1 #!/sbin/sh

     2 #

     3 #

     4 # CDDL HEADER START

     5 #

     6 # The contents of this file are subject to the terms of the

     7 # Common Development and Distribution License (the "License").

     8 # You may not use this file except in compliance with the License.

     9 #

    10 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

    11 # or http://www.opensolaris.org/os/licensing.

    12 # See the License for the specific language governing permissions

    13 # and limitations under the License.

    14 #

    15 # When distributing Covered Code, include this CDDL HEADER in each

    16 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.

    17 # If applicable, add the following below this CDDL HEADER, with the

    18 # fields enclosed by brackets "[]" replaced with your own identifying

    19 # information: Portions Copyright [yyyy] [name of copyright owner]

    20 #

    21 # CDDL HEADER END

    22 #

    23 #

    24 # Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.

    25 #

    26 

    27 . /lib/svc/share/smf_include.sh

    28 

    29 PATH=$PATH:/usr/sbin

    30 

    31 # Retrieve an unescaped property value from a method token.

    32 # Arguments:

    33 # - raw method token value

    34 # Outputs:

    35 # - unescaped property value

    36 # Returns:

    37 # - 0 on success

    38 # - 1 when unescaping failed

    39 get_property()

    40 {

    41 	VALUE="$(echo "$1" | /usr/bin/sed 's/\\\(.\)/\1/g')"

    42 

    43 	if [[ $? -ne 0 ]]; then

    44 		exit 1

    45 	fi

    46 

    47 	echo "$VALUE"

    48 }

    49 

    50 failure()

    51 {

    52 	echo "An unknown error occurred. Probably either /usr/bin/sed is"

    53 	echo "missing or system resources are exhausted."

    54 	exit $SMF_EXIT_ERR_FATAL

    55 }

    56 

    57 # Exit with error if given variable is empty or unset.

    58 # Arguments:

    59 # - Variable name

    60 # - SMF property the variable's value is obtained from

    61 # Exits when the variable value is empty or unset,

    62 # returns otherwise.

    63 failure_empty_value()

    64 {

    65 	eval "[[ -z \${$1:-} ]] || return 0"

    66 	echo "The ftp-proxy/$2 property cannot be empty."

    67 	exit $SMF_EXIT_ERR_FATAL

    68 }

    69 

    70 failure_invalid_value()

    71 {

    72 	echo "The ftp-proxy/$1 property value is invalid."

    73 	exit $SMF_EXIT_ERR_FATAL

    74 }

    75 

    76 # store and unescape property values

    77 FTPPX_ANONYMOUS="$(get_property "$2")" || failure

    78 FTPPX_PROXY_ADDRESS="$(get_property "$3")" || failure

    79 FTPPX_PROXY_LISTEN_ADDRESS="$(get_property "$4")" || failure

    80 FTPPX_DEBUG_LEVEL="$(get_property "$5")" || failure

    81 FTPPX_MAXSESSIONS="$(get_property "$6")" || failure

    82 FTPPX_PROXY_LISTEN_PORT="$(get_property "$7")" || failure

    83 FTPPX_REVERSE_MODE_ADDRESS="$(get_property "$8")" || failure

    84 FTPPX_REVERSE_MODE_PORT="$(get_property "$9")" || failure

    85 FTPPX_REWRITE_SOURCE_PORT="$(get_property "${10}")" || failure

    86 FTPPX_TAG="$(get_property "${11}")" || failure

    87 FTPPX_TIMEOUT="$(get_property "${12}")" || failure

    88 FTPPX_LOG="$(get_property "${13}")" || failure

    89 

    90 # check the following properties are not empty and add them

    91 # to the command-line used to start the ftp-proxy

    92 typeset -a CMDLINE

    93 

    94 failure_empty_value FTPPX_PROXY_ADDRESS proxy-NAT-address

    95 CMDLINE+=( -a "$FTPPX_PROXY_ADDRESS" )

    96 

    97 failure_empty_value FTPPX_PROXY_LISTEN_ADDRESS proxy-listen-address

    98 CMDLINE+=( -b "$FTPPX_PROXY_LISTEN_ADDRESS" )

    99 

   100 failure_empty_value FTPPX_DEBUG_LEVEL debug-level

   101 CMDLINE+=( -D "$FTPPX_DEBUG_LEVEL" )

   102 

   103 failure_empty_value FTPPX_MAXSESSIONS maxsessions

   104 CMDLINE+=( -m "$FTPPX_MAXSESSIONS" )

   105 

   106 failure_empty_value FTPPX_PROXY_LISTEN_PORT listen-port

   107 CMDLINE+= ( -p "$FTPPX_PROXY_LISTEN_PORT" )

   108 

   109 failure_empty_value FTPPX_TIMEOUT timeout

   110 CMDLINE+=( -t "$FTPPX_TIMEOUT" )

   111 

   112 case $FTPPX_ANONYMOUS in

   113 	on)	CMDLINE+=( -A on )

   114 		;;

   115 	off)	# nothing needed

   116 		;;

   117 	*)	failure_invalid_value anonymous-only

   118 		;;

   119 esac

   120 

   121 # reverse-mode-address is optional

   122 if [[ -n $FTPPX_REVERSE_MODE_ADDRESS ]]; then

   123 	CMDLINE+=( -R "$FTPPX_REVERSE_MODE_ADDRESS" )

   124 	if [[ -n $FTPPX_REVERSE_MODE_PORT ]]; then

   125 		CMDLINE+=( -P "$FTPPX_REVERSE_MODE_PORT" )

   126 	fi

   127 fi

   128 

   129 case $FTPPX_REWRITE_SOURCE_PORT in

   130 	on)	CMDLINE+=( -r on )

   131 		;;

   132 	off)	# nothing needed

   133 		;;

   134 	*)	failure_invalid_value always-use-ftp-data-port

   135 		;;

   136 esac

   137 

   138 # tag is optional

   139 if [[ -n $FTPPX_TAG ]]; then

   140 	CMDLINE+=( -T "$FTPPX_TAG" )

   141 fi

   142 

   143 case $FTPPX_LOG in

   144 	on)	CMDLINE+=( -v on )

   145 		;;

   146 	all)	CMDLINE+=( -v all )

   147 		;;

   148 	off)	CMDLINE+=( -v off )

   149 		;;

   150 	*)	failure_invalid_value log

   151 		;;

   152 esac

   153 

   154 function start_proxy

   155 {

   156 	ANCHOR=$(echo "$SMF_FMRI" | \

   157 	    /usr/bin/cut -f 2- -d / | /usr/bin/tr / :)

   158 	if [[ -z $ANCHOR ]]; then

   159 		echo "Unable to form a valid anchor name."

   160 		exit $SMF_EXIT_ERR_FATAL

   161 	fi

   162 	ANCHOR="_auto/$ANCHOR"

   163 	echo 'anchor "*"' | pfctl -a "$ANCHOR" -f -

   164 

   165 	if [[ $? -ne 0 ]]; then

   166 		echo "Unable to load rules into the firewall."

   167 		exit $SMF_EXIT_ERR_FATAL

   168 	fi

   169 

   170 	CMDLINE+=( -X "$ANCHOR" )

   171 	smf_clear_env

   172 	ftp-proxy "${CMDLINE[@]}"

   173 }

   174 

   175 case "$1" in

   176 	start)

   177 		start_proxy

   178 		;;

   179 

   180 	*)

   181 		echo "Usage: $0 \c" >&2

   182 		echo "(start)" >&2

   183 		exit 1

   184 		;;

   185 

   186 esac