You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
180 lines
3.7 KiB
180 lines
3.7 KiB
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2006-2008 OpenWrt.org
|
|
|
|
START=90
|
|
USE_PROCD=1
|
|
|
|
PID_FILE="/var/run/stunnel.pid"
|
|
CONF_FILE="/tmp/stunnel.conf"
|
|
BIN="/usr/bin/stunnel"
|
|
SERVICE_SECTION_FOUND=0
|
|
|
|
global_defs() {
|
|
local debug compression
|
|
|
|
config_get alt_config_file 'globals' alt_config_file
|
|
[ -z "$alt_config_file" ] || return 0
|
|
|
|
# Set default settings
|
|
printf "foreground = yes\n" >> "$CONF_FILE"
|
|
printf "pid = %s\n" "$PID_FILE" >> "$CONF_FILE"
|
|
printf "syslog = yes\n" >> "$CONF_FILE"
|
|
|
|
config_get debug 'globals' debug '5'
|
|
printf "debug = %s\n" "$debug" >> "$CONF_FILE"
|
|
|
|
config_get compression 'globals' compression
|
|
[ -z "$compression" ] || printf "compression = %s\n" "$compression" >> "$CONF_FILE"
|
|
}
|
|
|
|
print_options() {
|
|
local config=$1
|
|
shift
|
|
for opt in "$@"; do
|
|
local $opt
|
|
local value
|
|
local is_boolean=0
|
|
|
|
if [ "${opt:0:5}" == "bool_" ]; then
|
|
opt="${opt:5}"
|
|
is_boolean=1
|
|
fi
|
|
|
|
config_get "value" "$config" "$opt"
|
|
[ -z "$value" ] || {
|
|
if [ "$value" = '1' ] && [ "$is_boolean" -eq "1" ]; then
|
|
value="yes"
|
|
elif [ "$value" = '0' ] && [ "$is_boolean" -eq "1" ] ; then
|
|
value="no"
|
|
fi
|
|
printf "%s = %s\n" "$opt" "$value" >> "$CONF_FILE"
|
|
}
|
|
done
|
|
}
|
|
|
|
print_list() {
|
|
local config=$1
|
|
shift
|
|
for opt in "$@"; do
|
|
local $opt
|
|
local elements
|
|
config_get "elements" "$config" "$opt"
|
|
for element in $elements; do
|
|
printf "%s = %s\n" "$opt" "$element" >> "$CONF_FILE"
|
|
done
|
|
done
|
|
}
|
|
|
|
print_list_colon() {
|
|
local config=$1
|
|
local value
|
|
shift
|
|
for opt in "$@"; do
|
|
local $opt
|
|
local elements
|
|
config_get "elements" "$config" "$opt"
|
|
for element in $elements; do
|
|
value="${value}:${element}"
|
|
done
|
|
printf "%s = %s\n" "$opt" "${value#*:}" >> "$CONF_FILE"
|
|
done
|
|
}
|
|
|
|
service_section() {
|
|
local cfg="$1"
|
|
local accept_host accept_port enabled
|
|
|
|
config_get_bool enabled "$cfg" 'enabled' '1'
|
|
[ ${enabled} -gt 0 ] || return 0
|
|
|
|
SERVICE_SECTION_FOUND=1
|
|
printf "\n" >> "$CONF_FILE"
|
|
printf "[%s]\n" "$cfg" >> "$CONF_FILE"
|
|
|
|
config_get accept_host "$cfg" accept_host 'localhost'
|
|
config_get accept_port "$cfg" accept_port
|
|
printf "accept = %s:%s\n" "$accept_host" "$accept_port" >> "$CONF_FILE"
|
|
|
|
print_options "$cfg" CApath \
|
|
CAfile \
|
|
cert \
|
|
CRLpath \
|
|
CRLfile \
|
|
curve \
|
|
logId \
|
|
debug \
|
|
engineId \
|
|
engineNum \
|
|
failover \
|
|
ident \
|
|
key \
|
|
local \
|
|
PSKidentity \
|
|
PSKsecrets \
|
|
sslVersion \
|
|
TIMEOUTbusy \
|
|
TIMEOUTclose \
|
|
TIMEOUTconnect \
|
|
TIMEOUTidle \
|
|
bool_delay \
|
|
bool_libwrap \
|
|
bool_reset \
|
|
bool_requireCert \
|
|
bool_verifyChain \
|
|
bool_verifyPeer \
|
|
bool_client
|
|
|
|
print_list "$cfg" checkEmail \
|
|
checkHost \
|
|
checkIP \
|
|
connect \
|
|
options
|
|
|
|
print_list_colon "$cfg" ciphers
|
|
}
|
|
|
|
process_config() {
|
|
local alt_config_file
|
|
|
|
rm -f "$CONF_FILE"
|
|
|
|
# First line
|
|
printf "; STunnel configuration file generated by uci\n" > "$CONF_FILE"
|
|
printf "; Written %s\n\n" "$(date +'%c')" >> "$CONF_FILE"
|
|
|
|
[ -f /etc/config/stunnel ] || return 0
|
|
|
|
config_load stunnel
|
|
global_defs
|
|
|
|
# If "alt_config_file" specified, use that instead
|
|
[ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && {
|
|
rm -f "$CONF_FILE"
|
|
# Symlink "alt_config_file" since it's a bit easier and safer
|
|
ln -s "$alt_config_file" "$CONF_FILE"
|
|
# Set section found to start service user hopfully knows what you does
|
|
SERVICE_SECTION_FOUND=1
|
|
return 0
|
|
}
|
|
|
|
config_foreach service_section service
|
|
}
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger "stunnel"
|
|
}
|
|
|
|
start_service() {
|
|
process_config
|
|
|
|
if [ "$SERVICE_SECTION_FOUND" = 1 ]; then
|
|
procd_open_instance
|
|
procd_set_param command "$BIN"
|
|
procd_append_param command "$CONF_FILE"
|
|
procd_set_param respawn
|
|
procd_set_param file "$CONF_FILE"
|
|
procd_close_instance
|
|
else
|
|
logger -t stunnel -p daemon.info "No uci service section enabled or found!"
|
|
fi
|
|
}
|