diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4aef578 --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +debian/vyatta-sslh +debian/vyatta-sslh.debhelper.log +debian/vyatta-sslh.substvars +debian/files +tmp/* +/Makefile +/Makefile.in +/aclocal.m4 +/autom4te.cache/ +/config.* +/configure +/m4/ +/stamp-h? +.deps/ +.dirstamp +*.o +*~ +INSTALL +config +build-stamp diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..47bc785 --- /dev/null +++ b/AUTHORS @@ -0,0 +1,2 @@ +Dominik Malis +Bronislav Robenek diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..3912109 --- /dev/null +++ b/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/ChangeLog b/ChangeLog new file mode 120000 index 0000000..d526672 --- /dev/null +++ b/ChangeLog @@ -0,0 +1 @@ +debian/changelog \ No newline at end of file diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..da310e8 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,24 @@ +cfgdir = $(datadir)/vyatta-cfg/templates +opdir = $(datadir)/vyatta-op/templates +curverdir = $(sysconfdir)/config-migrate/current +bin_sudo_usersdir = $(bindir)/sudo-users + +vprefix = /opt/vyatta +vsbindir = $(vprefix)/sbin + +bin_SCRIPTS = scripts/vyatta-show-sslh.pl + +sbin_SCRIPTS = scripts/vyatta-update-sslh.pl + +bin_sudo_users_SCRIPTS = + +curver_DATA = + +cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ + cpio -0pd + +install-exec-hook: + mkdir -p $(DESTDIR)$(cfgdir) + cd templates-cfg; $(cpiop) $(DESTDIR)$(cfgdir) + mkdir -p $(DESTDIR)$(opdir) + cd templates-op; $(cpiop) $(DESTDIR)$(opdir) diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..f7054fb --- /dev/null +++ b/NEWS @@ -0,0 +1 @@ +This is initial release. diff --git a/README b/README new file mode 100644 index 0000000..ea2c7d2 --- /dev/null +++ b/README @@ -0,0 +1,3 @@ +This package provides Vyatta/VyOS SSLH configuration, templates and scripts. + +See README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..5d9fd27 --- /dev/null +++ b/README.md @@ -0,0 +1,138 @@ +# vyatta-sslh + +This package provides Vyatta/VyOS [http://www.rutschle.net/tech/sslh.shtml](SSLH) configuration, templates and scripts. + +SSLH is SSL multiplexer which provides port-sharing of same TCP port for multiple applications - more information at http://www.rutschle.net/tech/sslh.shtml + +## Authors + +* Bronislav Robenek +* Dominik Malis + +Used software: + +* Configuration script is derived from [ubnt-igmpproxy](http://www.ubnt.com/download/) script by Stig Thormodsrud from Ubiquiti Networks, Inc. +* Vyatta/VyOS package is based on [vyatta-dummy](https://github.com/vyos/vyatta-dummy) package by SO3 Group, including Daniil Baturin. + +## Supported versions + +Tested with: + +* sslh (1.15-1) from jessie +* VyOS 1.0.4 hydrogen + +## Usage + +Example Vyatta/VyOS configuration: + + service { + ssl-port-sharing { + mode select + port 443 + protocol http { + address 192.168.1.5 + port 443 + } + protocol openvpn { + address 127.0.0.1 + port 1194 + } + protocol ssh { + address 192.168.1.10 + port 22 + } + } + } + +## Installation of SSLH in VyOS/Vyatta + +To easily install recent software including sslh add jessie and squeeze (optional) repository to VyOS/Vyatta. + + # set system package repository jessie components 'main' + # set system package repository jessie distribution 'jessie' + # set system package repository jessie url 'http://mirrors.kernel.org/debian' + + # set system package repository squeeze components 'main' + # set system package repository squeeze distribution 'squeeze' + # set system package repository squeeze url 'http://mirrors.kernel.org/debian' + # commit + +To install only single package (eg. sslh) it is reasonable idea to pin current packages: + + $ cat /etc/apt/preferences + Package: * + Pin: release n=hydrogen + Pin-Priority: 1000 + + $ cat /etc/apt/preferences.d/squeeze.pref + Package: * + Pin: release n=squeeze + Pin-Priority: 700 + + $ cat /etc/apt/preferences.d/jessie.pref + Package: * + Pin: release n=jessie + Pin-Priority: 90 + +Then update & upgrade system - be careful no packages should be upgraded. + + # Should proceed with no problems + $ sudo apt-get update + + # Verify priorities + $ sudo apt-cache policy + + # Almost no or zero packages should be upgraded + $ sudo apt-get upgrade + +A) Install sslh from jessie (with dependencies): + + # You will be asked about installation/upgrade plan + $ sudo apt-get -t jessie install sslh + +B) Install sslh from jessie (one by one package): + + # You will have to selectively upgrade unmet dependencies (eg. libc6) + $ sudo apt-get install sslh/jessie + +## Installation of vyatta-sslh in VyOS/Vyatta + +### Disabling Debian sslh init.d script + + $ sudo update-rc.d -f sslh remove + +### A) Use custom repository +This repository is only temporary and is provided as-is with no guarantees. vyatta-sslh may be once integrated into VyOS community repository. + + $ echo "deb http://packages.robenek.me debian/" > /etc/apt/sources.list.d/robenek.list + $ sudo apt-get update + $ sudo apt-get install vyatta-sslh + +### B) Use downloaded .deb file + + $ wget http://packages.robenek.me/debian/vyatta-sslh_1.0.0_all.deb + $ sudo dpkg -i vyatta-sslh_1.0.0_all.deb + +### C) Compile from source + + $ aptitude install build-essential devscripts debhelper autotools-dev autoconf fakeroot automake + $ git clone https://github.com/brona/vyatta-sslh + $ cd vyatta-sslh + $ debuild -us -uc + +## Technical details + +This package is just a wrapper for sslh. + +Configuration is written to /etc/sslh.conf. + +sslh is started using `start-stop-daemon`. + +## Unsupported features / future development +We would like to encourage anyone to contribute to this package. We will be glad to accept any pull-requests. + +Currently these features are missing: + +* sslh is binding to 0.0.0.0 only (there is no option). +* There is no support for transparent mode of sslh. + diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..9a19617 --- /dev/null +++ b/configure.ac @@ -0,0 +1,32 @@ +# Process this file with autoconf to produce a configure script. +AC_PREREQ(2.59) + +m4_define([VERSION_ID], [m4_esyscmd([ + if test -f .version ; then + head -n 1 .version | tr -d \\n + else + echo -n 2.4 + fi])]) +AC_INIT([vyatta-sslh], VERSION_ID, [brona@robenek.me]) + +test -n "$VYATTA_VERSION" || VYATTA_VERSION=$PACKAGE_VERSION + +AC_CONFIG_AUX_DIR([config]) +AM_INIT_AUTOMAKE([gnu no-dist-gzip dist-bzip2 subdir-objects]) +AC_PREFIX_DEFAULT([/opt/vyatta]) + +AC_ARG_ENABLE([nostrip], + AC_HELP_STRING([--enable-nostrip], + [include -nostrip option during packaging]), + [NOSTRIP=-nostrip], [NOSTRIP=]) + +AC_CONFIG_FILES([Makefile]) + +AC_SUBST(NOSTRIP) + +AC_PROG_CC +AC_PROG_CXX +AM_PROG_AS +AM_PROG_CC_C_O +AC_OUTPUT + diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..d9eb277 --- /dev/null +++ b/debian/README @@ -0,0 +1,6 @@ +The Debian Package vyatta-sslh +------------------------------- + +This package provides configuration for sslh in Vyatta/VyOS. + + -- Bronislav Robenek Sun, 20 Jul 2014 23:27:05 +0200 diff --git a/debian/autogen.sh b/debian/autogen.sh new file mode 100755 index 0000000..8c0c048 --- /dev/null +++ b/debian/autogen.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +rm -rf config +rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL + +autoreconf --force --install + +rm -f config.sub config.guess +ln -s /usr/share/misc/config.sub . +ln -s /usr/share/misc/config.guess . diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..8dc345e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +vyatta-sslh (1.0.0) internal; urgency=low + + * Initial Release. + + -- Bronislav Robenek Sun, 20 Jul 2014 23:27:05 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..945a910 --- /dev/null +++ b/debian/control @@ -0,0 +1,16 @@ +Source: vyatta-sslh +Section: contrib/net +Priority: extra +Maintainer: Bronislav Robenek +Standards-Version: 3.9.1 +Build-Depends: debhelper (>= 5), autotools-dev, autoconf + +Package: vyatta-sslh +Architecture: all +Depends: vyatta-cfg-system, + vyatta-cfg, + vyatta-op, + sslh (>= 1.15), + ${misc:Depends} +Description: Vyos/Vyatta SSLH configuration utilities + Vyos/Vyatta SSLH configuration utilities, templates and scripts. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..cdae92f --- /dev/null +++ b/debian/copyright @@ -0,0 +1,37 @@ +This package was debianized by Bronislav Robenek on +Sun, 20 Jul 2014. + +It's original content from the GIT repository + + +Upstream Author: + + + + +Copyright: + + Copyright (C) 2014 Bronislav Robenek and Dominik Malis + All Rights Reserved. + +License: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +A copy of the GNU General Public License is available as +`/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +You can also obtain it by writing to the Free Software Foundation, +Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +MA 02110-1301, USA. + +The Debian packaging is (C) 2014, Bronislav Robenek and +is licensed under the GPL, see above. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +README diff --git a/debian/lintian b/debian/lintian new file mode 100644 index 0000000..8e8b3fc --- /dev/null +++ b/debian/lintian @@ -0,0 +1,2 @@ +vyatta-sslh: file-in-unusual-dir +vyatta-sslh: dir-or-file-in-opt diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..cc293bf --- /dev/null +++ b/debian/rules @@ -0,0 +1,105 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +PACKAGE=vyatta-sslh +PKGDIR=$(CURDIR)/debian/$(PACKAGE) + +CFLAGS = -Wall -g + +configure = ./configure +configure += --host=$(DEB_HOST_GNU_TYPE) +configure += --build=$(DEB_BUILD_GNU_TYPE) +configure += --prefix=/opt/vyatta +configure += --mandir=\$${prefix}/share/man +configure += --infodir=\$${prefix}/share/info +configure += CFLAGS="$(CFLAGS)" +configure += LDFLAGS="-Wl,-z,defs" + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure.ac Makefile.am + chmod +x debian/autogen.sh + debian/autogen.sh + +config.status: configure + dh_testdir + rm -f config.cache + $(configure) + +build: build-stamp + +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: clean-patched + +# Clean everything up, including everything auto-generated +# at build time that needs not to be kept around in the Debian diff +clean-patched: + dh_testdir + dh_testroot + if test -f Makefile ; then $(MAKE) clean distclean ; fi + rm -f build-stamp + rm -f config.status config.sub config.guess config.log + rm -f aclocal.m4 configure Makefile.in Makefile INSTALL + rm -rf config + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(PKGDIR) install + + install -D --mode=0644 debian/lintian $(PKGDIR)/usr/share/lintian/overrides/$(PACKAGE) + +# Build architecture-independent files here. +binary-indep: build install + rm -f debian/files + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install + dh_installdebconf + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + if [ -f "../.VYATTA_DEV_BUILD" ]; then \ + dh_gencontrol -- -v999.dev; \ + else \ + dh_gencontrol; \ + fi + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# This is an architecture independent package +# so; we have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/scripts/vyatta-show-sslh.pl b/scripts/vyatta-show-sslh.pl new file mode 100755 index 0000000..48a443f --- /dev/null +++ b/scripts/vyatta-show-sslh.pl @@ -0,0 +1,80 @@ +#!/usr/bin/perl +# +# Module: vyatta-show-sslh.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Ubiquiti, Inc. +# Portions created by Ubiquiti are Copyright (C) 2011 Ubiquiti, Inc. +# All Rights Reserved. +# +# Author: Bronislav Robenek +# Author: Dominik Malis +# Date: July 2014 +# Description: Script to configure sslh +# +# **** End License **** + +use strict; +use warnings; + +use lib '/opt/vyatta/share/perl5'; +use Vyatta::Config; + +my $config_path = 'service ssl-port-sharing'; +my $config = new Vyatta::Config; +$config->setLevel($config_path); + +my $pidfile = '/var/run/sslh.pid'; +my $pid = `cat $pidfile`; +chomp $pid; +my $pid_running = 0; + +if ( -e "/proc/$pid/status") { + $pid_running = 1; +} + +if ( $pid_running ) { + print "SSL Port-sharing IS operational (PID = $pid).\n"; + my $port = $config->returnOrigValue('port'); + my $address = "0.0.0.0"; + my $mode = $config->returnOrigValue('mode'); + print "Forwarding in $mode mode from $address:$port to:\n\n"; + + my $format = "%-10s %-20s %-6s\n"; + printf($format, "Protocol","IP Address","Port"); + printf($format, "--------","------------------","-----"); + + my @protocols = $config->listOrigNodes('protocol'); + foreach my $prot (@protocols) { + $config->setLevel("$config_path protocol $prot"); + my $a = $config->returnOrigValue('address'); + my $p = $config->returnOrigValue('port'); + printf($format, $prot, $a, $p); + } +} +else { + $config->setLevel(""); + if ($config->existsOrig($config_path)) { + if($config->existsOrig("$config_path disable")) { + print "SSL Port-sharing IS DISABLED.\n"; + } + else { + print "SSL Port-sharing IS NOT running.\n"; + } + } + else { + print "SSL Port-sharing IS NOT configured.\n"; + } +} + +exit; +# end of file diff --git a/scripts/vyatta-update-sslh.pl b/scripts/vyatta-update-sslh.pl new file mode 100755 index 0000000..4925927 --- /dev/null +++ b/scripts/vyatta-update-sslh.pl @@ -0,0 +1,247 @@ +#!/usr/bin/perl +# +# Module: vyatta-update-sslh.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Ubiquiti, Inc. +# Portions created by Ubiquiti are Copyright (C) 2011 Ubiquiti, Inc. +# All Rights Reserved. +# +# This script is derived from ubnt-igmpproxy configuration script by: +# Author: Stig Thormodsrud +# Date: July 2011 +# Description: Script to configure igmpproxy +# +# Author: Dominik Malis +# Author: Bronislav Robenek +# Date: July 2014 +# Description: Script to configure sslh +# +# **** End License **** + +use Getopt::Long; +use POSIX; +use File::Basename; +use File::Compare; +use NetAddr::IP; + +use lib '/opt/vyatta/share/perl5'; +use Vyatta::Config; +use Vyatta::Interface; + +use warnings; +use strict; + +my $daemon = '/usr/sbin/sslh'; +my $pidfile = '/var/run/sslh.pid'; +my $conffile = '/etc/sslh.conf'; + +sub is_running { + my ($pid_file) = @_; + + if (defined $pid_file and -f $pid_file) { + my $pid = `cat $pid_file`; + chomp $pid; + my $ps = `ps -p $pid -o comm=`; + + if (defined($ps) && $ps ne "") { + return 1; + } + } + return 0; +} + +sub is_disabled { + my $config = new Vyatta::Config; + $config->setLevel('service ssl-port-sharing'); + return 1 if $config->exists('disable'); + return; +} + +sub is_same_as_file { + my ($file, $value) = @_; + + return if ! -e $file; + + my $mem_file = ''; + open my $MF, '+<', \$mem_file or die "couldn't open memfile $!\n"; + print $MF $value; + seek($MF, 0, 0); + + my $rc = compare($file, $MF); + return 1 if $rc == 0; + return; +} + +sub write_conf_file { + my ($file, $config) = @_; + + # Avoid unnecessary writes. At boot the file will be the + # regenerated with the same content. + return if is_same_as_file($file, $config); + + open(my $fh, '>', $file) || die "Couldn't open $file - $!"; + print $fh $config; + close $fh; + return 1; +} + +sub validate_config { + my $config = new Vyatta::Config; + + my $path = 'service ssl-port-sharing'; + $config->setLevel($path); + + my @protocols = $config->listNodes('protocol'); + if (scalar(@protocols) < 1) { + print "Error: must define at least 1 protocol\n"; + exit 1; + } + my $upstream = 0; + foreach my $prot (@protocols) { + $config->setLevel("$path protocol $prot"); + if (! $config->exists('address')) { + print "Error: must define address for protocol $prot\n"; + exit 1; + } + if (! $config->exists('port')) { + print "Error: must define port for protocol $prot\n"; + exit 1; + } + } +} + +sub get_config_static { + my $output = ''; + + $output .= "#\n# autogenerated by $0\n#\n"; + $output .= "\n"; + $output .= "user: \"nobody\";\n"; +} + +sub get_config { + + my $config = new Vyatta::Config; + my $output = get_config_static(); + + my $path = 'service ssl-port-sharing'; + $config->setLevel($path); + + $output .= "\n"; + $output .= "listen:\n"; + $output .= "(\n"; + if ($config->exists('port')) { + my $port = $config->returnValue('port'); + $output .= " { host: \"0.0.0.0\"; port: \"$port\"; }\n"; + } else { + $output .= " { host: \"0.0.0.0\"; port: \"443\"; }\n"; + } + $output .= ");\n\n"; + + $output .= "protocols:\n"; + $output .= "(\n"; + my @protocols = $config->listNodes('protocol'); + my $n = $#protocols; + foreach my $prot (@protocols) { + $config->setLevel("$path protocol $prot"); + my $address = $config->returnValue('address'); + my $port = $config->returnValue('port'); + + $output .= " { name: \"$prot\"; host: \"$address\"; port: \"$port\"; probe: \"builtin\"; }"; + if ($n--) { + $output .= ","; + } + $output .= "\n"; + } + $output .= ");\n"; + + return $output; +} + +sub load_mode { + my $config = new Vyatta::Config; + my $path = 'service ssl-port-sharing'; + $config->setLevel($path); + if ($config->exists('mode') && ($config->returnValue('mode')=="fork")) { + # In debian sslh -> sslh-fork + if ( -x "$daemon-fork" ) { + $daemon .= "-fork"; + } + } else { + $daemon .= "-select"; + } +} + +sub enable_sslh { + + if (is_disabled()) { + if (is_running($pidfile)) { + disable_sslh(); + } + exit 0; + } + + validate_config(); + my $output = get_config(); + write_conf_file($conffile, $output); + + my ($cmd, $rc) = ('', ''); + if (is_running($pidfile)) { + disable_sslh(); + } + + load_mode(); + $cmd = "/sbin/start-stop-daemon --start --startas $daemon --make-pidfile "; + $cmd .= "--pidfile $pidfile --background -- -f -F $conffile"; + #print $cmd; + print "Starting sslh\n"; + $rc = system($cmd); + + return $rc; +} + +sub disable_sslh { + my ($intf) = @_; + + if (! is_running($pidfile)) { + print "Warning: sslh not running.\n"; + exit 0; + } + + my ($cmd, $rc) = ('', ''); + $cmd = "/sbin/start-stop-daemon --stop --pidfile $pidfile"; + #print $cmd; + print "Stopping sslh\n"; + $rc = system($cmd); + + return $rc; +} + + +# +# main +# + +my ($action); + +GetOptions("action=s" => \$action, +) or usage(); + +die "Must define action\n" if ! defined $action; + +my $rc = 1; +$rc = enable_sslh() if $action eq 'enable'; +$rc = disable_sslh() if $action eq 'disable'; + +exit $rc; + +# end of file diff --git a/templates-cfg/service/ssl-port-sharing/disable/node.def b/templates-cfg/service/ssl-port-sharing/disable/node.def new file mode 100644 index 0000000..af1bc77 --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/disable/node.def @@ -0,0 +1 @@ +help: Option to disable SSL port sharing diff --git a/templates-cfg/service/ssl-port-sharing/mode/node.def b/templates-cfg/service/ssl-port-sharing/mode/node.def new file mode 100644 index 0000000..e4edc68 --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/mode/node.def @@ -0,0 +1,11 @@ +help: Mode of sslh daemon + +type: txt + +default: "select" + +syntax:expression: $VAR(@) in "select", "fork"; \ + "must be 'select' or 'fork'" + +val_help: select; Uses only one thread, which monitors all connections at once +val_help: fork; Forks a new process for each incoming connection diff --git a/templates-cfg/service/ssl-port-sharing/node.def b/templates-cfg/service/ssl-port-sharing/node.def new file mode 100644 index 0000000..d9ec4ae --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/node.def @@ -0,0 +1,9 @@ +help: A ssl/ssh (sslh) multiplexer parameters + +priority: 740 + +end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then + sudo /opt/vyatta/sbin/vyatta-update-sslh.pl --action=disable + else + sudo /opt/vyatta/sbin/vyatta-update-sslh.pl --action=enable + fi; diff --git a/templates-cfg/service/ssl-port-sharing/port/node.def b/templates-cfg/service/ssl-port-sharing/port/node.def new file mode 100644 index 0000000..c7b4fb6 --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/port/node.def @@ -0,0 +1,9 @@ +help: Port to listen on + +type: u32 + +default: 443 + +syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 49151) ; "must be between 1-49151" + +val_help: u32:1-49151; Port to listen on diff --git a/templates-cfg/service/ssl-port-sharing/protocol/node.def b/templates-cfg/service/ssl-port-sharing/protocol/node.def new file mode 100644 index 0000000..9f25b16 --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/protocol/node.def @@ -0,0 +1,10 @@ +tag: + +type: txt + +help: Protocol to translate to other ip/port [REQUIRED] + +allowed: /usr/sbin/sslh-select -h 2>&1 | grep -i "\[\-\-[^ ]\+ \]" | sed -e "s/\s*\[\-\-\([^ ]\+\) \]/\1/ig" + +val_help: ; Protocol to translate + diff --git a/templates-cfg/service/ssl-port-sharing/protocol/node.tag/address/node.def b/templates-cfg/service/ssl-port-sharing/protocol/node.tag/address/node.def new file mode 100644 index 0000000..1c7beaf --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/protocol/node.tag/address/node.def @@ -0,0 +1,5 @@ +type: ipv4 + +help: Destination address [REQUIRED] + +val_help: ipv4 ; IPv4 address diff --git a/templates-cfg/service/ssl-port-sharing/protocol/node.tag/port/node.def b/templates-cfg/service/ssl-port-sharing/protocol/node.tag/port/node.def new file mode 100644 index 0000000..619eac5 --- /dev/null +++ b/templates-cfg/service/ssl-port-sharing/protocol/node.tag/port/node.def @@ -0,0 +1,9 @@ +help: Destination port [REQUIRED] + +type: u32 + +default: 443 + +syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 49151) ; "must be between 1-49151" + +val_help: u32:1-49151; Destination port diff --git a/templates-op/show/ssl-port-sharing/node.def b/templates-op/show/ssl-port-sharing/node.def new file mode 100644 index 0000000..6142ed1 --- /dev/null +++ b/templates-op/show/ssl-port-sharing/node.def @@ -0,0 +1,2 @@ +help: Show SSL Port-sharing status and information +run: ${vyatta_bindir}/vyatta-show-sslh.pl