vector module which is a vector implementation. I use it in the 
hashmap implementation.
 2002-04-07 21:29:23 +00:00
Robert James Kaes
e70b98252a Added define check for XTINYPROXY_ENABLE. Although, I'm not sure if this 
is the correct way to do this, since grammar.c probably doesn't get
recomplied even if config.h is changed.  Must look into this more.
 2002-04-02 17:17:30 +00:00
Robert James Kaes
daf90db115 Update to reflect changes to configure.ac 2002-04-02 17:00:29 +00:00
Robert James Kaes
194435acc1 Patch from James Flemer which: 
* allows the --disable-* options to work
 * prevents -lc_r from being included on FreeBSD machines
 2002-04-02 16:58:36 +00:00
Robert James Kaes
1819c0f818 Added code to check for "errors" from the accept call in thread_main() and 
also a new thread_kill_threads() function which should cancel all threads
when the main thread is being closed.
 2002-01-25 00:01:45 +00:00
Robert James Kaes
388920bc53 Added code which checks to see if the user has signalled that tinyproxy 
should be closed.
 2002-01-08 02:02:25 +00:00
Robert James Kaes
ea0d956a57 Removed an unused header. 2001-12-28 22:31:12 +00:00
Robert James Kaes
a0dee6c57f Check for errors returned by the accept() function. 2001-12-28 22:29:11 +00:00
Robert James Kaes
8cfe33fc4a more changes to utils.c, reqs.c, and sock.c 2001-12-24 00:03:00 +00:00
Robert James Kaes
9520866ab3 Changed send_http_message() to use the write_message() function. 
Changed httperr() to use the same concept as the write_message() function.
Still haven't figured out how to combine the code.
 2001-12-24 00:02:32 +00:00
Robert James Kaes
b10221fa07 Added the write_message() function (from reqs.c) 2001-12-24 00:01:32 +00:00
Robert James Kaes
475e526a48 Moved write_message() into sock.c because I'm using it in other places. 2001-12-24 00:01:02 +00:00
Robert James Kaes
831b00dc7a Made the error message regarding the Idle timeout more verbose, and 
changed the level to WARNING.
 2001-12-23 22:00:36 +00:00
Robert James Kaes
c3124815a1 Cleaned up the code which sends the "Via" header. It now uses 
write_message().
 2001-12-23 21:55:08 +00:00
Robert James Kaes
b68354a9da Add a pre-processor test around the sys/types.h header file, to make sure 
it's available before we try to include it.
 2001-12-23 18:44:02 +00:00
Robert James Kaes
4ed73b6f07 Fixed up the order of some of the includes to cope with OpenBSD. Also, 
test for the MSG_NOSIGNAL define.
 2001-12-23 03:28:03 +00:00
Robert James Kaes
d6e5285e95 Updated the copyright notice. 2001-12-20 04:48:52 +00:00
Robert James Kaes
93f0406b7e Created the CHECK_CRLF() macro to handle the tests for the appropriate 
control characters in a string.
 2001-12-20 04:48:32 +00:00
Robert James Kaes
7240af4333 Changed the calls to write() to send() so that we can use send(..., 
MSG_NOSIGNAL) and not get signals sent to the process. (easier for
debugging and the system doesn't need to worry about signals.)
 2001-12-19 20:41:28 +00:00
Robert James Kaes
63a1fa96cc Removed duplicate code from process_server_headers() and removed the calls 
to strlen(); readline() already returns the length of the string, so use
that instead.
 2001-12-19 20:40:23 +00:00
Robert James Kaes
e964cf0d35 Damn---removed the debugging code from write_message(). 2001-12-19 05:20:01 +00:00
Robert James Kaes
5140f01d5c Opps! Fixed a problem with negative numbers. :) 2001-12-19 05:19:03 +00:00
Robert James Kaes
56b541d76b Redefined HTTP_LINE_LENGTH to be based on MAXBUFFSIZE (and set to around 
16 KB.)

Added the TUNNEL_CONFIGURED() macro to help with testing for the tunnel
support code.

Create the write_message() function to encapsulate the code which sends
the information to the file descriptor.

Moved the tunnel code into it's own function.
 2001-12-19 05:13:40 +00:00
Robert James Kaes
4a257edd0a Update the reqs.c file. 2001-12-19 05:10:46 +00:00
Robert James Kaes
17103bf8fe Updated the list of headers to ignore. 2001-12-18 05:01:03 +00:00
Robert James Kaes
faf655c5db Added the code to log the request when in tunnelling mode. 2001-12-17 19:10:56 +00:00
Robert James Kaes
a62834808a Added the code the log the request when in tunnelling mode. 2001-12-17 19:10:37 +00:00
Robert James Kaes
4916c78ad5 Removed the version test for the bison. 2001-12-17 19:10:06 +00:00
Robert James Kaes
71ad9f439f Bumped the version number. 2001-12-17 00:28:28 +00:00
Robert James Kaes
15a7581e30 Updated the changelog. 2001-12-17 00:12:15 +00:00
Robert James Kaes
9448787ff2 Added UPSTREAM_CONFIGURED() macro to help clean up the code. 
Ignore any blank lines when tinyproxy is expecting a request line.

Instead of sending the request line to the remote server in pieces,
tinyproxy nows sends it in once go. This was done to fix a problem with
some sites like www.heise.de.

Changed all calls to connptr->ssl to connptr->connect_method.

Changed all calls to connptr->send_message to
connptr->send_response_message.

Moved the call to Via header code to inside to the tests to handle if
tinyproxy is sending an error message (don't need to send any headers.)
 2001-12-17 00:11:32 +00:00
Robert James Kaes
fdb4952e5f Added the assert() calls to safe_write() to make sure the arguments are 
sane.
 2001-12-17 00:00:24 +00:00
Robert James Kaes
6919faea77 Removed reference to ternary.h 2001-12-15 20:08:24 +00:00
Robert James Kaes
997d3daa65 No longer need this system since it was only being used in the DNS caching 
section and the anonymous header section. Once I had removed the DNS
caching, the ternary tree system was overkill for the anonymous header
code. Replaced in the anonymous header section with a simple linked list.
 2001-12-15 20:07:45 +00:00
Robert James Kaes
b969ed4302 Changed safe_write() to fully send all the data in the buffer it was 
passed. Also safe_write() and safe_read() now use char pointer buffers
rather than the void pointer style.
 2001-12-15 20:04:04 +00:00
Robert James Kaes
cad9a5d11b Switched from using the ternary tree to a simple linked list. 2001-12-15 20:02:59 +00:00
Robert James Kaes
b811c2fbf8 Removed the references to ternary.c and ternary.h 2001-12-15 20:02:26 +00:00
Robert James Kaes
3f4a052c85 Addtional function checks. 2001-12-15 20:02:03 +00:00
Robert James Kaes
70970e832a Updates for safe_write() and anonymous section. 2001-12-15 20:01:42 +00:00
Robert James Kaes
75ab2c8de3 Removed the include "dnscache.h" header file. 2001-12-15 06:02:16 +00:00
Robert James Kaes
e10d005f81 Added the lookup_domain() function which replaces the DNS caching system. 2001-12-15 06:00:03 +00:00
Robert James Kaes
a4934e2232 Added the host name lookup code (which use to be in the DNS caching 
system.)
 2001-12-15 05:58:30 +00:00
Robert James Kaes
b15be9de3e Removed the references to dnscache.c and dnscache.h 2001-12-15 05:57:40 +00:00
Robert James Kaes
bf18ec5adc Removed the DNS caching system because tinyproxy did not determine the TTL 
of the host names being resolved, which is not recommended by RFC2616.
Basically, if a HTTP client doesn't respect the TTL is should not be
caching the address since it leaves itself open to DNS spoofing attacks.

Also, having a DNS caching system is an administater decision, and so
should not be included in the tinyproxy source.
 2001-12-15 05:57:13 +00:00
Robert James Kaes
e0694a8f6e Added support for the <pthreads.h> header. 2001-11-26 05:23:49 +00:00
Robert James Kaes
09fdf9af74 Increased the maximum buffer size to 96 KB 2001-11-26 01:39:53 +00:00
Robert James Kaes
a03a1d3847 Fixed a problem with not buffering more than 2K (which is obviously a 
problem. :)
 2001-11-26 01:39:07 +00:00
Robert James Kaes
4a1b2d534a Fixed a problem with the quoting. 2001-11-26 01:38:28 +00:00
Robert James Kaes
7c4569624d Updates relating to the fixes to buffering code in read_buffer(). 2001-11-26 01:31:26 +00:00
Robert James Kaes
fa193dcd22 send_message changed to send_response_message in the conn_s structure. 2001-11-25 22:08:11 +00:00
Robert James Kaes
f8b61da4ae Added tests for _every_ header to make sure they are actually present on 
the system.
 2001-11-25 22:07:36 +00:00
Robert James Kaes
2f4ccc04ae Added an additional test to make sure the <regex.h> header is actually 
present on the system.
 2001-11-25 22:06:54 +00:00
Robert James Kaes
5e17d0736e Removed some of the members of the structures and renamed a few others. 2001-11-25 22:06:20 +00:00
Robert James Kaes
e9cfd1f82e makenewline() now copies the data into the structure rather than just 
storing the pointer to the data.
add_to_buffer() is now exported.
Renamed writebuff() and readbuff() to write_buffer() and read_buffer().
 2001-11-25 22:05:42 +00:00
Robert James Kaes
b0748328d7 More changes. 2001-11-25 22:03:52 +00:00
Robert James Kaes
6e054e4a72 Added a new error code. 2001-11-25 02:22:05 +00:00
Robert James Kaes
8dc7035fbc Add support to limit the maximum size of the input line (to 128KB which 
should be _more_ than enough for any header line. :)
 2001-11-25 02:21:46 +00:00
Robert James Kaes
09dbdbc3d7 Change the C code to match the new style. 2001-11-25 02:20:54 +00:00
Robert James Kaes
c8b2c614f9 More updates. 2001-11-25 02:20:00 +00:00
Robert James Kaes
57cb7ea3ae Updated to match the new coding standard for autoconf2.5x 2001-11-25 02:19:19 +00:00
Robert James Kaes
3a67f6a326 Updated the configure.in file to be compliant with the new macros (and 
coding standard) of autoconf2.5x
 2001-11-25 02:18:47 +00:00
Robert James Kaes
5259984e73 Moved this file to configure.ac which is the new extension for 
autoconf2.5x
 2001-11-25 02:18:16 +00:00
Robert James Kaes
1ab0aa143b Don't need this file anymore, since the new autoconf2.5x standard requires 
the information to be in the AH_TEMPLATE macro.
 2001-11-25 02:16:36 +00:00
Robert James Kaes
8bfa01cab1 Explictly add the reference to the GPL since people could be downloading 
this from the CVS.
 2001-11-23 22:25:28 +00:00
Robert James Kaes
5c8369e758 Added a reminder to include selective binding for the listening socket. 2001-11-23 22:23:26 +00:00
Robert James Kaes
d909c841fa Removed these two files since they're only required for distibution. 
autoconf automatically includes symlinks on the Debian system.
 2001-11-23 22:22:40 +00:00
Robert James Kaes
e007df7723 Don't include this file with tinyproxy anymore since it's more of a 
"local" script which I use.
 2001-11-23 16:57:57 +00:00
Robert James Kaes
af53747181 Fixed a problem with testing numbers using the x"$string" format. 
Added a default case for libnsl ("no" if not found.)
 2001-11-23 16:56:59 +00:00
Robert James Kaes
4aa5e79cdf Added the chomp() function (to replace the trim() function reqs.c) 2001-11-23 01:19:15 +00:00
Robert James Kaes
fd3b313e9f Style changes. Also replaces all mallocs with safemalloc, etc. 2001-11-23 01:18:43 +00:00
Robert James Kaes
c6c7427e8d Removed the trim() function and move it into chomp()/utils.c 2001-11-23 01:17:19 +00:00
Robert James Kaes
6de3bf2f6d Use AC_HELP_STRING() in all the ARG_ENABLE and ARG_WITH strings. 
Added --enable-profiling option.
Changed all if test "$string" = "anotherstring" to
if test x"$string" = x"anotherstring".
 2001-11-23 01:15:01 +00:00
Robert James Kaes
bcb54a8a67 Changes relating to chomp() 2001-11-23 01:11:58 +00:00
Robert James Kaes
787ece6c01 Reformated text. 2001-11-22 00:31:10 +00:00
Robert James Kaes
bcb7c68911 Updated readline() function. 2001-11-22 00:20:53 +00:00
Robert James Kaes
1fa9d257c2 Replaced the calls to the old readline() function with calls to the new 
version.
 2001-11-22 00:19:45 +00:00
Robert James Kaes
d08d088d4a Replaced the readline() function with a new version which has no 
restrictions on the length of a line (unless you fill memory of course.)
Reformated the source.
 2001-11-22 00:19:18 +00:00
143 changed files with 13163 additions and 12405 deletions
Show Stats Expand all files Collapse all files

20
.github/ISSUE_TEMPLATE/new-issue--bug-report--question.md vendored Normal file
View File

@ -0,0 +1,20 @@
---
name: New Issue, Bug report, Question
about: New Issue, Bug report, Question
title: ''
labels: ''
assignees: ''
---
# IMPORTANT NOTICE
Before filing an issue here PLEASE keep in mind that **tinyproxy 1.10.0 and older are no longer supported**.
Do not report issues with 1.10.0 or older, first try latest release 1.11.0, or even better, git master, and see whether the issue is already fixed.
## Tinyproxy version
State the tinyproxy version you're using; whether git master or 1.11.0 stable.
## Issue
Fill in your Issue text here.
A good issue report is detailed and includes full error messages from tinyproxy's output, not "X doesn't work".

36
.github/workflows/main.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: ./autogen.sh
- run: ./configure
- run: make
- run: make test
test-macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- run: brew install automake
- run: ./autogen.sh
- run: ./configure
- run: make
valgrind-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: sudo apt update
- run: sudo apt install --assume-yes valgrind
- run: ./autogen.sh
- run: ./configure --enable-debug --enable-transparent --enable-reverse
- run: make
- run: make test
- run: make valgrind-test

40
.github/workflows/release_tarball.yml vendored Normal file
View File

@ -0,0 +1,40 @@
name: Generate Source Tarball
# Trigger whenever a release is created
on:
release:
types:
- created
jobs:
build:
name: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: archive
id: archive
run: |
sudo apt install -y gperf
rm -rf .git
autoreconf -i
VERSION=$(cat VERSION)
PKGNAME="tinyproxy-$VERSION"
./configure
make dist
echo "tarball_xz=${PKGNAME}.tar.xz" >> "$GITHUB_OUTPUT"
echo "tarball_gz=${PKGNAME}.tar.gz" >> "$GITHUB_OUTPUT"
echo "tarball_bz2=${PKGNAME}.tar.bz2" >> "$GITHUB_OUTPUT"
- name: upload tarballs
uses: softprops/action-gh-release@v2
with:
files: |
${{ steps.archive.outputs.tarball_xz }}
${{ steps.archive.outputs.tarball_gz }}
${{ steps.archive.outputs.tarball_bz2 }}

23
.gitignore vendored Normal file
View File

@ -0,0 +1,23 @@
INSTALL
Makefile
Makefile.in
aclocal.m4
config.cache
config.guess
config.h
config.h.in
config.log
config.status
config.sub
configure
depcomp
install-sh
libtool
missing
stamp-h1
autom4te.cache
cscope.files
cscope.out
compile
*~
tags

18
.travis.yml Normal file
View File

@ -0,0 +1,18 @@
language: C
dist: trusty
sudo: true
before_install:
- sudo apt-get update -qq
- sudo apt-get install --assume-yes valgrind
script:
- ./autogen.sh
- ./configure
- make
- make test
- make clean
- ./configure --enable-debug --enable-transparent --enable-reverse
- make
- make test
- make valgrind-test

51
AUTHORS
View File

@ -1,12 +1,39 @@
tinyproxy is a collaborative work between Steven Young
<sdyoung@well.com> and Robert James Kaes <rjkaes@flarenet.com>.
From versions 0-1.1, Steven Young was the primary maintainer.
From 1.2 to 1.3.0, Robert James Kaes was the primary maintainer.
As of 1.3.1, Steven Young was once again be the primary maintainer.
But, Robert James Kaes was again the maintainer starting with 1.4.0.
Place your bets as to when the maintainer will change again. :) Kidding!
Please see the ChangeLog for futher details as to who did what. :)
Andrew Stribblehill
bertliao
Bob Showalter
Brian Cain
cvs2svn
Daniel Egger
Daniel M. Drucker
David Shanks
Dmitry Semyonov
dmz-uk
Drew G. Wallace
Frank Morgner
gary-wzl77
Gaudenz Steinlin
goba62000374
Gonzalo Tornaria
Greg
Jeremy Hinegardner
John Spencer
John van der Kamp
John Weldon
Jordi
Jordi Mallach
Julien Hartmann
kikuchan
Mathew Mrosko
Matthew Dempsky
Michael Adam
Mike Mead
Mukund Sivaraman
Pablo Panero
Peter H. Froehlich
Robert James Kaes
rofl0r
Stephan Leemburg
Steven Conaway
Steven Young
Valen Blanco
Vladimir Belov

27
COPYING
View File

@ -1,8 +1,8 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
@ -15,7 +15,7 @@ software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
@ -55,7 +55,7 @@ patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
@ -225,7 +225,7 @@ impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
@ -278,7 +278,7 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
@ -303,17 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
@ -336,5 +335,5 @@ necessary. Here is a sample; alter the names:
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

843
ChangeLog
View File

@ -1,842 +1 @@
2001-11-03 Robert James Kaes <rjkaes@flarenet.com>
* src/buffer.c (remove_from_buffer): This function is never
called with an empty buffer, so removed some inaccurate code which
would have removed an invalid line from the buffer if it was
empty. What was I thinking when I wrote that? Good thing is was
never called.
(add_to_buffer): Add a bit of a sanity check to make sure the
buffer structure hasn't been messed up some how.
2001-11-02 Robert James Kaes <rjkaes@flarenet.com>
* src/acl.c (insert_acl): Tightened the check regarding whether an
ACL is a string or a numeric address.
2001-10-25 Robert James Kaes <rjkaes@flarenet.com>
* Moved all the system header included into the tinyproxy.h header
and changed all the other files to include it. This should
centralise the header dependency issue into one file.
* src/conns.c: Brought back the conns.{c,h} files which contain
the connection structure definition plus the creation/destruction
routines.
* src/reqs.c (process_client_headers): Selectively send headers
based on whether we're using an upstream with a CONNECT
request. The short answer: all methods work correctly with
Upstream proxying and normal proxying.
* src/tinyproxy.h: Added a upstream flag to the conn_s structure
so we can figure out when to send headers and when not to send
headers. This is extremely important when trying to do upstream
proxying of the CONNECT method.
* src/reqs.c (relay_connection): Empty the contents of both
buffers when either socket is closed. This is more in line with
what a tunnel should do. Since either end could close with
information still in the buffers.
(connect_to_upstream): Cleaned up the code to re-use the
establish_http_connection() function.
* src/buffer.c (readbuff): Changed the memory allocation to 2K
from 48K since an Ethernet connection is usually around 1400
bytes. There's little point in allocating a huge amount of memory,
only to shrink the memory map in the next breath.
2001-10-22 Robert James Kaes <rjkaes@flarenet.com>
* src/sock.c (getpeer_string): Added logging in case the
gethostbyaddr() function fails.
* src/reqs.c (free_request_struct): Added a test to return if the
pointer is NULL.
(handle_connection): Cleaned up the code to better handle the
cause where the request is NULL.
* src/sock.c (getpeer_string):
* src/sock.c (getpeer_ip): When the DNS lookup fails, we need to
initialized the user's buffer to an empty string; otherwise, the
user's buffer will contain garbage and cause a SEGFAULT. Thanks to
Jeffrey Wheelhouse for finding this bug.
2001-10-18 Robert James Kaes <rjkaes@flarenet.com>
* src/reqs.c (connect_to_upstream): Moved the code needed to
rebuild the request line when using the upstream feature into it's
own function. Simplifies the handle_connection() function.
* src/buffer.c (readbuff): Fixed a problem where a full buffer
would cause the connection to be closed. Thanks to Jeffrey
Wheelhouse for helping me find this problem.
2001-09-29 Robert James Kaes <rjkaes@flarenet.com>
* configure.in: Uses any CFLAGS variable passed to the configure
script. Also, '-g -Wall' is _not_ enabled unless debugging support
is compiled in. Use --enable-static to compile a statically linked
tinyproxy.
2001-09-16 Robert James Kaes <rjkaes@flarenet.com>
* src/tinyproxy.c (main): Don't allow Tunnel and Upstream
directives to be both set in the configuration file.
* src/reqs.c (handle_connection): Added support for an upstream
proxy. What we used to use for our upstream proxy has now become a
TCP tunnel. The difference is that the upstream proxy will do
domain filtering, anonymous headers, etc. while the TCP tunnel
just sends the data without any processing. You can not have both
at the same time.
* src/utils.c (send_http_message): Instead of creating a block of
memory with the output message, just send it to the client. We
still need to process the various headers from the client, but it
will pick up the error when it's done talking to the proxy. Uses
less memory.
* src/sock.c: Moved safe_write() and safe_read() into sock.c since
I'm using them in more than just reqs.c.
2001-09-15 Robert James Kaes <rjkaes@flarenet.com>
* Removed all the log_message()s which reported that memory could
not be allocated. There's little point in reporting a memory
shortage since the computer will probably crash soon anyway.
* src/reqs.c (process_request): Added the code for showing the
stats back into the function.
* src/tinyproxy.c (takesig): When SIGHUP is received the log file
is rotated instead of being truncated. The rotated log has ".rot"
appended to the file name.
2001-09-14 Robert James Kaes <rjkaes@flarenet.com>
* src/uri.c: Removed this file since it's no longer needed.
* src/reqs.c: Split the process_method() function into separate
smaller functions. Added support for tunnel SSL connections.
* src/tinyproxy.h: Added a field to handle SSL connections.
2001-09-11 Robert James Kaes <rjkaes@flarenet.com>
* src/reqs.c (process_method): Fixed a memory leak due to the
change to heap allocation if there is an error.
* src/utils.c (debugging_realloc): Added the debugging version of
realloc().
* src/thread.c (THREAD_STACK_SIZE): Changed a threads stack size
to 32KB from 128KB.
* src/reqs.c (process_method):
* src/reqs.c (pull_client_data):
* src/reqs.c (process_client_headers):
* src/reqs.c (process_server_headers):
* src/buffer.c (readbuff): Using heap allocated memory for the
buffer rather than stack memory.
* src/uri.c (explode_uri): Fixed a potential memory leak where the
regular expression structure might not be freed if there was an
error in the expression.
2001-09-08 Robert James Kaes <rjkaes@flarenet.com>
* src/ternary.c (BUFARRAY & BUFSIZE): Lowered the values to help
lower memory usage. A ternary tree will now max out at 4MB.
* src/utils.c: Added debugging_(malloc|calloc|free) to help track
down memory leaks.
* src/dnscache.c (DNS_INSERT_LIMIT): Lower the number of
insertions before the ternary tree is rebuilt.
* src/thread.c (thread_main): Fixed a memory leak.
2001-09-07 Robert James Kaes <rjkaes@flarenet.com>
* src/thread.c (thread_pool_create): Explicitly set the detach
state for threads to PTHREAD_CREATE_DETACHED.
* Various error message clean up.
* src/thread.c (thread_main): Add locking around the
servers_waiting thread.
2001-09-06 Robert James Kaes <rjkaes@flarenet.com>
* src/thread.c (thread_main): The code which closes a thread
doesn't actually work correct so I've moved the test to just after
a thread has handled a connection. The code still needs to be
cleaned up to handle locking.
* src/ternary.c (ternary_destroy): Fixed the deletion code as it
would cause a segfault if it was every called. Also, lowered the
sizes of the arrays for better memory usage.
* src/dnscache.c: After a certain number of insertions delete the
DNS cache and free the memory. The reason for this is that a
ternary tree doesn't lend itself to removing individual
entries. It's just easier (and cleaner) to simply delete the cache.
2001-09-04 Robert James Kaes <rjkaes@flarenet.com>
* src/reqs.c (process_client_headers): Moved the skip header test
in front of the compare_header() function.
* src/ternary.c (ternary_search): Switched to doing case
insensitive searching.
* src/log.c (log_message): Thanks to NeilK for finding and fixing
a problem with the syslog code which can lead to a format string
attack.
2001-08-30 Robert James Kaes <rjkaes@flarenet.com>
* src/dnscache.c: Removed the insert_data() function and replaced
the "replace" logic in dns_insert() with a call to
ternary_replace(). This fixes the segmentation fault problem which
I introduced when I "tried" to fix the memory leak. Also changed
the LOCKing to be around the entire dnscache() again since I still
need to work out how locking should be done when accessing the
ternary tree.
* src/ternary.c (ternary_insert_replace): Renamed ternary_insert()
to ternary_insert_replace() and added a extra argument. The
function can now "replace" data already in the tree without
causing a memory leak. Added two DEFINES to make coding easier:
ternary_insert() and ternary_replace() which both call this
function with the right arguments.
* src/utils.c: Removed xstrstr() since it was only used in one
place, and could be safely replaced with strstr. I can't even
remember why we had this function to begin with.
* src/reqs.c (compare_header): Removed the call to xstrstr() since
it's been removed from the source.
2001-08-28 Robert James Kaes <rjkaes@flarenet.com>
* src/log.c (log_message): Handle a debug enabled compile better.
* src/dnscache.c (dns_insert): Fixed a memory leak if the same
information was inserted into the ternary tree twice.
* configure.in: Fixed the test regarding the REGEX library. Even
if a working REGEX was found on the system, the included REGEX was
being compiled in. Double Doh.
* src/log.c (log_message): Finally got the log levels worked out
properly. I've tested all the levels and they now produce the
correct output.
2001-08-27 Robert James Kaes <rjkaes@flarenet.com>
* src/reqs.c (trim): Moved the trim functionality out of
process_request() and added a test to make sure we don't back the
pointer past the beginning of the string.
* src/log.c (log_message): Fixed a problem where the connect
messages were not getting through if the log level was set to
INFO.
* src/tinyproxy.h: Moved some of the includes around so that
tinyproxy can compile correctly on FreeBSD systems.
* src/thread.c: Added the pthread_attr_t structure since we're
going to be using a non-default sized stack because some OS's have
a stack size which is too small.
* configure.in: Added a test for detecting FreeBSD's -pthread
mechanism for telling GCC to use POSIX threading.
* src/utils.c (httperr): Fixed the MIME type. Should be be
text/html, not text/mime. Fix one bug, add two new ones. Sigh.
2001-08-26 Robert James Kaes <rjkaes@flarenet.com>
* src/utils.c (httperr): Split the headers from the actual message
and include more headers like Date, Server, Content-Length,
etc. Also set the type for the error message to const char*.
* src/reqs.c (process_method): Fixed a SEGV problem if an invalid
request was submitted.
* Makefile.am (EXTRA_DIST): Don't include ./reconf in the
tarball.
* src/log.c (log_message): Fixed a problem with the new LOG_CONN
log level.
* configure.in: The debugging code was being included even on
non-debugging builds.
* src/anonymous.c (anonymous_insert): Moved the creation of the
search tree into the anonymous_insert() function. Therefore, the
search tree is _not_ created until the first insertion. This
should also fix a bug in main() where I was inserting headers
before creating the search tree. Doh.
(is_anonymous_enabled): Removed the tests for config.anon and
replaced it with a function call which returns a BOOL.
* Spell checked the ChangeLog file! :)
2001-08-25 Robert James Kaes <rjkaes@flarenet.com>
* src/thread.c (thread_main): Thanks to Hans-Georg Bork for
fixing a problem where the status of the threads was not
going back to T_WAITING if MaxRequestsPerChild was 0. Also, fixed
a problem with the looping system where the Debian
start-stop-daemon script would not stop all the threads if new
threads had been created.
* src/log.h (LOG_CONN): Added the LOG_CONN log level. This is less
verbose than LOG_INFO.
* doc/tinyproxy.8: Added the -l option to the list of command line
options.
* src/anonymous.c (anon_insert): Fixed a bug where anonymous
filtering wasn't working even if it was specified in the
configuration file.
2001-07-02 Robert James Kaes <rjkaes@flarenet.com>
* src/tinyproxy.c (versiondisp): Added George Talusan to the
copyright message. Also now include the target system name to the
version message.
2001-06-06 Robert James Kaes <rjkaes@flarenet.com>
* configure.in: Total reorganization.
2001-06-04 Robert James Kaes <rjkaes@flarenet.com>
* configure.in: Remove the --with-* for port, logfile, and user
since the configuration file handles this now. Fixed a problem
where we were testing for the libraries correctly, but not
actually including them in the linking.
2001-06-02 Robert James Kaes <rjkaes@flarenet.com>
* doc/tinyproxy.conf: Clarified the LogLevel directive.
* configure.in: Fixed up the tests for libsocket, libnsl, and
libresolv. Also improved the test for the yacc program since I
used bison 1.25 to originally write it. Updated the list of
headers to look for when configuring. Bumped up the version.
2001-06-01 Robert James Kaes <rjkaes@flarenet.com>
* configure.in: Fixed a problem when using the --with-port= config
* src/tinyproxy.c (main): Change the logging level from LOG_EMERG
(which doesn't exist anymore) to LOG_CRIT.
* src/scanner.l: Added the strings in the data structure to handle
the LogLevel switch.
* src/log.c (set_log_level): Code for handling selective logging.
* src/grammar.y: Added the tokens and code for handling the
LogLevel switch in the configuration file.
* configure.in: Added a test for the resolv library for the
gethostby* functions. Also bumped up the pre-version.
2001-05-26 Robert James Kaes <rjkaes@flarenet.com>
* src/tinyproxy.c (main): Added code to stop the creation of core
files.
* src/reqs.c (process_method): Fixed a memory leak.
(relay_connection): Cleaned up the code to remove some unneeded
variables and removed redundant code.
* src/log.c (log_message): Renamed "log()" function to
log_message().
* src/dnscache.c (new_dnscache):
* src/anonymous.c (new_anonymous): Fixed the return type.
2001-01-15 12:13 rjkaes
* configure.in: Bumped up the pre version number
2001-01-15 12:11 rjkaes
* ChangeLog, src/reqs.c, src/stats.c: Fixed more potential overflow
bugs.
2001-01-15 12:06 rjkaes
* ChangeLog, src/utils.c: Fixed a potential security bug in
http_err. There was a possibility of a heap overflow exploit.
2001-01-02 14:30 rjkaes
* src/scanner.l: Fixed a bug where the ':' character was not being
properly detected.
2000-12-09 15:03 rjkaes
* configure.in: Rolling out the first pre to 1.4.0
2000-12-08 21:35 rjkaes
* src/thread.c: Implemented the MaxRequestsPerChild directive.
2000-12-07 22:35 rjkaes
* ChangeLog: Updated changelog
2000-12-07 22:35 rjkaes
* src/: thread.c, tinyproxy.c: Fixed a problem with polling for the
number of active threads. No longer polls. :)
2000-11-22 23:49 rjkaes
* src/ternary.c: Fixed MACRO error.
2000-11-22 23:46 rjkaes
* src/tinyproxy.c: Fixed spelling mistake.
2000-11-22 23:46 rjkaes
* src/: filter.c, filter.h, reqs.c: Changed the filter_host command
to filter_url.
2000-10-23 17:47 rjkaes
* ChangeLog: Updated Information.
2000-10-23 17:46 rjkaes
* src/ternary.c: In the Key Found code, don't display the string in
the debug code since it doesn't exist anymore when we display it.
Doh!
2000-10-23 17:44 rjkaes
* src/tinyproxy.c: Added the initialization section for the DNS and
Anonymous sub systems.
2000-10-23 17:43 rjkaes
* src/: anonymous.c, anonymous.h: Added the new_anonymous
initialize routine
2000-10-23 17:42 rjkaes
* src/: dnscache.c, dnscache.h: Added the new_dnscache routine to
initialize the Ternary tree. Also, removed the garbage collection
routine.
2000-09-26 01:00 rjkaes
* ChangeLog: Updated documentation.
2000-09-26 00:59 rjkaes
* src/dnscache.c: Fixed the insert function to handle a failed
insert properly.
2000-09-26 00:59 rjkaes
* src/: ternary.c, ternary.h: Added the TE_EXISTS return code, and
cleaned up the ternary_destroy function.
2000-09-26 00:58 rjkaes
* src/: tinyproxy.h, utils.h: Moved the safefree() macro to the
tinyproxy.h header.
2000-09-26 00:57 rjkaes
* src/: acl.c, reqs.c: Updated the free() calls to the safefree()
calls.
2000-09-21 12:58 rjkaes
* ChangeLog: Updated documentation.
2000-09-21 12:57 rjkaes
* src/tinyproxy.c: There is no LOG_EMERG level, so changed to
LOG_CRIT.
2000-09-21 12:53 rjkaes
* src/: log.c, log.h: Added the LOG_NOTICE level.
2000-09-15 16:58 rjkaes
* src/: grammar.c, grammar.h, scanner.c: These are generated by
grammar.y and scanner.l respectively, don't include them in the
CVS.
2000-09-15 16:57 rjkaes
* src/stamp-h.in: Automatically generated file.
2000-09-15 16:55 rjkaes
* src/Makefile.in, doc/Makefile.in: Don't include automatically
generated files.
2000-09-15 16:53 rjkaes
* install-sh, missing, mkinstalldirs: Don't included automatically
generated files.
2000-09-15 16:52 rjkaes
* Makefile.in, config.guess, config.sub, configure: Flipping again.
:) Don't include any of the automatically generated stuff.
2000-09-14 12:41 rjkaes
* ChangeLog, configure.in, src/tinyproxy.h: Need to do a check for
the <stdint.h> header since it's not a standard header available on
all systems.
2000-09-12 14:10 rjkaes
* Makefile.in, doc/Makefile.in, src/Makefile.in: Again, needed for
configure script. Automatically built by ./reconf
2000-09-11 20:45 rjkaes
* config.guess, config.sub: Needed for running configure.
Automatically built with reconf
2000-09-11 20:43 rjkaes
* configure: Can be made from configure.in (and should be), but I
want to be able to check out the source and immediately configure
it.
2000-09-11 20:22 rjkaes
* doc/tinyproxy.conf: Example tinyproxy configuration file.
2000-09-11 20:21 rjkaes
* ChangeLog: We all know what this is. :)
2000-09-11 20:20 rjkaes
* acinclude.m4: A M4 macro for finding the various types on the
system (typedefs, etc.)
2000-09-11 20:18 rjkaes
* Makefile.am, acconfig.h, configure.in: New defaults, and better
checking for various features needed by tinyproxy. Looks like fun!
:)
2000-09-11 20:16 rjkaes
* AUTHORS, BUGS, INSTALL, README, THANKS: Just updating the
documentation.
2000-09-11 20:12 rjkaes
* src/: grammar.c, grammar.h, grammar.y, scanner.c, scanner.l:
These all handle reading the tinyproxy configuration file.
2000-09-11 20:10 rjkaes
* src/: ternary.c, ternary.h: Generalized the ternary code which
was already being used in anonymous.* now it can be used (and is
used) in both anonymous and dnscache
2000-09-11 20:08 rjkaes
* src/: acl.c, acl.h: Improved access control semantics. Allows
for a finger control for allowing and denying hosts.
2000-09-11 20:07 rjkaes
* src/: thread.c, thread.h: tinyproxy now uses a pool of threads to
handle connections. All the work for creating new threads, deleting
old thread, and generally managing the pool is done here.
2000-09-11 20:06 rjkaes
* src/: stats.c, stats.h: This module handles the various stats
relating to tinyproxy's functionality.
2000-09-11 20:04 rjkaes
* src/: reqs.c, reqs.h: MAJOR RE-WRITE! Read the ChangeLog and look
at the source. It's shorter than re-documenting the changes here. :)
2000-09-11 20:03 rjkaes
* src/: tinyproxy.c, tinyproxy.h: Fixed the change user/group
ability. Log when tinyproxy is using default values rather than
specific ones. Cleaned up the command line arguments since
tinyproxy now uses a configuration file. Removed the USR1 signal
and added the thread creation code.
2000-09-11 20:01 rjkaes
* src/: utils.c, utils.h: Removed the xmalloc() and xstrdup()
functions. Added the pidfile_create() function. Added the OpenBSD
style strlcat() and strlcpy() functions.
2000-09-11 19:57 rjkaes
* src/: uri.c, uri.h: Switched to the new logging style and
replaced the xmalloc() with straight malloc().
2000-09-11 19:56 rjkaes
* src/: sock.c, sock.h: Needed locking in getpeer_string(). Added
mutex locking around the dnscache() call. Removed the global
sockaddr and setup_fd variables. Added the socket_blocking() and
socket_nonblocking() functions. Gutted the readline() function and
replaced it with something similar to the 1.0 version. :)
2000-09-11 19:50 rjkaes
* src/regexp.h: Moved back to the <config.h> for autoconf defines.
2000-09-11 19:47 rjkaes
* src/: log.c, log.h: Cleaned up the logging format, and also
included logging levels (which are similar to the syslogd format.)
2000-09-11 19:46 rjkaes
* src/gnuregex.c: Not using <defines.h> for autoconf anymore, so
move back to the <config.h> format.
2000-09-11 19:43 rjkaes
* src/: filter.c, filter.h: Just using standard malloc() since the
xmalloc() didn't really add anything useful to the command.
2000-09-11 19:42 rjkaes
* src/: dnscache.c, dnscache.h: Removed the custom hash routines.
Using the ternary module instead.
2000-09-11 19:41 rjkaes
* src/: buffer.c, buffer.h: Cleaned up the source so that the
internal structure is no exposed by the buffer.h header.
2000-09-11 19:38 rjkaes
* src/: anonymous.c, anonymous.h: Removed the ternary tree code
from these files and made it a separate module.
2000-09-11 19:37 rjkaes
* src/Makefile.am: Modified to include all the files needed to
build tinyproxy, plus the special targets for building the LEX and
YACC files. (Also included the GNU license.)
2000-09-11 19:33 rjkaes
* doc/tinyproxy.8: Since the tinyproxy program has changed, the
manual had to change as well. Documents all the command line
arguments, though I think I need to document the configuration file
as well.
2000-09-11 19:32 rjkaes
* doc/: Makefile.am, TODO: Updated to reflect the new reality of
the tinyproxy source code.
2000-09-11 19:31 rjkaes
* doc/CONFIG: This was the layout for the purposed config file.
This is no more.
2000-09-11 19:27 rjkaes
* INSTALL.configure: This was the generic INSTALL file, but the
INSTALL file itself is again the generic file. :)
2000-09-11 19:24 rjkaes
* src/: config.h, conns.c, conns.h: These files are no longer used
within tinyproxy.
2000-06-06 13:58 rjkaes
* ChangeLog: Reflect changes made in source.
2000-06-06 13:56 rjkaes
* doc/tinyproxy.8: Fixed the links for finding tinyproxy. Thanks to
Simon Baker for pointing this out.
2000-04-26 12:31 rjkaes
* ChangeLog, src/dnscache.c, src/uri.c: Reorganized (or added) the
#include <sys/types.h> line so tinyproxy would compile cleanly on
FreeBSD systems.
2000-03-31 17:55 rjkaes
* ChangeLog, src/reqs.c: Fixed a bug with the path in clientreq. If
the path was empty it caused a malformed request to be sent.
2000-03-31 15:15 rjkaes
* ChangeLog: A whole whack of changes and bug fixes.
2000-03-31 15:14 rjkaes
* src/Makefile.am: Added a line for the anonymous.* files.
2000-03-31 15:14 rjkaes
* src/config.h: Changed the socket time out to 10 secs.
2000-03-31 15:13 rjkaes
* src/reqs.c: Updated the anonheader function to use the new
anonymous API. Removed the hack for the POST method in clientreq.
2000-03-31 15:10 rjkaes
* src/sock.c: Completely rewrote the readline function.
2000-03-31 15:09 rjkaes
* src/: buffer.c, buffer.h: Added the working_* fields as a scratch
pad for readline().
2000-03-31 15:08 rjkaes
* src/: tinyproxy.c, tinyproxy.h: Removed the allowedhdr_s
structure since it is now accessed through anonymous.*
2000-03-31 14:56 rjkaes
* src/: anonymous.c, anonymous.h: Moved the anonymous header code
into it's own file to make it easier to update.
2000-03-29 11:19 rjkaes
* ChangeLog: Updated to list changes in src/reqs.c and
src/dnscache.c
2000-03-29 11:18 rjkaes
* src/dnscache.c: Included the <sys/types.h> header.
2000-03-29 11:17 rjkaes
* src/reqs.c: Fixed a bug with the clientreq function which was
incorrectly setting the clientheader flag and causing _all_ headers
to be sent even in anonymous mode.
2000-03-28 11:44 rjkaes
* ChangeLog: Updated ChangeLog entry for new fix.
2000-03-28 11:41 rjkaes
* src/reqs.c: Fixed another NULL bug with the uri->authority. If an
badly formed request was made in the form of
http:\\www.somewhere.com/ tinyproxy would SEGV. This has been
corrected.
2000-03-28 11:21 rjkaes
* ChangeLog: Updated to reflect changes in src/reqs.c
2000-03-28 11:19 rjkaes
* src/reqs.c: Fixed a NULL pointer bug in clientreq. If the SCHEME
in the URL was NULL the program would SEGV. This was caused by the
error logging code.
2000-03-12 19:56 rjkaes
* src/config.h: Remove the defines for DEFAULT_* and UPSTREAM
(they've been moved into acconfig.h and configure).
2000-03-12 19:55 rjkaes
* ChangeLog: List all the changes which has occurred on the program.
2000-03-11 15:43 rjkaes
* acconfig.h: Added the support for the upstream proxy and also
made the defaults for the LOGFILE, USER, and PORT.
2000-03-11 15:37 rjkaes
* src/: dnscache.c, reqs.c, tinyproxy.c, tinyproxy.h: Included the
changes needed to re-add the upstream proxy option.
2000-03-11 15:36 rjkaes
* doc/tinyproxy.8: Updated the manual to reflect all the options,
plus provide additional information concerning the changes made to
some of the options.
2000-03-11 15:35 rjkaes
* configure.in: Re-ordered some of the arguments. Included the
support for the Upstream Proxy.
2000-03-11 15:34 rjkaes
* src/: Makefile.in, defines.h.in: Once again, these files are made
automatically, don't include them.
2000-03-11 15:33 rjkaes
* doc/Makefile.in: Again, the file is generated automatically, so
don't include it.
2000-03-11 15:32 rjkaes
* Makefile.in, aclocal.m4, configure: These files are generated by
reconf, so don't include them in the CVS.
2000-02-16 12:32 sdyoung
* AUTHORS, COPYING, ChangeLog, INSTALL, Makefile.am, Makefile.in,
NEWS, README, THANKS, aclocal.m4, BUGS, INSTALL.configure,
acconfig.h, configure, configure.in, install-sh, missing,
mkinstalldirs, reconf, src/Makefile.am, src/Makefile.in,
src/defines.h.in, src/stamp-h.in, src/filter.c, src/buffer.c,
src/buffer.h, src/config.h, src/conns.c, src/conns.h,
src/dnscache.c, src/dnscache.h, src/gnuregex.c, src/log.c,
src/log.h, src/reqs.c, src/reqs.h, src/sock.c, src/sock.h,
src/tinyproxy.c, src/tinyproxy.h, src/uri.c, doc/Makefile.am,
doc/Makefile.in, doc/TODO, src/filter.h, src/gnuregex.h,
src/regexp.h, src/uri.h, src/utils.c, src/utils.h, doc/CONFIG,
doc/HTTP_ERROR_CODES, doc/RFC_INFO, doc/report.sh, doc/tinyproxy.8:
Initial revision
2000-02-16 12:32 sdyoung
* AUTHORS, COPYING, ChangeLog, INSTALL, Makefile.am, Makefile.in,
NEWS, README, THANKS, aclocal.m4, BUGS, INSTALL.configure,
acconfig.h, configure, configure.in, install-sh, missing,
mkinstalldirs, reconf, src/Makefile.am, src/Makefile.in,
src/defines.h.in, src/stamp-h.in, src/filter.c, src/buffer.c,
src/buffer.h, src/config.h, src/conns.c, src/conns.h,
src/dnscache.c, src/dnscache.h, src/gnuregex.c, src/log.c,
src/log.h, src/reqs.c, src/reqs.h, src/sock.c, src/sock.h,
src/tinyproxy.c, src/tinyproxy.h, src/uri.c, doc/Makefile.am,
doc/Makefile.in, doc/TODO, src/filter.h, src/gnuregex.h,
src/regexp.h, src/uri.h, src/utils.c, src/utils.h, doc/CONFIG,
doc/HTTP_ERROR_CODES, doc/RFC_INFO, doc/report.sh, doc/tinyproxy.8:
Initial CVS checking of tinyproxy - version 1.3.2.
The ChangeLog is maintained in the git history.

182
INSTALL
View File

@ -1,182 +0,0 @@
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `configure.in' is used to create `configure' by a program
called `autoconf'. You only need `configure.in' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
this:
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=PATH' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
CPU-COMPANY-SYSTEM
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
==================
`configure' recognizes the following options to control how it
operates.
`--cache-file=FILE'
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
`--help'
Print a summary of the options to `configure', and exit.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--version'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.

39
Makefile.am
View File

@ -1,2 +1,37 @@
EXTRA_DIST = TODO
SUBDIRS = src doc
SUBDIRS = \
src \
data \
etc \
docs \
m4macros \
tests \
scripts
# tools want this on a single line
ACLOCAL_AMFLAGS = -I m4macros
all-local:
dist_doc_DATA = \
AUTHORS \
NEWS \
README \
README.md
EXTRA_DIST = \
autogen.sh \
tinyproxy-indent.sh \
TODO \
VERSION
test: all
./tests/scripts/run_tests.sh
test-wait:
TINYPROXY_TESTS_WAIT=yes $(MAKE) test
valgrind-test: all
./tests/scripts/run_tests_valgrind.sh
valgrind-test-wait:
TINYPROXY_TESTS_WAIT=yes $(MAKE) valgrind-test

36
NEWS
View File

@ -1,35 +1 @@
NEWS
====
There are a few problems with this version of tinyproxy, but I'm hoping
the benefits outweigh the negative. For some reason tinyproxy is not
able to handle requests to *.x10.com sites. (As someone mentioned: "maybe
this is a feature?" :) There also seem to be a few other random sites
where tinyproxy is not communicating with the server correctly. If you
find any such sites, let me know so I can add it to the list of domains
where tinyproxy is failing. I'll need this information for the regression
tests I plan on performing on the next release.
As for the next release (1.5.0), I will not be adding new features.
tinyproxy doesn't currently conform correctly to either the HTTP/1.0
or the HTTP/1.1 standards. The goal of the 1.5 release therefore is
to achieve standards compliance with at least HTTP/1.0. If you have
looked at the tinyproxy code you will have noticed that all the real
work of the proxy is performed in the reqs.c file. Therefore, other
than bug fixes in the other files, only reqs.c should be changed in
the 1.5.0 release. Basically, I'm hoping to just gut and replace the
reqs.c file with a standards compliant version and release a new version.
Depending on my schedule I should have the new version ready for
pre-testing sometime next week. If you have any suggestions for improving
tinyproxy please let me know, but I will not be incorporating them until
1.6 (which _hopefully_ should come out fairly quickly after 1.5 has
stabilised.)
"Thank you" go out to all who have helped find bugs in the 1.4.3
candidates. You know who you are, and if you don't look in the ChangeLog
for your name. :)
Robert James Kaes
November 21, 2001
See git log for recent changes in Tinyproxy.

107
README
View File

@ -1,106 +1 @@
DESCRIPTION
-----------
tinyproxy is a small, efficient HTTP proxy daemon. tinyproxy is very
useful in a small network setting, where a larger proxy like Squid
would either be too resource intensive, or a security risk. One of
the key features of tinyproxy is the buffering connection concept.
In effect, tinyproxy will buffer a high speed response from a server,
and then relay it to a client at the highest speed the client will
accept. This feature greatly reduces the problems with sluggishness
on the Internet. If you are sharing an Internet connection with a
small network, and you only want to allow HTTP requests to be
allowed, then tinyproxy is a great tool for the network
administrator.
INSTALLATION
------------
To install this package under a Unix derivative, read the INSTALL
file. tinyproxy uses a standard GNU configure script (basically you
should be able to do:
./configure ; make ; make install
in the top level directory to compile and install tinyproxy). There
are additional command line arguments you can supply to configure.
They include:
--enable-debug If you would like to turn on full
debugging support
--enable-socks This turns on SOCKS support for using
tinyproxy across a fire wall.
--enable-xtinyproxy Compile in support for the XTinyproxy
header, which is sent to any web
server in your domain.
--enable-filter Allows tinyproxy to filter out certain
domains and URLs.
--enable-tunnel Provides the option of having
tinyproxy act as TCP tunnel, rather
than a HTTP proxy.
--enable-upstream Enable support for proxying connections
through another proxy server.
--enable-static Compile a static version of tinyproxy
Options for file locations etc.
--with-stathost=HOST Set the default name of the stats host
--with-config=FILE Set the default location of the
configuration file
Once you have completed your installation, if you would like to
report your success please execute the report.sh script in the doc
directory. This will send an email to the authors reporting your
version, and a few bits of information concerning the memory usage of
tinyproxy. Alternatively, you could just send an email stating the
version, whichever you prefer.
SUPPORT
-------
If you are having problems with tinyproxy, please report the problem
to either:
Robert James Kaes <rjkaes@users.sourceforge.net>
Steven Young <sdyoung@users.sourceforge.net>
You may also wish to subscribe to the tinyproxy-user mailing list. To
do so please visit:
http://lists.sourceforge.net/lists/listinfo/tinyproxy-users
for more information on how to subscribe and post messages to the
list.
Please recompile tinyproxy with full debug support (--enable-debug)
and include a copy of the log file, and any assert errors reported by
tinyproxy. Note that tinyproxy will output memory statistics to
standard error if compiled with debugging support so you might want
to redirect the output to a file for later examination. Also, if you
feel up to it, try running tinyproxy under your debugger and report
the error your received and a context listing of the location. Under
gdb you would run tinyproxy like so:
gdb tinyproxy
(gdb) run -c location_of_tinyproxy_conf -d 2>/dev/null
Now access the port tinyproxy is on until you receive a break in the
gdb. You can now type:
(gbd) l
to produce a context listing of the location of the error. Send a
copy to the authors.
HOW TO CONTRIBUTE TO tinyproxy
------------------------------
If you would like to contribute a feature, or a bug fix to the
tinyproxy source, please send a diff (preferable a unified
diff. i.e. "diff -u") against the latest release of tinyproxy. Also,
if you could include a brief description of what your patch does.
see README.md

92
README.md Normal file
View File

@ -0,0 +1,92 @@
# Tinyproxy
Tinyproxy is a small, efficient HTTP/SSL proxy daemon released under the
GNU General Public License. Tinyproxy is very useful in a small network
setting, where a larger proxy would either be too resource intensive, or
a security risk. One of the key features of Tinyproxy is the buffering
connection concept. In effect, Tinyproxy will buffer a high speed
response from a server, and then relay it to a client at the highest
speed the client will accept. This feature greatly reduces the problems
with sluggishness on the Internet. If you are sharing an Internet
connection with a small network, and you only want to allow HTTP
requests to be allowed, then Tinyproxy is a great tool for the network
administrator.
For more info, please visit [the Tinyproxy web site](https://tinyproxy.github.io/).
## Installation
Tinyproxy uses a standard GNU `configure` script based on the automake
system. If compiling from a git checkout, you need to first run
```
./autogen.sh
```
from the top level directory to generate the `configure` script.
The release tarball contains the pre-created `configure` script,
so when building from a release, you can skip this step.
Then basically all you need to do is
```
./configure
make
make install
```
in the top level directory to compile and install Tinyproxy. There are
additional command line arguments you can supply to `configure`. They
include:
- `--enable-debug`:
If you would like to turn on full debugging support.
- `--enable-xtinyproxy`:
Compile in support for the XTinyproxy header, which is sent to any
web server in your domain.
- `--enable-filter`:
Allows Tinyproxy to filter out certain domains and URLs.
- `--enable-upstream`:
Enable support for proxying connections through another proxy server.
- `--enable-transparent`:
Allow Tinyproxy to be used as a transparent proxy daemon.
Unlike other work modes, transparent proxying doesn't require explicit
configuration and works automatically when traffic is redirected to
the proxy using the appropriate firewall rules.
- `--enable-reverse`:
Enable reverse proxying.
- `--with-stathost=HOST`:
Set the default name of the stats host.
For more information about the build system, read the INSTALL file
that is generated by `autogen.sh` and comes with the release tar ball.
## Support
If you are having problems with Tinyproxy, please raise an
[issue on github](https://github.com/tinyproxy/tinyproxy/issues).
## Contributing
If you would like to contribute a feature, or a bug fix to the Tinyproxy
source, please clone the
[git repository from github](https://github.com/tinyproxy/tinyproxy.git)
and create a [pull request](https://github.com/tinyproxy/tinyproxy/pulls).
## Community
You can meet developers and users to discuss development,
patches and deployment issues in the `#tinyproxy` IRC channel on
libera (`irc.libera.chat`).

28
SECURITY.md Normal file
View File

@ -0,0 +1,28 @@
# Security Policy
## Supported Versions
| Version | Supported |
| --------- | ------------------ |
| 1.11.x | :white_check_mark: |
| <= 1.10.x | :x: |
## Reporting a Vulnerability
Open a public issue on github. The issue will most likely be fixed
within a day, unless all maintainers happen to just be taking a
vacation at the same time, which is unlikely.
Even then, having the bug publicly known will allow competent people
to come up with custom patches for distros, most likely quicker
than black hats can craft a remote execution exploit.
If you really really do not want to make the issue public, come
to the tinyproxy IRC channel and ask for a maintainer, which you
can then contact via private messages.
Do not, however, like ["TALOS Intelligence"](https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889)
pull a random email address out of git log, then send an email
nobody reads or responds to, and wait for 6 months for publication.
this only gives black hats plenty time to sell, use and circulate
zero days and get the best possible ROI.

23
TODO
View File

@ -16,10 +16,6 @@ against the current tree and I'll integrate it if possible.
proxies (ftp, www, etc) they'd like enabled in tinyproxy.h
Suggested: Tarun Tuli.
* Find a more elegant solution to embedding HTML documents in the
source than the current method. (see httperr() and showstats() for
examples of how it's done right now).
* Include a function to rewrite the incoming requests. Should not be
much of a problem. Just need to modify the process_method() code
to look up the URL and rewrite it. If we want to go really fancy
@ -34,10 +30,23 @@ against the current tree and I'll integrate it if possible.
* Enable an option for chroot() jailing tinyproxy.
* Add an option which allows the blocking of connections to certain
ports (like 25, 110, etc.) that might be used for "bad" things. :)
* Come up with a more consistent (and elegant) way of logging errors
for the administrators. Right now it's more a hodge-podge
collections of error messages without a _real_ standard. I would
prefer a more uniform look.
* Include user authentication for accessing tinyproxy itself.
Administrators should be allowed to selectively allow certain users
access to tinyproxy via a user name/password pair. Check the
HTTP/1.1 RFC for more information.
==> https://www.banu.com/bugzilla/show_bug.cgi?id=13
* Remove common.h and fix order of headers
* Remove memory debugging functions (Valgrind is good enough)
* Make all functions return from one place (the end of the function)
* Move TODO items to Banu Bugzilla

1
VERSION Normal file
View File

@ -0,0 +1 @@
1.11.2

63
acconfig.h
View File

@ -1,63 +0,0 @@
/*
* Define if you want to have the peer's IP address to be included in a
* XTinyproxy header sent to the server.
*/
#undef XTINYPROXY_ENABLE
/*
* This is the default location of the configuration file
*/
#define DEFAULT_CONF_FILE "/etc/tinyproxy/tinyproxy.conf"
/*
* Define if you would like to include filtering code.
*/
#undef FILTER_ENABLE
/*
* Define if you want to use the included GNU regex routine
*/
#undef USE_GNU_REGEX
/*
* Define if you want to include upstream proxy support
*/
#undef UPSTREAM_SUPPORT
/*
* Define if you want to include TCP tunnelling
*/
#undef TUNNEL_SUPPORT
/*
* NOTE: for DEFAULT_STATHOST: this controls remote proxy stats display.
* for example, the default DEFAULT_STATHOST of "tinyproxy.stats" will
* mean that when you use the proxy to access http://tinyproxy.stats/",
* you will be shown the proxy stats. Set this to something obscure
* if you don't want random people to be able to see them, or set it to
* "" to disable. In the future, I figure maybe some sort of auth
* might be desirable, but that would involve a major simplicity
* sacrifice.
*
*
* The "hostname" for getting tinyproxy stats. "" = disabled by default
*/
#define DEFAULT_STATHOST "tinyproxy.stats"
/*
* Define the following for the appropriate datatype, if necessary
*/
#undef uint8_t
#undef int16_t
#undef uint16_t
#undef int32_t
#undef uint32_t
#undef in_addr_t
#undef size_t
#undef ssize_t
#undef socklen_t
/*
* A string containing the name of the system tinyproxy was built towards.
*/
#undef TARGET_SYSTEM

102
acinclude.m4
View File

@ -1,102 +0,0 @@
dnl Taken from Unix Network Programming, W. Richard Stevens
dnl ##################################################################
dnl We cannot use the AC_CHECK_TYPE macros becasue AC_CHECK_TYPE
dnl #includes only <sys/types.h>, <stdlib.h>, and <stddef.h>.
dnl Unfortunately, many implementations today hide typedefs in wierd
dnl locations: Solaris 2.5.1 has uint8_t and uint32_t in <pthread.h>.
dnl SunOS 4.1.x has int8_t in <sys/bittypes.h>.
dnl So we define our own macro AC_UNP_CHECK_TYPE that does the same
dnl #includes as "unp.h", and then looks for the typedef.
dnl
dnl This macro should be invoked after all the header checks have been
dnl performed, since we #include "confdefs.h" below, and then use the
dnl HAVE_foo_H values that is can #define.
dnl
AC_DEFUN(AC_UNP_CHECK_TYPE,
[AC_MSG_CHECKING(if $1 defined)
AC_CACHE_VAL(ac_cv_type_$1,
AC_TRY_COMPILE(
[
#include "confdefs.h" /* the header built by configure so far */
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
#ifdef HAVE_ERRNO_H
# include <errno.h>
#endif
#ifdef HAVE_FCNTL_H
# include <fcntl.h>
#endif
#ifdef HAVE_NETDB_H
# include <netdb.h>
#endif
#ifdef HAVE_SIGNAL_H
# include <signal.h>
#endif
#ifdef HAVE_STDIO_H
# include <stdio.h>
#endif
#ifdef HAVE_STDLIB_H
# include <stdlib.h>
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_SYS_UIO_H
# include <sys/uio.h>
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#ifdef HAVE_SYS_WAIT_H
# include <sys/wait.h>
#endif
#ifdef HAVE_SYS_UN_H
# include <sys/un.h>
#endif
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_FILIO_H
# include <sys/filio.h>
#endif
#ifdef HAVE_SYS_SOCKIO_H
# include <sys/sockio.h>
#endif
#ifdef HAVE_PTHREAD_H
# include <pthread.h>
#endif
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
],
[ $1 foo ],
ac_cv_type_$1=yes,
ac_cv_type_$1=no))
AC_MSG_RESULT($ac_cv_type_$1)
if test $ac_cv_type_$1 = no ; then
AC_DEFINE($1, $2)
fi
])

30
autogen.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/sh
srcdir=`dirname $0`
test -z "$srcdir" && srcdir=.
ORIGDIR=`pwd`
set -x
cd $srcdir
aclocal -I m4macros \
&& autoheader \
&& automake --gnu --add-missing \
&& autoconf
cd $ORIGDIR
set -
echo $srcdir/configure "$@"
$srcdir/configure "$@"
RC=$?
if test $RC -ne 0; then
echo
echo "Configure failed or did not finish!"
exit $RC
fi
echo
echo "Now type 'make' to compile Tinyproxy."

253
configure.ac Normal file
View File

@ -0,0 +1,253 @@
# Process this file with autoconf to produce a configure script.
# Portions of this file were adapted from GIMP.
AC_PREREQ(2.54)
m4_define([tinyproxy_version], esyscmd(sh scripts/version.sh | tr -d '\n'))
AC_INIT([Tinyproxy], [tinyproxy_version],
[https://tinyproxy.github.io/],
[tinyproxy])
tpv=tinyproxy_version
if test "x$tpv" = "x" ; then
AC_MSG_ERROR([got empty result from version script!])
fi
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([dist-bzip2 dist-xz])
AC_CONFIG_HEADERS(config.h)
AC_CONFIG_MACRO_DIR([m4macros])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
dnl Temporarily defined here until we get tinyproxy-version.h
AC_DEFINE(TINYPROXY_VERSION, "tinyproxy_version", [Tinyproxy version number])
dnl Check if we're compiling on a weird platform :)
AC_USE_SYSTEM_EXTENSIONS
dnl Set the domain name for find the statistics of tinyproxy
AH_TEMPLATE([TINYPROXY_STATHOST],
[This controls remote proxy stats display.])
AC_ARG_WITH(stathost,
[AC_HELP_STRING([--with-stathost=HOST], [Default status host])],
[AC_DEFINE_UNQUOTED(TINYPROXY_STATHOST, "$withval")
TINYPROXY_STATHOST="$withval"],
[AC_DEFINE_UNQUOTED(TINYPROXY_STATHOST, "tinyproxy.stats")
TINYPROXY_STATHOST="tinyproxy.stats"])
AC_SUBST(TINYPROXY_STATHOST)
dnl Add compiler-specific optimization flags
TP_ARG_ENABLE(debug,
[Enable debugging support code and methods (default is NO)],
no)
dnl Check to see if the XTinyproxy header is to be included
AH_TEMPLATE([XTINYPROXY_ENABLE],
[Define if you want to have the peer's IP address included in a XTinyproxy header sent to the server.])
TP_ARG_ENABLE(xtinyproxy,
[Include the X-Tinyproxy header (default is YES)],
yes)
if test x"$xtinyproxy_enabled" = x"yes"; then
AC_DEFINE(XTINYPROXY_ENABLE)
fi
dnl Include filtering for domain/URLs
AH_TEMPLATE([FILTER_ENABLE],
[Defined if you would like filtering code included.])
TP_ARG_ENABLE(filter,
[Enable filtering of domains/URLS (default is YES)],
yes)
if test x"$filter_enabled" = x"yes"; then
ADDITIONAL_OBJECTS="$ADDITIONAL_OBJECTS filter.o"
AC_DEFINE(FILTER_ENABLE)
fi
dnl Include support for upstream proxies?
AH_TEMPLATE([UPSTREAM_SUPPORT],
[Include support for connecting to an upstream proxy.])
TP_ARG_ENABLE(upstream,
[Enable upstream proxying (default is YES)],
yes)
if test x"$upstream_enabled" = x"yes"; then
AC_DEFINE(UPSTREAM_SUPPORT)
fi
dnl Include support for reverse proxy?
AH_TEMPLATE([REVERSE_SUPPORT],
[Include support for reverse proxy.])
TP_ARG_ENABLE(reverse,
[Enable reverse proxying (default is YES)],
yes)
if test x"$reverse_enabled" = x"yes"; then
ADDITIONAL_OBJECTS="$ADDITIONAL_OBJECTS reverse-proxy.o"
AC_DEFINE(REVERSE_SUPPORT)
fi
dnl Include the transparent proxy support
AH_TEMPLATE([TRANSPARENT_PROXY],
[Include support for using tinyproxy as a transparent proxy.])
TP_ARG_ENABLE(transparent,
[Enable transparent proxying code (default is YES)],
yes)
if test x"$transparent_enabled" = x"yes"; then
ADDITIONAL_OBJECTS="$ADDITIONAL_OBJECTS transparent-proxy.o"
AC_DEFINE(TRANSPARENT_PROXY)
fi
dnl Let user decide whether he wants support for manpages
dnl Which require either pod2man or a tarball release
AH_TEMPLATE([MANPAGE_SUPPORT],
[Build manpages with pod2man if they are missing from the distribution.])
TP_ARG_ENABLE(manpage_support,
[Enable support for building manpages (default is YES)],
yes)
AM_CONDITIONAL(HAVE_MANPAGE_INTEREST, test x"$manpage_support_enabled" = x"yes")
# This is required to build test programs below
AC_PROG_CC
dnl
dnl Checks for libraries
dnl
AC_CHECK_LIB(socket, socket, , [AC_CHECK_LIB(socket, htonl)])
dnl Some systems (OpenServer 5) dislike -lsocket -lnsl, so we try to
dnl avoid -lnsl checks, if we already have the functions which are
dnl usually in libnsl
unset ac_cv_func_yp_get_default_domain
AC_CHECK_FUNC(yp_get_default_domain,
tinyproxy_no_nsl_checks=yes,
tinyproxy_no_nsl_checks=no)
unset ac_cv_func_yp_get_default_domain
if test x"$tinyproxy_no_nsl_checks" != x"yes"; then
AC_CHECK_LIB(nsl, gethostname, , [AC_CHECK_LIB(nsl, gethostbyaddr)])
fi
AC_CHECK_LIB(resolv, inet_aton)
dnl
dnl Checks for headers
dnl
AC_HEADER_STDC
AC_HEADER_TIME
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([sys/ioctl.h alloca.h memory.h malloc.h sysexits.h \
values.h poll.h])
dnl Checks for libary functions
AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
AC_CHECK_FUNCS([strlcpy strlcat setgroups])
dnl Enable extra warnings
DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -Wno-overlength-strings -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common"
if test -n "${MAINTAINER_MODE_FALSE}"; then
DESIRED_FLAGS="-Werror $DESIRED_FLAGS"
fi
all_desired_work=false
AS_COMPILER_FLAG([$DESIRED_FLAGS], [all_desired_work=true])
if $all_desired_work ; then
CFLAGS="$CFLAGS $DESIRED_FLAGS"
else
for flag in $DESIRED_FLAGS; do
AS_COMPILER_FLAG([$flag], [CFLAGS="$CFLAGS $flag"])
done
fi
dnl Disable debugging if it's not specified
if test x"$debug_enabled" != x"yes" ; then
CFLAGS="-DNDEBUG $CFLAGS"
fi
dnl
dnl Substitute the variables into the various Makefiles
dnl
# runstatedir isn't available for Autoconf < 2.70
AS_IF([test -z "${runstatedir}"], [runstatedir='${localstatedir}/run'])
AC_SUBST([runstatedir])
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LIBS)
AC_SUBST(ADDITIONAL_OBJECTS)
if test x"$manpage_support_enabled" = x"yes"; then
AC_PATH_PROG(POD2MAN, pod2man, no)
if test "x$POD2MAN" = "xno" && \
! test -e docs/man5/tinyproxy.conf.5 -a -e docs/man8/tinyproxy.8 ; then
AC_MSG_ERROR([
manpage generation requested, but neither pod2man
nor pre-generated manpages found.
Use --disable-manpage-support if you want to compile anyway.])
fi
fi #manpage_support_enabled
AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
AC_PATH_PROG(GPERF, gperf, no)
AH_TEMPLATE([HAVE_GPERF],
[Whether you have gperf installed for faster config parsing.])
tmp_gperf=false
if test "x$GPERF" != "x" -a "x$GPERF" != "xno" ; then
AS_ECHO_N(["checking whether gperf is recent enough... "])
if "$GPERF" < src/conf-tokens.gperf >/dev/null 2>&1 ; then
AS_ECHO("yes")
AC_DEFINE(HAVE_GPERF)
tmp_gperf=true
else
AS_ECHO("no")
fi
fi
AM_CONDITIONAL(HAVE_GPERF, $tmp_gperf)
AC_CONFIG_FILES([
Makefile
src/Makefile
data/Makefile
data/templates/Makefile
etc/Makefile
docs/Makefile
docs/man5/Makefile
docs/man5/tinyproxy.conf.txt
docs/man8/Makefile
m4macros/Makefile
tests/Makefile
tests/scripts/Makefile
scripts/Makefile
])
AC_OUTPUT
# the manpages are shipped in the release tarball and we don't want them to
# get regenerated if pod2man is not available. the intermediate files from
# AC_CONFIG_FILES are created with config.status, which is created at configure
# runtime, so we need to touch them after config.status terminated to prevent
# make from rebuild them.
if test "x$POD2MAN" = "xno" ; then
touch docs/man5/tinyproxy.conf.txt
touch docs/man8/tinyproxy.txt
if test -e docs/man5/tinyproxy.conf.5 ; then
touch docs/man5/tinyproxy.conf.5
fi
if test -e docs/man8/tinyproxy.8 ; then
touch docs/man8/tinyproxy.8
fi
fi
if test "x$HAVE_GPERF" = "xno" && test -e src/conf-tokens-gperf.inc ; then
touch src/conf-tokens-gperf.inc
fi

326
configure.in
View File

@ -1,326 +0,0 @@
dnl $Id: configure.in,v 1.35 2001-11-21 19:35:51 rjkaes Exp $
dnl Devlopers, please strive to achieve this order:
dnl
dnl 0. Initialization and options processing
dnl 1. Programs
dnl 2. Libraries
dnl 3. Header files
dnl 4. Types
dnl 5. Structures
dnl 6. Compiler characteristics
dnl 7. Functions, global variables
dnl 8. System services
dnl
dnl Read the Autoconf manual for details.
AC_INIT()
AC_CANONICAL_SYSTEM
AC_DEFINE_UNQUOTED(TARGET_SYSTEM, "$target")
AM_INIT_AUTOMAKE(tinyproxy,1.4.3)
AM_CONFIG_HEADER(config.h)
dnl
dnl Command line options
dnl
dnl Set the URL name for find the statistics of tinyproxy
AC_ARG_WITH(stathost, [ --with-stathost=HOST Default status host],
AC_DEFINE_UNQUOTED(DEFAULT_STATHOST, "$withval"))
dnl Set the default configuration file location
AC_ARG_WITH(config,
[ --with-config=FILE Set the default location of the config file],
AC_DEFINE_UNQUOTED(DEFAULT_CONF_FILE, "$withval"))
dnl Add compiler-specific optimization flags
AC_ARG_ENABLE(debug,
[ --enable-debug Disable aggressive optimizations [default=no]],
debug_enabled=yes, debug_enabled=no)
dnl Include SOCKS support
AC_ARG_ENABLE(socks,
[ --enable-socks Enable SOCKS support [default=no]],
socks_enabled=yes, socks_enabled=no)
dnl Check to see if the XTinyproxy header is to be included
AC_ARG_ENABLE(xtinyproxy,
[ --enable-xtinyproxy Include X-Tinyproxy header [default=yes]],
xtinyproxy_enabled=yes, xtinyproxy_enabled=yes)
if test "$xtinyproxy_enabled" = "yes"; then
AC_DEFINE(XTINYPROXY_ENABLE)
fi
dnl Include filtering for domain/URLs
AC_ARG_ENABLE(filter,
[ --enable-filter Enable filtering of domains/URLs [default=yes]],
filter_enabled=yes, filter_enabled=yes)
if test "$filter_enabled" = "yes"; then
LIBOBJS="filter.o $LIBOBJS"
AC_DEFINE(FILTER_ENABLE)
fi
dnl Include support for TCP tunneling
AC_ARG_ENABLE(tunnel,
[ --enable-tunnel Enable support for TCP tunneling [default=yes]],
tunnel_enabled=yes, tunnel_enabled=yes)
if test "$tunnel_enabled" = "yes" ; then
AC_DEFINE(TUNNEL_SUPPORT)
fi
dnl Include support for upstream proxies?
AC_ARG_ENABLE(upstream,
[ --enable-upstream Enable support for upstream proxies [default=yes]],
upstream_enabled=yes, upstream_enabled=yes)
if test "$upstream_enabled" = "yes"; then
AC_DEFINE(UPSTREAM_SUPPORT)
fi
dnl Include support for a statically compiled tinyproxy
AC_ARG_ENABLE(static,
[ --enable-static Statically link tinyproxy [default=no]],
[ LDFLAGS="-static $LDFLAGS" ])
dnl
dnl Checks for programs
dnl
dnl Save $CFLAGS since AC_PROG_CC likes to insert "-g -O2"
dnl if $CFLAGS is blank
cflags_save="$CFLAGS"
AC_PROG_AWK
AC_PROG_MAKE_SET
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LN_S
AM_PROG_LEX
AC_PROG_YACC
CFLAGS="$cflags_save"
dnl Make sure YACC is actually bison
if test "$YACC" != "bison -y"; then
AC_MSG_WARN(You will need bison if you want to regenerate the parser.)
else
AC_MSG_CHECKING(bison version)
oldIFS=$IFS; IFS=.
set `bison -V | sed -e 's/^GNU Bison version //'`
IFS=$oldIFS
if test "$1" = "1" -a "$2" -lt "25"; then
AC_MSG_WARN(Bison 1.25 or newer needed to regenerate parsers (found $1.$2).)
fi
AC_MSG_RESULT($1.$2 (ok))
fi
dnl
dnl Checks for libraries
dnl
AC_CHECK_LIB(pthread, pthread_create)
if test "$ac_cv_lib_pthread_pthread_create" = "yes"; then
CFLAGS="-D_REENTRANT $CFLAGS"
else
AC_CHECK_LIB(pthreads, pthread_create)
if test "$ac_cv_lib_pthreads_pthread_create" = "yes"; then
CFLAGS="-D_REENTRANT $CFLAGS"
else
AC_CHECK_LIB(c_r, pthread_create)
if test "$ac_cv_lib_c_r_pthread_create" = "yes"; then
CFLAGS="-pthread -D_REENTRANT $CFLAGS"
else
AC_MSG_ERROR(You must have a POSIX compliant threading library installed)
fi
fi
fi
AC_CHECK_LIB(socket, socket, , AC_CHECK_LIB(socket, htonl))
dnl Some systems (OpenServer 5) dislike -lsocket -lnsl, so we try to
dnl avoid -lnsl checks, if we already have the functions which are
dnl usually in libnsl
unset ac_cv_func_yp_get_default_domain
AC_CHECK_FUNC(yp_get_default_domain, [ tinyproxy_no_nsl_checks=yes ], [ ])
unset ac_cv_func_yp_get_default_domain
if test "$tinyproxy_no_nsl_checks" != "yes"; then
AC_CHECK_LIB(nsl, gethostname, , AC_CHECK_LIB(nsl, gethostbyaddr))
fi
AC_CHECK_LIB(resolv, inet_aton)
AC_CHECK_LIB(socks, main, socks_library=yes, socks_library=no)
dnl
dnl Checks for headers
dnl
AC_HEADER_STDC
AC_CHECK_HEADERS(\
sys/types.h \
sys/ioctl.h \
sys/resource.h \
sys/select.h \
sys/socket.h \
sys/stat.h \
sys/sysctl.h \
sys/time.h \
sys/uio.h \
sys/un.h \
sys/wait.h \
arpa/inet.h \
netinet/in.h \
alloca.h \
assert.h \
ctype.h \
errno.h \
fcntl.h \
grp.h \
io.h \
libintl.h \
malloc.h \
memory.h \
netdb.h \
pthread.h \
pwd.h \
regex.h \
signal.h \
stdarg.h \
stddef.h \
stdint.h \
stdio.h \
stdlib.h \
string.h \
strings.h \
sysexits.h \
syslog.h \
time.h \
unistd.h \
wchar.h \
wctype.h \
)
AC_HEADER_TIME
AC_CHECK_HEADER(socks.h, socks_header=yes, socks_header=no)
dnl
dnl Checks for types
dnl
AM_C_PROTOTYPES
AC_C_CONST
AC_C_INLINE
AC_UNP_CHECK_TYPE(uint8_t, unsigned char)
AC_UNP_CHECK_TYPE(int16_t, short)
AC_UNP_CHECK_TYPE(uint16_t, unsigned short)
AC_UNP_CHECK_TYPE(int32_t, int)
AC_UNP_CHECK_TYPE(uint32_t, unsigned int)
AC_UNP_CHECK_TYPE(size_t, unsigned int)
AC_UNP_CHECK_TYPE(ssize_t, int)
AC_UNP_CHECK_TYPE(socklen_t, unsigned int)
AC_UNP_CHECK_TYPE(in_addr_t, uint32_t)
AC_TYPE_PID_T
AC_TYPE_SIGNAL
dnl
dnl Checks for functions
dnl
AC_FUNC_ALLOCA
AC_FUNC_STRFTIME
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(\
ftruncate \
regexec \
select \
setrlimit \
socket \
strdup \
strerror \
strtol \
vsnprintf \
vsyslog \
)
AC_CHECK_FUNCS(strlcpy strlcat)
if test "$ac_cv_func_vprintf" != "yes"; then
AC_CHECK_FUNC(_doprnt, AC_DEFINE(HAVE_DOPRNT))
fi
dnl
dnl Compiler characteristics
dnl
dnl Enable the debugging flags (by checking for the GCC compiler)
CFLAGS="-O2 $CFLAGS"
if test "$enable_debug" = "yes" ; then
dnl Add the warnings if we have the GCC compiler
if test "$ac_cv_prog_gcc" = "yes" ; then
CFLAGS="-pg -fprofile-arcs $CFLAGS"
CFLAGS="-Wshadow -Wcast-qual -Wcast-align -Wstrict-prototypes $CFLAGS"
CFLAGS="-Wmissing-prototypes -Wmissing-declarations $CFLAGS"
CFLAGS="-Wpointer-arith -Waggregate-return -Wnested-externs $CFLAGS"
fi
CFLAGS="-Wall -g -DYYDEBUG $CFLAGS"
YFLAGS="-v -d"
else
dnl No debugging information, include the optimizations
CFLAGS="-DNDEBUG $CFLAGS"
YFLAGS="-d"
fi
dnl
dnl Make sure we can actually handle the "--with-*" and "--enable-*" stuff.
dnl
dnl Handle the SOCKS support
if test "$socks_enabled" = "yes"; then
if test "$socks_header" = "yes" -a "$socks_library" = "yes"; then
CFLAGS="-I/usr/include/sock.h -DSOCKS $CFLAGS"
LIBS="-lsocks $LIBS"
else
AC_MSG_ERROR([Could not include the SOCKS library or header])
fi
fi
dnl Handle the REGEX library
if test "$ac_cv_func_regexec" != "yes"; then
dnl We don't have a functioning REGEX so include our copy
tinyproxy_use_our_regex=yes
else
AC_MSG_CHECKING([whether the system's regex library is broken])
AC_CACHE_VAL(tinyproxy_cv_regex_broken,
AC_TRY_RUN([
# include <unistd.h>
# include <regex.h>
int main(void)
{
regex_t blah;
return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec(&blah, "foobar", 0, NULL, 0);
}
],
tinyproxy_cv_regex_broken=no,
tinyproxy_cv_regex_broken=yes,
tinyproxy_cv_regex_broken=yes))
AC_MSG_RESULT($tinyproxy_cv_regex_broken)
if test "$tinyproxy_cv_regex_broken" = "yes" ; then
echo "Using the included GNU regex instead." >&AC_FD_MSG
tinyproxy_use_our_regex=yes
fi
fi
if test "$tinyproxy_use_our_regex" = "yes" ; then
AC_DEFINE(USE_GNU_REGEX)
LIBOBJS="gnuregex.o $LIBOBJS"
fi
dnl
dnl Substitute the variables into the various Makefiles
dnl
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(YFLAGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LIBS)
AC_SUBST(LIBOBJS)
AC_OUTPUT(Makefile src/Makefile doc/Makefile)

2
data/Makefile.am Normal file
View File

@ -0,0 +1,2 @@
SUBDIRS = \
templates

12
data/templates/Makefile.am Normal file
View File

@ -0,0 +1,12 @@
templatesdir = $(pkgdatadir)
TEMPLATES = \
debug.html \
default.html \
stats.html
templates_DATA = \
$(TEMPLATES)
EXTRA_DIST = \
$(TEMPLATES)

53
data/templates/debug.html Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>{errno} {cause}</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>{cause}</h1>
<p>{detail}</p>
<p>Here are the error variables:</p>
<dl>
<dt>request</dt>
<dd>{request}</dd>
<dt>cause</dt>
<dd>{cause}</dd>
<dt>clientip</dt>
<dd>{clientip}</dd>
<dt>clienthost</dt>
<dd>{clienthost}</dd>
<dt>package</dt>
<dd>{package}</dd>
<dt>date</dt>
<dd>{date}</dd>
<dt>detail</dt>
<dd>{detail}</dd>
<dt>url</dt>
<dd>{url}</dd>
</dl>
<hr />
<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
</body>
</html>

23
data/templates/default.html Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>{errno} {cause}</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<h1>{cause}</h1>
<p>{detail}</p>
<hr />
<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
</body>
</html>

95
data/templates/stats.html Normal file
View File

@ -0,0 +1,95 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>Stats [{package}]</title>
<meta charset="UTF-8" />
<style type="text/css">
body {
color: #eee;
background: #110d0d;
text-align: center;
font: 12pt/1.6 Open Sans, Segoe UI, sans-serif;
}
#container {
position: absolute;
top: 0;
left: 0;
margin: 0;
width: 100%;
height: 100%;
display: table;
}
#inner {
width: 100%;
display: table-cell;
vertical-align: middle;
}
table {
width: auto;
margin: auto;
height: auto;
background: #222020;
border: 1px solid #777373;
border-spacing: 3px;
}
th,
td {
padding: 6px 18px;
}
th {
font-weight: 700;
background: linear-gradient(to bottom, #777373, #555151);
}
.odd {
background: #444040;
}
.even {
background: #555151;
}
.center {
text-align: center;
}
.right {
text-align: right;
font-weight: 600;
}
</style>
</head>
<body>
<div id="container">
<div id="inner">
<table>
<tr>
<th colspan="2">{package} statistics</th>
</tr>
<tr class="odd">
<td class="right">Open connections</td>
<td class="center">{opens}</td>
</tr>
<tr class="even">
<td class="right">Bad connections</td>
<td class="center">{badconns}</td>
</tr>
<tr class="odd">
<td class="right">Denied connections</td>
<td class="center">{deniedconns}</td>
</tr>
<tr class="even">
<td class="right">Refused (high load)</td>
<td class="center">{refusedconns}</td>
</tr>
<tr class="odd">
<td class="right">Total requests</td>
<td class="center">{reqs}</td>
</tr>
</table>
</div>
</div>
</body>
</html>

2
doc/Makefile.am
View File

@ -1,2 +0,0 @@
EXTRA_DIST = tinyproxy.8 tinyproxy.conf HTTP_ERROR_CODES RFC_INFO report.sh
man_MANS = tinyproxy.8

14
doc/report.sh
View File

@ -1,14 +0,0 @@
#!/bin/sh
(echo "date: "
date
echo "uname: "
uname -a
echo "ps: "
ps -auxw | grep '[t]inyproxy' -
echo "ver: "
if [ -x /usr/local/bin/tinyproxy ]; then
/usr/local/bin/tinyproxy -v
else
echo no ver available.
fi;) 2>&1 | mail -s 'tinyproxy install report' rjkaes@users.sourceforge.net

60
doc/tinyproxy.8
View File

@ -1,60 +0,0 @@
.\" -*- nroff -*-
.\"
.\" tinyproxy.1
.\"
.\" Copyright (c) 1998-2000 Steven Young and Robert James Kaes.
.\" Copyright (c) 2001 Robert James Kaes
.\"
.\" This program is distributed under the terms of the GNU General Public
.\" License. See COPYING for additional information.
.\"
.TH tinyproxy 1 .\" "tinyproxy Manual" "August 25, 2001"
.SH NAME
tinyproxy - A small HTTP proxy server
.SH SYNTAX
\fBtinyproxy\fR [ \fBoptions\fR ]
.SH VERSION
This man page documents tinyproxy
.SH DESCRIPTION
\fBtinyproxy\fR is an HTTP proxy server designed to consume a minimum of
system resources. It listens on a given TCP port and handles HTTP proxy
requests.
.SH OPTIONS
.IP "-c config_file"
Use an alternate configuration file.
.IP -d
Don't daemonize; stay in the foreground. Useful for debugging purposes.
.IP -h
Display a short help screen of command line arguments and exit.
.IP -l
Displays the licensing agreement.
.IP -v
Display version information and exit.
.SH SIGNALS
In addition to these command line options, there are also several signals
that can be sent to tinyproxy while it is running to generate debugging
information and to force certain events.
.TP 5
.B SIGHUP
Force \fBtinyproxy\fR to do a garbage collection on the current connections
linked list. This is usually done automatically after a certain number of
connections have been handled.
.SH FILES
.nf
/etc/tinyproxy/tinyproxy.conf
/var/run/tinyproxy.pid
/var/log/tinyproxy.log
.fi
.SH AUTHORS
.nf
Robert James Kaes (rjkaes@flarenet.com)
Steven Young (sdyoung@users.sourceforge.net)
.fi
.SH COPYRIGHT
\fBtinyproxy\fR is distributed under the GNU Public License (GPL). For more
information on the GPL, please see the file COPYING which should have been
included in the archive with \fBtinyproxy\fR. Failing that,
http://www.fsf.org/ will doubtless have a copy up for you to peruse. Please
don't use this software if you don't agree to the terms specified therein.
.SH AVAILABILITY
The latest version of \fBtinyproxy\fR can be acquired from: http://tinyproxy.sourceforge.net/

127
doc/tinyproxy.conf
View File

@ -1,127 +0,0 @@
##
## tinyproxy.conf -- tinyproxy daemon configuration file
##
#
# Name of the user the tinyproxy daemon should switch to after the port
# has been bound.
#
User nobody
Group nogroup
#
# Port to listen on.
#
Port 8888
#
# If you have multiple interfaces this allows you to bind to only one. If
# this is commented out, tinyproxy will bind to all interfaces present.
#
#Listen 192.168.0.1
#
# Timeout: The number of seconds of inactivity a connection is allowed to
# have before it closed by tinyproxy.
#
Timeout 600
#
# Where to log the information. Either LogFile or Syslog should be set,
# but not both.
#
Logfile "/var/log/tinyproxy.log"
# Syslog On
#
# Set the logging level. Allowed settings are:
# Critical (least verbose)
# Error
# Warning
# Notice
# Connect (to log connections without Info's noise)
# Info (most verbose)
# The LogLevel logs from the set level and above. For example, if the LogLevel
# was set to Warning, than all log messages from Warning to Critical would be
# output, but Notice and below would be suppressed.
#
LogLevel Info
#
# PidFile: Write the PID of the main tinyproxy thread to this file so it
# can be used for signalling purposes.
#
PidFile "/var/run/tinyproxy.pid"
#
# Include the X-Tinyproxy header, which has the client's IP address when
# connecting to the sites listed.
#
#XTinyproxy mydomain.com
#
# Turns tinyproxy into a TCP tunnel which connects the local computer on
# 'Port' to the remote computer's port. No processing is done when using
# tinyproxy as a tunnel. If you want to connect to an upstream proxy use
# the "Upstream" directive below.
#
#Tunnel some.remote.computer:port
#
# Turns on upstream proxy support.
#
#Upstream some.remote.proxy:port
#
# This is the absolute highest number of threads which will be created. In
# other words, only MaxClients number of clients can be connected at the
# same time.
#
MaxClients 100
#
# These settings set the upper and lower limit for the number of
# spare servers which should be available. If the number of spare servers
# falls below MinSpareServers then new ones will be created. If the number
# of servers exceeds MaxSpareServers then the extras will be killed off.
#
MinSpareServers 5
MaxSpareServers 20
#
# Number of servers to start initially.
#
StartServers 10
#
# MaxRequestsPerChild is the number of connections a thread will handle
# before it is killed. In practice this should be set to 0, which disables
# thread reaping. If you do notice problems with memory leakage, then set
# this to something like 10000
#
MaxRequestsPerChild 0
#
# The following is the authorization controls. If there are any access
# control keywords then the default action is to DENY. Otherwise, the
# default action is ALLOW.
#
# Also the order of the controls are important. The incoming connections
# are tested against the controls based on order.
#
Allow 127.0.0.1
Allow 192.168.1.0/25
#
# The location of the filter file.
#
#Filter "/etc/tinyproxy/filter"
#
# If an Anonymous keyword is present, then anonymous proxying is enabled.
# The headers listed are allowed through, while all others are denied. If
# no Anonymous keyword is present, then all header are allowed through.
# You must include quotes around the headers.
#
#Anonymous "Host"
#Anonymous "Authorization"

3
docs/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
Makefile
Makefile.in
report.sh

8
docs/Makefile.am Normal file
View File

@ -0,0 +1,8 @@
SUBDIRS = \
man5 \
man8
EXTRA_DIST = \
http-error-codes.txt \
http-rfcs.txt

0
doc/HTTP_ERROR_CODES → docs/http-error-codes.txt
View File

0
doc/RFC_INFO → docs/http-rfcs.txt
View File

3
docs/man5/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.5
*.xml
*.txt

25
docs/man5/Makefile.am Normal file
View File

@ -0,0 +1,25 @@
if HAVE_MANPAGE_INTEREST
MAN5_FILES = \
tinyproxy.conf.txt
endif
M_SECTION=5
M_NAME=TINYPROXY.CONF
man_MANS = \
$(MAN5_FILES:.txt=.5)
.txt.5:
if HAVE_POD2MAN
$(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \
--section=$(M_SECTION) --name=$(M_NAME) --release="Version @VERSION@" \
$< > $@
else
@echo "*** pod2man is required to regenerate $(@) ***"; exit 1;
endif
MAINTAINERCLEANFILES = \
$(MAN5_FILES:.txt=.5)
EXTRA_DIST = \
$(MAN5_FILES:.txt=.5)

440
docs/man5/tinyproxy.conf.txt.in Normal file
View File

@ -0,0 +1,440 @@
=pod
=encoding utf8
=head1 NAME
tinyproxy.conf - Tinyproxy HTTP proxy daemon configuration file
=head1 SYNOPSIS
B<tinyproxy.conf>
=head1 DESCRIPTION
L<tinyproxy(8)> reads its configuration file, typically stored in
`/etc/tinyproxy/tinyproxy.conf` (or passed to Tinyproxy with -c on the
command line). This manpage describes the syntax and contents of the
configuration file.
The Tinyproxy configuration file contains key-value pairs, one per
line. Lines starting with `#` and empty lines are comments and are
ignored. Keywords are case-insensitive, whereas values are
case-sensitive. Some string values must be enclosed in double
quotes (") as noted below.
The possible keywords and their descriptions are as follows:
=over 4
=item B<User>
The user which the Tinyproxy process should run as, after the
initial port-binding has been done as the `root` user. Either the
user name or the UID may be specified.
=item B<Group>
The group which the Tinyproxy process should run as, after the
initial port-binding has been done as the `root` user. Either the
group name or the GID may be specified.
=item B<Port>
The port which the Tinyproxy service will listen on. If the port is
less than 1024, you will need to start the Tinyproxy process as the
`root` user.
=item B<Listen>
By default, Tinyproxy listens for connections on all available
interfaces (i.e. it listens on the wildcard address `0.0.0.0`).
With this configuration parameter, Tinyproxy can be told to listen
only on one specific address.
=item B<Bind>
This allows you to specify which address Tinyproxy will bind
to for outgoing connections.
This parameter may be specified multiple times, then Tinyproxy
will try all the specified addresses in order.
=item B<BindSame>
If this boolean parameter is set to `yes`, then Tinyproxy will
bind the outgoing connection to the IP address of the incoming
connection that triggered the outgoing request.
=item B<Timeout>
The maximum number of seconds of inactivity a connection is
allowed to have before it is closed by Tinyproxy.
=item B<ErrorFile>
This parameter controls which HTML file Tinyproxy returns when a
given HTTP error occurs. It takes two arguments, the error number
and the location of the HTML error file. Enclose the file location
in double quotes.
=item B<DefaultErrorFile>
The HTML template file returned when an error occurs for which no
specific error file has been set. Enclose in double quotes.
=item B<StatHost>
The host name or IP address that is treated as the `stat host`.
Enclose in double quotes. Whenever Tinyproxy receives a request for
the `stat host` it returns an internal statistics page instead of
forwarding the request to that host. The template for this page can be
configured with the `StatFile` configuration option. The default value
of `StatHost` is `@TINYPROXY_STATHOST@`.
=item B<StatFile>
The HTML file that Tinyproxy sends in response to a request for the
`stat host`. Enclose in double quotes. If this parameter is not set,
Tinyproxy returns a hard-coded basic statistics page. See the STATHOST
section in the L<tinyproxy(8)> manual page for details.
Note that the StatFile and the error files configured with ErrorFile
and DefaultErrorFile are template files that can contain a few
template variables that Tinyproxy expands prior to delivery.
Examples are "{cause}" for an abbreviated error description and
"{detail}" for a detailed error message. The L<tinyproxy(8)>
manual page contains a description of all template variables.
=item B<LogFile>
The location of the file to which Tinyproxy writes its debug output.
Enclose in double quotes. Alternatively, Tinyproxy can log to syslog
-- see the Syslog option.
=item B<Syslog>
When set to `On`, this option tells Tinyproxy to write its
debug messages to syslog instead of to a log file configured
with `LogFile`. These two options are mutually exclusive.
=item B<LogLevel>
Sets the log level. Messages from the set level and above are
logged. For example, if the LogLevel was set to Warning, then all
log messages from Warning to Critical would be output, but Notice
and below would be suppressed. Allowed values are:
=over 4
=item * Critical (least verbose)
=item * Error
=item * Warning
=item * Notice
=item * Connect (log connections without Info's noise)
=item * Info (most verbose)
=back
=item B<PidFile>
The location of the file where the main Tinyproxy process stores its
process ID for signaling purposes. Enclose in double quotes.
=item B<XTinyproxy>
Setting this option to `Yes` tells Tinyproxy to add a header
`X-Tinyproxy` containing the client's IP address to the request.
=item B<Upstream>
This option allows you to set up a set of rules for deciding
whether an upstream proxy server is to be used, based on the
host or domain of the site being accessed. The rules are stored
in the order encountered in the configuration file and the
LAST matching rule wins. The following forms for specifying upstream
rules exist:
=over 4
=item * I<upstream type host:port> turns proxy upstream support on generally.
=item * I<upstream type user:pass@host:port>
does the same, but uses the supplied credentials for authentication.
=item * I<upstream type host:port "site_spec">
turns on the upstream proxy for the sites matching `site_spec`.
`type` can be one of `http`, `socks4`, `socks5`, `none`.
a `site_spec` is either a full domain name, a domain name starting with a
`.`, in which case it is treated as a suffix, or an ip/mask tuple.
the `site_spec` needs to be double-quoted.
=item * I<upstream none "site_spec">
turns off upstream support for sites matching `site_spec`, that means the
connection is done directly.
=back
It's recommended to use raw IP addresses to specify the upstream host, so
no costly DNS lookup has to be done everytime it is used.
IPv6 addresses need to be enclosed in square brackets.
The site can be specified in various forms as a hostname, domain
name or as an IP range:
=over 4
=item * I<name> matches host exactly
=item * I<.name> matches any host in domain "name"
=item * I<.> matches any host with no domain (in 'empty' domain)
=item * I<IP/bits> matches network/mask
=item * I<IP/mask> matches network/mask
=back
Note that the upstream directive can also be used to null-route
a specific target domain/host, e.g.:
`upstream http 0.0.0.0:0 ".adserver.com"`
=item B<MaxClients>
Tinyproxy creates one thread for each connected client.
This options specifies the absolute highest number processes that
will be created. With other words, only MaxClients clients can be
connected to Tinyproxy simultaneously.
=item B<Allow>
=item B<Deny>
The `Allow` and `Deny` options provide a means to customize
which clients are allowed to access Tinyproxy. `Allow` and `Deny`
lines can be specified multiple times to build the access control
list for Tinyproxy. The order in the config file is important.
If there are no `Allow` or `Deny` lines, then all clients are
allowed. Otherwise, the default action is to deny access.
The argument to `Allow` or `Deny` can be a single IP address
of a client host, like `127.0.0.1`, an IP address range, like
`192.168.0.1/24` or a string that will be matched against the
end of the client host name, i.e, this can be a full host name
like `host.example.com` or a domain name like `.example.com` or
even a top level domain name like `.com`.
Note that by adding a rule using a host or domain name, a costly name
lookup has to be done for every new connection, which could slow down
the service considerably.
=item B<BasicAuth>
Configure HTTP "Basic Authentication" username and password
for accessing the proxy. If there are any entries specified,
access is only granted for authenticated users.
BasicAuth user password
=item B<BasicAuthRealm>
In case "BasicAuth" is configured, the "realm" information.
"Proxy Authentication Required" status http 407 "error-response" can be
customized.
- defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
=item B<AddHeader>
Configure one or more HTTP request headers to be added to outgoing
HTTP requests that Tinyproxy makes. Note that this option will not
work for HTTPS traffic, as Tinyproxy has no control over what
headers are exchanged.
AddHeader "X-My-Header" "Powered by Tinyproxy"
=item B<ViaProxyName>
RFC 2616 requires proxies to add a `Via` header to the HTTP
requests, but using the real host name can be a security
concern. If the `ViaProxyname` option is present, then its
string value will be used as the host name in the Via header.
Otherwise, the server's host name will be used. Enclose in double
quotes.
=item B<DisableViaHeader>
When this is set to yes, Tinyproxy does NOT add the `Via` header
to the requests. This virtually puts Tinyproxy into stealth mode.
Note that RFC 2616 requires proxies to set the `Via` header, so by
enabling this option, you break compliance.
Don't disable the `Via` header unless you know what you are doing...
=item B<Filter>
Tinyproxy supports filtering of web sites based on URLs or
domains. This option specifies the location of the file
containing the filter rules, one rule per line.
Rules are specified as POSIX basic regular expressions (BRE), unless
another FilterType is specified.
Comment lines start with a `#` character.
Example filter file contents:
# filter exactly cnn.com
^cnn\.com$
# filter all subdomains of cnn.com, but not cnn.com itself
.*\.cnn.com$
# filter any domain that has cnn.com in it, like xcnn.comfy.org
cnn\.com
# filter any domain that ends in cnn.com
cnn\.com$
# filter any domain that starts with adserver
^adserver
=item B<FilterType>
This option can be set to one of `bre`, `ere`, or `fnmatch`.
If `bre` is set, the rules specified in the filter file are matched
using POSIX basic regular expressions, when set to `ere`, using
POSIX extended regular expressions, and when set to `fnmatch` using
the `fnmatch` function as specified in the manpage `man 3p fnmatch`.
`fnmatch` matching is identical to what's used in the shell to match
filenames, so for example `*.google.com` matches everything that
ends with `.google.com`.
If you don't know what regular expressions are or you're using filter
lists from 3rd party sources, `fnmatch` is probably what you want.
It's also the fastest matching method of the three.
=item B<FilterURLs>
If this boolean option is set to `Yes` or `On`, filtering is
performed for URLs rather than for domains. The default is to
filter based on domains.
Note that filtering for URLs works only in plain HTTP scenarios.
Since HTTPS has become ubiquitous during the last years, this
will only work on a tiny fraction of websites, so it is
recommended not to use this option.
=item B<FilterExtended>
Deprecated. Use `FilterType ere` instead.
If this boolean option is set to `Yes`, then extended POSIX
regular expressions are used for matching the filter rules.
The default is to use basic POSIX regular expressions.
=item B<FilterCaseSensitive>
If this boolean option is set to `Yes`, then the filter rules
are matched in a case sensitive manner. The default is to
match case-insensitively, unfortunately.
If you set this to `Yes`, then your matching will be almost
twice as fast.
This setting affects only `bre` and `ere` FilterTypes, fnmatch
is always case sensitive.
=item B<FilterDefaultDeny>
The default filtering policy is to allow everything that is
not matched by a filtering rule. Setting `FilterDefaultDeny`
to `Yes` changes the policy do deny everything but the domains
or URLs matched by the filtering rules.
In other words, if set to `No` the Filter list acts as a
blacklist, if set to `Yes` as a whitelist.
=item B<Anonymous>
If an `Anonymous` keyword is present, then anonymous proxying
is enabled. The headers listed with `Anonymous` are allowed
through, while all others are denied. If no Anonymous keyword
is present, then all headers are allowed through. You must
include double quotes around the headers.
Most sites require cookies to be enabled for them to work correctly, so
you will need to allow cookies through if you access those sites.
Example:
Anonymous "Host"
Anonymous "Authorization"
Anonymous "Cookie"
=item B<ConnectPort>
This option can be used to specify the ports allowed for the
CONNECT method. If no `ConnectPort` line is found, then all
ports are allowed. To disable CONNECT altogether, include a
single ConnectPort line with a value of `0`.
=item B<ReversePath>
Configure one or more ReversePath directives to enable reverse proxy
support. With reverse proxying it's possible to make a number of
sites appear as if they were part of a single site.
If you uncomment the following two directives and run Tinyproxy
on your own computer at port 8888, you can access example.com,
using http://localhost:8888/example/.
ReversePath "/example/" "http://www.example.com/"
=item B<ReverseOnly>
When using Tinyproxy as a reverse proxy, it is STRONGLY
recommended that the normal proxy is turned off by setting
this boolean option to `Yes`.
=item B<ReverseMagic>
Setting this option to `Yes`, makes Tinyproxy use a cookie to
track reverse proxy mappings. If you need to reverse proxy
sites which have absolute links you must use this option.
=item B<ReverseBaseURL>
The URL that is used to access this reverse proxy. The URL is
used to rewrite HTTP redirects so that they won't escape the
proxy. If you have a chain of reverse proxies, you'll need to
put the outermost URL here (the address which the end user
types into his/her browser). If this option is not set then
no rewriting of redirects occurs.
=back
=head1 BUGS
To report bugs in Tinyproxy, please visit
L<https://tinyproxy.github.io/>.
=head1 SEE ALSO
L<tinyproxy(8)>
=head1 AUTHOR
This manpage was written by the Tinyproxy project team.
=head1 COPYRIGHT
Copyright (c) 1998-2024 the Tinyproxy authors.
This program is distributed under the terms of the GNU General Public
License version 2 or above. See the COPYING file for additional
information.

3
docs/man8/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.8
*.xml
*.txt

36
docs/man8/Makefile.am Normal file
View File

@ -0,0 +1,36 @@
if HAVE_MANPAGE_INTEREST
MAN8_FILES = \
tinyproxy.txt
endif
M_SECTION=8
M_NAME=TINYPROXY
man_MANS = \
$(MAN8_FILES:.txt=.8)
edit = sed \
-e 's|@localstatedir[@]|$(localstatedir)|g' \
-e 's|@runstatedir[@]|$(runstatedir)|g' \
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
tinyproxy.txt: $(top_srcdir)/docs/man8/tinyproxy.txt.in Makefile
@rm -f $@ $@.tmp
$(AM_V_GEN) $(edit) $(top_srcdir)/docs/man8/$@.in > $@.tmp
@mv $@.tmp $@
.txt.8:
if HAVE_POD2MAN
$(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \
--section=$(M_SECTION) --name=$(M_NAME) --release="Version @VERSION@" \
$< > $@
else
@echo "*** pod2man is required to regenerate $(@) ***"; exit 1;
endif
MAINTAINERCLEANFILES = \
$(MAN8_FILES:.txt=.8)
EXTRA_DIST = \
$(MAN8_FILES:.txt=.8)

187
docs/man8/tinyproxy.txt.in Normal file
View File

@ -0,0 +1,187 @@
=pod
=encoding utf8
=head1 NAME
tinyproxy - A light-weight HTTP proxy daemon
=head1 SYNOPSIS
B<tinyproxy> [-vdch]
=head1 DESCRIPTION
B<tinyproxy> is a light-weight HTTP proxy daemon designed to consume a
minimum amount of system resources. It listens on a given TCP port and
handles HTTP proxy requests. Designed from the ground up to be fast and
yet small, it is an ideal solution for use cases such as embedded
deployments where a full featured HTTP proxy is required, but the system
resources for a larger proxy are unavailable.
=head1 OPTIONS
B<tinyproxy> accepts the following options:
=over 4
=item B<-c <config-file>>
Use an alternate configuration file.
=item B<-d>
Don't daemonize and stay in the foreground. Useful for debugging purposes.
=item B<-h>
Display a short help screen of command line arguments and exit.
=item B<-v>
Display version information and exit.
=back
=head1 SIGNALS
In addition to command-line options, there are also several signals that
can be sent to B<tinyproxy> while it is running to generate debugging
information and to force certain events.
=over 4
=item B<SIGHUP>
Force Tinyproxy to do a garbage collection on the current
connections linked list. This is usually done automatically after a
certain number of connections have been handled.
(Daemon mode only)
=item B<SIGUSR1>
Force reload of config file and filter list.
This is handy to update the configuration if Tinyproxy is running
in foreground without dropping active connections.
=back
=head1 TEMPLATE FILES
There are two occasions when Tinyproxy delivers HTML pages to
the client on it's own right:
=over 4
=item * When an error occurred, a corresponding error page is returned.
=item * When a request for the stathost is made, a page summarizing the
connection statistics is returned. (See STATHOST below.)
=back
The layout of both error pages and the statistics page can be
controlled via configurable HTML template files that are plain
HTML files that additionally understand a few template
variables.
=head1 TEMPLATE VARIABLES
There are several standard HTML variables that are available in every
template file:
=over 4
=item B<request>
The full HTTP request line.
=item B<cause>
The abbreviated cause of the error condition.
=item B<clientip>
The IP address of the client making the request.
=item B<clienthost>
The hostname of the client making the request.
=item B<version>
The version of Tinyproxy.
=item B<package>
The package name. Presently, resolves to 'tinyproxy'.
=item B<date>
The current date/time in HTTP format.
=back
In addition, almost all templates support:
=over 4
=item B<detail>
A detailed, plain English explanation of the error and possible
causes.
=back
When Tinyproxy finds a variable name enclosed in braces, e.g.
"{request}", then this is replaced by the value of the corresponding
variable before delivery of the page.
=head1 STATHOST
Tinyproxy returns a HTML page with connection statistics when it
receives a HTTP request for a certain host -- the stathost. The
stathost name defaults to `@TINYPROXY_STATHOST@` and can be changed at
runtime to any name or IP address with the configuration variable
`StatHost`.
The stat file template can be changed at runtime through the
configuration variable `StatFile`.
=head1 FILES
F<@sysconfdir@/tinyproxy/tinyproxy.conf>
F<@runstatedir@/tinyproxy/tinyproxy.pid>
F<@localstatedir@/log/tinyproxy/tinyproxy.log>
=head1 BUGS
To report bugs in Tinyproxy, please visit
L<https://tinyproxy.github.io/>.
=head1 SEE ALSO
L<tinyproxy.conf(5)>
=head1 AUTHOR
This manpage was written by the Tinyproxy project team.
=head1 COPYRIGHT
Copyright (c) 1998-2020 the Tinyproxy authors.
This program is distributed under the terms of the GNU General Public
License version 2 or above. See the COPYING file for additional
information.

15
docs/web/Makefile Normal file
View File

@ -0,0 +1,15 @@
# test webpage with `python -m SimpleHTTPServer`
all: index.html
tp.html.conf: ../man5/tinyproxy.conf.txt
pod2html --noindex < $^ | awk -f podhtml-filter.awk > $@
index.html: tp.html.head tp.html.conf tp.html.foot
cat $^ > $@
clean:
rm tp.html.conf index.html *.tmp
.PHONY: all clean

5
docs/web/podhtml-filter.awk Normal file
View File

@ -0,0 +1,5 @@
BEGIN {i=0}
/<\/{0,1}h1/ {if(!i)i=1; gsub("h1", "h4", $0);}
#/<\/body>/ {i=0;}
/BUGS/ {i=-1}
{if(i==1) print;}

426
docs/web/stylesheets/stylesheet.css Normal file
View File

@ -0,0 +1,426 @@
/*******************************************************************************
Slate Theme for GitHub Pages
by Jason Costello, @jsncostello
*******************************************************************************/
@import url(github-light.css);
/*******************************************************************************
MeyerWeb Reset
*******************************************************************************/
html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center,
dl, dt, dd, ol, ul, li,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
margin: 0;
padding: 0;
border: 0;
font: inherit;
vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
ol, ul {
list-style: none;
}
table {
border-collapse: collapse;
border-spacing: 0;
}
/*******************************************************************************
Theme Styles
*******************************************************************************/
body {
box-sizing: border-box;
color:#373737;
background: #212121;
font-size: 16px;
font-family: 'Myriad Pro', Calibri, Helvetica, Arial, sans-serif;
line-height: 1.5;
-webkit-font-smoothing: antialiased;
}
h1, h2, h3, h4, h5, h6 {
margin: 10px 0;
font-weight: 700;
color:#222222;
font-family: 'Lucida Grande', 'Calibri', Helvetica, Arial, sans-serif;
letter-spacing: -1px;
}
h1 {
font-size: 36px;
font-weight: 700;
}
h2 {
padding-bottom: 10px;
font-size: 32px;
background: url('../images/bg_hr.png') repeat-x bottom;
}
h3 {
font-size: 24px;
}
h4 {
font-size: 21px;
}
h5 {
font-size: 18px;
}
h6 {
font-size: 16px;
}
p {
margin: 10px 0 15px 0;
}
footer p {
color: #f2f2f2;
}
a {
text-decoration: none;
color: #007edf;
text-shadow: none;
transition: color 0.5s ease;
transition: text-shadow 0.5s ease;
-webkit-transition: color 0.5s ease;
-webkit-transition: text-shadow 0.5s ease;
-moz-transition: color 0.5s ease;
-moz-transition: text-shadow 0.5s ease;
-o-transition: color 0.5s ease;
-o-transition: text-shadow 0.5s ease;
-ms-transition: color 0.5s ease;
-ms-transition: text-shadow 0.5s ease;
}
a:hover, a:focus {text-decoration: underline;}
footer a {
color: #F2F2F2;
text-decoration: underline;
}
em {
font-style: italic;
}
strong {
font-weight: bold;
}
img {
position: relative;
margin: 0 auto;
max-width: 739px;
padding: 5px;
margin: 10px 0 10px 0;
border: 1px solid #ebebeb;
box-shadow: 0 0 5px #ebebeb;
-webkit-box-shadow: 0 0 5px #ebebeb;
-moz-box-shadow: 0 0 5px #ebebeb;
-o-box-shadow: 0 0 5px #ebebeb;
-ms-box-shadow: 0 0 5px #ebebeb;
}
p img {
display: inline;
margin: 0;
padding: 0;
vertical-align: middle;
text-align: center;
border: none;
}
pre, code {
width: 100%;
color: #222;
background-color: #fff;
font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace;
font-size: 14px;
border-radius: 2px;
-moz-border-radius: 2px;
-webkit-border-radius: 2px;
}
pre {
width: 100%;
padding: 10px;
margin-bottom: 20px;
box-shadow: 0 0 10px rgba(0,0,0,.1);
overflow: auto;
}
code {
padding: 3px;
margin: 0 3px;
box-shadow: 0 0 10px rgba(0,0,0,.1);
}
pre code {
display: block;
box-shadow: none;
}
blockquote {
color: #666;
margin-bottom: 20px;
padding: 0 0 0 20px;
border-left: 3px solid #bbb;
}
ul, ol, dl {
margin-bottom: 15px
}
ul {
list-style-position: inside;
list-style: disc;
padding-left: 20px;
}
ol {
list-style-position: inside;
list-style: decimal;
padding-left: 20px;
}
dl dt {
font-weight: bold;
}
dl dd {
padding-left: 20px;
/* font-style: italic; */
}
dl p {
padding-left: 20px;
/* font-style: italic; */
}
hr {
height: 1px;
margin-bottom: 5px;
border: none;
background: url('../images/bg_hr.png') repeat-x center;
}
table {
border: 1px solid #373737;
margin-bottom: 20px;
text-align: left;
}
th {
font-family: 'Lucida Grande', 'Helvetica Neue', Helvetica, Arial, sans-serif;
padding: 10px;
background: #373737;
color: #fff;
}
td {
padding: 10px;
border: 1px solid #373737;
}
form {
background: #f2f2f2;
padding: 20px;
}
/*******************************************************************************
Full-Width Styles
*******************************************************************************/
.outer {
width: 100%;
}
.inner {
position: relative;
max-width: 640px;
padding: 20px 10px;
margin: 0 auto;
}
#forkme_banner {
display: block;
position: absolute;
top:0;
right: 10px;
z-index: 10;
padding: 10px 50px 10px 10px;
color: #fff;
background: url('../images/blacktocat.png') #0090ff no-repeat 95% 50%;
font-weight: 700;
box-shadow: 0 0 10px rgba(0,0,0,.5);
border-bottom-left-radius: 2px;
border-bottom-right-radius: 2px;
}
#header_wrap {
background: #212121;
background: -moz-linear-gradient(top, #373737, #212121);
background: -webkit-linear-gradient(top, #373737, #212121);
background: -ms-linear-gradient(top, #373737, #212121);
background: -o-linear-gradient(top, #373737, #212121);
background: linear-gradient(top, #373737, #212121);
}
#header_wrap .inner {
padding: 50px 10px 30px 10px;
}
#project_title {
margin: 0;
color: #fff;
font-size: 42px;
font-weight: 700;
text-shadow: #111 0px 0px 10px;
}
#project_tagline {
color: #fff;
font-size: 24px;
font-weight: 300;
background: none;
text-shadow: #111 0px 0px 10px;
}
#downloads {
position: absolute;
width: 210px;
z-index: 10;
bottom: -40px;
right: 0;
height: 70px;
background: url('../images/icon_download.png') no-repeat 0% 90%;
}
.zip_download_link {
display: block;
float: right;
width: 90px;
height:70px;
text-indent: -5000px;
overflow: hidden;
background: url(../images/sprite_download.png) no-repeat bottom left;
}
.tar_download_link {
display: block;
float: right;
width: 90px;
height:70px;
text-indent: -5000px;
overflow: hidden;
background: url(../images/sprite_download.png) no-repeat bottom right;
margin-left: 10px;
}
.zip_download_link:hover {
background: url(../images/sprite_download.png) no-repeat top left;
}
.tar_download_link:hover {
background: url(../images/sprite_download.png) no-repeat top right;
}
#main_content_wrap {
background: #f2f2f2;
border-top: 1px solid #111;
border-bottom: 1px solid #111;
}
#main_content {
padding-top: 40px;
}
#footer_wrap {
background: #212121;
}
/*******************************************************************************
Small Device Styles
*******************************************************************************/
@media screen and (max-width: 480px) {
body {
font-size:14px;
}
#downloads {
display: none;
}
.inner {
min-width: 320px;
max-width: 480px;
}
#project_title {
font-size: 32px;
}
h1 {
font-size: 28px;
}
h2 {
font-size: 24px;
}
h3 {
font-size: 21px;
}
h4 {
font-size: 18px;
}
h5 {
font-size: 14px;
}
h6 {
font-size: 12px;
}
code, pre {
min-width: 320px;
max-width: 480px;
font-size: 11px;
}
}

21
docs/web/tp.html.foot Normal file
View File

@ -0,0 +1,21 @@
<h2>
<a id="support" class="anchor" href="#support" aria-hidden="true"><span class="octicon octicon-link"></span></a>Support</h2>
<ul>
<li>Feel free to report a new bug or suggest features via github issues.</li>
<li>Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.</li>
</ul>
</section>
</div>
<!-- FOOTER -->
<div id="footer_wrap" class="outer">
<footer class="inner">
<p>Published with <a href="https://pages.github.com">GitHub Pages</a></p>
</footer>
</div>
</body>
</html>

98
docs/web/tp.html.head Normal file
View File

@ -0,0 +1,98 @@
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<meta name="description" content="Tinyproxy : lightweight http(s) proxy daemon">
<link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">
<title>Tinyproxy</title>
</head>
<body>
<!-- HEADER -->
<div id="header_wrap" class="outer">
<header class="inner">
<a id="forkme_banner" href="https://github.com/tinyproxy">View on GitHub</a>
<h1 id="project_title">Tinyproxy</h1>
<h2 id="project_tagline">lightweight http(s) proxy daemon</h2>
</header>
</div>
<!-- MAIN CONTENT -->
<div id="main_content_wrap" class="outer">
<section id="main_content" class="inner">
<h1>
<a id="tinyproxy" class="anchor" href="#tinyproxy" aria-hidden="true"><span class="octicon octicon-link"></span></a>Tinyproxy</h1>
<p>Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Designed from the ground up to be fast and yet small, it is an ideal solution for use cases such as embedded deployments where a full featured HTTP proxy is required, but the system resources for a larger proxy are unavailable.</p>
<p>Tinyproxy is distributed using the GNU GPL license (version 2 or above).</p>
<h2>
<a id="features" class="anchor" href="#features" aria-hidden="true"><span class="octicon octicon-link"></span></a>Features</h2>
<p>Tinyproxy has a <strong>small footprint</strong> and requires very little in the way of system resources. The memory footprint tends to be around 2 MB with glibc, and the CPU load increases linearly with the number of simultaneous connections (depending on the speed of the connection). Thus, Tinyproxy can be run on an older machine, or on a network appliance such as a Linux-based broadband router, without any noticeable impact on performance.</p>
<p>Tinyproxy requires only a <strong>minimal POSIX environment</strong> to build and operate. It can use additional libraries to add functionality though.</p>
<p>Tinyproxy allows forwarding of <strong>HTTPS connections</strong> without modifying traffic in any way through the <code>CONNECT</code> method (see the <code>ConnectPort</code> directive, which you should disable, unless you want to restrict the users).</p>
<p>Tinyproxy supports being configured as a <strong>transparent proxy</strong>, so that a proxy can be used without requiring any client-side configuration. You can also use it as a <strong>reverse proxy</strong> front-end to your websites.</p>
<p>Using the <code>AddHeader</code> directive, you can <strong>add/insert HTTP headers</strong> to outgoing traffic (HTTP only).</p>
<p>If you're looking to build a custom web proxy, Tinyproxy is <strong>easy to modify</strong> to your custom needs. The source is straightforward, adhering to the KISS principle. As such, it can be used as a foundation for anything you may need a web proxy to do.</p>
<p>Tinyproxy has <strong>privacy features</strong> which can let you configure which HTTP headers should be allowed through, and which should be blocked. This allows you to restrict both what data comes to your web browser from the HTTP server (e.g., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (e.g., version information). Note that these features do not affect HTTPS connections.</p>
<p>Using the <strong>remote monitoring</strong> facility, you can access proxy statistics from afar, letting you know exactly how busy the proxy is.</p>
<p>You can configure Tinyproxy to <strong>control access</strong> by only allowing requests from a certain subnet, or from a certain interface, thus ensuring that random, unauthorized people will not be using your proxy.</p>
<p>With a bit of configuration (specifically, making Tinyproxy created files owned by a non-root user and running it on a port greater than 1024), Tinyproxy can be made to run without any special privileges, thus minimizing the chance of system compromise. In fact, it is <b>recommended</b> to run it as a regular/restricted user. Furthermore, it was designed with an eye towards preventing buffer overflows. The simplicity of the code ensures it remains easy to spot such bugs.</p>
<h2>
<a id="downloads" class="anchor" href="#downloads" aria-hidden="true"><span class="octicon octicon-link"></span></a>Downloads</h2>
<p>Note that many distributions ship horribly outdated versions of tinyproxy, therefore it is recommended to compile it from source.</p>
<ul>
<li>On Red Hat Enterprise Linux, or its derivatives such as CentOS, install Tinyproxy from the EPEL repository by running yum install tinyproxy.</li>
<li>On Fedora, install Tinyproxy by running yum install tinyproxy.</li>
<li>On Debian and derived distributions, run apt-get install tinyproxy to install Tinyproxy.</li>
<li>For openSUSE run: zypper in tinyproxy</li>
<li>Arch users can install the Tinyproxy package from the community repository. Run pacman -S tinyproxy to install it.</li>
<li>FreeBSD, OpenBSD or NetBSD users can use the pkg_add utility to install the tinyproxy package.</li>
<li>Mac OS X users can check MacPorts to see if the Tinyproxy port there is recent enough.</li>
</ul>
<p>If you feel that the Tinyproxy binary package in your operating system is not recent (likely), please contact the package maintainer for that particular operating system. If this fails, you can always compile the latest stable, or even better, the latest git master version, from source code.</p>
<p>We distribute Tinyproxy in source code form, and it has to be compiled in order to be used on your system. Please see the INSTALL file in the source code tree for build instructions. The current stable version of Tinyproxy is available on the <a href="https://github.com/tinyproxy/tinyproxy/releases">releases page</a>. The Tinyproxy NEWS file contains the release notes. You can verify the tarball using its PGP signature. You can also browse the older releases of Tinyproxy.</p>
<p>We use Git as the version control system for the Tinyproxy source code repository. To get a copy of the Tinyproxy repository, use the command:</p>
<p>git clone <a href="https://github.com/tinyproxy/tinyproxy.git">https://github.com/tinyproxy/tinyproxy.git</a></p>
<h2>
<a id="quickstart" class="anchor" href="#quickstart" aria-hidden="true"><span class="octicon octicon-link"></span></a>Quickstart</h2>
<p>The quickest way to get started is using a minimal config file like the below:</p>
<pre><code>
Port 8888
Listen 127.0.0.1
Timeout 600
Allow 127.0.0.1
</code></pre>
<p>And then simply run <code>tinyproxy -d -c tinyproxy.conf</code> as your current user. This starts tinyproxy in foreground mode with <code>tinyproxy.conf</code> as its config, while logging to stdout. Now, all programs supporting a HTTP proxy can use 127.0.0.1:8888 as a proxy. You can try it out using <code>http_proxy=127.0.0.1:8888 curl example.com</code>.</p>
<h2>
<a id="documentation" class="anchor" href="#documentation" aria-hidden="true"><span class="octicon octicon-link"></span></a>Documentation</h2>

1
etc/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tinyproxy.conf

26
etc/Makefile.am Normal file
View File

@ -0,0 +1,26 @@
pkgsysconfdir = $(sysconfdir)/$(PACKAGE)
pkgsysconf_DATA = \
tinyproxy.conf
EXTRA_DIST = \
tinyproxy.conf.in
edit = sed \
-e 's|@bindir[@]|$(bindir)|g' \
-e 's|@datadir[@]|$(datadir)|g' \
-e 's|@datarootdir[@]|$(datarootdir)|g' \
-e 's|@pkgsysconfdir[@]|$(pkgsysconfdir)|g' \
-e 's|@localstatedir[@]|$(localstatedir)|g' \
-e 's|@runstatedir[@]|$(runstatedir)|g' \
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
-e 's|@prefix[@]|$(prefix)|g' \
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
tinyproxy.conf: $(top_srcdir)/etc/tinyproxy.conf.in Makefile
@rm -f $@ $@.tmp
$(AM_V_GEN) $(edit) $(top_srcdir)/etc/$@.in > $@.tmp
@mv $@.tmp $@
CLEANFILES = \
tinyproxy.conf

329
etc/tinyproxy.conf.in Normal file
View File

@ -0,0 +1,329 @@
##
## tinyproxy.conf -- tinyproxy daemon configuration file
##
## This example tinyproxy.conf file contains example settings
## with explanations in comments. For decriptions of all
## parameters, see the tinyproxy.conf(5) manual page.
##
#
# User/Group: This allows you to set the user and group that will be
# used for tinyproxy after the initial binding to the port has been done
# as the root user. Either the user or group name or the UID or GID
# number may be used.
#
User nobody
Group nobody
#
# Port: Specify the port which tinyproxy will listen on. Please note
# that should you choose to run on a port lower than 1024 you will need
# to start tinyproxy using root.
#
Port 8888
#
# Listen: If you have multiple interfaces this allows you to bind to
# only one. If this is commented out, tinyproxy will bind to all
# interfaces present.
#
#Listen 192.168.0.1
#
# Bind: This allows you to specify which interface will be used for
# outgoing connections. This is useful for multi-home'd machines where
# you want all traffic to appear outgoing from one particular interface.
#
#Bind 192.168.0.1
#
# BindSame: If enabled, tinyproxy will bind the outgoing connection to the
# ip address of the incoming connection.
#
#BindSame yes
#
# Timeout: The maximum number of seconds of inactivity a connection is
# allowed to have before it is closed by tinyproxy.
#
Timeout 600
#
# ErrorFile: Defines the HTML file to send when a given HTTP error
# occurs. You will probably need to customize the location to your
# particular install. The usual locations to check are:
# /usr/local/share/tinyproxy
# /usr/share/tinyproxy
# /etc/tinyproxy
#
#ErrorFile 400 "@pkgdatadir@/400.html"
#ErrorFile 502 "@pkgdatadir@/502.html"
#ErrorFile 503 "@pkgdatadir@/503.html"
#ErrorFile 403 "@pkgdatadir@/403.html"
#ErrorFile 408 "@pkgdatadir@/408.html"
#
# DefaultErrorFile: The HTML file that gets sent if there is no
# HTML file defined with an ErrorFile keyword for the HTTP error
# that has occured.
#
DefaultErrorFile "@pkgdatadir@/default.html"
#
# StatHost: This configures the host name or IP address that is treated
# as the stat host: Whenever a request for this host is received,
# Tinyproxy will return an internal statistics page instead of
# forwarding the request to that host. The default value of StatHost is
# @TINYPROXY_STATHOST@.
#
#StatHost "@TINYPROXY_STATHOST@"
#
#
# StatFile: The HTML file that gets sent when a request is made
# for the stathost. If this file doesn't exist a basic page is
# hardcoded in tinyproxy.
#
StatFile "@pkgdatadir@/stats.html"
#
# LogFile: Allows you to specify the location where information should
# be logged to. If you would prefer to log to syslog, then disable this
# and enable the Syslog directive. These directives are mutually
# exclusive. If neither Syslog nor LogFile are specified, output goes
# to stdout.
#
#LogFile "@localstatedir@/log/tinyproxy/tinyproxy.log"
#
# Syslog: Tell tinyproxy to use syslog instead of a logfile. This
# option must not be enabled if the Logfile directive is being used.
# These two directives are mutually exclusive.
#
#Syslog On
#
# LogLevel: Warning
#
# Set the logging level. Allowed settings are:
# Critical (least verbose)
# Error
# Warning
# Notice
# Connect (to log connections without Info's noise)
# Info (most verbose)
#
# The LogLevel logs from the set level and above. For example, if the
# LogLevel was set to Warning, then all log messages from Warning to
# Critical would be output, but Notice and below would be suppressed.
#
LogLevel Info
#
# PidFile: Write the PID of the main tinyproxy thread to this file so it
# can be used for signalling purposes.
# If not specified, no pidfile will be written.
#
#PidFile "@runstatedir@/tinyproxy/tinyproxy.pid"
#
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
# contains the client's IP address.
#
#XTinyproxy Yes
#
# Upstream:
#
# Turns on upstream proxy support.
#
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.
#
# Syntax: upstream type (user:pass@)ip:port ("domain")
# Or: upstream none "domain"
# The parts in parens are optional.
# Possible types are http, socks4, socks5, none
#
# For example:
# # connection to test domain goes through testproxy
# upstream http testproxy:8008 ".test.domain.invalid"
# upstream http testproxy:8008 ".our_testbed.example.com"
# upstream http testproxy:8008 "192.168.128.0/255.255.254.0"
#
# # upstream proxy using basic authentication
# upstream http user:pass@testproxy:8008 ".test.domain.invalid"
#
# # no upstream proxy for internal websites and unqualified hosts
# upstream none ".internal.example.com"
# upstream none "www.example.com"
# upstream none "10.0.0.0/8"
# upstream none "192.168.0.0/255.255.254.0"
# upstream none "."
#
# # connection to these boxes go through their DMZ firewalls
# upstream http cust1_firewall:8008 "testbed_for_cust1"
# upstream http cust2_firewall:8008 "testbed_for_cust2"
#
# # default upstream is internet firewall
# upstream http firewall.internal.example.com:80
#
# You may also use SOCKS4/SOCKS5 upstream proxies:
# upstream socks4 127.0.0.1:9050
# upstream socks5 socksproxy:1080
#
# The LAST matching rule wins the route decision. As you can see, you
# can use a host, or a domain:
# name matches host exactly
# .name matches any host in domain "name"
# . matches any host with no domain (in 'empty' domain)
# IP/bits matches network/mask
# IP/mask matches network/mask
#
#Upstream http some.remote.proxy:port
#
# MaxClients: This is the absolute highest number of threads which will
# be created. In other words, only MaxClients number of clients can be
# connected at the same time.
#
MaxClients 100
#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1
Allow ::1
# BasicAuth: HTTP "Basic Authentication" for accessing the proxy.
# If there are any entries specified, access is only granted for authenticated
# users.
#BasicAuth user password
# BasicAuthRealm : In case BasicAuth is configured, the "realm" information.
# "Proxy Authentication Required" status http 407 "error-response" can be
# customized.
#
# - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
#BasicAuthRealm "Tinyproxy"
#
# AddHeader: Adds the specified headers to outgoing HTTP requests that
# Tinyproxy makes. Note that this option will not work for HTTPS
# traffic, as Tinyproxy has no control over what headers are exchanged.
#
#AddHeader "X-My-Header" "Powered by Tinyproxy"
#
# ViaProxyName: The "Via" header is required by the HTTP RFC, but using
# the real host name is a security concern. If the following directive
# is enabled, the string supplied will be used as the host name in the
# Via header; otherwise, the server's host name will be used.
#
ViaProxyName "tinyproxy"
#
# DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
# the Via header to the requests. This virtually puts Tinyproxy into
# stealth mode. Note that RFC 2616 requires proxies to set the Via
# header, so by enabling this option, you break compliance.
# Don't disable the Via header unless you know what you are doing...
#
#DisableViaHeader Yes
#
# Filter: This allows you to specify the location of the filter file.
#
#Filter "@pkgsysconfdir@/filter"
#
# FilterURLs: Filter based on URLs rather than domains.
#
#FilterURLs On
#
# FilterType: Use bre (default), ere, or fnmatch for filtering.
#
#FilterType fnmatch
#
# FilterCaseSensitive: Use case sensitive regular expressions.
#
#FilterCaseSensitive On
#
# FilterDefaultDeny: Change the default policy of the filtering system.
# If this directive is commented out, or is set to "No" then the default
# policy is to allow everything which is not specifically denied by the
# filter file.
#
# However, by setting this directive to "Yes" the default policy becomes
# to deny everything which is _not_ specifically allowed by the filter
# file.
#
#FilterDefaultDeny Yes
#
# Anonymous: If an Anonymous keyword is present, then anonymous proxying
# is enabled. The headers listed are allowed through, while all others
# are denied. If no Anonymous keyword is present, then all headers are
# allowed through. You must include quotes around the headers.
#
# Most sites require cookies to be enabled for them to work correctly, so
# you will need to allow Cookies through if you access those sites.
#
#Anonymous "Host"
#Anonymous "Authorization"
#Anonymous "Cookie"
#
# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used. To disable the CONNECT method altogether, set
# the value to 0. If no ConnectPort line is found, all ports are
# allowed.
#
# The following two ports are used by SSL.
#
#ConnectPort 443
#ConnectPort 563
#
# Configure one or more ReversePath directives to enable reverse proxy
# support. With reverse proxying it's possible to make a number of
# sites appear as if they were part of a single site.
#
# If you uncomment the following two directives and run tinyproxy
# on your own computer at port 8888, you can access Google using
# http://localhost:8888/google/ and Wired News using
# http://localhost:8888/wired/news/. Neither will actually work
# until you uncomment ReverseMagic as they use absolute linking.
#
#ReversePath "/google/" "http://www.google.com/"
#ReversePath "/wired/" "http://www.wired.com/"
#
# When using tinyproxy as a reverse proxy, it is STRONGLY recommended
# that the normal proxy is turned off by uncommenting the next directive.
#
#ReverseOnly Yes
#
# Use a cookie to track reverse proxy mappings. If you need to reverse
# proxy sites which have absolute links you must uncomment this.
#
#ReverseMagic Yes
#
# The URL that's used to access this reverse proxy. The URL is used to
# rewrite HTTP redirects so that they won't escape the proxy. If you
# have a chain of reverse proxies, you'll need to put the outermost
# URL here (the address which the end user types into his/her browser).
#
# If not set then no rewriting occurs.
#
#ReverseBaseURL "http://localhost:8888/"

3
m4macros/Makefile.am Normal file
View File

@ -0,0 +1,3 @@
EXTRA_DIST = \
as-compiler-flag.m4 \
argenable.m4

19
m4macros/argenable.m4 Normal file
View File

@ -0,0 +1,19 @@
dnl $Id: argenable.m4,v 1.1 2004-08-24 18:40:21 rjkaes Exp $
dnl
dnl Define a new AC_ARG_ENABLE like macro which handles invalid inputs
dnl correctly. The macro takes three arguments:
dnl 1) the option name (used like --enable-option)
dnl 2) the help string
dnl 3) the default value (either yes or no)
dnl
dnl This macro also defines on variable in the form "option_enabled"
dnl set to either "yes" or "no".
dnl
AC_DEFUN([TP_ARG_ENABLE],
[AC_ARG_ENABLE([$1],
AS_HELP_STRING([--enable-$1], [$2]),
[case "${enableval}" in
yes) $1_enabled=yes ;;
no) $1_enabled=no ;;
*) AC_MSG_ERROR([bad value ${enableval} for --enable-$1]) ;;
esac],[$1_enabled=$3])])

64
m4macros/as-compiler-flag.m4 Normal file
View File

@ -0,0 +1,64 @@
dnl as-compiler-flag.m4 0.1.0
dnl autostars m4 macro for detection of compiler flags
dnl David Schleef <ds@schleef.org>
dnl Tim-Philipp Müller <tim centricular net>
dnl AS_COMPILER_FLAG(CFLAGS, ACTION-IF-ACCEPTED, [ACTION-IF-NOT-ACCEPTED])
dnl Tries to compile with the given CFLAGS.
dnl Runs ACTION-IF-ACCEPTED if the compiler can compile with the flags,
dnl and ACTION-IF-NOT-ACCEPTED otherwise.
AC_DEFUN([AS_COMPILER_FLAG],
[
AC_MSG_CHECKING([to see if compiler understands $1])
save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $1"
AC_TRY_COMPILE([ ], [], [flag_ok=yes], [flag_ok=no])
CFLAGS="$save_CFLAGS"
if test "X$flag_ok" = Xyes ; then
$2
true
else
$3
true
fi
AC_MSG_RESULT([$flag_ok])
])
dnl AS_CXX_COMPILER_FLAG(CPPFLAGS, ACTION-IF-ACCEPTED, [ACTION-IF-NOT-ACCEPTED])
dnl Tries to compile with the given CPPFLAGS.
dnl Runs ACTION-IF-ACCEPTED if the compiler can compile with the flags,
dnl and ACTION-IF-NOT-ACCEPTED otherwise.
AC_DEFUN([AS_CXX_COMPILER_FLAG],
[
AC_REQUIRE([AC_PROG_CXX])
AC_MSG_CHECKING([to see if c++ compiler understands $1])
save_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS $1"
AC_LANG_PUSH(C++)
AC_TRY_COMPILE([ ], [], [flag_ok=yes], [flag_ok=no])
CPPFLAGS="$save_CPPFLAGS"
if test "X$flag_ok" = Xyes ; then
$2
true
else
$3
true
fi
AC_LANG_POP(C++)
AC_MSG_RESULT([$flag_ok])
])

11
reconf
View File

@ -1,11 +0,0 @@
#!/bin/sh
rm -f config.cache
echo "- aclocal."
aclocal
echo "- autoconf."
autoconf
echo "- autoheader."
autoheader
echo "- automake."
automake -a
exit

2
scripts/Makefile.am Normal file
View File

@ -0,0 +1,2 @@
EXTRA_DIST = \
version.sh

10
scripts/gen-authors.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "${0}")" && pwd)"
BASE_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
AUTHORS_FILE="${BASE_DIR}/AUTHORS"
type git > /dev/null || exit
test -d "${BASE_DIR}/.git" || exit
git log --all --format='%aN' | sort -u > "${AUTHORS_FILE}"

19
scripts/version.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "${0}")" && pwd)"
GIT_DIR="${SCRIPT_DIR}/../.git"
if test -d "${GIT_DIR}" ; then
if type git >/dev/null 2>&1 ; then
gitstr=$(git describe --match '[0-9]*.[0-9]*.*' 2>/dev/null)
if test "x$?" != x0 ; then
sed 's/$/-git/' < VERSION
else
printf "%s\n" "$gitstr" | sed -e 's/-g/-git-/'
fi
else
sed 's/$/-git/' < VERSION
fi
else
cat VERSION
fi

7
src/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
.deps
.libs
Makefile
Makefile.in
tinyproxy
*.o
*.pcno

89
src/Makefile.am
View File

@ -1,52 +1,71 @@
# $Id: Makefile.am,v 1.7 2001-11-05 15:24:01 rjkaes Exp $
# tinyproxy - A fast light-weight HTTP proxy
# Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2, or (at your option) any
# later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
YFLAGS = @YFLAGS@
LDFLAGS = @LDFLAGS@
pkgsysconfdir = $(sysconfdir)/$(PACKAGE)
bin_PROGRAMS = tinyproxy
AM_CPPFLAGS = \
-DSYSCONFDIR=\"${pkgsysconfdir}\" \
-DLOCALSTATEDIR=\"${localstatedir}\"
tinyproxy_SOURCES = \
conns.c conns.h \
hostspec.c hostspec.h \
acl.c acl.h \
anonymous.c anonymous.h \
buffer.c buffer.h \
dnscache.c dnscache.h \
child.c child.h \
common.h \
conf-tokens.c conf-tokens.h \
conf.c conf.h \
conns.c conns.h \
daemon.c daemon.h \
heap.c heap.h \
html-error.c html-error.h \
http-message.c http-message.h \
log.c log.h \
network.c network.h \
reqs.c reqs.h \
sock.c sock.h \
tinyproxy.c tinyproxy.h \
utils.c utils.h \
anonymous.c anonymous.h \
stats.c stats.h \
thread.c thread.h \
grammar.y scanner.l \
acl.c acl.h \
ternary.c ternary.h \
regexp.h
text.c text.h \
main.c main.h \
utils.c utils.h \
upstream.c upstream.h \
basicauth.c basicauth.h \
base64.c base64.h \
sblist.c sblist.h \
hsearch.c hsearch.h \
orderedmap.c orderedmap.h \
loop.c loop.h \
mypoll.c mypoll.h \
connect-ports.c connect-ports.h
tinyproxy_LDADD = @LIBOBJS@
EXTRA_tinyproxy_SOURCES = filter.c filter.h \
reverse-proxy.c reverse-proxy.h \
transparent-proxy.c transparent-proxy.h
tinyproxy_DEPENDENCIES = @ADDITIONAL_OBJECTS@
tinyproxy_LDADD = @ADDITIONAL_OBJECTS@ -lpthread
EXTRA_DIST = gnuregex.c gnuregex.h \
filter.c filter.h
if HAVE_GPERF
conf-tokens.c: conf-tokens-gperf.inc
conf-tokens-gperf.inc: conf-tokens.gperf
$(GPERF) $< > $@
endif
EXTRA_tinyproxy_SOURCES = grammar.h
EXTRA_DIST = conf-tokens.gperf conf-tokens-gperf.inc
scanner.c: scanner.l grammar.h
$(LEX) $(AM_LFLAGS) $(LFLAGS) -i $< && mv $(LEX_OUTPUT_ROOT).c $@
clean:
rm -f *.da
rm -f gmon.out

423
src/acl.c
View File

@ -1,60 +1,62 @@
/* $Id: acl.c,v 1.10 2001-11-03 06:08:37 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2000, 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This system handles Access Control for use of this daemon. A list of
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* This system handles Access Control for use of this daemon. A list of
* domains, or IP addresses (including IP blocks) are stored in a list
* which is then used to compare incoming connections.
*
* Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#include "tinyproxy.h"
#include "main.h"
#include "acl.h"
#include "heap.h"
#include "log.h"
#include "network.h"
#include "sock.h"
#include "utils.h"
struct acl_s {
acl_access_t acl_access;
enum { ACL_STRING, ACL_NUMERIC } type;
char *location;
int netmask;
struct acl_s *next;
};
static struct acl_s *access_list = NULL;
#include "sblist.h"
#include "hostspec.h"
/*
* Take a netmask number (between 0 and 32) and returns a network ordered
* value for comparison. Somebody please clean this up. :)
* Hold the information about a particular access control. We store
* whether it's an ALLOW or DENY entry, and also whether it's a string
* entry (like a domain name) or an IP entry.
*/
static in_addr_t make_netmask(int netmask_num)
struct acl_s {
acl_access_t access;
struct hostspec h;
};
/**
* If the access list has not been set up, create it.
*/
static int init_access_list(acl_list_t *access_list)
{
static in_addr_t netmasks[] = {
0x00000000, 0x80000000, 0xc0000000, 0xe0000000,
0xf8000000, 0xfc000000, 0xfe000000, 0xff000000,
0xff800000, 0xffc00000, 0xffe00000, 0xfff00000,
0xfff00000, 0xfff80000, 0xfffc0000, 0xfffe0000,
0xffff0000, 0xffff8000, 0xffffc000, 0xffffe000,
0xfffff000, 0xfffff800, 0xfffffc00, 0xfffffe00,
0xffffff00, 0xffffff80, 0xffffffc0, 0xffffffe0,
0xfffffff0, 0xfffffff8, 0xfffffffc, 0xfffffffe,
0xffffffff
};
if (!*access_list) {
*access_list = sblist_new(sizeof(struct acl_s), 16);
if (!*access_list) {
log_message (LOG_ERR,
"Unable to allocate memory for access list");
return -1;
}
}
assert(netmask_num >= 0 && netmask_num <= 32);
return htonl(netmasks[netmask_num]);
return 0;
}
/*
@ -66,162 +68,229 @@ static in_addr_t make_netmask(int netmask_num)
* -1 on failure
* 0 otherwise.
*/
int insert_acl(char *location, acl_access_t access_type)
int
insert_acl (char *location, acl_access_t access_type, acl_list_t *access_list)
{
size_t i;
struct acl_s **rev_acl_ptr, *acl_ptr, *new_acl_ptr;
char *nptr;
struct acl_s acl;
assert(location != NULL);
assert (location != NULL);
/*
* First check to see if the location is a string or numeric.
*/
for (i = 0; location[i] != '\0'; i++) {
/*
* Numeric strings can not contain letters, so test on it.
*/
if (isalpha((unsigned char)location[i])) {
break;
}
}
if (init_access_list(access_list) != 0)
return -1;
/*
* Add a new ACL to the list.
*/
rev_acl_ptr = &access_list;
acl_ptr = access_list;
while (acl_ptr) {
rev_acl_ptr = &acl_ptr->next;
acl_ptr = acl_ptr->next;
}
new_acl_ptr = safemalloc(sizeof(struct acl_s));
if (!new_acl_ptr) {
return -1;
}
/*
* Start populating the access control structure.
*/
memset (&acl, 0, sizeof (struct acl_s));
acl.access = access_type;
if(hostspec_parse(location, &acl.h) || acl.h.type == HST_NONE)
return -1;
new_acl_ptr->acl_access = access_type;
if (location[i] == '\0') {
DEBUG2("ACL \"%s\" is a number.", location);
/*
* We did not break early, so this a numeric location.
* Check for a netmask.
*/
new_acl_ptr->type = ACL_NUMERIC;
nptr = strchr(location, '/');
if (nptr) {
*nptr++ = '\0';
new_acl_ptr->netmask = strtol(nptr, NULL, 10);
if (new_acl_ptr->netmask < 0 || new_acl_ptr->netmask > 32) {
safefree(new_acl_ptr);
return -1;
}
} else {
new_acl_ptr->netmask = 32;
}
} else {
DEBUG2("ACL \"%s\" is a string.", location);
new_acl_ptr->type = ACL_STRING;
new_acl_ptr->netmask = 32;
}
new_acl_ptr->location = strdup(location);
if (!new_acl_ptr->location) {
safefree(new_acl_ptr);
return -1;
}
*rev_acl_ptr = new_acl_ptr;
new_acl_ptr->next = acl_ptr;
return 0;
if(!sblist_add(*access_list, &acl)) return -1;
return 0;
}
/*
* Checks where file descriptor is allowed.
* This function is called whenever a "string" access control is found in
* the ACL. From here we do both a text based string comparison, along with
* a reverse name lookup comparison of the IP addresses.
*
* Return: 0 if host is denied
* 1 if host is allowed
* -1 if no tests match, so skip
*/
static int
acl_string_processing (struct acl_s *acl, const char *ip_address,
union sockaddr_union *addr, char *string_addr)
{
int match;
struct addrinfo hints, *res, *ressave;
size_t test_length, match_length;
char ipbuf[512];
assert (acl && acl->h.type == HST_STRING);
assert (ip_address && strlen (ip_address) > 0);
/*
* If the first character of the ACL string is a period, we need to
* do a string based test only; otherwise, we can do a reverse
* lookup test as well.
*/
if (acl->h.address.string[0] != '.') {
memset (&hints, 0, sizeof (struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo (acl->h.address.string, NULL, &hints, &res) != 0)
goto STRING_TEST;
ressave = res;
match = FALSE;
do {
get_ip_string (res->ai_addr, ipbuf, sizeof (ipbuf));
if (strcmp (ip_address, ipbuf) == 0) {
match = TRUE;
break;
}
} while ((res = res->ai_next) != NULL);
freeaddrinfo (ressave);
if (match) {
if (acl->access == ACL_DENY)
return 0;
else
return 1;
}
}
STRING_TEST:
if(string_addr[0] == 0) {
/* only do costly hostname resolution when it is absolutely needed,
and only once */
if(getnameinfo ((void *) addr, sizeof (*addr),
string_addr, HOSTNAME_LENGTH, NULL, 0, 0) != 0)
return -1;
}
test_length = strlen (string_addr);
match_length = strlen (acl->h.address.string);
/*
* If the string length is shorter than AC string, return a -1 so
* that the "driver" will skip onto the next control in the list.
*/
if (test_length < match_length)
return -1;
if (strcasecmp
(string_addr + (test_length - match_length),
acl->h.address.string) == 0) {
if (acl->access == ACL_DENY)
return 0;
else
return 1;
}
/* Indicate that no tests succeeded, so skip to next control. */
return -1;
}
/*
* Compare the supplied numeric IP address with the supplied ACL structure.
*
* Return:
* 1 IP address is allowed
* 0 IP address is denied
* -1 neither allowed nor denied.
*/
static int check_numeric_acl (const struct acl_s *acl, uint8_t addr[IPV6_LEN])
{
uint8_t x, y;
int i;
assert (acl && acl->h.type == HST_NUMERIC);
for (i = 0; i != IPV6_LEN; ++i) {
x = addr[i] & acl->h.address.ip.mask[i];
y = acl->h.address.ip.network[i];
/* If x and y don't match, the IP addresses don't match */
if (x != y)
return -1;
}
/* The addresses match, return the permission */
return (acl->access == ACL_ALLOW);
}
/*
* Checks whether a connection is allowed.
*
* Returns:
* 1 if allowed
* 0 if denied
* -1 if error
*/
int check_acl(int fd)
int check_acl (const char *ip, union sockaddr_union *addr, acl_list_t access_list)
{
struct acl_s *aclptr;
char ip_address[PEER_IP_LENGTH];
char string_address[PEER_STRING_LENGTH];
struct acl_s *acl;
int perm = 0, is_numeric_addr;
size_t i;
char string_addr[HOSTNAME_LENGTH];
uint8_t numeric_addr[IPV6_LEN];
assert(fd >= 0);
assert (ip != NULL);
assert (addr != NULL);
/*
* If there is no access list allow everything.
*/
aclptr = access_list;
if (!aclptr)
return 1;
string_addr[0] = 0;
/*
* Get the IP address and the string domain.
*/
getpeer_ip(fd, ip_address);
getpeer_string(fd, string_address);
/*
* If there is no access list allow everything.
*/
if (!access_list)
return 1;
while (aclptr) {
if (aclptr->type == ACL_STRING) {
size_t test_length = strlen(string_address);
size_t match_length = strlen(aclptr->location);
is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);
if (test_length < match_length) {
aclptr = aclptr->next;
continue;
}
for (i = 0; i < sblist_getsize (access_list); ++i) {
acl = sblist_get (access_list, i);
switch (acl->h.type) {
case HST_STRING:
perm = acl_string_processing (acl, ip, addr, string_addr);
break;
if (strcasecmp(string_address + (test_length - match_length), aclptr->location) == 0) {
if (aclptr->acl_access == ACL_DENY) {
log_message(LOG_NOTICE, "Unauthorized access from \"%s\"", string_address);
return 0;
} else {
return 1;
}
}
} else {
struct in_addr test_addr, match_addr;
in_addr_t netmask_addr;
case HST_NUMERIC:
if (ip[0] == '\0')
continue;
if (ip_address[0] == 0) {
aclptr = aclptr->next;
continue;
}
perm = is_numeric_addr
? check_numeric_acl (acl, numeric_addr)
: -1;
break;
inet_aton(ip_address, &test_addr);
inet_aton(aclptr->location, &match_addr);
case HST_NONE:
perm = -1;
break;
}
netmask_addr = make_netmask(aclptr->netmask);
/*
* Check the return value too see if the IP address is
* allowed or denied.
*/
if (perm == 0)
break;
else if (perm == 1)
return perm;
}
if ((test_addr.s_addr & netmask_addr) == (match_addr.s_addr & netmask_addr)) {
if (aclptr->acl_access == ACL_DENY) {
log_message(LOG_NOTICE, "Unauthorized access from [%s].", ip_address);
return 0;
} else {
return 1;
}
}
}
/*
* Dropped through... go on to the next one.
*/
aclptr = aclptr->next;
}
/*
* Deny all connections by default.
*/
log_message(LOG_NOTICE, "Unauthorized connection from \"%s\" [%s].", string_address, ip_address);
return 0;
/*
* Deny all connections by default.
*/
log_message (LOG_NOTICE, "Unauthorized connection from \"%s\".",
ip);
return 0;
}
void flush_access_list (acl_list_t access_list)
{
struct acl_s *acl;
size_t i;
if (!access_list) {
return;
}
/*
* We need to free allocated data hanging off the acl entries
* before we can free the acl entries themselves.
* A hierarchical memory system would be great...
*/
for (i = 0; i < sblist_getsize (access_list); ++i) {
acl = sblist_get (access_list, i);
if (acl->h.type == HST_STRING) {
safefree (acl->h.address.string);
}
}
sblist_free (access_list);
}

40
src/acl.h
View File

@ -1,26 +1,36 @@
/* $Id: acl.h,v 1.2 2001-06-02 02:07:34 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* See 'acl.c' for detailed information.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'acl.c' for detailed information. */
#ifndef TINYPROXY_ACL_H
#define TINYPROXY_ACL_H
typedef enum { ACL_ALLOW, ACL_DENY } acl_access_t;
#include "sblist.h"
#include "sock.h"
extern int insert_acl(char *location, acl_access_t access_type);
extern int check_acl(int fd);
typedef enum { ACL_ALLOW, ACL_DENY } acl_access_t;
typedef sblist* acl_list_t;
extern int insert_acl (char *location, acl_access_t access_type,
acl_list_t *access_list);
extern int check_acl (const char *ip_address, union sockaddr_union *addr,
acl_list_t access_list);
extern void flush_access_list (acl_list_t access_list);
#endif

105
src/anonymous.c
View File

@ -1,68 +1,71 @@
/* $Id: anonymous.c,v 1.8 2001-11-05 15:24:42 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* Handles insertion and searches for headers which should be let through when
* the anonymous feature is turned on. The headers are stored in a Ternary
* Search Tree. The initial code came from Dr. Dobb's Journal, April 1998
* "Ternary Search Trees", Jon Bentley and Bob Sedgewick, pg 20-25.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "tinyproxy.h"
/* Handles insertion and searches for headers which should be let through
* when the anonymous feature is turned on.
*/
#include "main.h"
#include "anonymous.h"
#include "hsearch.h"
#include "heap.h"
#include "log.h"
#include "ternary.h"
#include "tinyproxy.h"
#include "conf.h"
short int is_anonymous_enabled (struct config_s *conf)
{
return (conf->anonymous_map != NULL) ? 1 : 0;
}
static TERNARY anonymous_tree = 0;
/*
* Keep track of whether the Anonymous filtering is enabled. Off by
* default.
* Search for the header. This function returns a positive value greater than
* zero if the string was found, zero if it wasn't and negative upon error.
*/
static short int anonymous_is_enabled = 0;
inline short int is_anonymous_enabled(void)
int anonymous_search (struct config_s *conf, const char *s)
{
return anonymous_is_enabled;
assert (s != NULL);
assert (conf->anonymous_map != NULL);
return !!htab_find (conf->anonymous_map, s);
}
int anonymous_search(char *s)
/*
* Insert a new header.
*
* Return -1 if there is an error, otherwise a 0 is returned if the insert was
* successful.
*/
int anonymous_insert (struct config_s *conf, char *s)
{
assert(s != NULL);
assert(anonymous_is_enabled == 1);
assert(anonymous_tree > 0);
assert (s != NULL);
return ternary_search(anonymous_tree, s, NULL);
}
int anonymous_insert(char *s)
{
assert(s != NULL);
/*
* If this is the first time we're inserting a word, create the
* search tree.
*/
if (!anonymous_is_enabled) {
anonymous_tree = ternary_new();
if (anonymous_tree < 0)
return -1;
anonymous_is_enabled = 1;
DEBUG1("Starting the Anonymous header subsytem.");
}
return ternary_insert(anonymous_tree, s, NULL);
if (!conf->anonymous_map) {
conf->anonymous_map = htab_create (32);
if (!conf->anonymous_map)
return -1;
}
if (htab_find (conf->anonymous_map, s)) {
/* The key was already found. */
return 0;
}
/* Insert the new key */
return htab_insert (conf->anonymous_map, s, HTV_N(1)) ? 0 : -1;
}

35
src/anonymous.h
View File

@ -1,27 +1,28 @@
/* $Id: anonymous.h,v 1.5 2001-08-26 21:07:27 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* See 'anonymous.c' for a detailed description.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'anonymous.c' for detailed information. */
#ifndef _TINYPROXY_ANONYMOUS_H_
#define _TINYPROXY_ANONYMOUS_H_
#include "ternary.h"
extern short int is_anonymous_enabled(void);
extern int anonymous_search(char *s);
extern int anonymous_insert(char *s);
extern short int is_anonymous_enabled (struct config_s *conf);
extern int anonymous_search (struct config_s *conf, const char *s);
extern int anonymous_insert (struct config_s *conf, char *s);
#endif

57
src/base64.c Normal file
View File

@ -0,0 +1,57 @@
/* tinyproxy - A fast light-weight HTTP proxy
* this file Copyright (C) 2016-2018 rofl0r
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "base64.h"
static const char base64_tbl[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
/*
rofl0r's base64 impl (taken from libulz)
takes count bytes from src, writing base64 encoded string into dst.
dst needs to be at least BASE64ENC_BYTES(count) + 1 bytes in size.
the string in dst will be zero-terminated.
*/
void base64enc(char *dst, const void* src, size_t count)
{
unsigned const char *s = src;
char* d = dst;
while(count) {
int i = 0, n = *s << 16;
s++;
count--;
if(count) {
n |= *s << 8;
s++;
count--;
i++;
}
if(count) {
n |= *s;
s++;
count--;
i++;
}
*d++ = base64_tbl[(n >> 18) & 0x3f];
*d++ = base64_tbl[(n >> 12) & 0x3f];
*d++ = i ? base64_tbl[(n >> 6) & 0x3f] : '=';
*d++ = i == 2 ? base64_tbl[n & 0x3f] : '=';
}
*d = 0;
}

29
src/base64.h Normal file
View File

@ -0,0 +1,29 @@
/* tinyproxy - A fast light-weight HTTP proxy
* this file Copyright (C) 2016-2018 rofl0r
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef TINYPROXY_BASE64_H
#define TINYPROXY_BASE64_H
#include <stddef.h>
/* calculates number of bytes base64-encoded stream of N bytes will take. */
#define BASE64ENC_BYTES(N) (((N+2)/3)*4)
void base64enc(char *dst, const void* src, size_t count);
#endif

97
src/basicauth.c Normal file
View File

@ -0,0 +1,97 @@
/* tinyproxy - A fast light-weight HTTP proxy
* This file: Copyright (C) 2016-2017 rofl0r
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "main.h"
#include "basicauth.h"
#include "conns.h"
#include "heap.h"
#include "html-error.h"
#include "log.h"
#include "conf.h"
#include "base64.h"
/*
* Create basic-auth token in buf.
* Returns strlen of token on success,
* -1 if user/pass missing
* 0 if user/pass too long
*/
ssize_t basicauth_string(const char *user, const char *pass,
char *buf, size_t bufsize)
{
char tmp[256+2];
int l;
if (!user || !pass) return -1;
l = snprintf(tmp, sizeof tmp, "%s:%s", user, pass);
if (l < 0 || l >= (ssize_t) sizeof tmp) return 0;
if (bufsize < (BASE64ENC_BYTES((unsigned)l) + 1)) return 0;
base64enc(buf, tmp, l);
return BASE64ENC_BYTES(l);
}
/*
* Add entry to the basicauth list
*/
void basicauth_add (sblist *authlist,
const char *user, const char *pass)
{
char b[BASE64ENC_BYTES((256+2)-1) + 1], *s;
ssize_t ret;
ret = basicauth_string(user, pass, b, sizeof b);
if (ret == -1) {
log_message (LOG_WARNING,
"Illegal basicauth rule: missing user or pass");
return;
} else if (ret == 0) {
log_message (LOG_WARNING,
"User / pass in basicauth rule too long");
return;
}
if (!(s = safestrdup(b)) || !sblist_add(authlist, &s)) {
safefree(s);
log_message (LOG_ERR,
"Unable to allocate memory in basicauth_add()");
return;
}
log_message (LOG_INFO,
"Added basic auth user : %s", user);
}
/*
* Check if a user/password combination (encoded as base64)
* is in the basicauth list.
* return 1 on success, 0 on failure.
*/
int basicauth_check (sblist *authlist, const char *authstring)
{
size_t i;
char** entry;
if (!authlist) return 0;
for (i = 0; i < sblist_getsize(authlist); i++) {
entry = sblist_get (authlist, i);
if (entry && strcmp (authstring, *entry) == 0)
return 1;
}
return 0;
}

35
src/basicauth.h Normal file
View File

@ -0,0 +1,35 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2005 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'basicauth.c' for detailed information. */
#ifndef TINYPROXY_BASICAUTH_H
#define TINYPROXY_BASICAUTH_H
#include <stddef.h>
#include "sblist.h"
extern ssize_t basicauth_string(const char *user, const char *pass,
char *buf, size_t bufsize);
extern void basicauth_add (sblist *authlist,
const char *user, const char *pass);
extern int basicauth_check (sblist *authlist, const char *authstring);
#endif

382
src/buffer.c
View File

@ -1,176 +1,207 @@
/* $Id: buffer.c,v 1.15 2001-11-05 15:23:05 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1999, 2001 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* The buffer used in each connection is a linked list of lines. As the lines
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* The buffer used in each connection is a linked list of lines. As the lines
* are read in and written out the buffer expands and contracts. Basically,
* by using this method we can increase the buffer size dynamicly. However,
* by using this method we can increase the buffer size dynamically. However,
* we have a hard limit of 64 KB for the size of the buffer. The buffer can be
* thought of as a queue were we act on both the head and tail. The various
* functions act on each end (the names are taken from what Perl uses to act on
* the ends of an array. :)
*
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#include "tinyproxy.h"
#include "main.h"
#include "buffer.h"
#include "heap.h"
#include "log.h"
#include "utils.h"
#define BUFFER_HEAD(x) (x)->head
#define BUFFER_TAIL(x) (x)->tail
struct bufline_s {
unsigned char *string; /* the actual string of data */
struct bufline_s *next; /* pointer to next in linked list */
size_t length; /* length of the string of data */
size_t pos; /* start sending from this offset */
unsigned char *string; /* the actual string of data */
struct bufline_s *next; /* pointer to next in linked list */
size_t length; /* length of the string of data */
size_t pos; /* start sending from this offset */
};
/*
* The buffer structure points to the beginning and end of the buffer list
* (and includes the total size)
*/
struct buffer_s {
struct bufline_s *head; /* top of the buffer */
struct bufline_s *tail; /* bottom of the buffer */
size_t size; /* total size of the buffer */
};
/*
* Take a string of data and a length and make a new line which can be added
* to the buffer. We don't make a copy of the data, but simply copy the
* pointer into the structure. In other words, when you insert data into the
* buffer, the buffer becomes responsible for freeing it.
* to the buffer. The data IS copied, so make sure if you allocated your
* data buffer on the heap, delete it because you now have TWO copies.
*/
static struct bufline_s *makenewline(unsigned char *data, size_t length)
static struct bufline_s *makenewline (unsigned char *data, size_t length)
{
struct bufline_s *newline;
struct bufline_s *newline;
assert(data != NULL);
assert(length > 0);
assert (data != NULL);
assert (length > 0);
if (!(newline = safemalloc(sizeof(struct bufline_s))))
return NULL;
newline = (struct bufline_s *) safemalloc (sizeof (struct bufline_s));
if (!newline)
return NULL;
newline->string = data;
newline->next = NULL;
newline->length = length;
newline->string = (unsigned char *) safemalloc (length);
if (!newline->string) {
safefree (newline);
return NULL;
}
/* Position our "read" pointer at the beginning of the data */
newline->pos = 0;
memcpy (newline->string, data, length);
return newline;
newline->next = NULL;
newline->length = length;
/* Position our "read" pointer at the beginning of the data */
newline->pos = 0;
return newline;
}
/*
* Free the allocated buffer line
*/
static void free_line(struct bufline_s *line)
static void free_line (struct bufline_s *line)
{
assert(line != NULL);
assert (line != NULL);
if (!line)
return;
if (!line)
return;
if (line->string)
safefree(line->string);
if (line->string)
safefree (line->string);
safefree(line);
safefree (line);
}
/*
* Create a new buffer
*/
struct buffer_s *new_buffer(void)
struct buffer_s *new_buffer (void)
{
struct buffer_s *buffptr;
struct buffer_s *buffptr;
if (!(buffptr = safemalloc(sizeof(struct buffer_s))))
return NULL;
buffptr = (struct buffer_s *) safemalloc (sizeof (struct buffer_s));
if (!buffptr)
return NULL;
/*
* Since the buffer is initially empty, set the HEAD and TAIL
* pointers to NULL since they can't possibly point anywhere at the
* moment.
*/
BUFFER_HEAD(buffptr) = BUFFER_TAIL(buffptr) = NULL;
BUFFER_SIZE(buffptr) = 0;
/*
* Since the buffer is initially empty, set the HEAD and TAIL
* pointers to NULL since they can't possibly point anywhere at the
* moment.
*/
BUFFER_HEAD (buffptr) = BUFFER_TAIL (buffptr) = NULL;
buffptr->size = 0;
return buffptr;
return buffptr;
}
/*
* Delete all the lines in the buffer and the buffer itself
*/
void delete_buffer(struct buffer_s *buffptr)
void delete_buffer (struct buffer_s *buffptr)
{
struct bufline_s *next;
struct bufline_s *next;
assert(buffptr != NULL);
assert (buffptr != NULL);
while (BUFFER_HEAD(buffptr)) {
next = BUFFER_HEAD(buffptr)->next;
free_line(BUFFER_HEAD(buffptr));
BUFFER_HEAD(buffptr) = next;
}
while (BUFFER_HEAD (buffptr)) {
next = BUFFER_HEAD (buffptr)->next;
free_line (BUFFER_HEAD (buffptr));
BUFFER_HEAD (buffptr) = next;
}
safefree(buffptr);
safefree (buffptr);
}
/*
* Push a new line on to the end of the buffer
* Return the current size of the buffer.
*/
static int add_to_buffer(struct buffer_s *buffptr, unsigned char *data,
size_t length)
size_t buffer_size (struct buffer_s *buffptr)
{
struct bufline_s *newline;
return buffptr->size;
}
assert(buffptr != NULL);
assert(data != NULL);
assert(length > 0);
/*
* Push a new line on to the end of the buffer.
*/
int add_to_buffer (struct buffer_s *buffptr, unsigned char *data, size_t length)
{
struct bufline_s *newline;
/*
* Sanity check here. A buffer with a non-NULL head pointer must
* have a size greater than zero, and vice-versa.
*/
if (BUFFER_HEAD(buffptr) == NULL)
assert(BUFFER_SIZE(buffptr) == 0);
else
assert(BUFFER_SIZE(buffptr) > 0);
assert (buffptr != NULL);
assert (data != NULL);
assert (length > 0);
/*
* Make a new line so we can add it to the buffer.
*/
if (!(newline = makenewline(data, length)))
return -1;
/*
* Sanity check here. A buffer with a non-NULL head pointer must
* have a size greater than zero, and vice-versa.
*/
if (BUFFER_HEAD (buffptr) == NULL)
assert (buffptr->size == 0);
else
assert (buffptr->size > 0);
if (BUFFER_SIZE(buffptr) == 0)
BUFFER_HEAD(buffptr) = BUFFER_TAIL(buffptr) = newline;
else
BUFFER_TAIL(buffptr) = (BUFFER_TAIL(buffptr)->next = newline);
/*
* Make a new line so we can add it to the buffer.
*/
if (!(newline = makenewline (data, length)))
return -1;
BUFFER_SIZE(buffptr) += length;
if (buffptr->size == 0)
BUFFER_HEAD (buffptr) = BUFFER_TAIL (buffptr) = newline;
else {
BUFFER_TAIL (buffptr)->next = newline;
BUFFER_TAIL (buffptr) = newline;
}
return 0;
buffptr->size += length;
return 0;
}
/*
* Remove the first line from the top of the buffer
*/
static struct bufline_s *remove_from_buffer(struct buffer_s *buffptr)
static struct bufline_s *remove_from_buffer (struct buffer_s *buffptr)
{
struct bufline_s *line;
struct bufline_s *line;
assert(buffptr != NULL);
assert(BUFFER_HEAD(buffptr) != NULL);
assert (buffptr != NULL);
assert (BUFFER_HEAD (buffptr) != NULL);
line = BUFFER_HEAD(buffptr);
BUFFER_HEAD(buffptr) = line->next;
line = BUFFER_HEAD (buffptr);
BUFFER_HEAD (buffptr) = line->next;
buffptr->size -= line->length;
buffptr->size -= line->length;
return line;
return line;
}
/*
@ -178,106 +209,113 @@ static struct bufline_s *remove_from_buffer(struct buffer_s *buffptr)
* Takes a connection and returns the number of bytes read.
*/
#define READ_BUFFER_SIZE (1024 * 2)
ssize_t readbuff(int fd, struct buffer_s *buffptr)
ssize_t read_buffer (int fd, struct buffer_s * buffptr)
{
ssize_t bytesin;
unsigned char *buffer;
unsigned char *newbuffer;
ssize_t bytesin;
unsigned char *buffer;
assert(fd >= 0);
assert(buffptr != NULL);
assert (fd >= 0);
assert (buffptr != NULL);
if (BUFFER_SIZE(buffptr) >= READ_BUFFER_SIZE)
return 0;
/*
* Don't allow the buffer to grow larger than MAXBUFFSIZE
*/
if (buffptr->size >= MAXBUFFSIZE)
return 0;
buffer = safemalloc(READ_BUFFER_SIZE);
if (!buffer)
return 0;
buffer = (unsigned char *) safemalloc (READ_BUFFER_SIZE);
if (!buffer) {
return -ENOMEM;
}
bytesin = read(fd, buffer, READ_BUFFER_SIZE - BUFFER_SIZE(buffptr));
bytesin = read (fd, buffer, READ_BUFFER_SIZE);
if (bytesin > 0) {
newbuffer = saferealloc(buffer, bytesin);
if (!newbuffer) {
safefree(buffer);
return 0;
}
if (add_to_buffer(buffptr, newbuffer, bytesin) < 0) {
log_message(LOG_ERR, "readbuff: add_to_buffer() error.");
return -1;
}
return bytesin;
} else {
safefree(buffer);
if (bytesin == 0) {
/* connection was closed by client */
return -1;
} else {
switch (errno) {
if (bytesin > 0) {
if (add_to_buffer (buffptr, buffer, bytesin) < 0) {
log_message (LOG_ERR,
"readbuff: add_to_buffer() error.");
bytesin = -1;
}
} else if (bytesin == 0) {
/* connection was closed by client */
bytesin = -1;
} else {
switch (errno) {
#ifdef EWOULDBLOCK
case EWOULDBLOCK:
case EWOULDBLOCK:
#else
# ifdef EAGAIN
case EAGAIN:
case EAGAIN:
# endif
#endif
case EINTR:
return 0;
default:
log_message(LOG_ERR, "readbuff: recv() error \"%s\" on file descriptor %d", strerror(errno), fd);
return -1;
}
}
}
case EINTR:
bytesin = 0;
break;
default:
log_message (LOG_ERR,
"read_buffer: read() failed on fd %d: %s",
fd, strerror(errno));
bytesin = -1;
break;
}
}
safefree (buffer);
return bytesin;
}
/*
* Write the bytes in the buffer to the socket.
* Takes a connection and returns the number of bytes written.
*/
ssize_t writebuff(int fd, struct buffer_s *buffptr)
ssize_t write_buffer (int fd, struct buffer_s * buffptr)
{
ssize_t bytessent;
struct bufline_s *line;
ssize_t bytessent;
struct bufline_s *line;
assert(fd >= 0);
assert(buffptr != NULL);
assert (fd >= 0);
assert (buffptr != NULL);
if (BUFFER_SIZE(buffptr) == 0)
return 0;
if (buffptr->size == 0)
return 0;
/* Sanity check. It would be bad to be using a NULL pointer! */
assert(BUFFER_HEAD(buffptr) != NULL);
/* Sanity check. It would be bad to be using a NULL pointer! */
assert (BUFFER_HEAD (buffptr) != NULL);
line = BUFFER_HEAD (buffptr);
line = BUFFER_HEAD(buffptr);
bytessent = write(fd, line->string + line->pos, line->length - line->pos);
bytessent =
send (fd, line->string + line->pos, line->length - line->pos,
MSG_NOSIGNAL);
if (bytessent >= 0) {
/* bytes sent, adjust buffer */
line->pos += bytessent;
if (line->pos == line->length)
free_line(remove_from_buffer(buffptr));
return bytessent;
} else {
switch (errno) {
if (bytessent >= 0) {
/* bytes sent, adjust buffer */
line->pos += bytessent;
if (line->pos == line->length)
free_line (remove_from_buffer (buffptr));
return bytessent;
} else {
switch (errno) {
#ifdef EWOULDBLOCK
case EWOULDBLOCK:
case EWOULDBLOCK:
#else
# ifdef EAGAIN
case EAGAIN:
case EAGAIN:
# endif
#endif
case EINTR:
return 0;
case ENOBUFS:
case ENOMEM:
log_message(LOG_ERR, "writebuff: write() error [NOBUFS/NOMEM] \"%s\" on file descriptor %d", strerror(errno), fd);
return 0;
default:
log_message(LOG_ERR, "writebuff: write() error \"%s\" on file descriptor %d", strerror(errno), fd);
return -1;
}
}
case EINTR:
return 0;
case ENOBUFS:
case ENOMEM:
log_message (LOG_ERR,
"writebuff: write() error [NOBUFS/NOMEM] \"%s\" on "
"file descriptor %d", strerror (errno),
fd);
return 0;
default:
log_message (LOG_ERR,
"writebuff: write() error \"%s\" on file descriptor %d",
strerror (errno), fd);
return -1;
}
}
}

56
src/buffer.h
View File

@ -1,42 +1,40 @@
/* $Id: buffer.h,v 1.5 2001-11-05 15:23:05 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1999 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* See 'buffer.c' for a detailed description.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'buffer.c' for detailed information. */
#ifndef _TINYPROXY_BUFFER_H_
#define _TINYPROXY_BUFFER_H_
/*
* This structure contains the total size of a buffer, plus pointers to the
* head and tail of the buffer.
*/
struct buffer_s {
struct bufline_s *head; /* top of the buffer */
struct bufline_s *tail; /* bottom of the buffer */
size_t size; /* total size of the buffer */
};
/* Forward declaration */
struct buffer_s;
extern struct buffer_s *new_buffer (void);
extern void delete_buffer (struct buffer_s *buffptr);
extern size_t buffer_size (struct buffer_s *buffptr);
/*
* Return the size of a buffer (pass a pointer to a buffer_s structure.)
* Add a new line to the given buffer. The data IS copied into the structure.
*/
#define BUFFER_SIZE(x) (x)->size
extern int add_to_buffer (struct buffer_s *buffptr, unsigned char *data,
size_t length);
extern struct buffer_s *new_buffer(void);
extern void delete_buffer(struct buffer_s *buffptr);
extern ssize_t read_buffer (int fd, struct buffer_s *buffptr);
extern ssize_t write_buffer (int fd, struct buffer_s *buffptr);
extern ssize_t readbuff(int fd, struct buffer_s *buffptr);
extern ssize_t writebuff(int fd, struct buffer_s *buffptr);
#endif /* __BUFFER_H_ */
#endif /* __BUFFER_H_ */

316
src/child.c Normal file
View File

@ -0,0 +1,316 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2000 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* Handles the creation/destruction of the various children required for
* processing incoming connections.
*/
#include "main.h"
#include "child.h"
#include "daemon.h"
#include "filter.h"
#include "heap.h"
#include "log.h"
#include "reqs.h"
#include "sock.h"
#include "utils.h"
#include "conf.h"
#include "sblist.h"
#include "loop.h"
#include "conns.h"
#include "mypoll.h"
#include <pthread.h>
static sblist* listen_fds;
struct client {
union sockaddr_union addr;
};
struct child {
pthread_t thread;
struct client client;
struct conn_s conn;
volatile int done;
};
static void* child_thread(void* data)
{
struct child *c = data;
handle_connection (&c->conn, &c->client.addr);
c->done = 1;
return NULL;
}
static sblist *childs;
static void collect_threads(void)
{
size_t i;
for (i = 0; i < sblist_getsize(childs); ) {
struct child *c = *((struct child**)sblist_get(childs, i));
if (c->done) {
pthread_join(c->thread, 0);
sblist_delete(childs, i);
safefree(c);
} else i++;
}
}
/*
* This is the main loop accepting new connections.
*/
void child_main_loop (void)
{
int connfd;
union sockaddr_union cliaddr_storage;
struct sockaddr *cliaddr = (void*) &cliaddr_storage;
socklen_t clilen;
int nfds = sblist_getsize(listen_fds);
pollfd_struct *fds = safecalloc(nfds, sizeof *fds);
ssize_t i;
int ret, listenfd, was_full = 0;
pthread_attr_t *attrp, attr;
struct child *child;
childs = sblist_new(sizeof (struct child*), config->maxclients);
for (i = 0; i < nfds; i++) {
int *fd = sblist_get(listen_fds, i);
fds[i].fd = *fd;
fds[i].events |= MYPOLL_READ;
}
/*
* We have to wait for connections on multiple fds,
* so use select/poll/whatever.
*/
while (!config->quit) {
collect_threads();
if (sblist_getsize(childs) >= config->maxclients) {
if (!was_full)
log_message (LOG_WARNING,
"Maximum number of connections reached. "
"Refusing new connections.");
was_full = 1;
usleep(16);
continue;
}
was_full = 0;
listenfd = -1;
/* Handle log rotation if it was requested */
if (received_sighup) {
reload_config (1);
#ifdef FILTER_ENABLE
filter_reload ();
#endif /* FILTER_ENABLE */
received_sighup = FALSE;
}
ret = mypoll(fds, nfds, -1);
if (ret == -1) {
if (errno == EINTR) {
continue;
}
log_message (LOG_ERR, "error calling " SELECT_OR_POLL ": %s",
strerror(errno));
continue;
} else if (ret == 0) {
log_message (LOG_WARNING, "Strange: " SELECT_OR_POLL " returned 0 "
"but we did not specify a timeout...");
continue;
}
for (i = 0; i < nfds; i++) {
if (fds[i].revents & MYPOLL_READ) {
/*
* only accept the connection on the first
* fd that we find readable. - fair?
*/
listenfd = fds[i].fd;
break;
}
}
if (listenfd == -1) {
log_message(LOG_WARNING, "Strange: None of our listen "
"fds was readable after " SELECT_OR_POLL);
continue;
}
/*
* We have a socket that is readable.
* Continue handling this connection.
*/
clilen = sizeof(cliaddr_storage);
connfd = accept (listenfd, cliaddr, &clilen);
/*
* Make sure no error occurred...
*/
if (connfd < 0) {
log_message (LOG_ERR,
"Accept returned an error (%s) ... retrying.",
strerror (errno));
continue;
}
child = safecalloc(1, sizeof(struct child));
if (!child) {
oom:
close(connfd);
log_message (LOG_CRIT,
"Could not allocate memory for child.");
usleep(16); /* prevent 100% CPU usage in OOM situation */
continue;
}
child->done = 0;
if (!sblist_add(childs, &child)) {
free(child);
goto oom;
}
conn_struct_init(&child->conn);
child->conn.client_fd = connfd;
memcpy(&child->client.addr, &cliaddr_storage, sizeof(cliaddr_storage));
attrp = 0;
if (pthread_attr_init(&attr) == 0) {
attrp = &attr;
pthread_attr_setstacksize(attrp, 256*1024);
}
if (pthread_create(&child->thread, attrp, child_thread, child) != 0) {
sblist_delete(childs, sblist_getsize(childs) -1);
free(child);
goto oom;
}
}
safefree(fds);
}
/*
* Go through all the non-empty children and cancel them.
*/
void child_kill_children (int sig)
{
size_t i, tries = 0;
if (sig != SIGTERM) return;
log_message (LOG_INFO,
"trying to bring down %zu threads...",
sblist_getsize(childs)
);
again:
for (i = 0; i < sblist_getsize(childs); i++) {
struct child *c = *((struct child**)sblist_get(childs, i));
if (!c->done) pthread_kill(c->thread, SIGCHLD);
}
usleep(8192);
collect_threads();
if (sblist_getsize(childs) != 0)
if(tries++ < 8) goto again;
if (sblist_getsize(childs) != 0)
log_message (LOG_CRIT,
"child_kill_children: %zu threads still alive!",
sblist_getsize(childs)
);
}
void child_free_children(void) {
sblist_free(childs);
childs = 0;
}
/**
* Listen on the various configured interfaces
*/
int child_listening_sockets(sblist *listen_addrs, uint16_t port)
{
int ret;
size_t i;
assert (port > 0);
if (listen_fds == NULL) {
listen_fds = sblist_new(sizeof(int), 16);
if (listen_fds == NULL) {
log_message (LOG_ERR, "Could not create the list "
"of listening fds");
return -1;
}
}
if (!listen_addrs || !sblist_getsize(listen_addrs))
{
/*
* no Listen directive:
* listen on the wildcard address(es)
*/
ret = listen_sock(NULL, port, listen_fds);
return ret;
}
for (i = 0; i < sblist_getsize(listen_addrs); i++) {
char **addr;
addr = sblist_get(listen_addrs, i);
if (!addr || !*addr) {
log_message(LOG_WARNING,
"got NULL from listen_addrs - skipping");
continue;
}
ret = listen_sock(*addr, port, listen_fds);
if (ret != 0) {
return ret;
}
}
return 0;
}
void child_close_sock (void)
{
size_t i;
for (i = 0; i < sblist_getsize(listen_fds); i++) {
int *fd = sblist_get(listen_fds, i);
close (*fd);
}
sblist_free(listen_fds);
listen_fds = NULL;
}

43
src/child.h Normal file
View File

@ -0,0 +1,43 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'child.c' for detailed information. */
#ifndef TINYPROXY_CHILD_H
#define TINYPROXY_CHILD_H
#include "sblist.h"
typedef enum {
CHILD_MAXCLIENTS,
CHILD_MAXSPARESERVERS,
CHILD_MINSPARESERVERS,
CHILD_STARTSERVERS,
CHILD_MAXREQUESTSPERCHILD
} child_config_t;
extern short int child_pool_create (void);
extern int child_listening_sockets (sblist *listen_addrs, uint16_t port);
extern void child_close_sock (void);
extern void child_main_loop (void);
extern void child_kill_children (int sig);
extern void child_free_children(void);
extern short int child_configure (child_config_t type, unsigned int val);
#endif

133
src/common.h Normal file
View File

@ -0,0 +1,133 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* This file groups all the headers required throughout the tinyproxy
* system. All this information use to be in the "main.h" header,
* but various other "libraries" in the program need the same information,
* without the tinyproxy specific defines.
*/
#ifndef COMMON_HEADER_H
#define COMMON_HEADER_H
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
/*
* Include standard headers which are used through-out tinyproxy
*/
/* standard C headers - we can safely assume they exist. */
#include <stddef.h>
#include <stdint.h>
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* standard POSIX headers - they need to be there as well. */
# include <errno.h>
# include <fcntl.h>
# include <netdb.h>
# include <signal.h>
# include <stdarg.h>
# include <strings.h>
# include <syslog.h>
# include <wchar.h>
# include <wctype.h>
# include <sys/mman.h>
# include <sys/select.h>
# include <sys/socket.h>
# include <sys/stat.h>
# include <sys/types.h>
# include <sys/wait.h>
# include <sys/uio.h>
# include <sys/un.h>
# include <sys/time.h>
# include <time.h>
# include <inttypes.h>
# include <sys/resource.h>
# include <netinet/in.h>
# include <assert.h>
# include <arpa/inet.h>
# include <grp.h>
# include <pwd.h>
# include <limits.h>
/* rest - some oddball headers */
#ifdef HAVE_VALUES_H
# include <values.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
#endif
#ifdef HAVE_MEMORY_H
# include <memory.h>
#endif
#ifdef HAVE_MALLOC_H
# include <malloc.h>
#endif
#ifdef HAVE_SYSEXITS_H
# include <sysexits.h>
#endif
/*
* If MSG_NOSIGNAL is not defined, define it to be zero so that it doesn't
* cause any problems.
*/
#ifndef MSG_NOSIGNAL
# define MSG_NOSIGNAL (0)
#endif
#ifndef SHUT_RD /* these three Posix.1g names are quite new */
# define SHUT_RD 0 /* shutdown for reading */
# define SHUT_WR 1 /* shutdown for writing */
# define SHUT_RDWR 2 /* shutdown for reading and writing */
#endif
#define MAXLISTEN 1024 /* Max number of connections */
/*
* SunOS doesn't have INADDR_NONE defined.
*/
#ifndef INADDR_NONE
# define INADDR_NONE -1
#endif
/* Define boolean values */
#ifndef FALSE
# define FALSE 0
# define TRUE (!FALSE)
#endif
/* Useful function macros */
#if !defined(min) || !defined(max)
# define min(a,b) ((a) < (b) ? (a) : (b))
# define max(a,b) ((a) > (b) ? (a) : (b))
#endif
#endif

72
src/conf-tokens.c Normal file
View File

@ -0,0 +1,72 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include <stdlib.h>
#include "conf-tokens.h"
#ifdef HAVE_GPERF
#include "conf-tokens-gperf.inc"
#else
#include <strings.h>
const struct config_directive_entry *
config_directive_find (register const char *str, register size_t len)
{
size_t i;
static const struct config_directive_entry wordlist[] =
{
{"",CD_NIL}, {"",CD_NIL},
{"allow", CD_allow},
{"stathost", CD_stathost},
{"listen", CD_listen},
{"timeout", CD_timeout},
{"statfile", CD_statfile},
{"pidfile", CD_pidfile},
{"bindsame", CD_bindsame},
{"reversebaseurl", CD_reversebaseurl},
{"viaproxyname", CD_viaproxyname},
{"upstream", CD_upstream},
{"anonymous", CD_anonymous},
{"group", CD_group},
{"defaulterrorfile", CD_defaulterrorfile},
{"startservers", CD_startservers},
{"filtercasesensitive", CD_filtercasesensitive},
{"filtertype", CD_filtertype},
{"filterurls", CD_filterurls},
{"filter", CD_filter},
{"reversemagic", CD_reversemagic},
{"errorfile", CD_errorfile},
{"minspareservers", CD_minspareservers},
{"user", CD_user},
{"disableviaheader", CD_disableviaheader},
{"deny", CD_deny},
{"xtinyproxy", CD_xtinyproxy},
{"reversepath", CD_reversepath},
{"bind", CD_bind},
{"maxclients", CD_maxclients},
{"reverseonly", CD_reverseonly},
{"port", CD_port},
{"maxspareservers", CD_maxspareservers},
{"syslog", CD_syslog},
{"filterdefaultdeny", CD_filterdefaultdeny},
{"loglevel", CD_loglevel},
{"filterextended", CD_filterextended},
{"connectport", CD_connectport},
{"logfile", CD_logfile},
{"basicauth", CD_basicauth},
{"basicauthrealm", CD_basicauthrealm},
{"addheader", CD_addheader},
{"maxrequestsperchild", CD_maxrequestsperchild}
};
for(i=0;i<sizeof(wordlist)/sizeof(wordlist[0]);++i) {
if(!strcasecmp(str, wordlist[i].name))
return &wordlist[i];
}
return 0;
}
#endif

63
src/conf-tokens.gperf Normal file
View File

@ -0,0 +1,63 @@
%{
#include <string.h>
#include <stdlib.h>
#include "conf-tokens.h"
%}
struct config_directive_entry { const char* name; enum config_directive value; };
%struct-type
%define slot-name name
%define initializer-suffix ,CD_NIL
%define lookup-function-name config_directive_find
%ignore-case
%7bit
%compare-lengths
%readonly-tables
%define constants-prefix CDS_
%omit-struct-type
%%
logfile, CD_logfile
pidfile, CD_pidfile
anonymous, CD_anonymous
viaproxyname, CD_viaproxyname
defaulterrorfile, CD_defaulterrorfile
statfile, CD_statfile
stathost, CD_stathost
xtinyproxy, CD_xtinyproxy
syslog, CD_syslog
bindsame, CD_bindsame
disableviaheader, CD_disableviaheader
port, CD_port
maxclients, CD_maxclients
maxspareservers, CD_maxspareservers
minspareservers, CD_minspareservers
startservers, CD_startservers
maxrequestsperchild, CD_maxrequestsperchild
timeout, CD_timeout
connectport, CD_connectport
user, CD_user
group, CD_group
listen, CD_listen
allow, CD_allow
deny, CD_deny
bind, CD_bind
basicauth, CD_basicauth
basicauthrealm, CD_basicauthrealm
errorfile, CD_errorfile
addheader, CD_addheader
filter, CD_filter
filterurls, CD_filterurls
filterextended, CD_filterextended
filterdefaultdeny, CD_filterdefaultdeny
filtercasesensitive, CD_filtercasesensitive
filtertype, CD_filtertype
reversebaseurl, CD_reversebaseurl
reverseonly, CD_reverseonly
reversemagic, CD_reversemagic
reversepath, CD_reversepath
upstream, CD_upstream
loglevel, CD_loglevel
%%

55
src/conf-tokens.h Normal file
View File

@ -0,0 +1,55 @@
#ifndef CONF_TOKENS_H
#define CONF_TOKENS_H
enum config_directive {
CD_NIL = 0,
CD_logfile,
CD_pidfile,
CD_anonymous,
CD_viaproxyname,
CD_defaulterrorfile,
CD_statfile,
CD_stathost,
CD_xtinyproxy,
CD_syslog,
CD_bindsame,
CD_disableviaheader,
CD_port,
CD_maxclients,
CD_maxspareservers,
CD_minspareservers,
CD_startservers,
CD_maxrequestsperchild,
CD_timeout,
CD_connectport,
CD_user,
CD_group,
CD_listen,
CD_allow,
CD_deny,
CD_bind,
CD_basicauth,
CD_basicauthrealm,
CD_errorfile,
CD_addheader,
CD_filter,
CD_filterurls,
CD_filtertype,
CD_filterextended,
CD_filterdefaultdeny,
CD_filtercasesensitive,
CD_reversebaseurl,
CD_reverseonly,
CD_reversemagic,
CD_reversepath,
CD_upstream,
CD_loglevel,
};
struct config_directive_entry { const char* name; enum config_directive value; };
const struct config_directive_entry *
config_directive_find (register const char *str, register size_t len);
#endif

1154
src/conf.c Normal file
View File

File diff suppressed because it is too large Load Diff

120
src/conf.h Normal file
View File

@ -0,0 +1,120 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2004 Robert James Kaes <rjkaes@users.sourceforge.net>
* Copyright (C) 2009 Michael Adam <obnox@samba.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'conf.c' for detailed information. */
#ifndef TINYPROXY_CONF_H
#define TINYPROXY_CONF_H
#include "hsearch.h"
#include "sblist.h"
#include "acl.h"
/*
* Stores a HTTP header created using the AddHeader directive.
*/
typedef struct {
char *name;
char *value;
} http_header_t;
/*
* Hold all the configuration time information.
*/
struct config_s {
sblist *basicauth_list;
char *basicauth_realm;
char *logf_name;
unsigned int syslog; /* boolean */
unsigned int port;
char *stathost;
unsigned int quit; /* boolean */
unsigned int maxclients;
char *user;
char *group;
sblist *listen_addrs;
#ifdef FILTER_ENABLE
char *filter;
unsigned int filter_opts; /* enum filter_options */
#endif /* FILTER_ENABLE */
#ifdef XTINYPROXY_ENABLE
unsigned int add_xtinyproxy; /* boolean */
#endif
#ifdef REVERSE_SUPPORT
struct reversepath *reversepath_list;
unsigned int reverseonly; /* boolean */
unsigned int reversemagic; /* boolean */
char *reversebaseurl;
#endif
#ifdef UPSTREAM_SUPPORT
struct upstream *upstream_list;
#endif /* UPSTREAM_SUPPORT */
char *pidpath;
unsigned int idletimeout;
sblist *bind_addrs;
unsigned int bindsame;
/*
* The configured name to use in the HTTP "Via" header field.
*/
char *via_proxy_name;
unsigned int disable_viaheader; /* boolean */
/*
* Error page support. Map error numbers to file paths.
*/
struct htab *errorpages;
/*
* Error page to be displayed if appropriate page cannot be located
* in the errorpages structure.
*/
char *errorpage_undef;
/*
* The HTML statistics page.
*/
char *statpage;
acl_list_t access_list;
/*
* Store the list of port allowed by CONNECT.
*/
sblist *connect_ports;
/*
* Map of headers which should be let through when the
* anonymous feature is turned on.
*/
struct htab *anonymous_map;
/*
* Extra headers to be added to outgoing HTTP requests.
*/
sblist* add_headers;
};
extern int reload_config_file (const char *config_fname, struct config_s *conf);
int config_init (void);
void free_config (struct config_s *conf);
#endif

77
src/connect-ports.c Normal file
View File

@ -0,0 +1,77 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
* Copyright (C) 1999-2005 Robert James Kaes <rjkaes@users.sourceforge.net>
* Copyright (C) 2009 Michael Adam <obnox@samba.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "connect-ports.h"
#include "log.h"
/*
* Now, this routine adds a "port" to the list. It also creates the list if
* it hasn't already by done.
*/
void add_connect_port_allowed (int port, sblist **connect_ports)
{
if (!*connect_ports) {
*connect_ports = sblist_new (sizeof(int), 16);
if (!*connect_ports) {
log_message (LOG_WARNING,
"Could not create a list of allowed CONNECT ports");
return;
}
}
log_message (LOG_INFO,
"Adding Port [%d] to the list allowed by CONNECT", port);
sblist_add (*connect_ports, &port);
}
/*
* This routine checks to see if a port is allowed in the CONNECT method.
*
* Returns: 1 if allowed
* 0 if denied
*/
int check_allowed_connect_ports (int port, sblist *connect_ports)
{
size_t i;
int *data;
/*
* The absence of ConnectPort options in the config file
* meanas that all ports are allowed for CONNECT.
*/
if (!connect_ports)
return 1;
for (i = 0; i < sblist_getsize (connect_ports); ++i) {
data = sblist_get (connect_ports, i);
if (data && *data == port)
return 1;
}
return 0;
}
/**
* Free a connect_ports list.
*/
void free_connect_ports_list (sblist *connect_ports)
{
sblist_free (connect_ports);
}

31
src/connect-ports.h Normal file
View File

@ -0,0 +1,31 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
* Copyright (C) 1999 Robert James Kaes <rjkaes@users.sourceforge.net>
* Copyright (C) 2009 Michael Adam <obnox@samba.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _TINYPROXY_CONNECT_PORTS_H_
#define _TINYPROXY_CONNECT_PORTS_H_
#include "common.h"
#include "sblist.h"
extern void add_connect_port_allowed (int port, sblist **connect_ports);
int check_allowed_connect_ports (int port, sblist *connect_ports);
void free_connect_ports_list (sblist *connect_ports);
#endif /* _TINYPROXY_CONNECT_PORTS_ */

154
src/conns.c
View File

@ -1,60 +1,128 @@
/* $Id: conns.c,v 1.4 2001-11-21 01:00:08 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2001 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* Create and free the connection structure. One day there could be
* other connnection related tasks put here, but for now the header
* file and this file are only used for create/free functions and the
* connection structure definition.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 2001 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "tinyproxy.h"
/* Create and free the connection structure. One day there could be
* other connection related tasks put here, but for now the header
* file and this file are only used for create/free functions and the
* connection structure definition.
*/
#include "main.h"
#include "buffer.h"
#include "conns.h"
#include "heap.h"
#include "log.h"
#include "stats.h"
#include "utils.h"
void initialize_conn(struct conn_s *connptr)
{
connptr->client_fd = connptr->server_fd = -1;
connptr->cbuffer = new_buffer();
connptr->sbuffer = new_buffer();
connptr->send_message = FALSE;
connptr->simple_req = FALSE;
connptr->ssl = FALSE;
connptr->upstream = FALSE;
connptr->protocol.major = connptr->protocol.minor = 0;
update_stats(STAT_OPEN);
void conn_struct_init(struct conn_s *connptr) {
connptr->error_number = -1;
connptr->client_fd = -1;
connptr->server_fd = -1;
/* There is _no_ content length initially */
connptr->content_length.server = connptr->content_length.client = -1;
}
void destroy_conn(struct conn_s *connptr)
int conn_init_contents (struct conn_s *connptr, const char *ipaddr,
const char *sock_ipaddr)
{
if (connptr->client_fd != -1)
close(connptr->client_fd);
if (connptr->server_fd != -1)
close(connptr->server_fd);
struct buffer_s *cbuffer, *sbuffer;
if (connptr->cbuffer)
delete_buffer(connptr->cbuffer);
if (connptr->sbuffer)
delete_buffer(connptr->sbuffer);
assert (connptr->client_fd >= 0);
safefree(connptr);
/*
* Allocate the memory for all the internal components
*/
cbuffer = new_buffer ();
sbuffer = new_buffer ();
update_stats(STAT_CLOSE);
if (!cbuffer || !sbuffer)
goto error_exit;
connptr->cbuffer = cbuffer;
connptr->sbuffer = sbuffer;
connptr->server_ip_addr = (sock_ipaddr ?
safestrdup (sock_ipaddr) : NULL);
connptr->client_ip_addr = safestrdup (ipaddr);
update_stats (STAT_OPEN);
return 1;
error_exit:
/*
* If we got here, there was a problem allocating memory
*/
if (cbuffer)
delete_buffer (cbuffer);
if (sbuffer)
delete_buffer (sbuffer);
return 0;
}
void conn_destroy_contents (struct conn_s *connptr)
{
assert (connptr != NULL);
if (connptr->client_fd != -1)
if (close (connptr->client_fd) < 0)
log_message (LOG_INFO, "Client (%d) close message: %s",
connptr->client_fd, strerror (errno));
connptr->client_fd = -1;
if (connptr->server_fd != -1)
if (close (connptr->server_fd) < 0)
log_message (LOG_INFO, "Server (%d) close message: %s",
connptr->server_fd, strerror (errno));
connptr->server_fd = -1;
if (connptr->cbuffer)
delete_buffer (connptr->cbuffer);
if (connptr->sbuffer)
delete_buffer (connptr->sbuffer);
if (connptr->request_line)
safefree (connptr->request_line);
if (connptr->error_variables) {
char *k;
htab_value *v;
size_t it = 0;
while((it = htab_next(connptr->error_variables, it, &k, &v))) {
safefree(v->p);
safefree(k);
}
htab_destroy (connptr->error_variables);
}
if (connptr->error_string)
safefree (connptr->error_string);
if (connptr->server_ip_addr)
safefree (connptr->server_ip_addr);
if (connptr->client_ip_addr)
safefree (connptr->client_ip_addr);
#ifdef REVERSE_SUPPORT
if (connptr->reversepath)
safefree (connptr->reversepath);
#endif
update_stats (STAT_CLOSE);
}

112
src/conns.h
View File

@ -1,45 +1,99 @@
/* $Id: conns.h,v 1.4 2001-11-21 01:00:09 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2001 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* See 'conns.c' for a detailed description.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 2001 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'conns.c' for detailed information. */
#ifndef TINYPROXY_CONNS_H
#define TINYPROXY_CONNS_H
#include "main.h"
#include "hsearch.h"
/*
* Connection Definition
*/
struct conn_s {
int client_fd;
int server_fd;
struct buffer_s *cbuffer;
struct buffer_s *sbuffer;
bool_t simple_req;
bool_t ssl;
bool_t upstream;
bool_t send_message;
struct {
unsigned short int major;
unsigned short int minor;
} protocol;
int client_fd;
int server_fd;
struct buffer_s *cbuffer;
struct buffer_s *sbuffer;
/* The request line (first line) from the client */
char *request_line;
/* Booleans */
unsigned int connect_method;
unsigned int show_stats;
/*
* This structure stores key -> value mappings for substitution
* in the error HTML files.
*/
struct htab *error_variables;
int error_number;
char *error_string;
/* A Content-Length value from the remote server */
struct {
long int server;
long int client;
} content_length;
/*
* Store the server's IP (for BindSame)
*/
char *server_ip_addr;
/*
* Store the client's IP information
*/
char *client_ip_addr;
/*
* Store the incoming request's HTTP protocol.
*/
struct {
unsigned int major;
unsigned int minor;
} protocol;
#ifdef REVERSE_SUPPORT
/*
* Place to store the current per-connection reverse proxy path
*/
char *reversepath;
#endif
/*
* Pointer to upstream proxy.
*/
struct upstream *upstream_proxy;
};
/*
* Functions for the creation and destruction of a connection structure.
*/
extern void initialize_conn(struct conn_s *connptr);
extern void destroy_conn(struct conn_s *connptr);
/* expects pointer to zero-initialized struct, set up struct
with default values for initial use */
extern void conn_struct_init(struct conn_s *connptr);
/* second stage initializiation, sets up buffers and connection details */
extern int conn_init_contents (struct conn_s *connptr, const char *ipaddr,
const char *sock_ipaddr);
extern void conn_destroy_contents (struct conn_s *connptr);
#endif

87
src/daemon.c Normal file
View File

@ -0,0 +1,87 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* This file contains functions which are useful when writing a
* daemon process. The functions include a "makedaemon" function and
* a function to portably set a signal handler.
*/
#include "main.h"
#include "daemon.h"
#include "log.h"
/*
* Fork a child process and then kill the parent so make the calling
* program a daemon process.
*/
void makedaemon (void)
{
if (fork () != 0)
exit (0);
setsid ();
set_signal_handler (SIGHUP, SIG_IGN);
if (fork () != 0)
exit (0);
if (chdir ("/") != 0) {
log_message (LOG_WARNING,
"Could not change directory to /");
}
umask (0177);
#ifdef NDEBUG
/*
* When not in debugging mode, close the standard file
* descriptors.
*/
close (0);
close (1);
close (2);
#endif
}
/*
* Pass a signal number and a signal handling function into this function
* to handle signals sent to the process.
*/
signal_func *set_signal_handler (int signo, signal_func * func)
{
struct sigaction act, oact;
act.sa_handler = func;
sigemptyset (&act.sa_mask);
act.sa_flags = 0;
if (signo == SIGALRM) {
#ifdef SA_INTERRUPT
act.sa_flags |= SA_INTERRUPT; /* SunOS 4.x */
#endif
} else {
#ifdef SA_RESTART
act.sa_flags |= SA_RESTART; /* SVR4, 4.4BSD */
#endif
}
if (sigaction (signo, &act, &oact) < 0)
return SIG_ERR;
return oact.sa_handler;
}

36
src/daemon.h Normal file
View File

@ -0,0 +1,36 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'daemon.c' for detailed information. */
#ifndef TINYPROXY_DAEMON_H
#define TINYPROXY_DAEMON_H
typedef void signal_func (int);
/*
* Pass a singal integer and a function to handle the signal.
*/
extern signal_func *set_signal_handler (int signo, signal_func * func);
/*
* Make a program a daemon process
*/
extern void makedaemon (void);
#endif

142
src/dnscache.c
View File

@ -1,142 +0,0 @@
/* $Id: dnscache.c,v 1.17 2001-10-25 17:27:39 rjkaes Exp $
*
* This is a caching DNS system. When a host name is needed we look it up here
* and see if there is already an answer for it. The domains are placed in a
* hashed linked list. If the name is not here, then we need to look it up and
* add it to the system. This really speeds up the connection to servers since
* the DNS name does not need to be looked up each time. It's kind of cool. :)
*
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
* Copyright (C) 2000 Chris Lightfoot (chris@ex-parrot.com)
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#include "tinyproxy.h"
#include "dnscache.h"
#include "log.h"
#include "ternary.h"
#include "utils.h"
/*
* The mutex is used for locking around accesses to the ternary tree.
*/
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#define LOCK() pthread_mutex_lock(&mutex);
#define UNLOCK() pthread_mutex_unlock(&mutex);
#define DNSEXPIRE (5 * 60)
#define DNS_INSERT_LIMIT 10000 /* free the memory after inserts */
struct dnscache_s {
struct in_addr ipaddr;
time_t expire;
};
static TERNARY dns_tree = -1;
static unsigned int dns_insertions;
static int dns_lookup(struct in_addr *addr, char *domain)
{
int ret;
struct dnscache_s *ptr;
assert(addr != NULL);
assert(domain != NULL);
ret = ternary_search(dns_tree, domain, (void *)&ptr);
if (TE_ISERROR(ret)
|| difftime(time(NULL), ptr->expire) > DNSEXPIRE) {
return -1;
}
memcpy(addr, &ptr->ipaddr, sizeof(struct in_addr));
return 0;
}
static int dns_insert(struct in_addr *addr, char *domain)
{
struct dnscache_s *newptr;
assert(addr != NULL);
assert(domain != NULL);
if (!(newptr = safemalloc(sizeof(struct dnscache_s)))) {
return -1;
}
memcpy(&newptr->ipaddr, addr, sizeof(struct in_addr));
newptr->expire = time(NULL);
DEBUG2("Inserting [%s] into DNS cache", domain);
if (TE_ISERROR(ternary_replace(dns_tree, domain, newptr))) {
safefree(newptr);
return -1;
}
DEBUG2("Finished inserting [%s] into DNS cache", domain);
return 0;
}
int dnscache(struct in_addr *addr, char *domain)
{
struct hostent *resolv;
assert(addr != NULL);
assert(domain != NULL);
LOCK();
/* If the DNS tree doesn't exist, build a new one */
if (dns_tree < 0) {
dns_tree = ternary_new();
dns_insertions = 0;
}
if (inet_aton(domain, (struct in_addr *)addr) != 0) {
UNLOCK();
return 0;
}
/* Well, we're not dotted-decimal so we need to look it up */
if (dns_lookup(addr, domain) == 0) {
UNLOCK();
return 0;
}
/* Okay, so not in the list... need to actually look it up. */
if (!(resolv = gethostbyname(domain))) {
UNLOCK();
return -1;
}
memcpy(addr, resolv->h_addr_list[0], resolv->h_length);
dns_insert(addr, domain);
dns_insertions++;
if (dns_insertions > DNS_INSERT_LIMIT) {
log_message(LOG_INFO, "DNS Insertion limit reached (%u). Rebuilding cache.", dns_insertions);
ternary_destroy(dns_tree, free);
dns_tree = ternary_new();
dns_insertions = 0;
}
UNLOCK();
return 0;
}

25
src/dnscache.h
View File

@ -1,25 +0,0 @@
/* $Id: dnscache.h,v 1.7 2001-10-25 17:02:50 rjkaes Exp $
*
* See 'dnscache.c' for a detailed description.
*
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#ifndef _TINYPROXY_DNSCACHE_H_
#define _TINYPROXY_DNSCACHE_H_
#include "tinyproxy.h"
extern int dnscache(struct in_addr *addr, char *domain);
#endif

272
src/filter.c
View File

@ -1,123 +1,207 @@
/* $Id: filter.c,v 1.7 2001-10-25 17:27:39 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1999 George Talusan <gstalusan@uwaterloo.ca>
* Copyright (C) 2002 James E. Flemer <jflemer@acm.jhu.edu>
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* Copyright (c) 1999 George Talusan (gstalusan@uwaterloo.ca)
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* A substring of the domain to be filtered goes into the file
* pointed at by DEFAULT_FILTER.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "tinyproxy.h"
/* A substring of the domain to be filtered goes into the file
* pointed at by DEFAULT_FILTER.
*/
#include "main.h"
#include <regex.h>
#include <fnmatch.h>
#include "filter.h"
#include "regexp.h"
#include "utils.h"
#include "heap.h"
#include "log.h"
#include "reqs.h"
#include "conf.h"
#include "sblist.h"
#define FILTER_BUFFER_LEN (512)
static int err;
struct filter_list {
struct filter_list *next;
char *pat;
regex_t *cpat;
union {
regex_t cpatb;
char *pattern;
} u;
};
static struct filter_list *fl = NULL;
static sblist *fl = NULL;
static int already_init = 0;
/* initializes a linked list of strings containing hosts to be filtered */
void filter_init(void)
/*
* Initializes a list of strings containing hosts/urls to be filtered
*/
void filter_init (void)
{
FILE *fd;
struct filter_list *p;
char buf[255];
char *s;
FILE *fd;
struct filter_list fe;
char buf[FILTER_BUFFER_LEN];
char *s, *start;
int cflags, lineno = 0;
if (!fl && !already_init) {
fd = fopen(config.filter, "r");
if (fd) {
p = NULL;
if (fl || already_init) {
return;
}
while (fgets(buf, 255, fd)) {
s = buf;
if (!p) /* head of list */
fl = p = safecalloc(1, sizeof(struct filter_list));
else { /* next entry */
p->next = safecalloc(1, sizeof(struct filter_list));
p = p->next;
}
fd = fopen (config->filter, "r");
if (!fd) {
perror ("filter file");
exit (EX_DATAERR);
}
/* replace first whitespace with \0 */
while (*s++)
if (isspace((unsigned char)*s))
*s = '\0';
cflags = REG_NEWLINE | REG_NOSUB;
cflags |= (REG_EXTENDED * !!(config->filter_opts & FILTER_OPT_TYPE_ERE));
cflags |= (REG_ICASE * !(config->filter_opts & FILTER_OPT_CASESENSITIVE));
p->pat = strdup(buf);
p->cpat = safemalloc(sizeof(regex_t));
if ((err = regcomp(p->cpat, p->pat, REG_NEWLINE | REG_NOSUB)) != 0) {
fprintf(stderr,
"Bad regex in %s: %s\n",
config.filter, p->pat);
exit(EX_DATAERR);
}
}
already_init = 1;
fclose(fd);
}
}
while (fgets (buf, FILTER_BUFFER_LEN, fd)) {
++lineno;
/* skip leading whitespace */
s = buf;
while (*s && isspace ((unsigned char) *s))
s++;
start = s;
/*
* Remove any trailing white space and
* comments.
*/
while (*s) {
if (isspace ((unsigned char) *s))
break;
if (*s == '#') {
/*
* If the '#' char is preceeded by
* an escape, it's not a comment
* string.
*/
if (s == buf || *(s - 1) != '\\')
break;
}
++s;
}
*s = '\0';
s = start;
/* skip blank lines and comments */
if (*s == '\0')
continue;
if (!fl) fl = sblist_new(sizeof(struct filter_list),
4096/sizeof(struct filter_list));
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH) {
fe.u.pattern = safestrdup(s);
if (!fe.u.pattern) goto oom;
} else {
err = regcomp (&fe.u.cpatb, s, cflags);
if (err != 0) {
if (err == REG_ESPACE) goto oom;
fprintf (stderr,
"Bad regex in %s: line %d - %s\n",
config->filter, lineno, s);
exit (EX_DATAERR);
}
}
if (!sblist_add(fl, &fe)) {
oom:;
fprintf (stderr,
"out of memory parsing filter file %s: line %d\n",
config->filter, lineno);
exit (EX_DATAERR);
}
}
if (ferror (fd)) {
perror ("fgets");
exit (EX_DATAERR);
}
fclose (fd);
already_init = 1;
}
/* unlink the list */
void filter_destroy(void)
void filter_destroy (void)
{
struct filter_list *p, *q;
struct filter_list *p;
size_t i;
if (already_init) {
for (p = q = fl; p; p = q) {
regfree(p->cpat);
safefree(p->cpat);
safefree(p->pat);
q = p->next;
safefree(p);
}
fl = NULL;
already_init = 0;
}
if (already_init) {
if (fl) {
for (i = 0; i < sblist_getsize(fl); ++i) {
p = sblist_get(fl, i);
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH)
safefree(p->u.pattern);
else
regfree (&p->u.cpatb);
}
sblist_free(fl);
}
fl = NULL;
already_init = 0;
}
}
/* returns 0 if host is not an element of filter list, non-zero otherwise */
int filter_url(char *host)
/**
* reload the filter file if filtering is enabled
*/
void filter_reload (void)
{
struct filter_list *p;
char *s, *port;
int result;
if (!fl || !already_init)
return (0);
/* strip off the port number */
s = strdup(host);
port = strchr(s, ':');
if (port)
*port = '\0';
result = 0;
for (p = fl; p; p = p->next) {
result = !regexec(p->cpat, s, (size_t) 0, (regmatch_t *) 0, 0);
if (result)
break;
}
safefree(s);
return (result);
if (config->filter) {
log_message (LOG_NOTICE, "Re-reading filter file.");
filter_destroy ();
filter_init ();
}
}
/* Return 0 to allow, non-zero to block */
int filter_run (const char *str)
{
struct filter_list *p;
size_t i;
int result;
if (!fl || !already_init)
goto COMMON_EXIT;
for (i = 0; i < sblist_getsize(fl); ++i) {
p = sblist_get(fl, i);
if (config->filter_opts & FILTER_OPT_TYPE_FNMATCH)
result = fnmatch (p->u.pattern, str, 0);
else
result =
regexec (&p->u.cpatb, str, (size_t) 0, (regmatch_t *) 0, 0);
if (result == 0) {
if (!(config->filter_opts & FILTER_OPT_DEFAULT_DENY))
return 1;
else
return 0;
}
}
COMMON_EXIT:
if (!(config->filter_opts & FILTER_OPT_DEFAULT_DENY))
return 0;
else
return 1;
}

47
src/filter.h
View File

@ -1,25 +1,42 @@
/* $Id: filter.h,v 1.3 2000-11-23 04:46:25 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1999 George Talusan <gstalusan@uwaterloo.ca>
*
* See 'filter.c' for a detailed description.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (c) 1999 George Talusan (gstalusan@uwaterloo.ca)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'filter.c' for detailed information. */
#ifndef _TINYPROXY_FILTER_H_
#define _TINYPROXY_FILTER_H_
extern void filter_init(void);
extern void filter_destroy(void);
extern int filter_url(char *host);
enum filter_options {
FILTER_OPT_CASESENSITIVE = 1 << 0,
FILTER_OPT_URL = 1 << 1,
FILTER_OPT_DEFAULT_DENY = 1 << 2,
FILTER_OPT_TYPE_BRE = 1 << 8,
FILTER_OPT_TYPE_ERE = 1 << 9,
FILTER_OPT_TYPE_FNMATCH = 1 << 10,
};
#define FILTER_TYPE_MASK \
(FILTER_OPT_TYPE_BRE | FILTER_OPT_TYPE_ERE | FILTER_OPT_TYPE_FNMATCH)
extern void filter_init (void);
extern void filter_destroy (void);
extern void filter_reload (void);
extern int filter_run (const char *str);
#endif

5880
src/gnuregex.c
View File

File diff suppressed because it is too large Load Diff

542
src/gnuregex.h
View File

@ -1,542 +0,0 @@
/* Definitions for data structures and routines for the regular
expression library, version 0.12.
Copyright (C) 1985,89,90,91,92,93,95,96,97,98 Free Software Foundation, Inc.
This file is part of the GNU C Library. Its master source is NOT part of
the C library, however. The master source lives in /gd/gnu/lib.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with the GNU C Library; see the file COPYING.LIB. If not,
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
#ifndef _REGEX_H
#define _REGEX_H 1
/* Allow the use in C++ code. */
#ifdef __cplusplus
extern "C" {
#endif
/* POSIX says that <sys/types.h> must be included (by the caller) before
<regex.h>. */
#if !defined _POSIX_C_SOURCE && !defined _POSIX_SOURCE && defined VMS
/* VMS doesn't have `size_t' in <sys/types.h>, even though POSIX says it
should be there. */
# include <stddef.h>
#endif
/* The following two types have to be signed and unsigned integer type
wide enough to hold a value of a pointer. For most ANSI compilers
ptrdiff_t and size_t should be likely OK. Still size of these two
types is 2 for Microsoft C. Ugh... */
typedef long int s_reg_t;
typedef unsigned long int active_reg_t;
/* The following bits are used to determine the regexp syntax we
recognize. The set/not-set meanings are chosen so that Emacs syntax
remains the value 0. The bits are given in alphabetical order, and
the definitions shifted by one from the previous bit; thus, when we
add or remove a bit, only one other definition need change. */
typedef unsigned long int reg_syntax_t;
/* If this bit is not set, then \ inside a bracket expression is literal.
If set, then such a \ quotes the following character. */
#define RE_BACKSLASH_ESCAPE_IN_LISTS ((unsigned long int) 1)
/* If this bit is not set, then + and ? are operators, and \+ and \? are
literals.
If set, then \+ and \? are operators and + and ? are literals. */
#define RE_BK_PLUS_QM (RE_BACKSLASH_ESCAPE_IN_LISTS << 1)
/* If this bit is set, then character classes are supported. They are:
[:alpha:], [:upper:], [:lower:], [:digit:], [:alnum:], [:xdigit:],
[:space:], [:print:], [:punct:], [:graph:], and [:cntrl:].
If not set, then character classes are not supported. */
#define RE_CHAR_CLASSES (RE_BK_PLUS_QM << 1)
/* If this bit is set, then ^ and $ are always anchors (outside bracket
expressions, of course).
If this bit is not set, then it depends:
^ is an anchor if it is at the beginning of a regular
expression or after an open-group or an alternation operator;
$ is an anchor if it is at the end of a regular expression, or
before a close-group or an alternation operator.
This bit could be (re)combined with RE_CONTEXT_INDEP_OPS, because
POSIX draft 11.2 says that * etc. in leading positions is undefined.
We already implemented a previous draft which made those constructs
invalid, though, so we haven't changed the code back. */
#define RE_CONTEXT_INDEP_ANCHORS (RE_CHAR_CLASSES << 1)
/* If this bit is set, then special characters are always special
regardless of where they are in the pattern.
If this bit is not set, then special characters are special only in
some contexts; otherwise they are ordinary. Specifically,
* + ? and intervals are only special when not after the beginning,
open-group, or alternation operator. */
#define RE_CONTEXT_INDEP_OPS (RE_CONTEXT_INDEP_ANCHORS << 1)
/* If this bit is set, then *, +, ?, and { cannot be first in an re or
immediately after an alternation or begin-group operator. */
#define RE_CONTEXT_INVALID_OPS (RE_CONTEXT_INDEP_OPS << 1)
/* If this bit is set, then . matches newline.
If not set, then it doesn't. */
#define RE_DOT_NEWLINE (RE_CONTEXT_INVALID_OPS << 1)
/* If this bit is set, then . doesn't match NUL.
If not set, then it does. */
#define RE_DOT_NOT_NULL (RE_DOT_NEWLINE << 1)
/* If this bit is set, nonmatching lists [^...] do not match newline.
If not set, they do. */
#define RE_HAT_LISTS_NOT_NEWLINE (RE_DOT_NOT_NULL << 1)
/* If this bit is set, either \{...\} or {...} defines an
interval, depending on RE_NO_BK_BRACES.
If not set, \{, \}, {, and } are literals. */
#define RE_INTERVALS (RE_HAT_LISTS_NOT_NEWLINE << 1)
/* If this bit is set, +, ? and | aren't recognized as operators.
If not set, they are. */
#define RE_LIMITED_OPS (RE_INTERVALS << 1)
/* If this bit is set, newline is an alternation operator.
If not set, newline is literal. */
#define RE_NEWLINE_ALT (RE_LIMITED_OPS << 1)
/* If this bit is set, then `{...}' defines an interval, and \{ and \}
are literals.
If not set, then `\{...\}' defines an interval. */
#define RE_NO_BK_BRACES (RE_NEWLINE_ALT << 1)
/* If this bit is set, (...) defines a group, and \( and \) are literals.
If not set, \(...\) defines a group, and ( and ) are literals. */
#define RE_NO_BK_PARENS (RE_NO_BK_BRACES << 1)
/* If this bit is set, then \<digit> matches <digit>.
If not set, then \<digit> is a back-reference. */
#define RE_NO_BK_REFS (RE_NO_BK_PARENS << 1)
/* If this bit is set, then | is an alternation operator, and \| is literal.
If not set, then \| is an alternation operator, and | is literal. */
#define RE_NO_BK_VBAR (RE_NO_BK_REFS << 1)
/* If this bit is set, then an ending range point collating higher
than the starting range point, as in [z-a], is invalid.
If not set, then when ending range point collates higher than the
starting range point, the range is ignored. */
#define RE_NO_EMPTY_RANGES (RE_NO_BK_VBAR << 1)
/* If this bit is set, then an unmatched ) is ordinary.
If not set, then an unmatched ) is invalid. */
#define RE_UNMATCHED_RIGHT_PAREN_ORD (RE_NO_EMPTY_RANGES << 1)
/* If this bit is set, succeed as soon as we match the whole pattern,
without further backtracking. */
#define RE_NO_POSIX_BACKTRACKING (RE_UNMATCHED_RIGHT_PAREN_ORD << 1)
/* If this bit is set, do not process the GNU regex operators.
If not set, then the GNU regex operators are recognized. */
#define RE_NO_GNU_OPS (RE_NO_POSIX_BACKTRACKING << 1)
/* If this bit is set, turn on internal regex debugging.
If not set, and debugging was on, turn it off.
This only works if regex.c is compiled -DDEBUG.
We define this bit always, so that all that's needed to turn on
debugging is to recompile regex.c; the calling code can always have
this bit set, and it won't affect anything in the normal case. */
#define RE_DEBUG (RE_NO_GNU_OPS << 1)
/* This global variable defines the particular regexp syntax to use (for
some interfaces). When a regexp is compiled, the syntax used is
stored in the pattern buffer, so changing this does not affect
already-compiled regexps. */
extern reg_syntax_t re_syntax_options;
/* Define combinations of the above bits for the standard possibilities.
(The [[[ comments delimit what gets put into the Texinfo file, so
don't delete them!) */
/* [[[begin syntaxes]]] */
#define RE_SYNTAX_EMACS 0
#define RE_SYNTAX_AWK \
(RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DOT_NOT_NULL \
| RE_NO_BK_PARENS | RE_NO_BK_REFS \
| RE_NO_BK_VBAR | RE_NO_EMPTY_RANGES \
| RE_DOT_NEWLINE | RE_CONTEXT_INDEP_ANCHORS \
| RE_UNMATCHED_RIGHT_PAREN_ORD | RE_NO_GNU_OPS)
#define RE_SYNTAX_GNU_AWK \
((RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DEBUG) \
& ~(RE_DOT_NOT_NULL | RE_INTERVALS | RE_CONTEXT_INDEP_OPS))
#define RE_SYNTAX_POSIX_AWK \
(RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS \
| RE_INTERVALS | RE_NO_GNU_OPS)
#define RE_SYNTAX_GREP \
(RE_BK_PLUS_QM | RE_CHAR_CLASSES \
| RE_HAT_LISTS_NOT_NEWLINE | RE_INTERVALS \
| RE_NEWLINE_ALT)
#define RE_SYNTAX_EGREP \
(RE_CHAR_CLASSES | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INDEP_OPS | RE_HAT_LISTS_NOT_NEWLINE \
| RE_NEWLINE_ALT | RE_NO_BK_PARENS \
| RE_NO_BK_VBAR)
#define RE_SYNTAX_POSIX_EGREP \
(RE_SYNTAX_EGREP | RE_INTERVALS | RE_NO_BK_BRACES)
/* P1003.2/D11.2, section 4.20.7.1, lines 5078ff. */
#define RE_SYNTAX_ED RE_SYNTAX_POSIX_BASIC
#define RE_SYNTAX_SED RE_SYNTAX_POSIX_BASIC
/* Syntax bits common to both basic and extended POSIX regex syntax. */
#define _RE_SYNTAX_POSIX_COMMON \
(RE_CHAR_CLASSES | RE_DOT_NEWLINE | RE_DOT_NOT_NULL \
| RE_INTERVALS | RE_NO_EMPTY_RANGES)
#define RE_SYNTAX_POSIX_BASIC \
(_RE_SYNTAX_POSIX_COMMON | RE_BK_PLUS_QM)
/* Differs from ..._POSIX_BASIC only in that RE_BK_PLUS_QM becomes
RE_LIMITED_OPS, i.e., \? \+ \| are not recognized. Actually, this
isn't minimal, since other operators, such as \`, aren't disabled. */
#define RE_SYNTAX_POSIX_MINIMAL_BASIC \
(_RE_SYNTAX_POSIX_COMMON | RE_LIMITED_OPS)
#define RE_SYNTAX_POSIX_EXTENDED \
(_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INDEP_OPS | RE_NO_BK_BRACES \
| RE_NO_BK_PARENS | RE_NO_BK_VBAR \
| RE_UNMATCHED_RIGHT_PAREN_ORD)
/* Differs from ..._POSIX_EXTENDED in that RE_CONTEXT_INVALID_OPS
replaces RE_CONTEXT_INDEP_OPS and RE_NO_BK_REFS is added. */
#define RE_SYNTAX_POSIX_MINIMAL_EXTENDED \
(_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INVALID_OPS | RE_NO_BK_BRACES \
| RE_NO_BK_PARENS | RE_NO_BK_REFS \
| RE_NO_BK_VBAR | RE_UNMATCHED_RIGHT_PAREN_ORD)
/* [[[end syntaxes]]] */
/* Maximum number of duplicates an interval can allow. Some systems
(erroneously) define this in other header files, but we want our
value, so remove any previous define. */
#ifdef RE_DUP_MAX
# undef RE_DUP_MAX
#endif
/* If sizeof(int) == 2, then ((1 << 15) - 1) overflows. */
#define RE_DUP_MAX (0x7fff)
/* POSIX `cflags' bits (i.e., information for `regcomp'). */
/* If this bit is set, then use extended regular expression syntax.
If not set, then use basic regular expression syntax. */
#define REG_EXTENDED 1
/* If this bit is set, then ignore case when matching.
If not set, then case is significant. */
#define REG_ICASE (REG_EXTENDED << 1)
/* If this bit is set, then anchors do not match at newline
characters in the string.
If not set, then anchors do match at newlines. */
#define REG_NEWLINE (REG_ICASE << 1)
/* If this bit is set, then report only success or fail in regexec.
If not set, then returns differ between not matching and errors. */
#define REG_NOSUB (REG_NEWLINE << 1)
/* POSIX `eflags' bits (i.e., information for regexec). */
/* If this bit is set, then the beginning-of-line operator doesn't match
the beginning of the string (presumably because it's not the
beginning of a line).
If not set, then the beginning-of-line operator does match the
beginning of the string. */
#define REG_NOTBOL 1
/* Like REG_NOTBOL, except for the end-of-line. */
#define REG_NOTEOL (1 << 1)
/* If any error codes are removed, changed, or added, update the
`re_error_msg' table in regex.c. */
typedef enum
{
#ifdef _XOPEN_SOURCE
REG_ENOSYS = -1, /* This will never happen for this implementation. */
#endif
REG_NOERROR = 0, /* Success. */
REG_NOMATCH, /* Didn't find a match (for regexec). */
/* POSIX regcomp return error codes. (In the order listed in the
standard.) */
REG_BADPAT, /* Invalid pattern. */
REG_ECOLLATE, /* Not implemented. */
REG_ECTYPE, /* Invalid character class name. */
REG_EESCAPE, /* Trailing backslash. */
REG_ESUBREG, /* Invalid back reference. */
REG_EBRACK, /* Unmatched left bracket. */
REG_EPAREN, /* Parenthesis imbalance. */
REG_EBRACE, /* Unmatched \{. */
REG_BADBR, /* Invalid contents of \{\}. */
REG_ERANGE, /* Invalid range end. */
REG_ESPACE, /* Ran out of memory. */
REG_BADRPT, /* No preceding re for repetition op. */
/* Error codes we've added. */
REG_EEND, /* Premature end. */
REG_ESIZE, /* Compiled pattern bigger than 2^16 bytes. */
REG_ERPAREN /* Unmatched ) or \); not returned from regcomp. */
} reg_errcode_t;
/* This data structure represents a compiled pattern. Before calling
the pattern compiler, the fields `buffer', `allocated', `fastmap',
`translate', and `no_sub' can be set. After the pattern has been
compiled, the `re_nsub' field is available. All other fields are
private to the regex routines. */
#ifndef RE_TRANSLATE_TYPE
# define RE_TRANSLATE_TYPE char *
#endif
struct re_pattern_buffer
{
/* [[[begin pattern_buffer]]] */
/* Space that holds the compiled pattern. It is declared as
`unsigned char *' because its elements are
sometimes used as array indexes. */
unsigned char *buffer;
/* Number of bytes to which `buffer' points. */
unsigned long int allocated;
/* Number of bytes actually used in `buffer'. */
unsigned long int used;
/* Syntax setting with which the pattern was compiled. */
reg_syntax_t syntax;
/* Pointer to a fastmap, if any, otherwise zero. re_search uses
the fastmap, if there is one, to skip over impossible
starting points for matches. */
char *fastmap;
/* Either a translate table to apply to all characters before
comparing them, or zero for no translation. The translation
is applied to a pattern when it is compiled and to a string
when it is matched. */
RE_TRANSLATE_TYPE translate;
/* Number of subexpressions found by the compiler. */
size_t re_nsub;
/* Zero if this pattern cannot match the empty string, one else.
Well, in truth it's used only in `re_search_2', to see
whether or not we should use the fastmap, so we don't set
this absolutely perfectly; see `re_compile_fastmap' (the
`duplicate' case). */
unsigned can_be_null : 1;
/* If REGS_UNALLOCATED, allocate space in the `regs' structure
for `max (RE_NREGS, re_nsub + 1)' groups.
If REGS_REALLOCATE, reallocate space if necessary.
If REGS_FIXED, use what's there. */
#define REGS_UNALLOCATED 0
#define REGS_REALLOCATE 1
#define REGS_FIXED 2
unsigned regs_allocated : 2;
/* Set to zero when `regex_compile' compiles a pattern; set to one
by `re_compile_fastmap' if it updates the fastmap. */
unsigned fastmap_accurate : 1;
/* If set, `re_match_2' does not return information about
subexpressions. */
unsigned no_sub : 1;
/* If set, a beginning-of-line anchor doesn't match at the
beginning of the string. */
unsigned not_bol : 1;
/* Similarly for an end-of-line anchor. */
unsigned not_eol : 1;
/* If true, an anchor at a newline matches. */
unsigned newline_anchor : 1;
/* [[[end pattern_buffer]]] */
};
typedef struct re_pattern_buffer regex_t;
/* Type for byte offsets within the string. POSIX mandates this. */
typedef int regoff_t;
/* This is the structure we store register match data in. See
regex.texinfo for a full description of what registers match. */
struct re_registers
{
unsigned num_regs;
regoff_t *start;
regoff_t *end;
};
/* If `regs_allocated' is REGS_UNALLOCATED in the pattern buffer,
`re_match_2' returns information about at least this many registers
the first time a `regs' structure is passed. */
#ifndef RE_NREGS
# define RE_NREGS 30
#endif
/* POSIX specification for registers. Aside from the different names than
`re_registers', POSIX uses an array of structures, instead of a
structure of arrays. */
typedef struct
{
regoff_t rm_so; /* Byte offset from string's start to substring's start. */
regoff_t rm_eo; /* Byte offset from string's start to substring's end. */
} regmatch_t;
/* Declarations for routines. */
/* To avoid duplicating every routine declaration -- once with a
prototype (if we are ANSI), and once without (if we aren't) -- we
use the following macro to declare argument types. This
unfortunately clutters up the declarations a bit, but I think it's
worth it. */
#if __STDC__
# define _RE_ARGS(args) args
#else /* not __STDC__ */
# define _RE_ARGS(args) ()
#endif /* not __STDC__ */
/* Sets the current default syntax to SYNTAX, and return the old syntax.
You can also simply assign to the `re_syntax_options' variable. */
extern reg_syntax_t re_set_syntax _RE_ARGS ((reg_syntax_t syntax));
/* Compile the regular expression PATTERN, with length LENGTH
and syntax given by the global `re_syntax_options', into the buffer
BUFFER. Return NULL if successful, and an error string if not. */
extern const char *re_compile_pattern
_RE_ARGS ((const char *pattern, size_t length,
struct re_pattern_buffer *buffer));
/* Compile a fastmap for the compiled pattern in BUFFER; used to
accelerate searches. Return 0 if successful and -2 if was an
internal error. */
extern int re_compile_fastmap _RE_ARGS ((struct re_pattern_buffer *buffer));
/* Search in the string STRING (with length LENGTH) for the pattern
compiled into BUFFER. Start searching at position START, for RANGE
characters. Return the starting position of the match, -1 for no
match, or -2 for an internal error. Also return register
information in REGS (if REGS and BUFFER->no_sub are nonzero). */
extern int re_search
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
int length, int start, int range, struct re_registers *regs));
/* Like `re_search', but search in the concatenation of STRING1 and
STRING2. Also, stop searching at index START + STOP. */
extern int re_search_2
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
int length1, const char *string2, int length2,
int start, int range, struct re_registers *regs, int stop));
/* Like `re_search', but return how many characters in STRING the regexp
in BUFFER matched, starting at position START. */
extern int re_match
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
int length, int start, struct re_registers *regs));
/* Relates to `re_match' as `re_search_2' relates to `re_search'. */
extern int re_match_2
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
int length1, const char *string2, int length2,
int start, struct re_registers *regs, int stop));
/* Set REGS to hold NUM_REGS registers, storing them in STARTS and
ENDS. Subsequent matches using BUFFER and REGS will use this memory
for recording register information. STARTS and ENDS must be
allocated with malloc, and must each be at least `NUM_REGS * sizeof
(regoff_t)' bytes long.
If NUM_REGS == 0, then subsequent matches should allocate their own
register data.
Unless this function is called, the first search or match using
PATTERN_BUFFER will allocate its own register data, without
freeing the old data. */
extern void re_set_registers
_RE_ARGS ((struct re_pattern_buffer *buffer, struct re_registers *regs,
unsigned num_regs, regoff_t *starts, regoff_t *ends));
#if defined _REGEX_RE_COMP || defined _LIBC
# ifndef _CRAY
/* 4.2 bsd compatibility. */
extern char *re_comp _RE_ARGS ((const char *));
extern int re_exec _RE_ARGS ((const char *));
# endif
#endif
/* POSIX compatibility. */
extern int regcomp _RE_ARGS ((regex_t *__preg, const char *__pattern,
int __cflags));
extern int regexec _RE_ARGS ((const regex_t *__preg,
const char *__string, size_t __nmatch,
regmatch_t __pmatch[], int __eflags));
extern size_t regerror _RE_ARGS ((int __errcode, const regex_t *__preg,
char *__errbuf, size_t __errbuf_size));
extern void regfree _RE_ARGS ((regex_t *__preg));
#ifdef __cplusplus
}
#endif /* C++ */
#endif /* regex.h */
/*
Local variables:
make-backup-files: t
version-control: t
trim-versions-without-asking: nil
End:
*/

180
src/grammar.y
View File

@ -1,180 +0,0 @@
/* $Id: grammar.y,v 1.5 2001-09-16 20:08:24 rjkaes Exp $
*
* This is the grammar for tinyproxy's configuration file. It needs to be
* in sync with scanner.l. If you know more about yacc and lex than I do
* please update these files.
*
* Copyright (C) 2000 Robert James Kaes (rjkaes@flarenet.com)
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
%{
#include "tinyproxy.h"
#include "acl.h"
#include "anonymous.h"
#include "log.h"
#include "thread.h"
void yyerror(char *s);
int yylex(void);
%}
%union {
unsigned int num;
char *cptr;
void *ptr;
}
/* statements */
%token KW_PORT KW_LISTEN
%token KW_LOGFILE KW_PIDFILE KW_SYSLOG
%token KW_MAXCLIENTS KW_MAXSPARESERVERS KW_MINSPARESERVERS KW_STARTSERVERS
%token KW_MAXREQUESTSPERCHILD
%token KW_TIMEOUT
%token KW_USER KW_GROUP
%token KW_ANONYMOUS KW_FILTER KW_XTINYPROXY
%token KW_TUNNEL KW_UPSTREAM
%token KW_ALLOW KW_DENY
/* yes/no switches */
%token KW_YES KW_NO
/* settings for loglevel */
%token KW_LOGLEVEL
%token KW_LOG_CRITICAL KW_LOG_ERROR KW_LOG_WARNING KW_LOG_NOTICE KW_LOG_CONNECT KW_LOG_INFO
%token <cptr> IDENTIFIER
%token <num> NUMBER
%token <cptr> STRING
%token <cptr> NUMERIC_ADDRESS
%token <cptr> STRING_ADDRESS
%token <cptr> NETMASK_ADDRESS
%type <num> yesno
%type <cptr> string
%type <cptr> network_address
%type <cptr> unique_address
%type <num> loglevels
%%
start
: /* empty */
| start line
;
line
: '\n'
| statement '\n'
;
statement
: KW_PORT NUMBER { config.port = $2; }
| KW_TIMEOUT NUMBER { config.idletimeout = $2; }
| KW_SYSLOG yesno
{
#ifdef HAVE_SYSLOG_H
config.syslog = $2;
#else
log_message(LOG_WARNING, "Syslog support was not compiled in.");
#endif
}
| KW_MAXCLIENTS NUMBER { thread_configure(THREAD_MAXCLIENTS, $2); }
| KW_MAXSPARESERVERS NUMBER { thread_configure(THREAD_MAXSPARESERVERS, $2); }
| KW_MINSPARESERVERS NUMBER { thread_configure(THREAD_MINSPARESERVERS, $2); }
| KW_STARTSERVERS NUMBER { thread_configure(THREAD_STARTSERVERS, $2); }
| KW_MAXREQUESTSPERCHILD NUMBER { thread_configure(THREAD_MAXREQUESTSPERCHILD, $2); }
| KW_LOGFILE string
{
config.logf_name = $2;
if (!config.logf_name) {
fprintf(stderr, "bad log file\n");
}
}
| KW_PIDFILE string { config.pidpath = $2; }
| KW_USER string { config.username = $2; }
| KW_GROUP string { config.group = $2; }
| KW_ANONYMOUS string { anonymous_insert($2); }
| KW_FILTER string
{
#ifdef FILTER_ENABLE
config.filter = $2;
#else
log_message(LOG_WARNING, "Filter support was not compiled in.");
#endif
}
| KW_XTINYPROXY network_address { config.my_domain = $2; }
| KW_TUNNEL unique_address ':' NUMBER
{
#ifdef TUNNEL_SUPPORT
config.tunnel_name = $2;
config.tunnel_port = $4;
#else
log_message(LOG_WARNING, "Tunnel support was not compiled in.");
#endif
}
| KW_UPSTREAM unique_address ':' NUMBER
{
#ifdef UPSTREAM_SUPPORT
config.upstream_name = $2;
config.upstream_port = $4;
#else
log_message(LOG_WARNING, "Upstream proxy support was not compiled in.");
#endif
}
| KW_LISTEN NUMERIC_ADDRESS { config.ipAddr = $2; }
| KW_ALLOW network_address { insert_acl($2, ACL_ALLOW); }
| KW_DENY network_address { insert_acl($2, ACL_DENY); }
| KW_LOGLEVEL loglevels { set_log_level($2); }
;
loglevels
: KW_LOG_CRITICAL { $$ = LOG_CRIT; }
| KW_LOG_ERROR { $$ = LOG_ERR; }
| KW_LOG_WARNING { $$ = LOG_WARNING; }
| KW_LOG_NOTICE { $$ = LOG_NOTICE; }
| KW_LOG_CONNECT { $$ = LOG_CONN; }
| KW_LOG_INFO { $$ = LOG_INFO; }
;
network_address
: unique_address
| NETMASK_ADDRESS
;
unique_address
: STRING_ADDRESS
| NUMERIC_ADDRESS
;
yesno
: KW_YES { $$ = 1; }
| KW_NO { $$ = 0; }
| NUMBER { $$ = $1; }
;
string
: IDENTIFIER
| STRING
;
%%
extern unsigned int yylineno;
void yyerror(char *s)
{
fprintf(stderr, "Line %d: %s\n", yylineno, s);
}

99
src/heap.c Normal file
View File

@ -0,0 +1,99 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* Debugging versions of various heap related functions are combined
* here. The debugging versions include assertions and also print
* (to standard error) the function called along with the amount
* of memory allocated, and where the memory is pointing. The
* format of the log message is standardized.
*/
#include "main.h"
#include "heap.h"
#include "text.h"
#ifndef NDEBUG
void *debugging_calloc (size_t nmemb, size_t size, const char *file,
unsigned long line)
{
void *ptr;
assert (nmemb > 0);
assert (size > 0);
ptr = calloc (nmemb, size);
fprintf (stderr, "{calloc: %p:%lu x %lu} %s:%lu\n", ptr,
(unsigned long) nmemb, (unsigned long) size, file, line);
return ptr;
}
void *debugging_malloc (size_t size, const char *file, unsigned long line)
{
void *ptr;
assert (size > 0);
ptr = malloc (size);
fprintf (stderr, "{malloc: %p:%lu} %s:%lu\n", ptr,
(unsigned long) size, file, line);
return ptr;
}
void *debugging_realloc (void *ptr, size_t size, const char *file,
unsigned long line)
{
void *newptr;
assert (size > 0);
newptr = realloc (ptr, size);
fprintf (stderr, "{realloc: %p -> %p:%lu} %s:%lu\n", ptr, newptr,
(unsigned long) size, file, line);
return newptr;
}
void debugging_free (void *ptr, const char *file, unsigned long line)
{
fprintf (stderr, "{free: %p} %s:%lu\n", ptr, file, line);
if (ptr != NULL)
free (ptr);
return;
}
char *debugging_strdup (const char *s, const char *file, unsigned long line)
{
char *ptr;
size_t len;
assert (s != NULL);
len = strlen (s) + 1;
ptr = (char *) malloc (len);
if (!ptr)
return NULL;
memcpy (ptr, s, len);
fprintf (stderr, "{strdup: %p:%lu} %s:%lu\n", ptr,
(unsigned long) len, file, line);
return ptr;
}
#endif /* !NDEBUG */

55
src/heap.h Normal file
View File

@ -0,0 +1,55 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2002 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'heap.c' for detailed information. */
#ifndef TINYPROXY_HEAP_H
#define TINYPROXY_HEAP_H
/*
* The following is to allow for better memory checking.
*/
#ifndef NDEBUG
extern void *debugging_calloc (size_t nmemb, size_t size, const char *file,
unsigned long line);
extern void *debugging_malloc (size_t size, const char *file,
unsigned long line);
extern void debugging_free (void *ptr, const char *file, unsigned long line);
extern void *debugging_realloc (void *ptr, size_t size, const char *file,
unsigned long line);
extern char *debugging_strdup (const char *s, const char *file,
unsigned long line);
# define safecalloc(x, y) debugging_calloc(x, y, __FILE__, __LINE__)
# define safemalloc(x) debugging_malloc(x, __FILE__, __LINE__)
# define saferealloc(x, y) debugging_realloc(x, y, __FILE__, __LINE__)
# define safestrdup(x) debugging_strdup(x, __FILE__, __LINE__)
# define safefree(x) (debugging_free(x, __FILE__, __LINE__), *(&(x)) = NULL)
#else
# define safecalloc(x, y) calloc(x, y)
# define safemalloc(x) malloc(x)
# define saferealloc(x, y) realloc(x, y)
# define safefree(x) (free (x), *(&(x)) = NULL)
# define safestrdup(x) strdup(x)
#endif
#endif

179
src/hostspec.c Normal file
View File

@ -0,0 +1,179 @@
#include "common.h"
#include "hostspec.h"
#include "heap.h"
#include "network.h"
static int dotted_mask(char *bitmask_string, unsigned char array[])
{
unsigned char v4bits[4];
if (1 != inet_pton (AF_INET, bitmask_string, v4bits)) return -1;
memset (array, 0xff, IPV6_LEN-4);
memcpy (array + IPV6_LEN-4, v4bits, 4);
return 0;
}
/*
* Fills in the netmask array given a numeric value.
*
* Returns:
* 0 on success
* -1 on failure (invalid mask value)
*
*/
static int
fill_netmask_array (char *bitmask_string, int v6,
unsigned char array[])
{
unsigned int i;
unsigned long int mask;
char *endptr;
errno = 0; /* to distinguish success/failure after call */
if (strchr (bitmask_string, '.')) {
if (v6) return -1; /* ipv6 doesn't supported dotted netmasks */
return dotted_mask(bitmask_string, array);
}
mask = strtoul (bitmask_string, &endptr, 10);
/* check for various conversion errors */
if ((errno == ERANGE && mask == ULONG_MAX)
|| (errno != 0 && mask == 0) || (endptr == bitmask_string))
return -1;
if (v6 == 0) {
/* The mask comparison is done as an IPv6 address, so
* convert to a longer mask in the case of IPv4
* addresses. */
mask += 12 * 8;
}
/* check valid range for a bit mask */
if (mask > (8 * IPV6_LEN))
return -1;
/* we have a valid range to fill in the array */
for (i = 0; i != IPV6_LEN; ++i) {
if (mask >= 8) {
array[i] = 0xff;
mask -= 8;
} else if (mask > 0) {
array[i] = (unsigned char) (0xff << (8 - mask));
mask = 0;
} else {
array[i] = 0;
}
}
return 0;
}
/* parse a location string containing either an ipv4/ipv4 + hostmask tuple
or a dnsname into a struct hostspec.
returns 0 on success, non-0 on error (might be memory allocation, bogus
ip address or mask).
*/
int hostspec_parse(char *location, struct hostspec *h) {
char *mask, ip_dst[IPV6_LEN];
h->type = HST_NONE;
if(!location) return 0;
memset(h, 0, sizeof(*h));
if ((mask = strrchr(location, '/')))
*(mask++) = 0;
/*
* Check for a valid IP address (the simplest case) first.
*/
if (full_inet_pton (location, ip_dst) > 0) {
h->type = HST_NUMERIC;
memcpy (h->address.ip.network, ip_dst, IPV6_LEN);
if(!mask) memset (h->address.ip.mask, 0xff, IPV6_LEN);
else {
char dst[sizeof(struct in6_addr)];
int v6, i;
/* Check if the IP address before the netmask is
* an IPv6 address */
if (inet_pton(AF_INET6, location, dst) > 0)
v6 = 1;
else
v6 = 0;
if (fill_netmask_array
(mask, v6, &(h->address.ip.mask[0]))
< 0)
goto err;
for (i = 0; i < IPV6_LEN; i++)
h->address.ip.network[i] = ip_dst[i] &
h->address.ip.mask[i];
}
} else {
/* either bogus IP or hostname */
/* bogus ipv6 ? */
if (mask || strchr (location, ':'))
goto err;
/* In all likelihood a string */
h->type = HST_STRING;
h->address.string = safestrdup (location);
if (!h->address.string)
goto err;
}
/* restore mask */
if(mask) *(--mask) = '/';
return 0;
err:;
if(mask) *(--mask) = '/';
return -1;
}
static int string_match(const char *ip, const char *addrspec)
{
size_t test_length, match_length;
if(!strcasecmp(ip, addrspec)) return 1;
if(addrspec[0] != '.') return 0;
test_length = strlen (ip);
match_length = strlen (addrspec);
if (test_length < match_length) return 0;
return (strcasecmp
(ip + (test_length - match_length),
addrspec) == 0);
}
static int numeric_match(const uint8_t addr[], const struct hostspec *h)
{
uint8_t x, y;
int i;
for (i = 0; i != IPV6_LEN; ++i) {
x = addr[i] & h->address.ip.mask[i];
y = h->address.ip.network[i];
/* If x and y don't match, the IP addresses don't match */
if (x != y)
return 0;
}
return 1;
}
/* check whether ip matches hostspec.
return 1 on match, 0 on non-match */
int hostspec_match(const char *ip, const struct hostspec *h) {
int is_numeric_addr;
uint8_t numeric_addr[IPV6_LEN];
if (ip[0] == '\0') return 0;
is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);
switch (h->type) {
case HST_STRING:
if(is_numeric_addr) return 0;
return string_match (ip, h->address.string);
case HST_NUMERIC:
return numeric_match (numeric_addr, h);
case HST_NONE:
return 0;
}
return 0;
}

26
src/hostspec.h Normal file
View File

@ -0,0 +1,26 @@
#ifndef HOSTSPEC_H
#define HOSTSPEC_H
#define IPV6_LEN 16
enum hostspec_type {
HST_NONE,
HST_STRING,
HST_NUMERIC,
};
struct hostspec {
enum hostspec_type type;
union {
char *string;
struct {
unsigned char network[IPV6_LEN];
unsigned char mask[IPV6_LEN];
} ip;
} address;
};
int hostspec_parse(char *domain, struct hostspec *h);
int hostspec_match(const char *ip, const struct hostspec *h);
#endif

222
src/hsearch.c Normal file
View File

@ -0,0 +1,222 @@
/*
musl license, hsearch.c originally written by Szabolcs Nagy
Copyright © 2005-2020 Rich Felker, et al.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <stdlib.h>
#include <string.h>
#include "hsearch.h"
/*
open addressing hash table with 2^n table size
quadratic probing is used in case of hash collision
tab indices and hash are size_t
after resize fails with ENOMEM the state of tab is still usable
*/
typedef struct htab_entry {
char *key;
htab_value data;
} htab_entry;
struct elem {
htab_entry item;
size_t hash;
};
struct htab {
struct elem *elems;
size_t mask;
size_t used;
size_t seed;
size_t dead;
};
#define MINSIZE 8
#define MAXSIZE ((size_t)-1/2 + 1)
#define CASE_INSENSITIVE
#ifdef CASE_INSENSITIVE
#include <ctype.h>
#include <strings.h>
#define LOWER_OR_NOT(X) tolower(X)
#define STRCMP(X, Y) strcasecmp(X, Y)
#else
#define LOWER_OR_NOT(X) X
#define STRCMP(X, Y) strcmp(X, Y)
#endif
static size_t keyhash(const char *k, size_t seed)
{
const unsigned char *p = (const void *)k;
size_t h = seed;
while (*p)
h = 31*h + LOWER_OR_NOT(*p++);
return h;
}
static int resize(struct htab *htab, size_t nel)
{
size_t newsize;
size_t i, j;
size_t oldmask = htab->mask;
struct elem *e, *newe;
struct elem *oldtab = htab->elems;
struct elem *oldend;
if (nel > MAXSIZE)
nel = MAXSIZE;
for (newsize = MINSIZE; newsize < nel; newsize *= 2);
htab->elems = calloc(newsize, sizeof *htab->elems);
if (!htab->elems) {
htab->elems = oldtab;
return 0;
}
htab->mask = newsize - 1;
if (!oldtab)
return 1;
oldend = oldtab + oldmask + 1;
for (e = oldtab; e < oldend; e++)
if (e->item.key) {
for (i=e->hash,j=1; ; i+=j++) {
newe = htab->elems + (i & htab->mask);
if (!newe->item.key)
break;
}
*newe = *e;
}
free(oldtab);
return 1;
}
static struct elem *lookup(struct htab *htab, const char *key, size_t hash, size_t dead)
{
size_t i, j;
struct elem *e;
for (i=hash,j=1; ; i+=j++) {
e = htab->elems + (i & htab->mask);
if ((!e->item.key && (!e->hash || e->hash == dead)) ||
(e->hash==hash && STRCMP(e->item.key, key)==0))
break;
}
return e;
}
struct htab *htab_create(size_t nel)
{
struct htab *r = calloc(1, sizeof *r);
if(r && !resize(r, nel)) {
free(r);
r = 0;
}
r->seed = rand();
return r;
}
void htab_destroy(struct htab *htab)
{
free(htab->elems);
free(htab);
}
static struct elem *htab_find_elem(struct htab *htab, const char* key)
{
size_t hash = keyhash(key, htab->seed);
struct elem *e = lookup(htab, key, hash, 0);
if (e->item.key) {
return e;
}
return 0;
}
htab_value* htab_find(struct htab *htab, const char* key)
{
struct elem *e = htab_find_elem(htab, key);
if(!e) return 0;
return &e->item.data;
}
htab_value* htab_find2(struct htab *htab, const char* key, char **saved_key)
{
struct elem *e = htab_find_elem(htab, key);
if(!e) return 0;
*saved_key = e->item.key;
return &e->item.data;
}
int htab_delete(struct htab *htab, const char* key)
{
struct elem *e = htab_find_elem(htab, key);
if(!e) return 0;
e->item.key = 0;
e->hash = 0xdeadc0de;
--htab->used;
++htab->dead;
return 1;
}
int htab_insert(struct htab *htab, char* key, htab_value value)
{
size_t hash = keyhash(key, htab->seed), oh;
struct elem *e = lookup(htab, key, hash, 0xdeadc0de);
if(e->item.key) {
/* it's not allowed to overwrite existing data */
return 0;
}
oh = e->hash; /* save old hash in case it's tombstone marker */
e->item.key = key;
e->item.data = value;
e->hash = hash;
if (++htab->used + htab->dead > htab->mask - htab->mask/4) {
if (!resize(htab, 2*htab->used)) {
htab->used--;
e->item.key = 0;
e->hash = oh;
return 0;
}
htab->dead = 0;
} else if (oh == 0xdeadc0de) {
/* re-used tomb */
--htab->dead;
}
return 1;
}
size_t htab_next(struct htab *htab, size_t iterator, char** key, htab_value **v)
{
size_t i;
for(i=iterator;i<htab->mask+1;++i) {
struct elem *e = htab->elems + i;
if(e->item.key) {
*key = e->item.key;
*v = &e->item.data;
return i+1;
}
}
return 0;
}

23
src/hsearch.h Normal file
View File

@ -0,0 +1,23 @@
#ifndef HSEARCH_H
#define HSEARCH_H
#include <stdlib.h>
typedef union htab_value {
void *p;
size_t n;
} htab_value;
#define HTV_N(N) (htab_value) {.n = N}
#define HTV_P(P) (htab_value) {.p = P}
struct htab * htab_create(size_t);
void htab_destroy(struct htab *);
htab_value* htab_find(struct htab *, const char* key);
/* same as htab_find, but can retrieve the saved key (for freeing) */
htab_value* htab_find2(struct htab *htab, const char* key, char **saved_key);
int htab_insert(struct htab *, char*, htab_value);
int htab_delete(struct htab *htab, const char* key);
size_t htab_next(struct htab *, size_t iterator, char** key, htab_value **v);
#endif

320
src/html-error.c Normal file
View File

@ -0,0 +1,320 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2003 Steven Young <sdyoung@miranda.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* This file contains source code for the handling and display of
* HTML error pages with variable substitution.
*/
#include "common.h"
#include "main.h"
#include "buffer.h"
#include "conns.h"
#include "heap.h"
#include "html-error.h"
#include "network.h"
#include "utils.h"
#include "conf.h"
#include "log.h"
#include <regex.h>
/*
* Add an error number -> filename mapping to the errorpages list.
*/
#define ERRORNUM_BUFSIZE 8 /* this is more than required */
#define ERRPAGES_BUCKETCOUNT 16
int add_new_errorpage (struct config_s *conf, char *filepath,
unsigned int errornum)
{
char errornbuf[ERRORNUM_BUFSIZE], *k;
if (!conf->errorpages)
conf->errorpages = htab_create (ERRPAGES_BUCKETCOUNT);
if (!conf->errorpages)
return (-1);
snprintf (errornbuf, ERRORNUM_BUFSIZE, "%u", errornum);
k = safestrdup(errornbuf);
if (!k) return -1;
if (!htab_insert (conf->errorpages, k, HTV_P(filepath))) {
safefree(k);
return (-1);
}
return (0);
}
/*
* Get the file appropriate for a given error.
*/
static char *get_html_file (unsigned int errornum)
{
char errornbuf[ERRORNUM_BUFSIZE];
htab_value *hv;
assert (errornum >= 100 && errornum < 1000);
if (!config->errorpages)
return (config->errorpage_undef);
snprintf (errornbuf, ERRORNUM_BUFSIZE, "%u", errornum);
hv = htab_find (config->errorpages, errornbuf);
if (!hv) return (config->errorpage_undef);
return hv->p;
}
static char *lookup_variable (struct htab *map, const char *varname) {
htab_value *v;
v = htab_find(map, varname);
return v ? v->p : 0;
}
static void varsubst_sendline(struct conn_s *connptr, regex_t *re, char *p) {
int fd = connptr->client_fd;
while(*p) {
regmatch_t match;
char varname[32+1], *varval;
size_t l;
int st = regexec(re, p, 1, &match, 0);
if(st == 0) {
if(match.rm_so > 0) safe_write(fd, p, match.rm_so);
l = match.rm_eo - match.rm_so;
assert(l>2 && l-2 < sizeof(varname));
p += match.rm_so;
memcpy(varname, p+1, l-2);
varname[l-2] = 0;
varval = lookup_variable(connptr->error_variables, varname);
if(varval) write_message(fd, "%s", varval);
else if(varval && !*varval) write_message(fd, "(unknown)");
else safe_write(fd, p, l);
p += l;
} else {
write_message(fd, "%s", p);
break;
}
}
}
/*
* Send an already-opened file to the client with variable substitution.
*/
int
send_html_file (FILE *infile, struct conn_s *connptr)
{
regex_t re;
char *inbuf = safemalloc (4096);
(void) regcomp(&re, "{[a-z]\\{1,32\\}}", 0);
while (fgets (inbuf, 4096, infile)) {
varsubst_sendline(connptr, &re, inbuf);
}
regfree (&re);
safefree (inbuf);
return 1;
}
int send_http_headers (
struct conn_s *connptr, int code,
const char *message, const char *extra)
{
const char headers[] =
"HTTP/1.%u %d %s\r\n"
"Server: %s\r\n"
"Content-Type: text/html\r\n"
"%s"
"Connection: close\r\n" "\r\n";
return (write_message (connptr->client_fd, headers,
connptr->protocol.major != 1 ? 0 : connptr->protocol.minor,
code, message, PACKAGE,
extra));
}
/*
* Display an error to the client.
*/
int send_http_error_message (struct conn_s *connptr)
{
char *error_file;
FILE *infile;
int ret;
const char *fallback_error =
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" "
"\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"
"<html>\n"
"<head><title>%d %s</title></head>\n"
"<body>\n"
"<h1>%s</h1>\n"
"<p>%s</p>\n"
"<hr />\n"
"<p><em>Generated by %s.</em></p>\n" "</body>\n"
"</html>\n";
/* according to rfc7235, the 407 error must be accompanied by
a Proxy-Authenticate header field. */
const char *auth_str_type =
connptr->error_number == 407 ? "Proxy-Authenticate" :
(connptr->error_number == 401 ? "WWW-Authenticate" : "");
const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n";
char* auth_str_add = NULL;
if (auth_str_type[0] != 0) {
int auth_str_size = snprintf (NULL, 0, auth_str_tpl,
auth_str_type, config->basicauth_realm) + 1;
if (auth_str_size > 0) {
auth_str_add = safemalloc (auth_str_size);
if (auth_str_add != NULL) {
snprintf (auth_str_add, auth_str_size, auth_str_tpl,
auth_str_type, config->basicauth_realm);
}
}
}
send_http_headers (connptr, connptr->error_number,
connptr->error_string, auth_str_add ? auth_str_add : "");
if (auth_str_add) safefree (auth_str_add);
error_file = get_html_file (connptr->error_number);
if (!error_file || !(infile = fopen (error_file, "r"))) {
char *detail;
if (error_file) log_message (LOG_ERR,
"Error opening error file '%s' (%s)",
error_file, strerror (errno));
detail = lookup_variable (connptr->error_variables, "detail");
return (write_message (connptr->client_fd, fallback_error,
connptr->error_number,
connptr->error_string,
connptr->error_string,
detail, PACKAGE));
}
ret = send_html_file (infile, connptr);
fclose (infile);
return (ret);
}
/*
* Add a key -> value mapping for HTML file substitution.
*/
#define ERRVAR_BUCKETCOUNT 16
int
add_error_variable (struct conn_s *connptr, const char *key, const char *val)
{
char *k, *v;
if (!connptr->error_variables)
if (!
(connptr->error_variables =
htab_create (ERRVAR_BUCKETCOUNT)))
return (-1);
k = safestrdup(key);
v = safestrdup(val);
if (!v || !k) goto oom;
if(htab_insert (connptr->error_variables, k, HTV_P(v)))
return 1;
oom:;
safefree(k);
safefree(v);
return -1;
}
#define ADD_VAR_RET(x, y) \
do { \
if (y == NULL) \
break; \
if (add_error_variable(connptr, x, y) < 0) \
return -1; \
} while (0)
/*
* Set some standard variables used by all HTML pages
*/
int add_standard_vars (struct conn_s *connptr)
{
char errnobuf[16];
char timebuf[30];
time_t global_time;
struct tm tm_buf;
snprintf (errnobuf, sizeof errnobuf, "%d", connptr->error_number);
ADD_VAR_RET ("errno", errnobuf);
ADD_VAR_RET ("cause", connptr->error_string);
ADD_VAR_RET ("request", connptr->request_line);
ADD_VAR_RET ("clientip", connptr->client_ip_addr);
/* The following value parts are all non-NULL and will
* trigger warnings in ADD_VAR_RET(), so we use
* add_error_variable() directly.
*/
global_time = time (NULL);
strftime (timebuf, sizeof (timebuf), "%a, %d %b %Y %H:%M:%S GMT",
gmtime_r (&global_time, &tm_buf));
add_error_variable (connptr, "date", timebuf);
add_error_variable (connptr, "website",
"https://tinyproxy.github.io/");
add_error_variable (connptr, "version", VERSION);
add_error_variable (connptr, "package", PACKAGE);
return (0);
}
/*
* Add the error information to the conn structure.
*/
int
indicate_http_error (struct conn_s *connptr, int number,
const char *message, ...)
{
va_list ap;
char *key, *val;
va_start (ap, message);
while ((key = va_arg (ap, char *))) {
val = va_arg (ap, char *);
if (add_error_variable (connptr, key, val) == -1) {
va_end (ap);
return (-1);
}
}
connptr->error_number = number;
connptr->error_string = safestrdup (message);
va_end (ap);
return (add_standard_vars (connptr));
}

39
src/html-error.h Normal file
View File

@ -0,0 +1,39 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2003 Steven Young <sdyoung@miranda.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'html-error.c' for detailed information. */
#ifndef TINYPROXY_HTML_ERROR_H
#define TINYPROXY_HTML_ERROR_H
/* Forward declaration */
struct conn_s;
struct config_s;
extern int add_new_errorpage (struct config_s *, char *filepath, unsigned int errornum);
extern int send_http_error_message (struct conn_s *connptr);
extern int indicate_http_error (struct conn_s *connptr, int number,
const char *message, ...);
extern int add_error_variable (struct conn_s *connptr, const char *key,
const char *val);
extern int send_html_file (FILE * infile, struct conn_s *connptr);
extern int send_http_headers (struct conn_s *connptr, int code,
const char *message, const char *extra);
extern int add_standard_vars (struct conn_s *connptr);
#endif /* !TINYPROXY_HTML_ERROR_H */

272
src/http-message.c Normal file
View File

@ -0,0 +1,272 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2003 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'http-message.h' for detailed information. */
#include "common.h"
#include "heap.h"
#include "http-message.h"
#include "network.h"
/*
* Package up an HTTP message into a nice little structure. As you can
* see this structure doesn't actually store any allocated strings;
* therefore, the caller must free any memory referenced by this struct.
* Also, the caller MUST NOT free the memory while the structure is
* still in use---bad things would happen.
*/
struct http_message_s {
/* Response string and code supplied on the HTTP status line */
struct {
const char *string;
int code;
} response;
/*
* A group of headers to be sent with this message. Right now
* the strings are referenced through pointers in an array.
* I might change this to a vector in the future.
*/
struct {
const char **strings;
unsigned int total;
unsigned int used;
} headers;
/* Body of the message (most likely an HTML message) */
struct {
const char *text;
size_t length;
} body;
};
/*
* Check if the HTTP message is validly formed. This is the one odd-ball
* function. It returns 0 if the message is invalid; otherwise, a positive
* number is returned. Useful for if() tests and assert() tests.
*/
static int is_http_message_valid (http_message_t msg)
{
if (msg == NULL)
return 0;
if (msg->headers.strings == NULL)
return 0;
if (msg->response.string == NULL)
return 0;
if (msg->response.code < 1 || msg->response.code > 999)
return 0;
return 1;
}
/* Initially allocate space for 128 headers */
#define NUMBER_OF_HEADERS 128
/*
* Allocate a new http_message structure on the heap.
* If memory could not be allocated, return a NULL.
*/
http_message_t
http_message_create (int response_code, const char *response_string)
{
http_message_t msg;
int ret;
msg =
(struct http_message_s *) safecalloc (1,
sizeof (struct
http_message_s));
if (msg == NULL)
return NULL;
msg->headers.strings = (const char **) safecalloc (NUMBER_OF_HEADERS,
sizeof (char *));
if (msg->headers.strings == NULL) {
safefree (msg);
return NULL;
}
msg->headers.total = NUMBER_OF_HEADERS;
/* Store the HTTP response information in the structure */
ret = http_message_set_response (msg, response_code, response_string);
if (IS_HTTP_MSG_ERROR (ret)) {
safefree (msg->headers.strings);
safefree (msg);
return NULL;
}
return msg;
}
/*
* Free up the space associated with this HTTP message structure.
* This DOES NOT free the pointers stored in this structure. That memory
* is the responsibility of the caller.
*/
int http_message_destroy (http_message_t msg)
{
assert (msg != NULL);
assert (msg->headers.strings != NULL);
/* Check for valid arguments */
if (msg == NULL)
return -EFAULT;
if (msg->headers.strings != NULL)
safefree (msg->headers.strings);
safefree (msg);
return 0;
}
/*
* Set the HTTP response information for this structure. The response_string
* must be a NUL ('\0') terminated C string.
*/
int
http_message_set_response (http_message_t msg,
int response_code, const char *response_string)
{
/* Check for valid arguments */
if (msg == NULL)
return -EFAULT;
if (response_code < 1 || response_code > 999)
return -EINVAL;
if (response_string == NULL)
return -EINVAL;
if (strlen (response_string) == 0)
return -EINVAL;
msg->response.code = response_code;
msg->response.string = response_string;
return 0;
}
/*
* Set the HTTP message body.
*/
int http_message_set_body (http_message_t msg, const char *body, size_t len)
{
/* Check for valid arguments */
if (msg == NULL)
return -EFAULT;
if (body == NULL)
return -EINVAL;
if (len == 0)
return -EINVAL;
msg->body.text = body;
msg->body.length = len;
return 0;
}
/*
* Add headers to the structure.
*/
int
http_message_add_headers (http_message_t msg, const char **headers,
unsigned int num_headers)
{
const char **new_headers;
unsigned int i;
/* Check for valid arguments */
if (msg == NULL)
return -EFAULT;
if (headers == NULL)
return -EINVAL;
/*
* If the number of headers to add is greater than the space
* available, reallocate the memory.
*/
if (msg->headers.used + num_headers > msg->headers.total) {
new_headers =
(const char **) safecalloc (msg->headers.total * 2,
sizeof (char *));
if (new_headers == NULL)
return -ENOMEM;
/* Copy the array */
for (i = 0; i != msg->headers.used; ++i)
new_headers[i] = msg->headers.strings[i];
/* Remove the old array and replace it with the new array */
safefree (msg->headers.strings);
msg->headers.strings = new_headers;
msg->headers.total *= 2;
}
/*
* Add the new headers to the structure
*/
for (i = 0; i != num_headers; ++i)
msg->headers.strings[i + msg->headers.used] = headers[i];
msg->headers.used += num_headers;
return 0;
}
/*
* Send the completed HTTP message via the supplied file descriptor.
*/
int http_message_send (http_message_t msg, int fd)
{
char timebuf[30];
time_t global_time;
unsigned int i;
struct tm tm_buf;
assert (is_http_message_valid (msg));
/* Check for valid arguments */
if (msg == NULL)
return -EFAULT;
if (fd < 1)
return -EBADF;
if (!is_http_message_valid (msg))
return -EINVAL;
/* Write the response line */
write_message (fd, "HTTP/1.0 %d %s\r\n",
msg->response.code, msg->response.string);
/* Go through all the headers */
for (i = 0; i != msg->headers.used; ++i)
write_message (fd, "%s\r\n", msg->headers.strings[i]);
/* Output the date */
global_time = time (NULL);
strftime (timebuf, sizeof (timebuf), "%a, %d %b %Y %H:%M:%S GMT",
gmtime_r (&global_time, &tm_buf));
write_message (fd, "Date: %s\r\n", timebuf);
/* Output the content-length */
write_message (fd, "Content-length: %lu\r\n", (unsigned long) msg->body.length);
/* Write the separator between the headers and body */
safe_write (fd, "\r\n", 2);
/* If there's a body, send it! */
if (msg->body.length > 0)
safe_write (fd, msg->body.text, msg->body.length);
return 0;
}

94
src/http-message.h Normal file
View File

@ -0,0 +1,94 @@
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 2003 Robert James Kaes <rjkaes@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* HTTP Message API
* ----------------
* The idea behind this application programming interface (API) is to
* represent an HTTP response message as a concrete entity. The API
* functions allow the message to be built up systematically before
* transmission to a connected socket.
*
* The order of the functions in your program would look something like
* this:
* http_message_create()
* http_message_set_response()
* http_message_set_body() [optional if no body is required]
* http_message_add_headers() [optional if no additional headers are used]
* http_message_send()
* http_message_destroy()
*
* NOTE: No user data is stored in the http_message_t type; therefore,
* do not delete strings referenced by the http_message_t object
* before you call http_message_destroy(). By not copying data, the
* API functions are faster, but you must take greater care.
*
* (Side note: be _very_ careful when using stack allocated memory with
* this API. Bad things will happen if you try to pass the
* http_message_t out of the calling function since the stack
* allocated memory referenced by the http_message_t will no long
* exist.)
*/
#ifndef _TINYPROXY_HTTP_MESSAGE_H_
#define _TINYPROXY_HTTP_MESSAGE_H_
/* Use the "http_message_t" as a cookie or handle to the structure. */
typedef struct http_message_s *http_message_t;
/*
* Macro to test if an error occurred with the API. All the HTTP message
* functions will return 0 if no error occurred, or a negative number if
* there was a problem.
*/
#define IS_HTTP_MSG_ERROR(x) (x < 0)
/* Initialize the internal structure of the HTTP message */
extern http_message_t http_message_create (int response_code,
const char *response_string);
/* Free up an _internal_ resources */
extern int http_message_destroy (http_message_t msg);
/*
* Send an HTTP message via the supplied file descriptor. This function
* will add the "Date" header before it's sent.
*/
extern int http_message_send (http_message_t msg, int fd);
/*
* Change the internal state of the HTTP message. Either set the
* body of the message, update the response information, or
* add a new set of headers.
*/
extern int http_message_set_body (http_message_t msg,
const char *body, size_t len);
extern int http_message_set_response (http_message_t msg,
int response_code,
const char *response_string);
/*
* Set the headers for this HTTP message. Each string must be NUL ('\0')
* terminated, but DO NOT include any carriage returns (CR) or
* line-feeds (LF) since they will be included when the http_message is
* sent.
*/
extern int http_message_add_headers (http_message_t msg,
const char **headers,
unsigned int num_headers);
#endif /* _TINYPROXY_HTTP_MESSAGE_H_ */

354
src/log.c
View File

@ -1,116 +1,318 @@
/* $Id: log.c,v 1.15 2001-10-25 17:27:39 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
* Copyright (C) 1999 Robert James Kaes <rjkaes@users.sourceforge.net>
* Copyright (C) 2009 Michael Adam <obnox@samba.org>
*
* Logs the various messages which tinyproxy produces to either a log file or
* the syslog daemon. Not much to it...
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 1998 Steven Young
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "tinyproxy.h"
/* Logs the various messages which tinyproxy produces to either a log file
* or the syslog daemon. Not much to it...
*/
#include "main.h"
#include "heap.h"
#include "log.h"
#include "utils.h"
#include "sblist.h"
#include "conf.h"
#include <pthread.h>
static char *syslog_level[] = {
NULL,
NULL,
"CRITICAL",
"ERROR",
"WARNING",
"NOTICE",
"INFO",
"DEBUG",
"CONNECT"
static const char *syslog_level[] = {
NULL,
NULL,
"CRITICAL",
"ERROR",
"WARNING",
"NOTICE",
"INFO",
"DEBUG",
"CONNECT"
};
#define TIME_LENGTH 16
#define STRING_LENGTH 800
static pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER;
/*
* Global file descriptor for the log file
*/
int log_file_fd = -1;
/*
* Store the log level setting.
*/
static short int log_level = LOG_ERR;
static int log_level = LOG_INFO;
/*
* Hold a listing of log messages which need to be sent once the log
* file has been established.
* The key is the actual messages (already filled in full), and the value
* is the log level.
*/
static sblist *log_message_storage;
static unsigned int logging_initialized = FALSE; /* boolean */
/*
* Open the log file and store the file descriptor in a global location.
*/
int open_log_file (const char *log_file_name)
{
if (log_file_name == NULL) {
log_file_fd = fileno(stdout);
} else {
log_file_fd = create_file_safely (log_file_name, FALSE);
}
return log_file_fd;
}
/*
* Close the log file
*/
void close_log_file (void)
{
if (log_file_fd < 0 || log_file_fd == fileno(stdout)) {
return;
}
close (log_file_fd);
log_file_fd = -1;
}
/*
* Set the log level for writing to the log file.
*/
void set_log_level(short int level)
void set_log_level (int level)
{
log_level = level;
log_level = level;
}
/*
* This routine logs messages to either the log file or the syslog function.
*/
void log_message(short int level, char *fmt, ...)
void log_message (int level, const char *fmt, ...)
{
va_list args;
time_t nowtime;
FILE *cf;
va_list args;
struct timespec nowtime;
struct tm tm_buf;
char time_string[TIME_LENGTH];
#if defined(HAVE_SYSLOG_H) && !defined(HAVE_VSYSLOG_H)
char str[STRING_LENGTH];
#endif
char time_string[TIME_LENGTH];
char str[STRING_LENGTH];
ssize_t ret;
#ifdef NDEBUG
/*
* Figure out if we should write the message or not.
*/
if (log_level == LOG_CONN) {
if (level == LOG_INFO)
return;
} else if (log_level == LOG_INFO) {
if (level > LOG_INFO && level != LOG_CONN)
return;
} else if (level > log_level)
return;
/*
* Figure out if we should write the message or not.
*/
if (log_level == LOG_CONN) {
if (level == LOG_INFO)
return;
} else if (log_level == LOG_INFO) {
if (level > LOG_INFO && level != LOG_CONN)
return;
} else if (level > log_level)
return;
#endif
if (config && config->syslog && level == LOG_CONN)
level = LOG_INFO;
#ifdef HAVE_SYSLOG_H
if (config.syslog && level == LOG_CONN)
level = LOG_INFO;
va_start (args, fmt);
/*
* If the config file hasn't been processed, then we need to store
* the messages for later processing.
*/
if (!logging_initialized) {
char *entry_buffer;
if (!log_message_storage) {
log_message_storage = sblist_new (sizeof(char*), 64);
if (!log_message_storage)
goto out;
}
vsnprintf (str, STRING_LENGTH, fmt, args);
entry_buffer = (char *) safemalloc (strlen (str) + 6);
if (!entry_buffer)
goto out;
sprintf (entry_buffer, "%d %s", level, str);
if(!sblist_add (log_message_storage, &entry_buffer))
safefree (entry_buffer);
goto out;
}
if(!config->syslog && log_file_fd == -1)
goto out;
if (config->syslog) {
pthread_mutex_lock(&log_mutex);
#ifdef HAVE_VSYSLOG_H
vsyslog (level, fmt, args);
#else
vsnprintf (str, STRING_LENGTH, fmt, args);
syslog (level, "%s", str);
#endif
pthread_mutex_unlock(&log_mutex);
} else {
char *p;
va_start(args, fmt);
clock_gettime(CLOCK_REALTIME, &nowtime);
/* Format is month day hour:minute:second (24 time) */
strftime (time_string, TIME_LENGTH, "%b %d %H:%M:%S",
localtime_r (&nowtime.tv_sec, &tm_buf));
#ifdef HAVE_SYSLOG_H
if (config.syslog) {
# ifdef HAVE_VSYSLOG_H
vsyslog(level, fmt, args);
# else
vsnprintf(str, STRING_LENGTH, fmt, args);
syslog(level, "%s", str);
# endif
} else {
#endif
nowtime = time(NULL);
/* Format is month day hour:minute:second (24 time) */
strftime(time_string, TIME_LENGTH, "%b %d %H:%M:%S",
localtime(&nowtime));
snprintf (str, STRING_LENGTH, "%-9s %s.%03lu [%ld]: ",
syslog_level[level], time_string,
(unsigned long) nowtime.tv_nsec/1000000ul,
(long int) getpid ());
if (!(cf = config.logf))
cf = stderr;
/*
* Overwrite the '\0' and leave room for a trailing '\n'
* be added next.
*/
p = str + strlen(str);
vsnprintf (p, STRING_LENGTH - strlen(str) - 1, fmt, args);
fprintf(cf, "%-9s %s [%ld]: ", syslog_level[level],
time_string, (long int)getpid());
vfprintf(cf, fmt, args);
fprintf(cf, "\n");
fflush(cf);
#ifdef HAVE_SYSLOG_H
}
#endif
p = str + strlen(str);
*p = '\n';
*(p+1) = '\0';
va_end(args);
assert (log_file_fd >= 0);
pthread_mutex_lock(&log_mutex);
ret = write (log_file_fd, str, strlen (str));
pthread_mutex_unlock(&log_mutex);
if (ret == -1) {
config->syslog = TRUE;
log_message(LOG_CRIT, "ERROR: Could not write to log "
"file %s: %s.",
config->logf_name, strerror(errno));
log_message(LOG_CRIT,
"Falling back to syslog logging");
}
pthread_mutex_lock(&log_mutex);
fsync (log_file_fd);
pthread_mutex_unlock(&log_mutex);
}
out:
va_end (args);
}
/*
* This needs to send any stored log messages.
*/
static void send_stored_logs (void)
{
char **string;
char *ptr;
int level;
size_t i;
if (log_message_storage == NULL)
return;
log_message(LOG_DEBUG, "sending stored logs");
for (i = 0; i < sblist_getsize (log_message_storage); ++i) {
string = sblist_get (log_message_storage, i);
if (!string || !*string) continue;
ptr = strchr (*string, ' ') + 1;
level = atoi (*string);
#ifdef NDEBUG
if (log_level == LOG_CONN && level == LOG_INFO)
continue;
else if (log_level == LOG_INFO) {
if (level > LOG_INFO && level != LOG_CONN)
continue;
} else if (level > log_level)
continue;
#endif
log_message (level, "%s", ptr);
safefree(*string);
}
sblist_free (log_message_storage);
log_message_storage = NULL;
log_message(LOG_DEBUG, "done sending stored logs");
}
/**
* Initialize the logging subsystem, based on the configuration.
* Returns 0 upon success, -1 upon failure.
*
* This function uses fprintf() instead of log_message(), since
* the logging is not yet set up...
*/
int setup_logging (void)
{
if (!config->syslog) {
if (open_log_file (config->logf_name) < 0) {
/*
* If opening the log file fails, we try
* to fall back to syslog logging...
*/
config->syslog = TRUE;
log_message (LOG_CRIT, "ERROR: Could not create log "
"file %s: %s.",
config->logf_name, strerror (errno));
log_message (LOG_CRIT,
"Falling back to syslog logging.");
}
}
if (config->syslog) {
openlog ("tinyproxy", LOG_PID, LOG_USER);
}
logging_initialized = TRUE;
send_stored_logs ();
return 0;
}
/**
* Stop the logging subsystem.
*/
void shutdown_logging (void)
{
if (!logging_initialized) {
return;
}
if (config->syslog) {
closelog ();
} else {
close_log_file ();
}
logging_initialized = FALSE;
}

70
src/log.h
View File

@ -1,21 +1,25 @@
/* $Id: log.h,v 1.7 2001-08-26 21:10:04 rjkaes Exp $
/* tinyproxy - A fast light-weight HTTP proxy
* Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
* Copyright (C) 1999 Robert James Kaes <rjkaes@users.sourceforge.net>
* Copyright (C) 2009 Michael Adam <obnox@samba.org>
*
* See 'log.c' for a detailed description.
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Copyright (C) 1998 Steven Young
* Copyright (C) 1999 Robert James Kaes (rjkaes@flarenet.com)
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/* See 'log.c' for detailed information. */
#ifndef TINYPROXY_LOG_H
#define TINYPROXY_LOG_H
@ -36,10 +40,10 @@
* Level Description
* ----- -----------
* LOG_CRIT This is catastrophic. Basically, tinyproxy can not recover
* from this and will either close the thread (if we're lucky),
* from this and will either close the child (if we're lucky),
* or the entire daemon. I would relegate this to conditions
* like unable to create the listening socket, or unable to
* create a thread. If you're going to log at this level provide
* create a child. If you're going to log at this level provide
* as much information as possible.
*
* LOG_ERR Okay, something bad happened. We can recover from this, but
@ -56,7 +60,7 @@
*
* LOG_NOTICE This is for a special condition. Nothing has gone wrong, but
* it is more important than the common LOG_INFO level. Right
* now it is used for actions like creating/destroying threads,
* now it is used for actions like creating/destroying children,
* unauthorized access, signal handling, etc.
*
* LOG_CONN This additional level is for logging connections only, so
@ -73,18 +77,14 @@
* don't advocate this, but it could be useful at times.)
*/
#ifdef HAVE_SYSLOG_H
# include <syslog.h>
#else
# define LOG_CRIT 2
# define LOG_ERR 3
# define LOG_WARNING 4
# define LOG_NOTICE 5
# define LOG_INFO 6
# define LOG_DEBUG 7
#endif
#include <syslog.h>
#define LOG_CONN 8 /* extra to log connections without the INFO stuff */
#define LOG_CONN 8 /* extra to log connections without the INFO stuff */
/* Suppress warnings when GCC is in -pedantic mode and not -std=c99 */
#if (__GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96))
#pragma GCC system_header
#endif
/*
* Use this for debugging. The format is specific:
@ -92,14 +92,22 @@
* DEBUG2("There was a big problem: %s in connptr %p", "hello", connptr);
*/
#ifndef NDEBUG
# define DEBUG1(x) log_message(LOG_DEBUG, "[%s:%d] " x, __FILE__, __LINE__)
# define DEBUG2(x, y...) log_message(LOG_DEBUG, "[%s:%d] " x, __FILE__, __LINE__, ## y)
# define DEBUG1(x) \
log_message(LOG_DEBUG, "[%s:%d] " x, __FILE__, __LINE__)
# define DEBUG2(x, y...) \
log_message(LOG_DEBUG, "[%s:%d] " x, __FILE__, __LINE__, ## y)
#else
# define DEBUG1(x) do { } while(0)
# define DEBUG2(x, y...) do { } while(0)
#endif
extern void log_message(short int level, char *fmt, ...);
extern void set_log_level(short int level);
extern int open_log_file (const char *file);
extern void close_log_file (void);
extern void log_message (int level, const char *fmt, ...);
extern void set_log_level (int level);
extern int setup_logging (void);
extern void shutdown_logging (void);
#endif

Some files were not shown because too many files have changed in this diff Show More