From a87c6d44b8cfee96a3e4dae234b6318092b42796 Mon Sep 17 00:00:00 2001 From: Nuno Goncalves Date: Sat, 18 Dec 2010 23:50:38 +0000 Subject: [PATCH] [packages] sshtunnel: update to version 3 SVN-Revision: 24691 --- net/sshtunnel/Makefile | 8 +- net/sshtunnel/files/etc/config/sshtunnel | 44 ----- net/sshtunnel/files/etc/init.d/sshtunnel | 119 ------------ net/sshtunnel/files/initd_sshtunnel | 179 ++++++++++++++++++ .../files/{usr/bin => }/sshtunnel.sh | 0 net/sshtunnel/files/uci_sshtunnel | 51 +++++ 6 files changed, 235 insertions(+), 166 deletions(-) delete mode 100644 net/sshtunnel/files/etc/config/sshtunnel delete mode 100755 net/sshtunnel/files/etc/init.d/sshtunnel create mode 100644 net/sshtunnel/files/initd_sshtunnel rename net/sshtunnel/files/{usr/bin => }/sshtunnel.sh (100%) mode change 100755 => 100644 create mode 100644 net/sshtunnel/files/uci_sshtunnel diff --git a/net/sshtunnel/Makefile b/net/sshtunnel/Makefile index 8a53fc3160..44c4fc7908 100644 --- a/net/sshtunnel/Makefile +++ b/net/sshtunnel/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sshtunnel -PKG_VERSION:=2 -PKG_RELEASE:=2 +PKG_VERSION:=3 +PKG_RELEASE:=1 include $(INCLUDE_DIR)/package.mk @@ -34,7 +34,9 @@ define Build/Compile endef define Package/sshtunnel/install - $(CP) ./files/* $(1) + $(CP) ./files/uci_sshtunnel $(1)/etc/config/sshtunnel + $(CP) ./files/initd_sshtunnel $(1)/etc/initd/sshtunnel + $(CP) ./files/sshtunnel.sh $(1)/usr/bin/ endef $(eval $(call BuildPackage,sshtunnel)) diff --git a/net/sshtunnel/files/etc/config/sshtunnel b/net/sshtunnel/files/etc/config/sshtunnel deleted file mode 100644 index ce3af0f929..0000000000 --- a/net/sshtunnel/files/etc/config/sshtunnel +++ /dev/null @@ -1,44 +0,0 @@ -# -# password authentication is not possible, publick key authentication must be used. -# set "option IdentityFile" to he file from which the identity (private key) for RSA or DSA authentication is read. -# The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. -# ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames. -# pkcs11 support soon -# - -config server disney - option user mourinho - option hostname server.disney.com -# option port 22 -# option retrydelay 1 -# option CheckHostIP yes -# option Compression no -# option CompressionLevel 6 -# option IdentityFile ~/.ssh/id_rsa -# option LogLevel INFO -# option ServerAliveCountMax 3 -# option ServerAliveInterval 0 -# option StrictHostKeyChecking ask -# option TCPKeepAlive yes -# option VerifyHostKeyDNS yes - - -# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at -# remoteaddress:remoteport and then forward to localaddress:localport -# -config tunnelR http - option server disney - option remoteaddress * - option remoteport 9009 - option localaddress 192.168.1.13 - option localport 80 - -# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at -# localaddress:localport and then forward to remoteaddress:remoteport -# -config tunnelL test - option server disney - option localaddress * - option localport 1022 - option remoteaddress secretserver.disney.com - option remoteport 22 diff --git a/net/sshtunnel/files/etc/init.d/sshtunnel b/net/sshtunnel/files/etc/init.d/sshtunnel deleted file mode 100755 index 53f653883e..0000000000 --- a/net/sshtunnel/files/etc/init.d/sshtunnel +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=99 -STOP=01 - -PIDFILE="/tmp/run/sshtunnel" - -load_server() { - server="$1" - - config_get user $1 user - config_get hostname $1 hostname - config_get debuglevel $1 debuglevel "0" - config_get retrydelay $1 retrydelay "10" - config_get CheckHostIP $1 CheckHostIP - config_get Compression $1 Compression - config_get CompressionLevel $1 CompressionLevel - config_get IdentityFile $1 IdentityFile - config_get LogLevel $1 LogLevel - config_get ServerAliveCountMax $1 ServerAliveCountMax - config_get ServerAliveInterval $1 ServerAliveInterval - config_get StrictHostKeyChecking $1 StrictHostKeyChecking - config_get TCPKeepAlive $1 TCPKeepAlive - config_get VerifyHostKeyDNS $1 VerifyHostKeyDNS - - error="" - [ -n "$user" ] || error="user is not set" - [ -n "$hostname" ] || error="${error:+$error; }hostname is not set" - [ "$retrydelay" -ge 0 ] || error="${error:+$error; }retrydelay must be a positive integer" - #[ -f "$IdentityFile" ] || error="${error:+$error; }IdentityFile $IdentityFile not accessible" - #add validation for the rest of the parameters - [ -n "$error" ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; } - - tunnels_cmd="" - count=0 - config_foreach load_tunnel tunnelR && config_foreach load_tunnel tunnelL - [ -n "$error" ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; } - [ "$count" -eq 0 ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - no tunnels defined"; return; } - - cmd="${CheckHostIP:+-o CheckHostIP=$CheckHostIP }" - cmd="$cmd${CheckHostIP:+-o CheckHostIP=$CheckHostIP }" - cmd="$cmd${Compression:+-o Compression=$Compression }" - cmd="$cmd${CompressionLevel:+-o CompressionLevel=$CompressionLevel }" - cmd="$cmd${IdentityFile:+-o IdentityFile=$IdentityFile }" - cmd="$cmd${LogLevel:+-o LogLevel=$LogLevel }" - cmd="$cmd${ServerAliveCountMax:+-o ServerAliveCountMax=$ServerAliveCountMax }" - cmd="$cmd${ServerAliveInterval:+-o ServerAliveInterval=$ServerAliveInterval }" - cmd="$cmd${StrictHostKeyChecking:+-o StrictHostKeyChecking=$StrictHostKeyChecking }" - cmd="$cmd${TCPKeepAlive:+-o TCPKeepAlive=$TCPKeepAlive }" - cmd="$cmd${VerifyHostKeyDNS:+-o VerifyHostKeyDNS=$VerifyHostKeyDNS }" - cmd="$cmd""-o ExitOnForwardFailure=yes -o BatchMode=yes -nN $tunnels_cmd $user@$hostname" - - /usr/bin/sshtunnel.sh "$cmd" "$retrydelay" "$server" & - echo $! >> "$PIDFILE".pids - logger -p user.info -t "sshtunnel" "started tunnels to $server (pid=$!;retrydelay=$retrydelay)" -} - -load_tunnel() { - config_get section_server $1 server - [ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server - let count++ # count nr of valid sections to make sure there are at least one - - config_get remoteport $1 remoteport - config_get localport $1 localport - [ "$cfgtype" = "tunnelL" ] && { - config_get localaddress $1 localaddress "*" - config_get remoteaddress $1 remoteaddress - } - [ "$cfgtype" = "tunnelR" ] && { - config_get localaddress $1 localaddress - config_get remoteaddress $1 remoteaddress "*" - } - - [ "$remoteport" -gt 0 ] || error="remoteport must be a positive integer" - [ "$localport" -gt 0 ] || error="${error:+$error; }localpost must be a positive integer" - [ -n "$error" ] && return 1 - - [ "$cfgtype" = "tunnelL" ] && { - tunnels_cmd="${tunnels_cmd:+$tunnels_cmd }-L $localaddress:$localport:$remoteaddress:$remoteport" - } - [ "$cfgtype" = "tunnelR" ] && { - tunnels_cmd="${tunnels_cmd:+$tunnels_cmd }-R $remoteaddress:$remoteport:$localaddress:$localport" - } -} - -stop() { - if [ -f "$PIDFILE".pids ] - then - logger -p user.info -t "sshtunnel" "stopping all tunnels" - - while read pid - do - start-stop-daemon -K -p "$PIDFILE"_"$pid".pid - kill $pid - logger -p daemon.info -t "sshtunnel[$pid]" "tunnel stopped" - rm "$PIDFILE"_"$pid".pid - done < "$PIDFILE".pids - - rm "$PIDFILE".pids - - logger -p user.info -t "sshtunnel" "all tunnels stopped" - else - logger -p user.info -t "sshtunnel" "no tunnels running" - fi -} - -start() { - [ -f "$PIDFILE".pids ] && stop - - config_load sshtunnel - if [ -n "$(uci show sshtunnel.@server[0])" ] # at least one server section exists - then - logger -p user.info -t "sshtunnel" "starting all tunnels" - config_foreach load_server server - logger -p user.info -t "sshtunnel" "all tunnels started" - else - logger -p user.info -t "sshtunnel" "no servers defined" - fi -} diff --git a/net/sshtunnel/files/initd_sshtunnel b/net/sshtunnel/files/initd_sshtunnel new file mode 100644 index 0000000000..c10cc068a0 --- /dev/null +++ b/net/sshtunnel/files/initd_sshtunnel @@ -0,0 +1,179 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=01 + +PIDFILE="/tmp/run/sshtunnel" + + +append_params() { + local p; local v; local args; + for p in $*; do + eval "v=\$$p" + [ -n "$v" ] && args="$args -O $p=$v" + done + + ARGS_options="${args# *}" +} + +append_string() { + local varname="$1"; local add="$2"; local separator="${3:- }"; local actual + eval "actual=\$$varname" + + new="${actual:+$actual$separator}$add" + eval "$varname=\$new" +} + +load_tunnelR() { + config_get section_server $1 server + [ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server + let count++ # count nr of valid sections to make sure there are at least one + + config_get remoteaddress $1 remoteaddress "*" + config_get remoteport $1 remoteport + config_get localaddress $1 localaddress + config_get localport $1 localport + + [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelR: $1]remoteport must be a positive integer" "; " + [ "$localport" -gt 0 ] || append_string "error" "[tunnelR: $1]localport must be a positive integer" "; " + [ -n "$error" ] && return 1 + + append_string "ARGS_tunnels" "-R $remoteaddress:$remoteport:$localaddress:$localport" +} + +load_tunnelL() { + config_get section_server $1 server + [ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server + let count++ # count nr of valid sections to make sure there are at least one + + config_get localaddress $1 localaddress "*" + config_get localport $1 localport + config_get remoteaddress $1 remoteaddress + config_get remoteport $1 remoteport + + [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelL: $1]remoteport must be a positive integer" "; " + [ "$localport" -gt 0 ] || append_string "error" "[tunnelL: $1]localport must be a positive integer" "; " + [ -n "$error" ] && return 1 + + append_string "ARGS_tunnels" "-L $localaddress:$localport:$remoteaddress:$remoteport" +} + +load_tunnelD() { + config_get section_server $1 server + [ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server + let count++ # count nr of valid sections to make sure there are at least one + + config_get localaddress $1 localaddress "*" + config_get localport $1 localport + + [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelD: $1]remoteport must be a positive integer" "; " + [ "$localport" -gt 0 ] || append_string "error" "[tunnelD: $1]localport must be a positive integer" "; " + [ -n "$error" ] && return 1 + + append_string "ARGS_tunnels" "-D $localaddress:$localport" +} + +load_server() { + server="$1" + + config_get user $1 user + config_get hostname $1 hostname + config_get retrydelay $1 retrydelay "10" + config_get PKCS11Provider $1 PKCS11Provider + config_get CheckHostIP $1 CheckHostIP + config_get Compression $1 Compression + config_get CompressionLevel $1 CompressionLevel + config_get IdentityFile $1 IdentityFile + config_get LogLevel $1 LogLevel + config_get ServerAliveCountMax $1 ServerAliveCountMax + config_get ServerAliveInterval $1 ServerAliveInterval + config_get StrictHostKeyChecking $1 StrictHostKeyChecking + config_get TCPKeepAlive $1 TCPKeepAlive + config_get VerifyHostKeyDNS $1 VerifyHostKeyDNS + + error="" + [ -n "$user" ] \ + || append_string "error" "user is not set" "; " + [ -n "$hostname" ] \ + || append_string "error" "hostname is not set" "; " + [ "$retrydelay" -ge 1 ] \ + || append_string "error" "retrydelay must be a positive integer" "; " + [ -z "$PKCS11Provider" -o -f "$PKCS11Provider" ] \ + || append_string "error" "PKCS11Provider must be a pkcs11 shared library accessible" "; " + [ -z "$CheckHostIP" -o "$CheckHostIP"="yes" -o "$CheckHostIP"="no" ] \ + || append_string "error" "CheckHostIP must be 'yes' or 'no'" "; " + [ -z "$Compression" -o "$Compression"="yes" -o "$Compression"="no" ] \ + || append_string "error" "Compression must be 'yes' or 'no'" "; " + [ -z "$CompressionLevel" ] || [ "$CompressionLevel" -ge 1 -a "$CompressionLevel" -le 9 ] \ + || append_string "error" "CompressionLevel must be between 1 and 9" "; " + [ -z "$IdentityFile" -o -f "$IdentityFile" ] \ + || append_string "error" "IdentityFile $IdentityFile not accessible" "; " + [ -z "$LogLevel" -o "$LogLevel" = "QUIET" -o "$LogLevel" = "FATAL" -o "$LogLevel" = "ERROR" -o \ + "$LogLevel" = "INFO" -o "$LogLevel" = "VERBOSE" -o "$LogLevel" = "DEBUG" -o \ + "$LogLevel" = "DEBUG1" -o "$LogLevel" = "DEBUG2" -o "$LogLevel" = "DEBUG3" ] \ + || append_string "error" "LogLevel is invalid" "; " + [ -z "$ServerAliveCountMax" ] || [ "$ServerAliveCountMax" -ge 1 ] \ + || append_string "error" "ServerAliveCountMax must be greater or equal than 1" "; " + [ -z "$ServerAliveInterval" ] || [ "$ServerAliveInterval" -ge 0 ] \ + || append_string "error" "ServerAliveInterval must be greater or equal than 0" "; " + [ -z "$StrictHostKeyChecking" -o "$StrictHostKeyChecking" = "yes" -o "$StrictHostKeyChecking" = "ask" -o "$StrictHostKeyChecking" = "no" ] \ + || append_string "error" "StrictHostKeyChecking must be 'yes', 'ask' or 'no'" "; " + [ -z "$TCPKeepAlive" -o "$TCPKeepAlive" = "yes" -o "$TCPKeepAlive" = "no" ] \ + || append_string "error" "TCPKeepAlive must be 'yes' or 'no'" "; " + [ -z "$VerifyHostKeyDNS" -o "$VerifyHostKeyDNS" = "yes" -o "$VerifyHostKeyDNS" = "no" ] \ + || append_string "error" "VerifyHostKeyDNS must be 'yes' or 'no'" "; " + + [ -n "$error" ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; } + + + ARGS="" + ARGS_options="" + ARGS_tunnels="" + + count=0 + config_foreach load_tunnelR tunnelR && config_foreach load_tunnelL tunnelL && config_foreach load_tunnelD tunnelD + [ -n "$error" ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; } + [ "$count" -eq 0 ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - no tunnels defined"; return; } + + append_params CheckHostIP Compression CompressionLevel IdentityFile LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval StrickHostKeyChecking TCPKeepAlive VerifyHostKeyDNS + ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels $user@$hostname" + + /usr/bin/sshtunnel.sh "$ARGS" "$retrydelay" "$server" & + echo $! >> "$PIDFILE".pids + logger -p user.info -t "sshtunnel" "started tunnels to $server (pid=$!;retrydelay=$retrydelay)" +} + +stop() { + if [ -f "$PIDFILE".pids ] + then + logger -p user.info -t "sshtunnel" "stopping all tunnels" + + while read pid + do + start-stop-daemon -K -p "$PIDFILE"_"$pid".pid + kill $pid + logger -p daemon.info -t "sshtunnel[$pid]" "tunnel stopped" + rm "$PIDFILE"_"$pid".pid + done < "$PIDFILE".pids + + rm "$PIDFILE".pids + + logger -p user.info -t "sshtunnel" "all tunnels stopped" + else + logger -p user.info -t "sshtunnel" "no tunnels running" + fi +} + +start() { + [ -f "$PIDFILE".pids ] && stop + + config_load sshtunnel + if [ -n "$(uci show sshtunnel.@server[0])" ] # at least one server section exists + then + logger -p user.info -t "sshtunnel" "starting all tunnels" + config_foreach load_server server + logger -p user.info -t "sshtunnel" "all tunnels started" + else + logger -p user.info -t "sshtunnel" "no servers defined" + fi +} diff --git a/net/sshtunnel/files/usr/bin/sshtunnel.sh b/net/sshtunnel/files/sshtunnel.sh old mode 100755 new mode 100644 similarity index 100% rename from net/sshtunnel/files/usr/bin/sshtunnel.sh rename to net/sshtunnel/files/sshtunnel.sh diff --git a/net/sshtunnel/files/uci_sshtunnel b/net/sshtunnel/files/uci_sshtunnel new file mode 100644 index 0000000000..573bbe94e3 --- /dev/null +++ b/net/sshtunnel/files/uci_sshtunnel @@ -0,0 +1,51 @@ +# +# password authentication is not possible, public key authentication must be used. +# set "option IdentityFile" to he file from which the identity (private key) for RSA or DSA authentication is read. +# The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. +# ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames. +# + +#config server disney +# option user mourinho +# option hostname server.disney.com +# option port 22 +# option retrydelay 1 +# option CheckHostIP yes +# option Compression no +# option CompressionLevel 6 +# option IdentityFile ~/.ssh/id_rsa +# option LogLevel INFO +# option PKCS11Provider /lib/pteidpkcs11.so +# option ServerAliveCountMax 3 +# option ServerAliveInterval 0 +# option StrictHostKeyChecking ask +# option TCPKeepAlive yes +# option VerifyHostKeyDNS yes + +# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at +# remoteaddress:remoteport and then forwarded to localaddress:localport +# +#config tunnelR http +# option server disney +# option remoteaddress * +# option remoteport 9009 +# option localaddress 192.168.1.13 +# option localport 80 + +# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at +# localaddress:localport and then forwarded to remoteaddress:remoteport +# +#config tunnelL test +# option server disney +# option localaddress * +# option localport 1022 +# option remoteaddress secretserver.disney.com +# option remoteport 22 + +# tunnelD(ynamic) - when the connection will be initiated with the SOCKS4 or SOCKS5 protocol +# to the local endpoint at localaddress:localport and then forwarded over the remote host +# +#config tunnelD proxy +# option server disney +# option localaddress * +# option localport 4055 -- 2.30.2