From 347b21376b444fdfb94e973da721d15bc7b23089 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 30 Aug 2015 01:29:38 +0200 Subject: stunnel - code style fixes - Add missing copyright header - Code style and indentation fixes - Fix stunnel_delete() - missing dots after filename - Use start_service() and stop_service - Put JS between CDATA - No need to unlink service rc script manually on uninstall --- config/stunnel/stunnel.inc | 247 +++++++++++++++++++++++++-------------------- 1 file changed, 138 insertions(+), 109 deletions(-) diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 7f3f9338..6dc17ef6 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -1,45 +1,73 @@ Invalid key/cert!'; - } elseif($valid<30) { - $_status='Expires in '.$valid.' days!'; +$certs = $config['installedpackages']['stunnelcerts']['config']; +is_array($certs) ? $num_certs = count($certs) : $num_certs = 0; +if (!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { + for ($i = 0; $i < $num_certs; $i++) { + $cert = $certs[$i]; + $_info = openssl_x509_parse(base64_decode($cert['cert_chain'])); + $valid = floor(($_info['validTo_time_t'] - time()) / 86400); + if ($cert['cert_chain']) { + if (!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { + $_status = 'Invalid key/cert!'; + } elseif ($valid < 30) { + $_status = 'Expires in ' . $valid . ' days!'; } else { - $_status='OK ('.$valid.' days)'; + $_status = 'OK (' . $valid . ' days)'; } - $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status; + $config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } @@ -47,18 +75,19 @@ if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { } -$tunnels=$config['installedpackages']['stunnel']['config']; -is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0; -if(!isset($_GET['id']) and $num_tunnels) { - for ($i=0;$i<$num_tunnels;$i++) { - $tunnel=$tunnels[$i]; - if($tunnel['certificate']) { - $certid=0; - if(is_array($config['installedpackages']['stunnelcerts']['config'])) { - foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) { - if($tunnel['certificate']==$cert['filename']) +$tunnels = $config['installedpackages']['stunnel']['config']; +is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0; +if (!isset($_GET['id']) and $num_tunnels) { + for ($i = 0; $i < $num_tunnels; $i++) { + $tunnel = $tunnels[$i]; + if ($tunnel['certificate']) { + $certid = 0; + if (is_array($config['installedpackages']['stunnelcerts']['config'])) { + foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) { + if ($tunnel['certificate'] == $cert['filename']) { $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= - ''.$cert['description'].''; + '' . $cert['description'] . ''; + } $certid++; } } @@ -67,7 +96,7 @@ if(!isset($_GET['id']) and $num_tunnels) { } function stunnel_printcsr() { -# $GLOBALS['savemsg']="
" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "
"; +// $GLOBALS['savemsg'] = "
" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "
"; } function stunnel_addcerts($config) { @@ -75,13 +104,14 @@ function stunnel_addcerts($config) { $tunnels=$config['installedpackages']['stunnel']['config']; ?> /dev/null"); - system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); + stop_service("stunnel"); + start_service("stunnel"); } + function stunnel_save_cert($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; - if(isset($_POST['id'])) { -# echo "
";
-#		print_r($_POST);
-#		echo "
"; - - if(!$_POST['cert_chain']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!
"; - } if(!$_POST['cert_key']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!
"; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; + if (isset($_POST['id'])) { + if (!$_POST['cert_chain']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate chain must be specified!
"; } - if($_POST['cert_chain'] and $_POST['cert_key']) { - $_cert=openssl_x509_parse($_POST['cert_chain']); -# echo("
");
-#			print_r($_cert);
-#			echo("
"); - if($_cert['hash']) { - if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', - $_POST['cert_key']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', - $_POST['cert_chain']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', - $_POST['cert_key']."\n".$_POST['cert_chain']); + if (!$_POST['cert_key']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!
"; + } + if ($_POST['cert_chain'] and $_POST['cert_key']) { + $_cert = openssl_x509_parse($_POST['cert_chain']); + if ($_cert['hash']) { + if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { + file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600); - $_POST['filename']=$_cert['hash']; - $_POST['expiry_raw']=$_cert['validTo_time_t']; - $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']); - $_POST['subject']=$_cert['name']; + $_POST['filename'] = $_cert['hash']; + $_POST['expiry_raw'] = $_cert['validTo_time_t']; + $_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']); + $_POST['subject'] = $_cert['name']; } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!
"; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!
"; + $_POST['filename'] = ''; } } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!
"; - $_POST['expiry_raw']=''; - $_POST['expiry']=''; - $_POST['subject']=''; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!
"; + $_POST['expiry_raw'] = ''; + $_POST['expiry'] = ''; + $_POST['subject'] = ''; + $_POST['filename'] = ''; } } - $_POST['cert_key']=base64_encode($_POST['cert_key']); - $_POST['cert_chain']=base64_encode($_POST['cert_chain']); - $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; - if($_fname and $_fname!=$_POST['filename']) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); + $_POST['cert_key'] = base64_encode($_POST['cert_key']); + $_POST['cert_chain'] = base64_encode($_POST['cert_chain']); + $_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; + if ($_fname and $_fname != $_POST['filename']) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem'); } } } @@ -212,21 +240,23 @@ function stunnel_install() { chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - $_rcfile['file']='stunnel.sh'; - $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; - $_rcfile['stop'].="killall stunnel \n\t"; + $_rcfile['file'] = 'stunnel.sh'; + $_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; + $_rcfile['stop'] = "/usr/bin/killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); - - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if($config['installedpackages']['stunnel']['config']) { - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if ($config['installedpackages']['stunnel']['config']) { + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); @@ -238,7 +268,6 @@ function stunnel_install() { function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); - unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } ?> -- cgit v1.2.3