sshtunnel : Add to package feed v1.5
authorRISCi_ATOM <Bob@bobcall.me>
Tue, 26 May 2020 15:15:25 +0000 (15:15 +0000)
committerRISCi_ATOM <Bob@bobcall.me>
Tue, 26 May 2020 15:15:25 +0000 (15:15 +0000)
net/sshtunnel/Makefile [new file with mode: 0644]
net/sshtunnel/files/sshtunnel.init [new file with mode: 0644]
net/sshtunnel/files/uci_sshtunnel [new file with mode: 0644]

diff --git a/net/sshtunnel/Makefile b/net/sshtunnel/Makefile
new file mode 100644 (file)
index 0000000..4fcb681
--- /dev/null
@@ -0,0 +1,46 @@
+#
+# Copyright (C) 2010-2015 OpenWrt.org
+# Copyright (C) 2010 segal.di.ubi.pt
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=sshtunnel
+PKG_VERSION:=4
+PKG_RELEASE:=4
+PKG_LICENSE:=GPL-2.0-or-later
+
+PKG_MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/sshtunnel
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=SSH
+  TITLE:=Manages Local and Remote openssh ssh(1) tunnels
+  DEPENDS:=+openssh-client
+  PKGARCH:=all
+endef
+
+define Package/sshtunnel/description
+Creates openssh ssh(1) Local and Remote tunnels configured in UCI file. Can be used to allow remote connections, possibly over NATed connections or without public IP/DNS
+endef
+
+define Package/sshtunnel/conffiles
+/etc/config/sshtunnel
+endef
+
+define Build/Compile
+endef
+
+define Package/sshtunnel/install
+       $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_BIN) ./files/sshtunnel.init $(1)/etc/init.d/sshtunnel
+       $(INSTALL_DIR) $(1)/etc/config
+       $(INSTALL_DATA) ./files/uci_sshtunnel $(1)/etc/config/sshtunnel
+endef
+
+$(eval $(call BuildPackage,sshtunnel))
diff --git a/net/sshtunnel/files/sshtunnel.init b/net/sshtunnel/files/sshtunnel.init
new file mode 100644 (file)
index 0000000..3db8dbb
--- /dev/null
@@ -0,0 +1,206 @@
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2010-2015 OpenWrt.org
+# Copyright (C) 2010 segal.di.ubi.pt
+#
+
+START=99
+STOP=01
+USE_PROCD=1
+
+PROG=/usr/bin/ssh
+
+_log() {
+       logger -p daemon.info -t sshtunnel "$@"
+}
+
+_err() {
+       logger -p daemon.err -t sshtunnel "$@"
+}
+
+append_params() {
+       local p v args
+       for p in "$@"; do
+               eval "v=\$$p"
+               [ -n "$v" ] && args="$args -o $p=$v"
+       done
+
+       ARGS_options="${args# *}"
+}
+
+append_string() {
+       local varname="$1"; local add="$2"; local separator="${3:- }"; local actual new
+       eval "actual=\$$varname"
+
+       new="${actual:+$actual$separator}$add"
+       eval "$varname=\$new"
+}
+
+validate_server_section() {
+       uci_load_validate sshtunnel server "$1" "$2" \
+               'user:string(1)' \
+               'hostname:host' \
+               'port:port' \
+               'retrydelay:min(1):60' \
+               'PKCS11Provider:file' \
+               'CheckHostIP:or("yes", "no")' \
+               'Compression:or("yes", "no")' \
+               'CompressionLevel:range(1,9)' \
+               'IdentityFile:file' \
+               'LogLevel:or("QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"):INFO' \
+               'ServerAliveCountMax:min(1)' \
+               'ServerAliveInterval:min(0)' \
+               'StrictHostKeyChecking:or("yes", "no", "accept-new")' \
+               'TCPKeepAlive:or("yes", "no")' \
+               'VerifyHostKeyDNS:or("yes", "no")'
+}
+
+validate_tunnelR_section() {
+       uci_load_validate sshtunnel tunnelR "$1" "$2" \
+               'remoteaddress:or(host, "*"):*' \
+               'remoteport:port' \
+               'localaddress:host' \
+               'localport:port'
+}
+
+validate_tunnelL_section() {
+       uci_load_validate sshtunnel tunnelL "$1" "$2" \
+               'remoteaddress:host' \
+               'remoteport:port' \
+               'localaddress:or(host, "*"):*' \
+               'localport:port'
+}
+
+validate_tunnelD_section() {
+       uci_load_validate sshtunnel tunnelD "$1" "$2" \
+               'localaddress:or(host, "*"):*' \
+               'localport:port'
+}
+
+validate_tunnelW_section() {
+       uci_load_validate sshtunnel tunnelW "$1" "$2" \
+               'vpntype:or("ethernet", "point-to-point"):point-to-point' \
+               'localdev:or("any", min(0))' \
+               'remotedev:or("any", min(0))'
+}
+
+load_tunnelR() {
+       config_get section_server "$1" "server"
+
+       # continue to read next section if this is not for the current server
+       [ "$server" = "$section_server" ] || return 0
+
+       # validate and load this remote tunnel config
+       [ "$2" = 0 ] || { _err "tunnelR $1: validation failed"; return 1; }
+
+       [ -n "$remoteport" -a -n "$localport" -a -n "$remoteaddress" ] || { _err "tunnelR $1: missing required options"; return 1; }
+
+       # count nr of valid sections to make sure there are at least one
+       count=$((count+=1))
+
+       _log "tunnelR at $server: -R $remoteaddress:$remoteport:$localaddress:$localport"
+       append_string "ARGS_tunnels" "-R $remoteaddress:$remoteport:$localaddress:$localport"
+}
+
+load_tunnelL() {
+       config_get section_server "$1" "server"
+
+       # continue to read next section if this is not for the current server
+       [ "$server" = "$section_server" ] || return 0
+
+       # validate and load this remote tunnel config
+       [ "$2" = 0 ] || { _err "tunnelL $1: validation failed"; return 1; }
+
+       [ -n "$remoteport" -a -n "$localport" -a -n "$remoteaddress" ] || { _err "tunnelL $1: missing required options"; return 1; }
+
+       # count nr of valid sections to make sure there are at least one
+       count=$((count+=1))
+
+       _log "tunnelL at $server: -L $localaddress:$localport:$remoteaddress:$remoteport"
+       append_string "ARGS_tunnels" "-L $localaddress:$localport:$remoteaddress:$remoteport"
+}
+
+load_tunnelD() {
+       config_get section_server "$1" "server"
+
+       # continue to read next section if this is not for the current server
+       [ "$server" = "$section_server" ] || return 0
+
+       # validate and load this remote tunnel config
+       [ "$2" = 0 ] || { _err "tunnelD $1: validation failed"; return 1; }
+
+       [ -n "$localport" ] || { _err "tunnelD $1: missing localport"; return 1; }
+
+       # count nr of valid sections to make sure there are at least one
+       count=$((count+=1))
+
+       _log "proxy via $server: -D $localaddress:$localport"
+       append_string "ARGS_tunnels" "-D $localaddress:$localport"
+}
+
+load_tunnelW() {
+       config_get section_server "$1" "server"
+
+       # continue to read next section if this is not for the current server
+       [ "$server" = "$section_server" ] || return 0
+
+       # validate and load this remote tunnel config
+       [ "$2" = 0 ] || { _err "tunnelW $1: validation failed"; return 1; }
+
+       [ -n "$vpntype" -a -n "$localdev" -a -n "$remotedev" ] || { _err "tunnelW $1: missing or bad options"; return 1; }
+
+       [ "$user" = "root" ] || { _err "tunnelW $1: root is required for tun"; return 1; }
+
+       # count nr of valid sections to make sure there are at least one
+       count=$((count+=1))
+
+       _log "tunnelW to $server: -o Tunnel=$vpntype -w $localdev:$remotedev"
+       append_string "ARGS_tunnels" "-o Tunnel=$vpntype -w $localdev:$remotedev"
+}
+
+load_server() {
+       local server="$1"
+
+       [ "$2" = 0 ] || { _err "server $server: validation failed"; return 1; }
+
+       local ARGS=""
+       local ARGS_options=""
+       local ARGS_tunnels=""
+       local count=0
+
+       config_foreach validate_tunnelR_section "tunnelR" load_tunnelR
+       config_foreach validate_tunnelL_section "tunnelL" load_tunnelL
+       config_foreach validate_tunnelD_section "tunnelD" load_tunnelD
+       config_foreach validate_tunnelW_section "tunnelW" load_tunnelW
+       [ "$count" -eq 0 ] && { _err "tunnels to $server not started - no tunnels defined"; return 1; }
+
+       append_params CheckHostIP Compression CompressionLevel IdentityFile \
+               LogLevel PKCS11Provider ServerAliveCountMax ServerAliveInterval \
+               StrictHostKeyChecking TCPKeepAlive VerifyHostKeyDNS
+
+       ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels -p $port $user@$hostname"
+
+       procd_open_instance "$server"
+       procd_set_param command "$PROG" $ARGS
+       procd_set_param stdout 1
+       procd_set_param stderr 1
+       procd_set_param respawn 0 "$retrydelay" 1
+       procd_close_instance
+}
+
+start_service() {
+       config_load "sshtunnel"
+       config_foreach validate_server_section "server" load_server
+}
+
+service_triggers() {
+       procd_add_reload_trigger "sshtunnel"
+
+       procd_open_validate
+       validate_server_section
+       validate_tunnelR_section
+       validate_tunnelL_section
+       validate_tunnelD_section
+       validate_tunnelW_section
+       procd_close_validate
+}
diff --git a/net/sshtunnel/files/uci_sshtunnel b/net/sshtunnel/files/uci_sshtunnel
new file mode 100644 (file)
index 0000000..6f7a24c
--- /dev/null
@@ -0,0 +1,63 @@
+#
+# password authentication is not possible, public key authentication must be used.
+# set "option IdentityFile" to he file from which the identity (private key) for RSA or DSA authentication is read.  
+# The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2.
+# ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
+#
+
+#config server disney
+#      option user                     mourinho
+#      option hostname                 server.disney.com
+#      option port                     22
+#      option retrydelay               1       
+#      option CheckHostIP              yes
+#      option Compression              no
+#      option CompressionLevel         6
+#      option IdentityFile             ~/.ssh/id_rsa
+#      option LogLevel                 INFO
+#      option PKCS11Provider           /lib/pteidpkcs11.so
+#      option ServerAliveCountMax      3
+#      option ServerAliveInterval      0
+#      option StrictHostKeyChecking    accept-new
+#      option TCPKeepAlive             yes
+#      option VerifyHostKeyDNS         yes
+
+# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at
+# remoteaddress:remoteport and then forwarded to localaddress:localport
+#
+#config tunnelR http
+#      option server           disney
+#      option remoteaddress    *
+#      option remoteport       9009
+#      option localaddress     192.168.1.13
+#      option localport        80
+
+# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at
+# localaddress:localport and then forwarded to remoteaddress:remoteport 
+#
+#config tunnelL test
+#      option server           disney
+#      option localaddress     *
+#      option localport        1022
+#      option remoteaddress    secretserver.disney.com
+#      option remoteport       22
+
+# tunnelD(ynamic) - when the connection will be initiated with the SOCKS4 or SOCKS5 protocol
+# to the local endpoint at localaddress:localport and then forwarded over the remote host
+#
+#config tunnelD proxy
+#      option server           disney
+#      option localaddress     *
+#      option localport        4055
+
+# tunnelW - creates TUN/TAP devices on client and server to establish a VPN tunnel between them
+# vpntypes:
+#  point-to-point = TUN
+#  ethernet = TAP
+#
+#config tunnelW proxy
+#      option server           disney
+#      option vpntype          point-to-point|ethernet
+#      option localdev         any|0|1|2|...
+#      option remotedev        any|0|1|2|...
+