diff options
| author | Renato Botelho <renato@netgate.com> | 2015-07-16 10:25:50 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-07-16 10:25:50 -0300 |
| commit | 06a66c936672073525ea2626b85ccc42db104f16 (patch) | |
| tree | 6feaef9cd0814b569200b1bc5e87efaa43c34cad /config/stunnel | |
| parent | 447ac905e062c158e4f85661d60057ba434c4d54 (diff) | |
| download | pfsense-packages-06a66c936672073525ea2626b85ccc42db104f16.tar.gz pfsense-packages-06a66c936672073525ea2626b85ccc42db104f16.tar.bz2 pfsense-packages-06a66c936672073525ea2626b85ccc42db104f16.zip | |
Fix stunnel PBI directories and update to 5.20. Fixes #4295
Diffstat (limited to 'config/stunnel')
| -rw-r--r-- | config/stunnel/stunnel.inc | 60 | ||||
| -rw-r--r-- | config/stunnel/stunnel.xml | 4 |
2 files changed, 37 insertions, 27 deletions
diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 552603b6..dd3eee5c 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -1,5 +1,13 @@ <?php +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m")); +} else { + define('STUNNEL_LOCALBASE','/usr/local'); +} +define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel"); + if(!isset($_GET['id']) and !isset($_POST['id'])) { if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { $savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; @@ -105,9 +113,9 @@ function stunnel_disablefields() { function stunnel_delete($config) { $cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]; if(isset($_GET['id'])) { - unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'pem'); - unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'key'); - unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain'); } } @@ -115,8 +123,10 @@ function stunnel_save($config) { $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; conf_mount_rw(); config_lock(); - $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w"); - fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n"); + if (!file_exists(STUNNEL_ETCDIR)) + @mkdir(STUNNEL_ETCDIR, 0755, true); + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); @@ -125,10 +135,10 @@ function stunnel_save($config) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n"); if($pkgconfig['certificate']) { - if(file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.key') and - file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.chain')) { - fwrite($fout, "key = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".key\n"); - fwrite($fout, "cert = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".chain\n"); + if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and + file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { + fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n"); + fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n"); } } if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); @@ -161,15 +171,15 @@ function stunnel_save_cert($config) { # echo("</pre>"); if($_cert['hash']) { if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { - file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.key', + file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', $_POST['cert_key']); - file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.chain', + file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', $_POST['cert_chain']); - file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem', + file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); - system('chown stunnel:stunnel /usr/local/etc/stunnel/*'); - chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.key', 0600); - chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem', 0600); + system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); + chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); + chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); $_POST['filename']=$_cert['hash']; $_POST['expiry_raw']=$_cert['validTo_time_t']; @@ -191,29 +201,29 @@ function stunnel_save_cert($config) { $_POST['cert_chain']=base64_encode($_POST['cert_chain']); $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; if($_fname and $_fname!=$_POST['filename']) { - unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.chain'); - unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.key'); - unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.pem'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); } } } function stunnel_install() { - safe_mkdir("/usr/local/etc/stunnel"); - system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null"); - chmod("/usr/local/etc/stunnel/stunnel.pem", 0600); + safe_mkdir(STUNNEL_ETCDIR); + system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out " . STUNNEL_ETCDIR . "/stunnel.pem -keyout " . STUNNEL_ETCDIR . "/stunnel.pem 2>/dev/null"); + chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); $_rcfile['file']='stunnel.sh'; - $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t"; + $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; $_rcfile['stop'].="killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); conf_mount_rw(); config_lock(); - $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w"); - fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n"); + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); @@ -233,7 +243,7 @@ function stunnel_install() { function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); - rmdir_recursive("/usr/local/etc/stunnel*"); + rmdir_recursive(STUNNEL_ETCDIR); unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml index 11334000..bb66d196 100644 --- a/config/stunnel/stunnel.xml +++ b/config/stunnel/stunnel.xml @@ -116,7 +116,7 @@ <type>input</type> </field> <field> - <fielddescr>Client Mode?</fielddescr> + <fielddescr>Client Mode</fielddescr> <fieldname>client</fieldname> <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server)</description> <type>checkbox</type> @@ -180,4 +180,4 @@ <custom_php_after_form_command> stunnel_addcerts($config); </custom_php_after_form_command> -</packagegui>
\ No newline at end of file +</packagegui> |