Browse Source

sshtunnel: move to github

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Nuno Goncalves 10 years ago
parent
commit
73392f3ff3

+ 48
- 0
net/sshtunnel/Makefile View File

@@ -0,0 +1,48 @@
1
+#
2
+# Copyright (C) 2010-2014 OpenWrt.org
3
+# Copyright (C) 2010 segal.di.ubi.pt
4
+#
5
+# This is free software, licensed under the GNU General Public License v2.
6
+# See /LICENSE for more information.
7
+#
8
+
9
+include $(TOPDIR)/rules.mk
10
+
11
+PKG_NAME:=sshtunnel
12
+PKG_VERSION:=3
13
+PKG_RELEASE:=3
14
+PKG_LICENSE:=GPL-2.0+
15
+
16
+PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
17
+
18
+include $(INCLUDE_DIR)/package.mk
19
+
20
+define Package/sshtunnel
21
+  SECTION:=net
22
+  CATEGORY:=Network
23
+  SUBMENU:=SSH
24
+  TITLE:=Manages Local and Remote openssh ssh(1) tunnels
25
+  DEPENDS:=+openssh-client
26
+endef
27
+
28
+define Package/sshtunnel/description
29
+Creates openssh ssh(1) Local and Remote tunnels configured in UCI file. Can be used to allow remote connections, possibly over NATed connections or without public IP/DNS
30
+endef
31
+
32
+define Package/sshtunnel/conffiles
33
+/etc/config/sshtunnel
34
+endef
35
+
36
+define Build/Compile
37
+endef
38
+
39
+define Package/sshtunnel/install
40
+	$(INSTALL_DIR) $(1)/etc/init.d
41
+	$(INSTALL_BIN) ./files/sshtunnel.init $(1)/etc/init.d/sshtunnel
42
+	$(INSTALL_DIR) $(1)/usr/bin
43
+	$(INSTALL_BIN) ./files/sshtunnel.sh $(1)/usr/bin/
44
+	$(INSTALL_DIR) $(1)/etc/config
45
+	$(INSTALL_DATA) ./files/uci_sshtunnel $(1)/etc/config/sshtunnel
46
+endef
47
+
48
+$(eval $(call BuildPackage,sshtunnel))

+ 203
- 0
net/sshtunnel/files/sshtunnel.init View File

@@ -0,0 +1,203 @@
1
+#!/bin/sh /etc/rc.common
2
+
3
+START=99
4
+STOP=01
5
+
6
+PIDFILE="/tmp/run/sshtunnel"
7
+
8
+
9
+append_params() {
10
+	local p; local v; local args;
11
+	for p in $*; do
12
+		eval "v=\$$p"
13
+		[ -n "$v" ] && args="$args -o $p=$v"
14
+	done
15
+	
16
+	ARGS_options="${args# *}"
17
+}
18
+
19
+append_string() {
20
+	local varname="$1"; local add="$2"; local separator="${3:- }"; local actual
21
+	eval "actual=\$$varname"
22
+
23
+	new="${actual:+$actual$separator}$add"
24
+	eval "$varname=\$new"
25
+}
26
+
27
+load_tunnelR() {
28
+	config_get section_server $1 server
29
+	[ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server
30
+	let count++ # count nr of valid sections to make sure there are at least one
31
+
32
+	config_get remoteaddress $1 remoteaddress "*"
33
+	config_get remoteport 	$1 remoteport
34
+	config_get localaddress $1 localaddress
35
+	config_get localport	$1 localport
36
+	
37
+        [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelR: $1]remoteport must be a positive integer" "; "
38
+        [ "$localport" -gt 0 ] 	|| append_string "error" "[tunnelR: $1]localport must be a positive integer" "; "
39
+	[ -n "$error" ] && return 1
40
+
41
+	append_string "ARGS_tunnels" "-R $remoteaddress:$remoteport:$localaddress:$localport"
42
+}
43
+
44
+load_tunnelL() {
45
+	config_get section_server $1 server
46
+	[ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server
47
+	let count++ # count nr of valid sections to make sure there are at least one
48
+
49
+	config_get localaddress $1 localaddress "*"	
50
+	config_get localport	$1 localport
51
+	config_get remoteaddress $1 remoteaddress
52
+	config_get remoteport 	$1 remoteport
53
+
54
+        [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelL: $1]remoteport must be a positive integer" "; "
55
+        [ "$localport" -gt 0 ] 	|| append_string "error" "[tunnelL: $1]localport must be a positive integer" "; "
56
+	[ -n "$error" ] && return 1
57
+
58
+	append_string "ARGS_tunnels" "-L $localaddress:$localport:$remoteaddress:$remoteport"
59
+}
60
+
61
+load_tunnelD() {
62
+	config_get section_server $1 server
63
+	[ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server
64
+	let count++ # count nr of valid sections to make sure there are at least one
65
+
66
+	config_get localaddress $1 localaddress "*"
67
+	config_get localport	$1 localport
68
+
69
+        [ "$remoteport" -gt 0 ] || append_string "error" "[tunnelD: $1]remoteport must be a positive integer" "; "
70
+        [ "$localport" -gt 0 ] 	|| append_string "error" "[tunnelD: $1]localport must be a positive integer" "; "
71
+	[ -n "$error" ] && return 1
72
+
73
+	append_string "ARGS_tunnels" "-D $localaddress:$localport"
74
+}
75
+
76
+load_tunnelW() {
77
+        config_get section_server $1 server
78
+        [ "$server" = "$section_server" ] || return 0 # continue to read next section if this is not for the current server
79
+        let count++ # count nr of valid sections to make sure there are at least one
80
+
81
+        config_get localdev     $1 localdev "*"
82
+        config_get remotedev    $1 remotedev "*"
83
+        config_get vpntype      $1 vpntype "*"
84
+
85
+        [ "$vpntype" == "ethernet" ] || [ "$vpntype" == "point-to-point" ] || append_string "error" "[tunnelW: $1] vpntype must be \"ethernet\" (tap) or \"pointopoint\" (tun)" "; "
86
+        [ "$localdev" == "any" ] || [ "$localdev" -ge 0 ] || append_string "error" "[tunnelW: $1] localdev must be an integer or \"any\"" "; "
87
+        [ "$remotedev" == "any" ] || [ "$remotedev" -ge 0 ] || append_string "error" "[tunnelW: $1] remotedev must be an integer or \"any\"" "; "
88
+        [ "$user" == "root" ] || logger -p user.warn -t "sshtunnel" "warning: root is required unless the tunnel device has been created manually"
89
+        [ -n "$error" ] && return 1
90
+
91
+        append_string "ARGS_tunnels" "-w $localdev:$remotedev -o Tunnel=$vpntype"
92
+}
93
+
94
+load_server() {
95
+	server="$1"
96
+
97
+	config_get user 	$1 user
98
+	config_get hostname 	$1 hostname
99
+	config_get port		$1 port		"22"
100
+	config_get retrydelay 	$1 retrydelay	"60"
101
+	config_get PKCS11Provider	$1 PKCS11Provider
102
+	config_get CheckHostIP		$1 CheckHostIP
103
+	config_get Compression		$1 Compression
104
+	config_get CompressionLevel 	$1 CompressionLevel
105
+	config_get IdentityFile		$1 IdentityFile
106
+	config_get LogLevel 		$1 LogLevel
107
+	config_get ServerAliveCountMax 	$1 ServerAliveCountMax
108
+	config_get ServerAliveInterval 	$1 ServerAliveInterval
109
+	config_get StrictHostKeyChecking $1 StrictHostKeyChecking
110
+	config_get TCPKeepAlive		$1 TCPKeepAlive
111
+	config_get VerifyHostKeyDNS 	$1 VerifyHostKeyDNS
112
+		
113
+	error=""
114
+        [ -n "$user" ] \
115
+		|| append_string "error" "user is not set" "; "
116
+        [ -n "$hostname" ] \
117
+		|| append_string "error" "hostname is not set" "; "
118
+        [ "$retrydelay" -ge 1 ] \
119
+		|| append_string "error" "retrydelay must be a positive integer" "; "
120
+	[ -z "$PKCS11Provider" -o -f "$PKCS11Provider" ] \
121
+		|| append_string "error" "PKCS11Provider must be a pkcs11 shared library accessible" "; "
122
+	[ -z "$CheckHostIP" -o "$CheckHostIP"="yes" -o "$CheckHostIP"="no" ] \
123
+		|| append_string "error" "CheckHostIP must be 'yes' or 'no'" "; "
124
+	[ -z "$Compression" -o "$Compression"="yes" -o "$Compression"="no" ] \
125
+		|| append_string "error" "Compression must be 'yes' or 'no'" "; "
126
+	[ -z "$CompressionLevel" ] || [ "$CompressionLevel" -ge 1 -a "$CompressionLevel" -le 9 ] \
127
+		|| append_string "error" "CompressionLevel must be between 1 and 9" "; "
128
+	[ -z "$IdentityFile" -o -f "$IdentityFile" ] \
129
+		|| append_string "error" "IdentityFile $IdentityFile not accessible" "; "	
130
+	[ -z "$LogLevel" -o "$LogLevel" = "QUIET" -o "$LogLevel" = "FATAL" -o "$LogLevel" = "ERROR" -o \
131
+	 	"$LogLevel" = "INFO" -o "$LogLevel" = "VERBOSE" -o "$LogLevel" = "DEBUG" -o \
132
+		"$LogLevel" = "DEBUG1" -o "$LogLevel" = "DEBUG2" -o "$LogLevel" = "DEBUG3" ] \
133
+		|| append_string "error" "LogLevel is invalid" "; "
134
+	[ -z "$ServerAliveCountMax" ] || [ "$ServerAliveCountMax" -ge 1 ] \
135
+		|| append_string "error" "ServerAliveCountMax must be greater or equal than 1" "; "
136
+	[ -z "$ServerAliveInterval" ] || [ "$ServerAliveInterval" -ge 0 ] \
137
+		|| append_string "error" "ServerAliveInterval must be greater or equal than 0" "; "
138
+	[ -z "$StrictHostKeyChecking" -o "$StrictHostKeyChecking" = "yes" -o "$StrictHostKeyChecking" = "ask" -o "$StrictHostKeyChecking" = "no" ] \
139
+		|| append_string "error" "StrictHostKeyChecking must be 'yes', 'ask' or 'no'" "; "
140
+	[ -z "$TCPKeepAlive" -o "$TCPKeepAlive" = "yes" -o "$TCPKeepAlive" = "no" ] \
141
+		|| append_string "error" "TCPKeepAlive must be 'yes' or 'no'" "; "
142
+	[ -z "$VerifyHostKeyDNS" -o "$VerifyHostKeyDNS" = "yes" -o "$VerifyHostKeyDNS" = "no" ] \
143
+		|| append_string "error" "VerifyHostKeyDNS must be 'yes' or 'no'" "; "
144
+
145
+	[ -n "$error" ] && { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; }
146
+        
147
+
148
+	ARGS=""
149
+	ARGS_options=""
150
+        ARGS_tunnels=""
151
+
152
+	count=0
153
+        config_foreach load_tunnelR tunnelR && config_foreach load_tunnelL tunnelL && config_foreach load_tunnelD tunnelD
154
+	[ -n "$error" ] 	&& { logger -p user.err -t "sshtunnel" "tunnels to $server not started - $error"; return; }
155
+	[ "$count" -eq 0 ] 	&& { logger -p user.err -t "sshtunnel" "tunnels to $server not started - no tunnels defined"; return; }
156
+
157
+	append_params CheckHostIP Compression CompressionLevel IdentityFile LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval StrictHostKeyChecking TCPKeepAlive VerifyHostKeyDNS
158
+	ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels -p $port $user@$hostname"
159
+
160
+	/usr/bin/sshtunnel.sh "$ARGS" "$retrydelay" "$server" &
161
+	echo $! >> "${PIDFILE}.pids"
162
+	logger -p user.info -t "sshtunnel" "started tunnels to $server (pid=$!;retrydelay=$retrydelay)" 
163
+}
164
+
165
+stop() {
166
+        if [ -f "$PIDFILE".pids ]
167
+        then
168
+                logger -p user.info -t "sshtunnel" "stopping all tunnels"
169
+                
170
+                while read pid
171
+                do
172
+			kill "$pid"	# kill mother process first
173
+
174
+			[ -f "${PIDFILE}_${pid}.pid" ] && { # if ssh was running, kill it also (mother process could be in retry wait)
175
+				start-stop-daemon -K -p "${PIDFILE}_${pid}.pid"
176
+				rm "${PIDFILE}_${pid}.pid"
177
+			}
178
+			
179
+			logger -p daemon.info -t "sshtunnel[$pid]" "tunnel stopped"
180
+			
181
+		done < "${PIDFILE}.pids"
182
+
183
+		rm "${PIDFILE}.pids"
184
+
185
+                logger -p user.info -t "sshtunnel" "all tunnels stopped"
186
+        else
187
+                logger -p user.info -t "sshtunnel" "no tunnels running"
188
+        fi
189
+}
190
+
191
+start() {
192
+        [ -f "${PIDFILE}.pids" ] && stop
193
+        
194
+	config_load sshtunnel
195
+	if [ -n "$(uci show sshtunnel.@server[0])" ] # at least one server section exists
196
+	then        
197
+		logger -p user.info -t "sshtunnel" "starting all tunnels"
198
+		config_foreach load_server server       
199
+		logger -p user.info -t "sshtunnel" "all tunnels started"	
200
+	else
201
+		logger -p user.info -t "sshtunnel" "no servers defined"
202
+	fi
203
+}

+ 21
- 0
net/sshtunnel/files/sshtunnel.sh View File

@@ -0,0 +1,21 @@
1
+#!/bin/sh 
2
+
3
+PIDFILE="/tmp/run/sshtunnel"
4
+
5
+args="$1"
6
+retrydelay="$2"
7
+server="$3"
8
+
9
+while true
10
+do
11
+	logger -p daemon.info -t "sshtunnel[$$][$server]" "connection started"
12
+	
13
+	start-stop-daemon -S -p "${PIDFILE}_${$}.pid" -mx ssh -- $args &>/tmp/log/sshtunnel_$$ 
14
+	
15
+	logger -p daemon.err -t "sshtunnel[$$][$server]" < /tmp/log/sshtunnel_$$
16
+	rm /tmp/log/sshtunnel_$$
17
+	logger -p daemon.info -t "sshtunnel[$$][$server]" "ssh exited with code $?, retrying in $retrydelay seconds"
18
+	rm "${PIDFILE}_${$}.pid"
19
+
20
+	sleep "$retrydelay" & wait
21
+done

+ 63
- 0
net/sshtunnel/files/uci_sshtunnel View File

@@ -0,0 +1,63 @@
1
+#
2
+# password authentication is not possible, public key authentication must be used.
3
+# set "option IdentityFile" to he file from which the identity (private key) for RSA or DSA authentication is read.  
4
+# The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2.
5
+# ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
6
+#
7
+
8
+#config server disney
9
+#	option user			mourinho
10
+#	option hostname			server.disney.com
11
+#	option port			22
12
+#	option retrydelay		1	
13
+#	option CheckHostIP		yes
14
+#	option Compression		no
15
+#	option CompressionLevel		6
16
+#	option IdentityFile		~/.ssh/id_rsa
17
+#	option LogLevel			INFO
18
+#	option PKCS11Provider		/lib/pteidpkcs11.so
19
+#	option ServerAliveCountMax	3
20
+#	option ServerAliveInterval	0
21
+#	option StrictHostKeyChecking	ask
22
+#	option TCPKeepAlive		yes
23
+#	option VerifyHostKeyDNS		yes
24
+
25
+# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at
26
+# remoteaddress:remoteport and then forwarded to localaddress:localport
27
+#
28
+#config tunnelR http
29
+#	option server		disney
30
+#	option remoteaddress	*
31
+#	option remoteport	9009
32
+#	option localaddress	192.168.1.13
33
+#	option localport	80
34
+
35
+# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at
36
+# localaddress:localport and then forwarded to remoteaddress:remoteport 
37
+#
38
+#config tunnelL test
39
+#	option server		disney
40
+#	option localaddress	*
41
+#	option localport	1022
42
+#	option remoteaddress	secretserver.disney.com
43
+#	option remoteport	22
44
+
45
+# tunnelD(ynamic) - when the connection will be initiated with the SOCKS4 or SOCKS5 protocol
46
+# to the local endpoint at localaddress:localport and then forwarded over the remote host
47
+#
48
+#config tunnelD proxy
49
+#	option server		disney
50
+#	option localaddress	*
51
+#	option localport	4055
52
+
53
+# tunnelW - creates TUN/TAP devices on client and server to establish a VPN tunnel between them
54
+# vpntypes:
55
+#  point-to-point = TUN
56
+#  ethernet = TAP
57
+#
58
+#config tunnelW proxy
59
+#	option server           disney
60
+#	option vpntype		point-to-point|ethernet
61
+#	option localdev		any|0|1|2|...
62
+#	option remotedev	any|0|1|2|...
63
+