From e79baf0c305032483f4b497ddd669f8ed47fc836 Mon Sep 17 00:00:00 2001 From: fbrendel Date: Tue, 27 Sep 2016 09:08:57 +0200 Subject: [PATCH] Add ftp-proxy plugin (#36) --- net/ftp-proxy/+POST_DEINSTALL | 28 ++ net/ftp-proxy/+POST_INSTALL | 28 ++ net/ftp-proxy/Makefile | 7 + .../FtpProxy/Api/ServiceController.php | 42 +++ .../FtpProxy/Api/SettingsController.php | 305 ++++++++++++++++++ .../OPNsense/FtpProxy/IndexController.php | 50 +++ .../OPNsense/FtpProxy/ItemController.php | 40 +++ .../OPNsense/FtpProxy/forms/dialogEdit.xml | 74 +++++ .../app/models/OPNsense/FtpProxy/ACL/ACL.xml | 10 + .../app/models/OPNsense/FtpProxy/FtpProxy.php | 89 +++++ .../app/models/OPNsense/FtpProxy/FtpProxy.xml | 78 +++++ .../models/OPNsense/FtpProxy/Menu/Menu.xml | 5 + .../app/views/OPNsense/FtpProxy/index.volt | 115 +++++++ .../scripts/OPNsense/FtpProxy/FtpProxy.sh | 120 +++++++ .../conf/actions.d/actions_ftpproxy.conf | 23 ++ .../templates/OPNsense/FtpProxy/+MANIFEST | 6 + .../templates/OPNsense/FtpProxy/+TARGETS | 1 + .../templates/OPNsense/FtpProxy/rc.conf.d | 39 +++ 18 files changed, 1060 insertions(+) create mode 100644 net/ftp-proxy/+POST_DEINSTALL create mode 100644 net/ftp-proxy/+POST_INSTALL create mode 100644 net/ftp-proxy/Makefile create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/Api/ServiceController.php create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/Api/SettingsController.php create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/IndexController.php create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/ItemController.php create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/forms/dialogEdit.xml create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/ACL/ACL.xml create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.php create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.xml create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/Menu/Menu.xml create mode 100644 net/ftp-proxy/src/opnsense/mvc/app/views/OPNsense/FtpProxy/index.volt create mode 100644 net/ftp-proxy/src/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh create mode 100644 net/ftp-proxy/src/opnsense/service/conf/actions.d/actions_ftpproxy.conf create mode 100644 net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+MANIFEST create mode 100644 net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+TARGETS create mode 100644 net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/rc.conf.d diff --git a/net/ftp-proxy/+POST_DEINSTALL b/net/ftp-proxy/+POST_DEINSTALL new file mode 100644 index 000000000..9b8f25f33 --- /dev/null +++ b/net/ftp-proxy/+POST_DEINSTALL @@ -0,0 +1,28 @@ +DIFF='--- filter.inc.ftpproxy 2016-09-21 16:38:53.947075272 +0200 ++++ filter.inc.orig 2016-09-21 16:47:29.239370565 +0200 +@@ -1450,7 +1450,6 @@ + + $natrules = "no nat proto carp\n"; + $natrules .= "no rdr proto carp\n"; +- $natrules .= "nat-anchor \"ftp-proxy/*\"\n"; + $natrules .= "nat-anchor \"natearly/*\"\n"; + + $natrules .= "nat-anchor \"natrules/*\"\n\n"; +@@ -1703,7 +1702,6 @@ + unset($tonathosts, $tonathosts_array, $numberofnathosts); + } + +- $natrules .= "rdr-anchor \"ftp-proxy/*\"\n"; + $natrules .= "\n# Load balancing\n"; + $natrules .= "rdr-anchor \"relayd/*\"\n"; + +@@ -2482,7 +2480,6 @@ + + $ipfrules = ""; + +- $ipfrules .= "anchor \"ftp-proxy/*\"\n"; + /* relayd */ + $ipfrules .= "anchor \"relayd/*\"\n"; + /* OpenVPN user rules from radius */' + +echo "$DIFF" | patch -b -p1 /usr/local/etc/inc/filter.inc diff --git a/net/ftp-proxy/+POST_INSTALL b/net/ftp-proxy/+POST_INSTALL new file mode 100644 index 000000000..074888adf --- /dev/null +++ b/net/ftp-proxy/+POST_INSTALL @@ -0,0 +1,28 @@ +DIFF='--- filter.inc.orig 2016-09-21 16:39:02.853045967 +0200 ++++ filter.inc.ftpproxy 2016-09-21 16:38:53.947075272 +0200 +@@ -1450,6 +1450,7 @@ + + $natrules = "no nat proto carp\n"; + $natrules .= "no rdr proto carp\n"; ++ $natrules .= "nat-anchor \"ftp-proxy/*\"\n"; + $natrules .= "nat-anchor \"natearly/*\"\n"; + + $natrules .= "nat-anchor \"natrules/*\"\n\n"; +@@ -1702,6 +1703,7 @@ + unset($tonathosts, $tonathosts_array, $numberofnathosts); + } + ++ $natrules .= "rdr-anchor \"ftp-proxy/*\"\n"; + $natrules .= "\n# Load balancing\n"; + $natrules .= "rdr-anchor \"relayd/*\"\n"; + +@@ -2480,6 +2482,7 @@ + + $ipfrules = ""; + ++ $ipfrules .= "anchor \"ftp-proxy/*\"\n"; + /* relayd */ + $ipfrules .= "anchor \"relayd/*\"\n"; + /* OpenVPN user rules from radius */' + +echo "$DIFF" | patch -b -p1 /usr/local/etc/inc/filter.inc diff --git a/net/ftp-proxy/Makefile b/net/ftp-proxy/Makefile new file mode 100644 index 000000000..289c1f62c --- /dev/null +++ b/net/ftp-proxy/Makefile @@ -0,0 +1,7 @@ +PLUGIN_NAME= ftp-proxy +PLUGIN_VERSION= 0.1 +PLUGIN_COMMENT= Control ftp-proxy processes +PLUGIN_MAINTAINER= frank.brendel@eurolog.com +PLUGIN_PRIVATE= yes + +.include "../../Mk/plugins.mk" diff --git a/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/Api/ServiceController.php b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/Api/ServiceController.php new file mode 100644 index 000000000..cb125671b --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/Api/ServiceController.php @@ -0,0 +1,42 @@ +getNodeByReference('ftpproxies.ftpproxy.' . $uuid); + if ($node != null) { + // return node + return array("ftpproxy" => $node->getNodes()); + } + } else { + // generate new node, but don't save to disc + $node = $mdlFtpProxy->ftpproxies->ftpproxy->Add(); + return array("ftpproxy" => $node->getNodes()); + } + return array(); + } + + /** + * update ftpproxy with given properties + * @param $uuid item unique id + * @return array + */ + public function setProxyAction($uuid) + { + if ($this->request->isPost() && $this->request->hasPost("ftpproxy")) { + $mdlFtpProxy = new FtpProxy(); + // keep a list to detect duplicates later + $CurrentProxies = $mdlFtpProxy->getNodes(); + if ($uuid != null) { + $node = $mdlFtpProxy->getNodeByReference('ftpproxies.ftpproxy.' . $uuid); + if ($node != null) { + $Enabled = $node->enabled->__toString(); + // get current ftp-proxy flags for stopping it later + $OldFlags = $mdlFtpProxy->configToFlags($node); + $result = array("result" => "failed", "validations" => array()); + $proxyInfo = $this->request->getPost("ftpproxy"); + + $node->setNodes($proxyInfo); + $valMsgs = $mdlFtpProxy->performValidation(); + foreach ($valMsgs as $field => $msg) { + $fieldnm = str_replace($node->__reference, "ftpproxy", $msg->getField()); + $result["validations"][$fieldnm] = $msg->getMessage(); + } + + if (count($result['validations']) == 0) { + // check for duplicates + foreach ($CurrentProxies['ftpproxies']['ftpproxy'] as $CurrentUUID => &$CurrentProxy) { + if ($node->listenaddress->__toString() == $CurrentProxy['listenaddress'] && + $node->listenport->__toString() == $CurrentProxy['listenport'] && + $uuid != $CurrentUUID) { + return array( + "result" => "failed", + "validations" => array( + "ftpproxy.listenaddress" => "Listen address in combination with Listen port already exists.", + "ftpproxy.listenport" => "Listen port in combination with Listen address already exists." + ) + ); + } + } + // retrieve ftp-proxy flags and set defaults + $NewFlags = $mdlFtpProxy->configToFlags($node); + // save config if validated correctly + $mdlFtpProxy->serializeToConfig(); + Config::getInstance()->save(); + + $backend = new Backend(); + // apply new settings to the ftp-proxy process + // stop ftp-proxy with old flags + if ($Enabled == 1) { + $backend->configdpRun('ftpproxy stop ', array($OldFlags)); + } + $node = $mdlFtpProxy->getNodeByReference('ftpproxies.ftpproxy.' . $uuid); + // start ftp-proxy with new flags + if ($node != null && $node->enabled->__toString() == 1) { + $backend->configdpRun('ftpproxy start ', array($NewFlags)); + } + // make the changes boot resistant in /etc/rc.conf.d/ftpproxy + $backend->configdRun("template reload OPNsense.FtpProxy"); + $result = array("result" => "saved"); + } + return $result; + } + } + } + return array("result" => "failed"); + } + + /** + * add new ftpproxy and set with attributes from post + * @return array + */ + public function addProxyAction() + { + $result = array("result" => "failed"); + if ($this->request->isPost() && $this->request->hasPost("ftpproxy")) { + $result = array("result" => "failed", "validations" => array()); + $mdlFtpProxy = new FtpProxy(); + // keep a list to detect duplicates later + $CurrentProxies = $mdlFtpProxy->getNodes(); + $node = $mdlFtpProxy->ftpproxies->ftpproxy->Add(); + $node->setNodes($this->request->getPost("ftpproxy")); + + $valMsgs = $mdlFtpProxy->performValidation(); + + foreach ($valMsgs as $field => $msg) { + $fieldnm = str_replace($node->__reference, "ftpproxy", $msg->getField()); + $result["validations"][$fieldnm] = $msg->getMessage(); + } + + if (count($result['validations']) == 0) { + foreach ($CurrentProxies['ftpproxies']['ftpproxy'] as &$CurrentProxy) { + if ($node->listenaddress->__toString() == $CurrentProxy['listenaddress'] + && $node->listenport->__toString() == $CurrentProxy['listenport']) { + return array( + "result" => "failed", + "validations" => array( + "ftpproxy.listenaddress" => "Listen address in combination with Listen port already exists.", + "ftpproxy.listenport" => "Listen port in combination with Listen address already exists." + ) + ); + } + } + // retrieve ftp-proxy flags and set defaults + $Flags = $mdlFtpProxy->configToFlags($node); + // save config if validated correctly + $mdlFtpProxy->serializeToConfig(); + Config::getInstance()->save(); + if ($node->enabled->__toString() == 1) { + $backend = new Backend(); + $backend->configdpRun('ftpproxy start ', array($Flags)); + // add it to /etc/rc.conf.d/ftpproxy + $backend->configdRun("template reload OPNsense.FtpProxy"); + } + $result = array("result" => "saved"); + } + return $result; + } + return $result; + } + + /** + * delete ftpproxy by uuid + * @param $uuid item unique id + * @return array status + */ + public function delProxyAction($uuid) + { + + $result = array("result" => "failed"); + if ($this->request->isPost()) { + $mdlFtpProxy = new FtpProxy(); + if ($uuid != null) { + $node = $mdlFtpProxy->getNodeByReference('ftpproxies.ftpproxy.' . $uuid); + if ($node != null) { + $backend = new Backend(); + // stop if the ftp-proxy is running + if ($node->enabled->__toString() == 1) { + $backend->configdpRun('ftpproxy stop ', array($mdlFtpProxy->configToFlags($node))); + } + if ($mdlFtpProxy->ftpproxies->ftpproxy->del($uuid) == true) { + // if item is removed, serialize to config and save + $mdlFtpProxy->serializeToConfig(); + Config::getInstance()->save(); + $result['result'] = 'deleted'; + // remove it from /etc/rc.conf.d/ftpproxy + $backend->configdRun("template reload OPNsense.FtpProxy"); + } + } else { + $result['result'] = 'not found'; + } + } + } + return $result; + } + + /** + * toggle ftpproxy by uuid (enable/disable) + * @param $uuid item unique id + * @return array status + */ + public function toggleProxyAction($uuid) + { + + $result = array("result" => "failed"); + + if ($this->request->isPost()) { + $mdlFtpProxy = new FtpProxy(); + if ($uuid != null) { + $node = $mdlFtpProxy->getNodeByReference('ftpproxies.ftpproxy.' . $uuid); + if ($node != null) { + $backend = new Backend(); + if ($node->enabled->__toString() == "1") { + $result['result'] = "Disabled"; + $node->enabled = "0"; + $response = $backend->configdpRun('ftpproxy stop ', array($mdlFtpProxy->configToFlags($node))); + } else { + $result['result'] = "Enabled"; + $node->enabled = "1"; + $response = $backend->configdpRun('ftpproxy start ', array($mdlFtpProxy->configToFlags($node))); + } + + // if item has toggled, serialize to config and save + $mdlFtpProxy->serializeToConfig(); + Config::getInstance()->save(); + $backend->configdRun("template reload OPNsense.FtpProxy"); + } + } + } + return $result; + } + + /** + * + * search ftpproxy + * @return array + */ + public function searchProxyAction() + { + $this->sessionClose(); + $fields = array( + "enabled", + "listenaddress", + "listenport", + "sourceaddress", + "rewritesourceport", + "idletimeout", + "maxsessions", + "reverseaddress", + "reverseport", + "logconnections", + "debuglevel", + "description" + ); + $mdlFtpProxy = new FtpProxy(); + + $grid = new UIModelGrid($mdlFtpProxy->ftpproxies->ftpproxy); + $response = $grid->fetchBindRequest( + $this->request, + $fields, + "listenport" + ); + + $backend = new Backend(); + foreach($response['rows'] as &$row) { + $node = $mdlFtpProxy->getNodeByReference('ftpproxies.ftpproxy.' . $row['uuid']); + $status = trim($backend->configdpRun('ftpproxy status ', array($mdlFtpProxy->configToFlags($node)))); + if ($status == 'OK') { + $row['status'] = 0; + continue; + } + $row['status'] = 2; + } + + return $response; + } +} diff --git a/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/IndexController.php b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/IndexController.php new file mode 100644 index 000000000..9aae5620b --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/IndexController.php @@ -0,0 +1,50 @@ +view->title = gettext('FTP Proxy Server'); + // include dialog form definitions + $this->view->formDialogEdit = $this->getForm("dialogEdit"); + $this->view->pick('OPNsense/FtpProxy/index'); + } +} diff --git a/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/ItemController.php b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/ItemController.php new file mode 100644 index 000000000..66ad6ef6c --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/controllers/OPNsense/FtpProxy/ItemController.php @@ -0,0 +1,40 @@ + + + ftpproxy.enabled + + checkbox + + + + ftpproxy.listenaddress + + text + + + + ftpproxy.listenport + + text + + + + ftpproxy.sourceaddress + + text + + + + ftpproxy.rewritesourceport + + checkbox + + + + ftpproxy.idletimeout + + text + + + + ftpproxy.maxsessions + + text + + + + ftpproxy.reverseaddress + + text + + + + ftpproxy.reverseport + + text + Reverse address. The default is port 21.]]> + + + ftpproxy.logconnections + + checkbox + + + + ftpproxy.debuglevel + + text + + + + ftpproxy.description + + text + + + \ No newline at end of file diff --git a/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/ACL/ACL.xml b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/ACL/ACL.xml new file mode 100644 index 000000000..b64e803dc --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/ACL/ACL.xml @@ -0,0 +1,10 @@ + + + WebCfg - Services: Ftp Proxy page + Allow access to the 'Services: Ftp Proxy' page. + + ui/ftpproxy/* + api/ftpproxy/* + + + \ No newline at end of file diff --git a/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.php b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.php new file mode 100644 index 000000000..3820ed0b9 --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.php @@ -0,0 +1,89 @@ +listenaddress->__toString(); + $flags .= ' -p ' . $node->listenport->__toString(); + if ($node->sourceaddress->__toString() != "") { + $flags .= ' -a ' . $node->sourceaddress->__toString(); + } + if ($node->rewritesourceport->__toString() == 1) { + $flags .= ' -r '; + } + if ($node->idletimeout->__toString() == "") { + $node->__set('idletimeout', 86400); + } + if ($node->idletimeout->__toString() != 86400) { + $flags .= ' -t ' . $node->idletimeout->__toString(); + } + if ($node->maxsessions->__toString() == "") { + $node->__set('maxsessions', 100); + } + if ($node->maxsessions->__toString() != 100) { + $flags .= ' -m ' . $node->maxsessions->__toString(); + } + if ($node->reverseaddress->__toString() != "") { + $flags .= ' -R ' . $node->reverseaddress->__toString(); + } + if ($node->reverseport->__toString() == "") { + $node->__set('reverseport', 21); + } + if ($node->reverseport->__toString() != 21) { + $flags .= ' -P ' . $node->reverseport->__toString(); + } + if ($node->logconnections->__toString() == 1) { + $flags .= ' -v '; + } + if ($node->debuglevel->__toString() == "") { + $node->__set('debuglevel', 5); + } + if ($node->debuglevel->__toString() != 5) { + $flags .= ' -D ' . $node->debuglevel->__toString(); + } + return $flags; + } +} diff --git a/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.xml b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.xml new file mode 100644 index 000000000..9f454586a --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/FtpProxy.xml @@ -0,0 +1,78 @@ + + //OPNsense/ftpproxy + Ftp Proxy settings + + + + + 1 + Y + + + Y + 127.0.0.1 + /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-4]|2[0-5][0-9]|[01]?[0-9][0-9]?)$/ + Listen address must be a valid IPv4 address + + + 8021 + Y + 1 + 65535 + Listen port needs to be an integer value between 1 and 65535 + + + N + /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-4]|2[0-5][0-9]|[01]?[0-9][0-9]?)$/ + Source address must be a valid IPv4 address + + + 0 + N + + + 86400 + N + 1 + 86400 + Idle timeout needs to be an integer value between 1 and 86400 + + + 100 + N + 1 + 500 + Maximum number of concurrent FTP sessions needs to be an integer value between 1 and 500 + + + N + /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-4]|2[0-5][0-9]|[01]?[0-9][0-9]?)$/ + Reverse address must be a valid IPv4 address + + + 21 + N + 1 + 65535 + Reverse port needs to be an integer value between 1 and 65535 + + + 0 + N + + + 5 + N + 0 + 7 + Debug level needs to be an integer value between 0 and 7 + + + N + /^([\t\n\v\f\r 0-9a-zA-Z.,_\x{00A0}-\x{FFFF}]){1,255}$/u + Enter a description. + + + + + \ No newline at end of file diff --git a/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/Menu/Menu.xml b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/Menu/Menu.xml new file mode 100644 index 000000000..52c724a35 --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/models/OPNsense/FtpProxy/Menu/Menu.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/net/ftp-proxy/src/opnsense/mvc/app/views/OPNsense/FtpProxy/index.volt b/net/ftp-proxy/src/opnsense/mvc/app/views/OPNsense/FtpProxy/index.volt new file mode 100644 index 000000000..e8f9c7fda --- /dev/null +++ b/net/ftp-proxy/src/opnsense/mvc/app/views/OPNsense/FtpProxy/index.volt @@ -0,0 +1,115 @@ +{# + +Copyright © 2016 by EURO-LOG AG +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +#} + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + + +
{{ lang._('Enabled') }}{{ lang._('Listen Address') }}{{ lang._('Listen Port') }}{{ lang._('Source Address') }}{{ lang._('Description') }}{{ lang._('ID') }}{{ lang._('Commands') }}
+ + +
+
+
+ +{# include dialog #} +{{ partial("layout_partials/base_dialog",['fields':formDialogEdit,'id':'DialogEdit','label':'Edit Proxy'])}} diff --git a/net/ftp-proxy/src/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh b/net/ftp-proxy/src/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh new file mode 100644 index 000000000..79cf4983b --- /dev/null +++ b/net/ftp-proxy/src/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh @@ -0,0 +1,120 @@ +#!/bin/sh +# +# Copyright (C) 2016 EURO-LOG AG +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +ACTION=$1 +shift +FLAGS=$@ + +# determine listenaddress and listenport to identify ftp-proxy process +for FLAG in $FLAGS; do + if [ "$FLAG" == "-b" ]; then + NEXT_FLAG="LISTENADDRESS" + continue + fi + if [ "$FLAG" == "-p" ]; then + NEXT_FLAG="LISTENPORT" + continue + fi + if [ "X$NEXT_FLAG" != "X" ]; then + if [ "$NEXT_FLAG" == "LISTENADDRESS" -a "X$FLAG" != "X" ]; then + LISTENADDRESS=$FLAG + NEXT_FLAG="" + fi + if [ "$NEXT_FLAG" == "LISTENPORT" -a "X$FLAG" != "X" ]; then + LISTENPORT=$FLAG + NEXT_FLAG="" + fi + fi + if [ "X$LISTENADDRESS" != "X" -a "X$LISTENPORT" != "X" ]; then + break + fi +done + +if [ "X$LISTENADDRESS" == "X" -o "X$LISTENPORT" == "X" ]; then + ( >&2 echo "Either listenaddress or listenport not given. Check -b and -p flags." ) + exit 999 +fi + +ftpproxy_start () { + ftpproxy_status + if [ $? -gt 0 ]; then # already running + return 0 + fi + + /usr/sbin/ftp-proxy $FLAGS + return $? +} + +ftpproxy_stop () { + ftpproxy_status + PID=$? + if [ $PID -eq 0 ]; then # already stopped + return 0 + fi + kill $PID + return $? +} + +ftpproxy_restart () { + ftpproxy_stop + if [ $? -ne 0 ]; then + return $? + fi + ftpproxy_start + return $? +} + +ftpproxy_status () { + PID=`ps ax -o pid= -o command= | grep "/usr/sbin/ftp-proxy -b $LISTENADDRESS -p $LISTENPORT" | grep -v grep | awk '{ print $1 }'` + if [ "X$PID" != "X" ]; then + return $PID + fi + return 0 +} + +case $ACTION in + start) + ftpproxy_start + exit $? + ;; + stop) + ftpproxy_stop + exit $? + ;; + restart) + ftpproxy_restart + exit $? + ;; + status) + ftpproxy_status + if [ $? -gt 0 ]; then + exit 0 + fi + exit 1 + ;; +esac diff --git a/net/ftp-proxy/src/opnsense/service/conf/actions.d/actions_ftpproxy.conf b/net/ftp-proxy/src/opnsense/service/conf/actions.d/actions_ftpproxy.conf new file mode 100644 index 000000000..9514ef01e --- /dev/null +++ b/net/ftp-proxy/src/opnsense/service/conf/actions.d/actions_ftpproxy.conf @@ -0,0 +1,23 @@ +[start] +command:/usr/local/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh start +parameters:%s +type:script +message:starting ftpproxy + +[stop] +command:/usr/local/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh stop +parameters:%s +type:script +message:stopping ftpproxy + +[status] +command:/usr/local/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh status +parameters:%s +type:script +message:get ftpproxy status + +[restart] +command:/usr/local/opnsense/scripts/OPNsense/FtpProxy/FtpProxy.sh restart +parameters:%s +type:script +message:restarting ftpproxy diff --git a/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+MANIFEST b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+MANIFEST new file mode 100644 index 000000000..ff299d539 --- /dev/null +++ b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+MANIFEST @@ -0,0 +1,6 @@ +name: ftpproxy +version: 0.1 +origin: opnsense/ftpproxy +comment: ftp-proxy configuration +desc: configuration templates for ftp-proxy +prefix: / \ No newline at end of file diff --git a/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+TARGETS b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+TARGETS new file mode 100644 index 000000000..e38d1d0cb --- /dev/null +++ b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/+TARGETS @@ -0,0 +1 @@ +rc.conf.d:/etc/rc.conf.d/ftpproxy diff --git a/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/rc.conf.d b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/rc.conf.d new file mode 100644 index 000000000..3f5e65ad3 --- /dev/null +++ b/net/ftp-proxy/src/opnsense/service/templates/OPNsense/FtpProxy/rc.conf.d @@ -0,0 +1,39 @@ +# DO NOT EDIT THIS FILE -- OPNsense auto-generated file +{% if helpers.exists('OPNsense.ftpproxy.ftpproxies.ftpproxy') %} +ftpproxy_enable="YES" +{% set Instances=[] %} +{% for ftpproxy in helpers.toList('OPNsense.ftpproxy.ftpproxies.ftpproxy') %} +{% if ftpproxy.enabled|default('0') == '1' %} +{% set Parameters=[] %} +{% do Parameters.append("-b " ~ ftpproxy.listenaddress) %} +{% do Parameters.append("-p " ~ ftpproxy.listenport) %} +{% if ftpproxy.sourceaddress %} +{% do Parameters.append("-a " ~ ftpproxy.sourceaddress) %} +{% endif %} +{% if ftpproxy.rewritesourceport|default('0') == '1' %} +{% do Parameters.append("-r") %} +{% endif %} +{% if ftpproxy.idletimeout|default('86400') != '86400' %} +{% do Parameters.append("-t " ~ ftpproxy.idletimeout) %} +{% endif %} +{% if ftpproxy.maxsessions|default('100') != '100' %} +{% do Parameters.append("-m " ~ ftpproxy.maxsessions) %} +{% endif %} +{% if ftpproxy.reverseaddress %} +{% do Parameters.append("-R " ~ ftpproxy.reverseaddress) %} +{% if ftpproxy.reverseport|default('21') != '21' %} +{% do Parameters.append("-P " ~ ftpproxy.reverseport) %} +{% endif %} +{% endif %} +{% if ftpproxy.logconnections|default('0') == '1' %} +{% do Parameters.append("-v") %} +{% endif %} +{% if ftpproxy.debuglevel|default('5') != '5' %} +{% do Parameters.append("-D " ~ ftpproxy.debuglevel) %} +{% endif %} +ftpproxy_id{{loop.index}}="{% for Parameter in Parameters %} {{Parameter}}{% endfor %}" +{% do Instances.append(loop.index) %} +{% endif %} +{% endfor %} +ftpproxy_instances="{% for Instance in Instances %} {{"id" ~ Instance}}{% endfor %}" +{% endif %}