|
1 #!/sbin/sh |
|
2 # |
|
3 # |
|
4 # CDDL HEADER START |
|
5 # |
|
6 # The contents of this file are subject to the terms of the |
|
7 # Common Development and Distribution License (the "License"). |
|
8 # You may not use this file except in compliance with the License. |
|
9 # |
|
10 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
11 # or http://www.opensolaris.org/os/licensing. |
|
12 # See the License for the specific language governing permissions |
|
13 # and limitations under the License. |
|
14 # |
|
15 # When distributing Covered Code, include this CDDL HEADER in each |
|
16 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
17 # If applicable, add the following below this CDDL HEADER, with the |
|
18 # fields enclosed by brackets "[]" replaced with your own identifying |
|
19 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
20 # |
|
21 # CDDL HEADER END |
|
22 # |
|
23 # |
|
24 # Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. |
|
25 # |
|
26 |
|
27 . /lib/svc/share/smf_include.sh |
|
28 |
|
29 PATH=$PATH:/usr/sbin |
|
30 |
|
31 # Retrieve an unescaped property value from a method token. |
|
32 # Arguments: |
|
33 # - raw method token value |
|
34 # Outputs: |
|
35 # - unescaped property value |
|
36 # Returns: |
|
37 # - 0 on success |
|
38 # - 1 when unescaping failed |
|
39 get_property() |
|
40 { |
|
41 VALUE="$(echo "$1" | /usr/bin/sed 's/\\\(.\)/\1/g')" |
|
42 |
|
43 if [[ $? -ne 0 ]]; then |
|
44 exit 1 |
|
45 fi |
|
46 |
|
47 echo "$VALUE" |
|
48 } |
|
49 |
|
50 failure() |
|
51 { |
|
52 echo "An unknown error occurred. Probably either /usr/bin/sed is" |
|
53 echo "missing or system resources are exhausted." |
|
54 exit $SMF_EXIT_ERR_FATAL |
|
55 } |
|
56 |
|
57 # Exit with error if given variable is empty or unset. |
|
58 # Arguments: |
|
59 # - Variable name |
|
60 # - SMF property the variable's value is obtained from |
|
61 # Exits when the variable value is empty or unset, |
|
62 # returns otherwise. |
|
63 failure_empty_value() |
|
64 { |
|
65 eval "[[ -z \${$1:-} ]] || return 0" |
|
66 echo "The ftp-proxy/$2 property cannot be empty." |
|
67 exit $SMF_EXIT_ERR_FATAL |
|
68 } |
|
69 |
|
70 failure_invalid_value() |
|
71 { |
|
72 echo "The ftp-proxy/$1 property value is invalid." |
|
73 exit $SMF_EXIT_ERR_FATAL |
|
74 } |
|
75 |
|
76 # store and unescape property values |
|
77 FTPPX_ANONYMOUS="$(get_property "$2")" || failure |
|
78 FTPPX_PROXY_ADDRESS="$(get_property "$3")" || failure |
|
79 FTPPX_PROXY_LISTEN_ADDRESS="$(get_property "$4")" || failure |
|
80 FTPPX_DEBUG_LEVEL="$(get_property "$5")" || failure |
|
81 FTPPX_MAXSESSIONS="$(get_property "$6")" || failure |
|
82 FTPPX_PROXY_LISTEN_PORT="$(get_property "$7")" || failure |
|
83 FTPPX_REVERSE_MODE_ADDRESS="$(get_property "$8")" || failure |
|
84 FTPPX_REVERSE_MODE_PORT="$(get_property "$9")" || failure |
|
85 FTPPX_REWRITE_SOURCE_PORT="$(get_property "${10}")" || failure |
|
86 FTPPX_TAG="$(get_property "${11}")" || failure |
|
87 FTPPX_TIMEOUT="$(get_property "${12}")" || failure |
|
88 FTPPX_LOG="$(get_property "${13}")" || failure |
|
89 |
|
90 # check the following properties are not empty and add them |
|
91 # to the command-line used to start the ftp-proxy |
|
92 typeset -a CMDLINE |
|
93 |
|
94 failure_empty_value FTPPX_PROXY_ADDRESS proxy-NAT-address |
|
95 CMDLINE+=( -a "$FTPPX_PROXY_ADDRESS" ) |
|
96 |
|
97 failure_empty_value FTPPX_PROXY_LISTEN_ADDRESS proxy-listen-address |
|
98 CMDLINE+=( -b "$FTPPX_PROXY_LISTEN_ADDRESS" ) |
|
99 |
|
100 failure_empty_value FTPPX_DEBUG_LEVEL debug-level |
|
101 CMDLINE+=( -D "$FTPPX_DEBUG_LEVEL" ) |
|
102 |
|
103 failure_empty_value FTPPX_MAXSESSIONS maxsessions |
|
104 CMDLINE+=( -m "$FTPPX_MAXSESSIONS" ) |
|
105 |
|
106 failure_empty_value FTPPX_PROXY_LISTEN_PORT listen-port |
|
107 CMDLINE+= ( -p "$FTPPX_PROXY_LISTEN_PORT" ) |
|
108 |
|
109 failure_empty_value FTPPX_TIMEOUT timeout |
|
110 CMDLINE+=( -t "$FTPPX_TIMEOUT" ) |
|
111 |
|
112 case $FTPPX_ANONYMOUS in |
|
113 on) CMDLINE+=( -A on ) |
|
114 ;; |
|
115 off) # nothing needed |
|
116 ;; |
|
117 *) failure_invalid_value anonymous-only |
|
118 ;; |
|
119 esac |
|
120 |
|
121 # reverse-mode-address is optional |
|
122 if [[ -n $FTPPX_REVERSE_MODE_ADDRESS ]]; then |
|
123 CMDLINE+=( -R "$FTPPX_REVERSE_MODE_ADDRESS" ) |
|
124 if [[ -n $FTPPX_REVERSE_MODE_PORT ]]; then |
|
125 CMDLINE+=( -P "$FTPPX_REVERSE_MODE_PORT" ) |
|
126 fi |
|
127 fi |
|
128 |
|
129 case $FTPPX_REWRITE_SOURCE_PORT in |
|
130 on) CMDLINE+=( -r on ) |
|
131 ;; |
|
132 off) # nothing needed |
|
133 ;; |
|
134 *) failure_invalid_value always-use-ftp-data-port |
|
135 ;; |
|
136 esac |
|
137 |
|
138 # tag is optional |
|
139 if [[ -n $FTPPX_TAG ]]; then |
|
140 CMDLINE+=( -T "$FTPPX_TAG" ) |
|
141 fi |
|
142 |
|
143 case $FTPPX_LOG in |
|
144 on) CMDLINE+=( -v on ) |
|
145 ;; |
|
146 all) CMDLINE+=( -v all ) |
|
147 ;; |
|
148 off) CMDLINE+=( -v off ) |
|
149 ;; |
|
150 *) failure_invalid_value log |
|
151 ;; |
|
152 esac |
|
153 |
|
154 function start_proxy |
|
155 { |
|
156 ANCHOR=$(echo "$SMF_FMRI" | \ |
|
157 /usr/bin/cut -f 2- -d / | /usr/bin/tr / :) |
|
158 if [[ -z $ANCHOR ]]; then |
|
159 echo "Unable to form a valid anchor name." |
|
160 exit $SMF_EXIT_ERR_FATAL |
|
161 fi |
|
162 ANCHOR="_auto/$ANCHOR" |
|
163 echo 'anchor "*"' | pfctl -a "$ANCHOR" -f - |
|
164 |
|
165 if [[ $? -ne 0 ]]; then |
|
166 echo "Unable to load rules into the firewall." |
|
167 exit $SMF_EXIT_ERR_FATAL |
|
168 fi |
|
169 |
|
170 CMDLINE+=( -X "$ANCHOR" ) |
|
171 smf_clear_env |
|
172 ftp-proxy "${CMDLINE[@]}" |
|
173 } |
|
174 |
|
175 case "$1" in |
|
176 start) |
|
177 start_proxy |
|
178 ;; |
|
179 |
|
180 *) |
|
181 echo "Usage: $0 \c" >&2 |
|
182 echo "(start)" >&2 |
|
183 exit 1 |
|
184 ;; |
|
185 |
|
186 esac |