Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5662] branches/1.0
|
From: <abe...@us...> - 2012-09-04 03:18:12
|
Revision: 5662
http://astlinux.svn.sourceforge.net/astlinux/?rev=5662&view=rev
Author: abelbeck
Date: 2012-09-04 03:18:06 +0000 (Tue, 04 Sep 2012)
Log Message:
-----------
stunnel, add simultaneous server and client support...
New variables: STUNNEL_SERVERS, STUNNEL_CLIENTS, STUNNEL_SERVER_CERT and STUNNEL_CLIENT_CERT
Deprecated (but still work) variables: STUNNELSERVS and STUNNELCERT
Removed variable: STUNNEL_CLIENT boolean recently added
Modified Paths:
--------------
branches/1.0/package/stunnel/stunnel.init
branches/1.0/package/stunnel/stunnel.mk
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/stunnel/stunnel.init
===================================================================
--- branches/1.0/package/stunnel/stunnel.init 2012-09-03 20:12:34 UTC (rev 5661)
+++ branches/1.0/package/stunnel/stunnel.init 2012-09-04 03:18:06 UTC (rev 5662)
@@ -2,78 +2,118 @@
. /etc/rc.conf
+gen_stunnel_config()
+{
+ local type="$1" stunnel="$2" client="" IFS
+
+ if [ "$type" = "client" ]; then
+ client="yes"
+ fi
+
+ echo "; Autogenerated. Do not edit.
+${client:+
+client = $client}${SCERT:+
+cert = $SCERT}
+
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+
+setgid = $SUSER
+setuid = $SUSER
+debug = $SDEBUG
+pid = /var/run/stunnel/${type}.pid
+"
+
+ unset IFS
+ for i in $stunnel; do
+ LISTEN="$(echo $i | cut -d'~' -f1)"
+ HOST="$(echo $i | cut -d'~' -f2)"
+ SERVICE="$(echo $i | cut -d'~' -f3)"
+
+ if [ "$IPV6" = "yes" ]; then
+ # If LISTEN does not contain a ':' accept using IPv6/IPv4
+ case "$LISTEN" in
+ *:*) ;;
+ *) LISTEN=":::$LISTEN" ;;
+ esac
+ fi
+
+ echo "[$HOST-$SERVICE]
+accept = $LISTEN
+connect = $HOST:$SERVICE
+"
+ done
+}
+
init () {
- if [ -n "$STUNNELSERVS" ]; then
+ if [ -n "$STUNNELSERVS" -a -z "$STUNNEL_SERVERS" ]; then
+ STUNNEL_SERVERS="$STUNNELSERVS"
+ echo "stunnel: Config variable STUNNELSERVS is deprecated, use STUNNEL_SERVERS instead." >&2
+ fi
+ if [ -n "$STUNNEL_SERVERS" -o -n "$STUNNEL_CLIENTS" ]; then
+
SUSER="${STUNNELUSER:-nobody}"
SDEBUG="${STUNNEL_DEBUGLEVEL:-5}"
+ mkdir -p /tmp/etc/stunnel
mkdir -p /var/run/stunnel
chown ${SUSER}:${SUSER} /var/run/stunnel
- if [ "$STUNNEL_CLIENT" = "yes" ]; then
- SCLIENT="yes"
- SCERT="$STUNNELCERT"
- else # Server mode
- SCLIENT=""
- if [ -n "$STUNNELCERT" ]; then
- SCERT="$STUNNELCERT"
+ if [ -n "$STUNNEL_SERVERS" ]; then
+ if [ -n "$STUNNELCERT" -a -z "$STUNNEL_SERVER_CERT" ]; then
+ STUNNEL_SERVER_CERT="$STUNNELCERT"
+ echo "stunnel: Config variable STUNNELCERT is deprecated, use STUNNEL_SERVER_CERT instead." >&2
+ fi
+ if [ -n "$STUNNEL_SERVER_CERT" ]; then
+ SCERT="$STUNNEL_SERVER_CERT"
elif [ -n "$HTTPSCERT" ]; then
SCERT="$HTTPSCERT"
else
SCERT="/etc/ssl/mini_httpd.pem"
fi
+
+ gen_stunnel_config server "$STUNNEL_SERVERS" > /tmp/etc/stunnel/server.conf
fi
- echo "; Autogenerated. Do not edit.
-${SCLIENT:+
-client = $SCLIENT}${SCERT:+
-cert = $SCERT}
+ if [ -n "$STUNNEL_CLIENTS" ]; then
+ SCERT="$STUNNEL_CLIENT_CERT"
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
+ gen_stunnel_config client "$STUNNEL_CLIENTS" > /tmp/etc/stunnel/client.conf
+ fi
+ fi
-setgid = $SUSER
-setuid = $SUSER
-debug = $SDEBUG
-" > /tmp/etc/stunnel.conf
-
- for i in $STUNNELSERVS; do
- LISTEN="$(echo $i | cut -d'~' -f1)"
- HOST="$(echo $i | cut -d'~' -f2)"
- SERVICE="$(echo $i | cut -d'~' -f3)"
-
- if [ "$IPV6" = "yes" ]; then
- # If LISTEN does not contain a ':' accept using IPv6/IPv4
- case "$LISTEN" in
- *:*) ;;
- *) LISTEN=":::$LISTEN" ;;
- esac
- fi
-
- echo "[$HOST-$SERVICE]
-accept = $LISTEN
-connect = $HOST:$SERVICE
-" >> /tmp/etc/stunnel.conf
- done
+ if [ -z "$STUNNEL_SERVERS" -a -f /tmp/etc/stunnel/server.conf ]; then
+ rm /tmp/etc/stunnel/server.conf
fi
+ if [ -z "$STUNNEL_CLIENTS" -a -f /tmp/etc/stunnel/client.conf ]; then
+ rm /tmp/etc/stunnel/client.conf
+ fi
}
start () {
- if [ -f /etc/stunnel.conf ]; then
- echo "Starting stunnel..."
- stunnel /etc/stunnel.conf
+ if [ -f /etc/stunnel/server.conf ]; then
+ echo "Starting Stunnel Server Proxy..."
+ stunnel /etc/stunnel/server.conf
fi
+ if [ -f /etc/stunnel/client.conf ]; then
+ echo "Starting Stunnel Client Proxy..."
+ stunnel /etc/stunnel/client.conf
+ fi
}
stop () {
- if [ -f /var/run/stunnel/stunnel.pid ]; then
- echo "Stopping stunnel..."
- kill $(cat /var/run/stunnel/stunnel.pid) >/dev/null 2>&1
+ if [ -f /var/run/stunnel/server.pid ]; then
+ echo "Stopping Stunnel Server Proxy..."
+ kill $(cat /var/run/stunnel/server.pid) >/dev/null 2>&1
fi
+ if [ -f /var/run/stunnel/client.pid ]; then
+ echo "Stopping Stunnel Client Proxy..."
+ kill $(cat /var/run/stunnel/client.pid) >/dev/null 2>&1
+ fi
}
case $1 in
Modified: branches/1.0/package/stunnel/stunnel.mk
===================================================================
--- branches/1.0/package/stunnel/stunnel.mk 2012-09-03 20:12:34 UTC (rev 5661)
+++ branches/1.0/package/stunnel/stunnel.mk 2012-09-04 03:18:06 UTC (rev 5662)
@@ -15,7 +15,7 @@
--with-threads=fork
define STUNNEL_INSTALL_TARGET_CMDS
- ln -sf /tmp/etc/stunnel.conf $(TARGET_DIR)/etc/stunnel.conf
+ ln -snf /tmp/etc/stunnel $(TARGET_DIR)/etc/stunnel
$(INSTALL) -m 0755 -D package/stunnel/stunnel.init $(TARGET_DIR)/etc/init.d/stunnel
$(INSTALL) -m 0755 -D $(@D)/src/stunnel $(TARGET_DIR)/usr/sbin/stunnel
endef
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-03 20:12:34 UTC (rev 5661)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-09-04 03:18:06 UTC (rev 5662)
@@ -384,19 +384,20 @@
#SSHDROOT="yes"
## Stunnel support.
-## Listen on a TCP port using SSL, then relay that connection to a non-SSL TCP service. (STUNNEL_CLIENT="no")
-## Listen on a TCP port using non-SSL, then relay that connection to a SSL TCP service. (STUNNEL_CLIENT="yes")
-## Define 3 ~ (tilde) separated arguments for each tunnel
+## Listen on a TCP port using SSL, then relay that connection to a non-SSL TCP service. (STUNNEL_SERVERS)
+## Listen on a TCP port using non-SSL, then relay that connection to a SSL TCP service. (STUNNEL_CLIENTS)
+## Define 3 ~ (tilde) separated arguments for each tunnel, same format for server or client
## Arg1: Listen Port (or addr:port)
## Arg2: Connect to Host
## Arg3: Connect to Port
## Separate multiple tunnel definitions with a space
-#STUNNELSERVS="8443~192.168.111.11~80 993~mailserver~143"
+#STUNNEL_SERVERS="8443~192.168.111.11~80 993~mailserver~143"
+#STUNNEL_CLIENTS="127.0.0.1:10052~monitor.domain.com~10052"
##
-#STUNNEL_CLIENT="yes" # "yes" is to enable 'client' mode (listen non-SSL), defaults to 'server' mode (listen SSL)
-#STUNNEL_DEBUGLEVEL="5" # "0" is no debug, "2" is critical, "3" is errors, "5" is notice, "7" is full debugging
-#STUNNELCERT="/mnt/kd/ssl/stunnel.pem" # defaults to HTTPSCERT if defined, optional when STUNNEL_CLIENT="yes"
-#STUNNELUSER="root" # defaults to "nobody", do not change unless binding fails
+#STUNNEL_SERVER_CERT="/mnt/kd/ssl/stunnel.pem" # defaults to HTTPSCERT if STUNNEL_SERVER_CERT is not defined
+#STUNNEL_CLIENT_CERT="/mnt/kd/ssl/client.pem" # not required but eliminates man-in-the-middle attacks
+#STUNNEL_DEBUGLEVEL="5" # "0" is no debug, "2" is critical, "3" is errors, "5" is notice, "7" is full debugging
+#STUNNELUSER="root" # defaults to "nobody", do not change unless binding fails
## Service Advertisement (mDNS)
## If you define ADNAME, I will advertise all of the available services on
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
