aboutsummaryrefslogtreecommitdiffstats
path: root/config/stunnel/stunnel.inc
diff options
context:
space:
mode:
Diffstat (limited to 'config/stunnel/stunnel.inc')
-rw-r--r--config/stunnel/stunnel.inc232
1 files changed, 232 insertions, 0 deletions
diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc
new file mode 100644
index 00000000..62558e34
--- /dev/null
+++ b/config/stunnel/stunnel.inc
@@ -0,0 +1,232 @@
+<?php
+
+if(!isset($_GET['id']) and !isset($_POST['id'])) {
+ if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) {
+ $savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'];
+ unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']);
+ write_config();
+ }
+
+}
+
+if(isset($_GET['id'])) {
+ $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']=
+ base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']);
+ $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']=
+ base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']);
+}
+
+$certs=$config['installedpackages']['stunnelcerts']['config'];
+is_array($certs) ? $num_certs=count($certs) : $num_certs=0;
+if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) {
+ for ($i=0;$i<$num_certs;$i++) {
+ $cert=$certs[$i];
+ $_info=openssl_x509_parse(base64_decode($cert['cert_chain']));
+ $valid=floor(($_info['validTo_time_t']-time())/86400);
+ if(!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) {
+ $_status='<font color="#AA0000"><b>Invalid key/cert!</b></font>';
+ } elseif($valid<30) {
+ $_status='<font color="#B27D4B">Expires in '.$valid.' days!</font>';
+ } else {
+ $_status='<font color="#008800">OK ('.$valid.' days)</font>';
+ }
+ $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status;
+ }
+}
+
+
+$tunnels=$config['installedpackages']['stunnel']['config'];
+is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0;
+if(!isset($_GET['id']) and $num_tunnels) {
+ for ($i=0;$i<$num_tunnels;$i++) {
+ $tunnel=$tunnels[$i];
+ if($tunnel['certificate']) {
+ $certid=0;
+ if(is_array($config['installedpackages']['stunnelcerts']['config'])) {
+ foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) {
+ if($tunnel['certificate']==$cert['filename'])
+ $config['installedpackages']['stunnel']['config'][$i]['certificatelink']=
+ '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id='.$certid.'">'.$cert['description'].'</a>';
+ $certid++;
+ }
+ }
+ }
+ }
+}
+
+function stunnel_printcsr() {
+# $GLOBALS['savemsg']="<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "</pre>";
+}
+
+function stunnel_addcerts($config) {
+ $certs=$config['installedpackages']['stunnelcerts']['config'];
+ $tunnels=$config['installedpackages']['stunnel']['config'];
+ ?>
+ <script type="text/javascript">
+ function addcerts() {
+ <?php
+
+ foreach($certs as $cert) {
+ echo("document.forms['iform'].certificate.appendChild(new Option('".$cert['description']."', '".$cert['filename']."'));");
+ }
+
+ ?>
+ }
+ addcerts();
+ for (var i=0; i < document.forms['iform'].certificate.length; i++) {
+ <?php
+ $filename=$tunnels[$_GET['id']]['certificate'];
+ echo('if (document.forms["iform"].certificate[i].value == "'.$filename.'") {');
+ ?>
+ document.forms['iform'].certificate[i].selected = true;
+ } else {
+ document.forms['iform'].certificate[i].selected = false;
+ }
+ }
+
+ </script>
+ <?php
+}
+
+function stunnel_disablefields() {
+ ?>
+ <script type="text/javascript">
+ document.forms['iform'].subject.readOnly=true;
+ document.forms['iform'].filename.readOnly=true;
+ document.forms['iform'].expiry.readOnly=true;
+ </script>
+ <?php
+}
+
+function stunnel_delete($config) {
+ $cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']];
+ if(isset($_GET['id'])) {
+ unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'pem');
+ unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'key');
+ unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'chain');
+ }
+}
+
+function stunnel_save($config) {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']='';
+ conf_mount_rw();
+ config_lock();
+ $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w");
+ fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n");
+ fwrite($fout, "chroot = /var/tmp/stunnel \n");
+ fwrite($fout, "setuid = stunnel \n");
+ fwrite($fout, "setgid = stunnel \n");
+ foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
+ fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
+ if($pkgconfig['certificate']) {
+ if(file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.key') and
+ file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.chain')) {
+ fwrite($fout, "key = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".key\n");
+ fwrite($fout, "cert = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".chain\n");
+ }
+ }
+ if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+ fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
+ fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
+ fwrite($fout, "TIMEOUTclose = 0\n\n");
+ }
+ fclose($fout);
+ conf_mount_ro();
+ config_unlock();
+ system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null");
+ system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null");
+}
+function stunnel_save_cert($config) {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']='';
+ if(isset($_POST['id'])) {
+# echo "<pre>";
+# print_r($_POST);
+# echo "</pre>";
+
+ if(!$_POST['cert_chain']) {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!<br>";
+ } if(!$_POST['cert_key']) {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!<br>";
+ }
+ if($_POST['cert_chain'] and $_POST['cert_key']) {
+ $_cert=openssl_x509_parse($_POST['cert_chain']);
+# echo("<pre>");
+# print_r($_cert);
+# echo("</pre>");
+ if($_cert['hash']) {
+ if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) {
+ file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.key',
+ $_POST['cert_key']);
+ file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.chain',
+ $_POST['cert_chain']);
+ file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem',
+ $_POST['cert_key']."\n".$_POST['cert_chain']);
+ system('chown stunnel:stunnel /usr/local/etc/stunnel/*');
+ chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.key', 0600);
+ chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem', 0600);
+
+ $_POST['filename']=$_cert['hash'];
+ $_POST['expiry_raw']=$_cert['validTo_time_t'];
+ $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']);
+ $_POST['subject']=$_cert['name'];
+ } else {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!<br>";
+ $_POST['filename']='';
+ }
+ } else {
+ $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!<br>";
+ $_POST['expiry_raw']='';
+ $_POST['expiry']='';
+ $_POST['subject']='';
+ $_POST['filename']='';
+ }
+ }
+ $_POST['cert_key']=base64_encode($_POST['cert_key']);
+ $_POST['cert_chain']=base64_encode($_POST['cert_chain']);
+ $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename'];
+ if($_fname and $_fname!=$_POST['filename']) {
+ unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.chain');
+ unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.key');
+ unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.pem');
+ }
+ }
+}
+
+function stunnel_install() {
+ safe_mkdir("/usr/local/etc/stunnel");
+ system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null");
+ chmod("/usr/local/etc/stunnel/stunnel.pem", 0600);
+ make_dirs("/var/tmp/stunnel/var/tmp/run/stunnel");
+ system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel");
+ $_rcfile['file']='stunnel.sh';
+ $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t";
+ $_rcfile['stop'].="killall stunnel \n\t";
+ write_rcfile($_rcfile);
+ unlink_if_exists("/usr/local/etc/rc.d/stunnel");
+
+ conf_mount_rw();
+ config_lock();
+ $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w");
+ fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n");
+ fwrite($fout, "chroot = /var/tmp/stunnel \n");
+ fwrite($fout, "setuid = stunnel \n");
+ fwrite($fout, "setgid = stunnel \n");
+ foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
+ fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
+ if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+ fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
+ fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
+ fwrite($fout, "TIMEOUTclose = 0\n\n");
+ }
+ fclose($fout);
+ conf_mount_ro();
+ config_unlock();
+}
+
+function stunnel_deinstall() {
+ rmdir_recursive("/var/tmp/stunnel");
+ rmdir_recursive("/usr/local/etc/stunnel*");
+ unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh");
+}
+
+?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 01:20:29 +0000