aboutsummaryrefslogtreecommitdiffstats
path: root/config/stunnel
diff options
context:
space:
mode:
Diffstat (limited to 'config/stunnel')
-rw-r--r--config/stunnel/stunnel.inc63
-rw-r--r--config/stunnel/stunnel.xml10
2 files changed, 45 insertions, 28 deletions
diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc
index 571cfb01..dd3eee5c 100644
--- a/config/stunnel/stunnel.inc
+++ b/config/stunnel/stunnel.inc
@@ -1,5 +1,13 @@
<?php
+$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+if ($pf_version == "2.1" || $pf_version == "2.2") {
+ define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m"));
+} else {
+ define('STUNNEL_LOCALBASE','/usr/local');
+}
+define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel");
+
if(!isset($_GET['id']) and !isset($_POST['id'])) {
if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) {
$savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'];
@@ -105,9 +113,9 @@ function stunnel_disablefields() {
function stunnel_delete($config) {
$cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']];
if(isset($_GET['id'])) {
- unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'pem');
- unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'key');
- unlink_if_exists('/usr/local/etc/stunnel/'.$cert['filename'].'chain');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain');
}
}
@@ -115,19 +123,22 @@ function stunnel_save($config) {
$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']='';
conf_mount_rw();
config_lock();
- $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w");
- fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n");
+ if (!file_exists(STUNNEL_ETCDIR))
+ @mkdir(STUNNEL_ETCDIR, 0755, true);
+ $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w");
+ fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n");
fwrite($fout, "chroot = /var/tmp/stunnel \n");
fwrite($fout, "setuid = stunnel \n");
fwrite($fout, "setgid = stunnel \n");
if(!is_array($config['installedpackages']['stunnel']['config'])) { $config['installedpackages']['stunnel']['config']=Array(); }
foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
+ if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n");
if($pkgconfig['certificate']) {
- if(file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.key') and
- file_exists('/usr/local/etc/stunnel/'.$pkgconfig['certificate'].'.chain')) {
- fwrite($fout, "key = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".key\n");
- fwrite($fout, "cert = /usr/local/etc/stunnel/" . $pkgconfig['certificate'] . ".chain\n");
+ if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and
+ file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) {
+ fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n");
+ fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n");
}
}
if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
@@ -160,15 +171,15 @@ function stunnel_save_cert($config) {
# echo("</pre>");
if($_cert['hash']) {
if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) {
- file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.key',
+ file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key',
$_POST['cert_key']);
- file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.chain',
+ file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain',
$_POST['cert_chain']);
- file_put_contents('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem',
+ file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem',
$_POST['cert_key']."\n".$_POST['cert_chain']);
- system('chown stunnel:stunnel /usr/local/etc/stunnel/*');
- chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.key', 0600);
- chmod('/usr/local/etc/stunnel/'.$_cert['hash'].'.pem', 0600);
+ system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*');
+ chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600);
+ chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600);
$_POST['filename']=$_cert['hash'];
$_POST['expiry_raw']=$_cert['validTo_time_t'];
@@ -190,29 +201,29 @@ function stunnel_save_cert($config) {
$_POST['cert_chain']=base64_encode($_POST['cert_chain']);
$_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename'];
if($_fname and $_fname!=$_POST['filename']) {
- unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.chain');
- unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.key');
- unlink_if_exists('/usr/local/etc/stunnel/'.$_fname.'.pem');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key');
+ unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem');
}
}
}
function stunnel_install() {
- safe_mkdir("/usr/local/etc/stunnel");
- system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null");
- chmod("/usr/local/etc/stunnel/stunnel.pem", 0600);
- make_dirs("/var/tmp/stunnel/var/tmp/run/stunnel");
+ safe_mkdir(STUNNEL_ETCDIR);
+ system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out " . STUNNEL_ETCDIR . "/stunnel.pem -keyout " . STUNNEL_ETCDIR . "/stunnel.pem 2>/dev/null");
+ chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600);
+ @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true);
system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel");
$_rcfile['file']='stunnel.sh';
- $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t";
+ $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t";
$_rcfile['stop'].="killall stunnel \n\t";
write_rcfile($_rcfile);
unlink_if_exists("/usr/local/etc/rc.d/stunnel");
conf_mount_rw();
config_lock();
- $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w");
- fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n");
+ $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w");
+ fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n");
fwrite($fout, "chroot = /var/tmp/stunnel \n");
fwrite($fout, "setuid = stunnel \n");
fwrite($fout, "setgid = stunnel \n");
@@ -232,7 +243,7 @@ function stunnel_install() {
function stunnel_deinstall() {
rmdir_recursive("/var/tmp/stunnel");
- rmdir_recursive("/usr/local/etc/stunnel*");
+ rmdir_recursive(STUNNEL_ETCDIR);
unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh");
}
diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml
index 21e023a9..bb66d196 100644
--- a/config/stunnel/stunnel.xml
+++ b/config/stunnel/stunnel.xml
@@ -116,6 +116,12 @@
<type>input</type>
</field>
<field>
+ <fielddescr>Client Mode</fielddescr>
+ <fieldname>client</fieldname>
+ <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server)</description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Listen on IP</fielddescr>
<fieldname>localip</fieldname>
<description>Enter the local IP address to bind this redirection to.</description>
@@ -158,7 +164,7 @@
</fields>
<service>
<name>stunnel</name>
- <rcfile>/usr/local/etc/rc.d/stunnel.sh</rcfile>
+ <rcfile>stunnel.sh</rcfile>
<executable>stunnel</executable>
</service>
<include_file>/usr/local/pkg/stunnel.inc</include_file>
@@ -174,4 +180,4 @@
<custom_php_after_form_command>
stunnel_addcerts($config);
</custom_php_after_form_command>
-</packagegui> \ No newline at end of file
+</packagegui>