From 347b21376b444fdfb94e973da721d15bc7b23089 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sun, 30 Aug 2015 01:29:38 +0200
Subject: stunnel - code style fixes

- Add missing copyright header
- Code style and indentation fixes
- Fix stunnel_delete() - missing dots after filename
- Use start_service() and stop_service
- Put JS between CDATA
- No need to unlink service rc script manually on uninstall
---
 config/stunnel/stunnel.inc | 247 +++++++++++++++++++++++++--------------------
 1 file changed, 138 insertions(+), 109 deletions(-)

diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc
index 7f3f9338..6dc17ef6 100644
--- a/config/stunnel/stunnel.inc
+++ b/config/stunnel/stunnel.inc
@@ -1,45 +1,73 @@
 <?php
+/*
+	stunnel.inc
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2007-2009 Scott Ullrich
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
 
-$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $config;
+
+$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
 if ($pf_version == "2.1" || $pf_version == "2.2") {
 	define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m"));
 } else {
-	define('STUNNEL_LOCALBASE','/usr/local');
+	define('STUNNEL_LOCALBASE', '/usr/local');
 }
 define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel");
 
-if(!isset($_GET['id']) and !isset($_POST['id'])) {
-	if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) {
-		$savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'];
+if (!isset($_GET['id']) and !isset($_POST['id'])) {
+	if ($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) {
+		$savemsg = $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'];
 		unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']);
 		write_config();
 	}
-	
 }
 
-if(isset($_GET['id'])) {
-	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']=
+if (isset($_GET['id'])) {
+	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain'] =
 		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']);
-	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']=
+	$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key'] =
 		base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']);
 }
 
-$certs=$config['installedpackages']['stunnelcerts']['config'];
-is_array($certs) ? $num_certs=count($certs) : $num_certs=0;
-if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) {
-	for ($i=0;$i<$num_certs;$i++) {
-		$cert=$certs[$i];
-		$_info=openssl_x509_parse(base64_decode($cert['cert_chain']));
-		$valid=floor(($_info['validTo_time_t']-time())/86400);
-		if($cert['cert_chain']) {
-			if(!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) {
-				$_status='<font color="#AA0000"><b>Invalid key/cert!</b></font>';
-			} elseif($valid<30) {
-				$_status='<font color="#B27D4B">Expires in '.$valid.' days!</font>';
+$certs = $config['installedpackages']['stunnelcerts']['config'];
+is_array($certs) ? $num_certs = count($certs) : $num_certs = 0;
+if (!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) {
+	for ($i = 0; $i < $num_certs; $i++) {
+		$cert = $certs[$i];
+		$_info = openssl_x509_parse(base64_decode($cert['cert_chain']));
+		$valid = floor(($_info['validTo_time_t'] - time()) / 86400);
+		if ($cert['cert_chain']) {
+			if (!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) {
+				$_status = '<font color="#AA0000"><strong>Invalid key/cert!</strong></font>';
+			} elseif ($valid < 30) {
+				$_status = '<font color="#B27D4B">Expires in ' . $valid . ' days!</font>';
 			} else {
-				$_status='<font color="#008800">OK ('.$valid.' days)</font>';
+				$_status = '<font color="#008800">OK (' . $valid . ' days)</font>';
 			}
-			$config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status;
+			$config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status;
 		} else {
 			unset($config['installedpackages']['stunnelcerts']['config'][$i]);
 		}
@@ -47,18 +75,19 @@ if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) {
 }
 
 
-$tunnels=$config['installedpackages']['stunnel']['config'];
-is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0;
-if(!isset($_GET['id']) and $num_tunnels) {
-	for ($i=0;$i<$num_tunnels;$i++) {
-		$tunnel=$tunnels[$i];
-		if($tunnel['certificate']) {
-			$certid=0;
-			if(is_array($config['installedpackages']['stunnelcerts']['config'])) {
-				foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) {
-					if($tunnel['certificate']==$cert['filename'])
+$tunnels = $config['installedpackages']['stunnel']['config'];
+is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0;
+if (!isset($_GET['id']) and $num_tunnels) {
+	for ($i = 0; $i < $num_tunnels; $i++) {
+		$tunnel = $tunnels[$i];
+		if ($tunnel['certificate']) {
+			$certid = 0;
+			if (is_array($config['installedpackages']['stunnelcerts']['config'])) {
+				foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) {
+					if ($tunnel['certificate'] == $cert['filename']) {
 						$config['installedpackages']['stunnel']['config'][$i]['certificatelink']=
-							'<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id='.$certid.'">'.$cert['description'].'</a>';
+							'<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id=' . $certid . '">' . $cert['description'] . '</a>';
+					}
 					$certid++;
 				}
 			}
@@ -67,7 +96,7 @@ if(!isset($_GET['id']) and $num_tunnels) {
 }
 
 function stunnel_printcsr() {
-#	$GLOBALS['savemsg']="<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "</pre>";
+//	$GLOBALS['savemsg'] = "<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "</pre>";
 }
 
 function stunnel_addcerts($config) {
@@ -75,13 +104,14 @@ function stunnel_addcerts($config) {
 	$tunnels=$config['installedpackages']['stunnel']['config'];
 	?>
 	<script type="text/javascript">
+	//<![CDATA[
 	function addcerts() {
 		<?php
-	
-		foreach($certs as $cert) {
+
+		foreach ($certs as $cert) {
 			echo("document.forms['iform'].certificate.appendChild(new Option('".$cert['description']."', '".$cert['filename']."'));");
 		}
-		
+
 		?>
 	}
 	addcerts();
@@ -93,9 +123,9 @@ function stunnel_addcerts($config) {
 			document.forms['iform'].certificate[i].selected = true;
 		} else {
 			document.forms['iform'].certificate[i].selected = false;
-		}	
+		}
 	}
-
+	//]]>
 	</script>
 	<?php
 }
@@ -103,105 +133,103 @@ function stunnel_addcerts($config) {
 function stunnel_disablefields() {
 	?>
 	<script type="text/javascript">
+	//<![CDATA[
 		document.forms['iform'].subject.readOnly=true;
 		document.forms['iform'].filename.readOnly=true;
 		document.forms['iform'].expiry.readOnly=true;
+	//]]>
 	</script>
 	<?php
 }
 
 function stunnel_delete($config) {
 	$cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']];
-	if(isset($_GET['id'])) {
-		unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem');
-		unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key');
-		unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain');
+	if (isset($_GET['id'])) {
+		unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.pem');
+		unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.key');
+		unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.chain');
 	}
 }
 
 function stunnel_save($config) {
-	$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']='';
+	$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = '';
 	conf_mount_rw();
-	if (!file_exists(STUNNEL_ETCDIR))
-		@mkdir(STUNNEL_ETCDIR, 0755, true);
-	$fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w");
+	safe_mkdir(STUNNEL_ETCDIR, 0755);
+	$fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w");
 	fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n");
 	fwrite($fout, "chroot = /var/tmp/stunnel \n");
 	fwrite($fout, "setuid = stunnel \n");
 	fwrite($fout, "setgid = stunnel \n");
-	if(!is_array($config['installedpackages']['stunnel']['config'])) { $config['installedpackages']['stunnel']['config']=Array(); }
-	foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
+	if (!is_array($config['installedpackages']['stunnel']['config'])) {
+		$config['installedpackages']['stunnel']['config'] = array();
+	}
+	foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
 		fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
-		if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n");
-		if($pkgconfig['certificate']) {
-			if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and
-			   file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) {
+		if ($pkgconfig['client']) {
+			fwrite($fout, "client = yes" . "\n");
+		}
+		if ($pkgconfig['certificate']) {
+			if (file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) {
 				fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n");
 				fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n");
 			}
 		}
-		if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+		if ($pkgconfig['sourceip']) {
+			fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+		}
 		fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
 		fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
 		fwrite($fout, "TIMEOUTclose = 0\n\n");
 	}
 	fclose($fout);
 	conf_mount_ro();
-	system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null");
-	system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null");
+	stop_service("stunnel");
+	start_service("stunnel");
 }
+
 function stunnel_save_cert($config) {
-	$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']='';
-	if(isset($_POST['id'])) {
-#		echo "<pre>";
-#		print_r($_POST);
-#		echo "</pre>";
-
-		if(!$_POST['cert_chain']) {
-			$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!<br>";
-		} if(!$_POST['cert_key']) {
-			$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!<br>";
+	$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = '';
+	if (isset($_POST['id'])) {
+		if (!$_POST['cert_chain']) {
+			$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate chain must be specified!<br />";
 		}
-		if($_POST['cert_chain'] and $_POST['cert_key']) {
-			$_cert=openssl_x509_parse($_POST['cert_chain']);
-#			echo("<pre>");
-#			print_r($_cert);
-#			echo("</pre>");
-			if($_cert['hash']) {
-				if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) {
-					file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key',
-						$_POST['cert_key']);
-					file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain',
-						$_POST['cert_chain']);
-					file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem',
-						$_POST['cert_key']."\n".$_POST['cert_chain']);
+		if (!$_POST['cert_key']) {
+			$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!<br />";
+		}
+		if ($_POST['cert_chain'] and $_POST['cert_key']) {
+			$_cert = openssl_x509_parse($_POST['cert_chain']);
+			if ($_cert['hash']) {
+				if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) {
+					file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']);
+					file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']);
+					file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']);
 					system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*');
-					chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600);
-					chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600);
+					chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600);
+					chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600);
 
-					$_POST['filename']=$_cert['hash'];
-					$_POST['expiry_raw']=$_cert['validTo_time_t'];
-					$_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']);
-					$_POST['subject']=$_cert['name'];
+					$_POST['filename'] = $_cert['hash'];
+					$_POST['expiry_raw'] = $_cert['validTo_time_t'];
+					$_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']);
+					$_POST['subject'] = $_cert['name'];
 				} else {
-					$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!<br>";
-					$_POST['filename']='';
+					$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!<br />";
+					$_POST['filename'] = '';
 				}
 			} else {
-				$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!<br>";
-				$_POST['expiry_raw']='';
-				$_POST['expiry']='';
-				$_POST['subject']='';
-				$_POST['filename']='';
+				$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!<br />";
+				$_POST['expiry_raw'] = '';
+				$_POST['expiry'] = '';
+				$_POST['subject'] = '';
+				$_POST['filename'] = '';
 			}
 		}
-		$_POST['cert_key']=base64_encode($_POST['cert_key']);
-		$_POST['cert_chain']=base64_encode($_POST['cert_chain']);
-		$_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename'];
-		if($_fname and $_fname!=$_POST['filename']) {
-			unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain');
-			unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key');
-			unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem');
+		$_POST['cert_key'] = base64_encode($_POST['cert_key']);
+		$_POST['cert_chain'] = base64_encode($_POST['cert_chain']);
+		$_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename'];
+		if ($_fname and $_fname != $_POST['filename']) {
+			unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain');
+			unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key');
+			unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem');
 		}
 	}
 }
@@ -212,21 +240,23 @@ function stunnel_install() {
 	chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600);
 	@mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true);
 	system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel");
-	$_rcfile['file']='stunnel.sh';
-	$_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t";
-	$_rcfile['stop'].="killall stunnel \n\t";
+	$_rcfile['file'] = 'stunnel.sh';
+	$_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t";
+	$_rcfile['stop'] = "/usr/bin/killall stunnel \n\t";
 	write_rcfile($_rcfile);
 	unlink_if_exists("/usr/local/etc/rc.d/stunnel");
-	
-	$fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w");
+
+	$fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w");
 	fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n");
 	fwrite($fout, "chroot = /var/tmp/stunnel \n");
 	fwrite($fout, "setuid = stunnel \n");
 	fwrite($fout, "setgid = stunnel \n");
-	if($config['installedpackages']['stunnel']['config']) {
-		foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
+	if ($config['installedpackages']['stunnel']['config']) {
+		foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
 			fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
-			if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+			if ($pkgconfig['sourceip']) {
+				fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+			}
 			fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
 			fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
 			fwrite($fout, "TIMEOUTclose = 0\n\n");
@@ -238,7 +268,6 @@ function stunnel_install() {
 function stunnel_deinstall() {
 	rmdir_recursive("/var/tmp/stunnel");
 	rmdir_recursive(STUNNEL_ETCDIR);
-	unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh");
 }
 
 ?>
-- 
cgit v1.2.3