diff options
| author | Florian Eckert <fe@dev.tdt.de> | 2017-11-10 15:23:28 +0100 |
|---|---|---|
| committer | Florian Eckert <fe@dev.tdt.de> | 2017-12-10 11:13:43 +0100 |
| commit | 5e0e6e053311ddf68ed9b285b6202b61e0a27c2e (patch) | |
| tree | 59363860962054b8e93f0341681c79acc96b947e /net/stunnel/files | |
| parent | 9355832f6b6d8cade6f4328ab47fec7da22fb0b7 (diff) | |
net/stunnel: add uci config support
Add uci config support.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Diffstat (limited to 'net/stunnel/files')
| -rw-r--r-- | net/stunnel/files/stunnel.init | 168 | ||||
| -rw-r--r-- | net/stunnel/files/stunnel.uci | 10 |
2 files changed, 176 insertions, 2 deletions
diff --git a/net/stunnel/files/stunnel.init b/net/stunnel/files/stunnel.init index e622205b8..d0b147e98 100644 --- a/net/stunnel/files/stunnel.init +++ b/net/stunnel/files/stunnel.init @@ -4,9 +4,173 @@ START=90 USE_PROCD=1 +PID_FILE="/var/run/stunnel.pid" +CONF_FILE="/tmp/stunnel.conf" +BIN="/usr/bin/stunnel" + +global_defs() { + local debug compression + + config_get alt_config_file 'globals' alt_config_file + [ -z "$alt_config_file" ] || return 0 + + # Set default settings + printf "foreground = yes\n" >> "$CONF_FILE" + printf "pid = %s\n" "$PID_FILE" >> "$CONF_FILE" + printf "syslog = yes\n" >> "$CONF_FILE" + + config_get debug 'globals' debug '5' + printf "debug = %s\n" "$debug" >> "$CONF_FILE" + + config_get compression 'globals' compression + [ -z "$compression" ] || printf "compression = %s\n" "$compression" >> "$CONF_FILE" +} + +print_options() { + local config=$1 + shift + for opt in "$@"; do + local $opt + local value + local is_boolean=0 + + if [ "${opt:0:5}" == "bool_" ]; then + opt="${opt:5}" + is_boolean=1 + fi + + config_get "value" "$config" "$opt" + [ -z "$value" ] || { + if [ "$value" = '1' ] && [ "$is_boolean" -eq "1" ]; then + value="yes" + elif [ "$value" = '0' ] && [ "$is_boolean" -eq "1" ] ; then + value="no" + fi + printf "%s = %s\n" "$opt" "$value" >> "$CONF_FILE" + } + done +} + +print_list() { + local config=$1 + shift + for opt in "$@"; do + local $opt + local elements + config_get "elements" "$config" "$opt" + for element in $elements; do + printf "%s = %s\n" "$opt" "$element" >> "$CONF_FILE" + done + done +} + +print_list_colon() { + local config=$1 + local value + shift + for opt in "$@"; do + local $opt + local elements + config_get "elements" "$config" "$opt" + for element in $elements; do + value="${value}:${element}" + done + printf "%s = %s\n" "$opt" "${value#*:}" >> "$CONF_FILE" + done +} + +service_section() { + local cfg="$1" + local accept_host accept_port + + printf "\n" >> "$CONF_FILE" + printf "[%s]\n" "$cfg" >> "$CONF_FILE" + + config_get accept_host "$cfg" accept_host 'localhost' + config_get accept_port "$cfg" accept_port + printf "accept = %s:%s\n" "$accept_host" "$accept_port" >> "$CONF_FILE" + + print_options "$cfg" CApath \ + CAfile \ + cert \ + CRLpath \ + CRLfile \ + curve \ + logId \ + debug \ + engineId \ + engineNum \ + failover \ + ident \ + key \ + local \ + PSKidentity \ + PSKsecrets \ + sslVersion \ + TIMEOUTbusy \ + TIMEOUTclose \ + TIMEOUTconnect \ + TIMEOUTidle \ + bool_delay \ + bool_libwrap \ + bool_reset \ + bool_requireCert \ + bool_verifyChain \ + bool_verifyPeer \ + bool_client + + print_list "$cfg" checkEmail \ + checkHost \ + checkIP \ + connect \ + options + + print_list_colon "$cfg" ciphers +} + +process_config() { + local alt_config_file + + rm -f "$CONF_FILE" + + # First line + printf "; STunnel configuration file generated by uci\n" > "$CONF_FILE" + printf "; Written %s\n\n" "$(date +'%c')" >> "$CONF_FILE" + + [ -f /etc/config/stunnel ] || return 0 + + config_load stunnel + global_defs + + # If "alt_config_file" specified, use that instead + [ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && { + rm -f "$CONF_FILE" + # Symlink "alt_config_file" since it's a bit easier and safer + ln -s "$alt_config_file" "$CONF_FILE" + return 0 + } + + config_foreach service_section service +} + +reload_service() { + process_config + # SIGHUP is used by stunnel to do init.d reload + procd_send_signal stunnel +} + +service_triggers() { + procd_add_reload_trigger "stunnel" +} + start_service() { procd_open_instance - procd_set_param command /usr/bin/stunnel /etc/stunnel/stunnel.conf - procd_set_param respawn # respawn automatically if something died + procd_set_param command "$BIN" + procd_append_param command "$CONF_FILE" + + process_config + + # set auto respawn behavior + procd_set_param respawn procd_close_instance } diff --git a/net/stunnel/files/stunnel.uci b/net/stunnel/files/stunnel.uci new file mode 100644 index 000000000..6fad1c6c7 --- /dev/null +++ b/net/stunnel/files/stunnel.uci @@ -0,0 +1,10 @@ +config globals 'globals' + option alt_config_file '/etc/stunnel/stunnel.conf' + option debug '5' + +config service 'dummy' + option client '1' + option accept_host 'localhost' + option accept_port '6000' + list connect 'localhost:6001' + |