OpenWrt/openwrt-packages
1
0
Fork 0
mirror of http://git.openwrt.org/packages.git synced 2025-01-08 11:57:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

stunnel: moved to github

Browse Source 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/packages@46325 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
hauke 2015-07-13 19:42:35 +00:00
parent 72161dd05b
commit aff2869b76
9 changed files with 0 additions and 622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
net/stunnel/Makefile
View File

@ -1,65 +0,0 @@
#
# Copyright (C) 2006-2010 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=stunnel
PKG_VERSION:=4.33
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_MD5SUM:=559a864066d8cc4afd8a97682c90d41c
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
define Package/stunnel
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libopenssl +libwrap
TITLE:=SSL TCP Wrapper
URL:=http://www.stunnel.org/
endef
define Package/stunnel/description
Stunnel is a program that allows you to encrypt arbitrary TCP
connections inside SSL (Secure Sockets Layer) available on both Unix
and Windows. Stunnel can allow you to secure non-SSL aware daemons and
protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
encryption, requiring no changes to the daemon's code.
endef
define Package/stunnel/conffiles
/etc/stunnel/stunnel.conf
endef
CONFIGURE_ARGS+= \
--with-random=/dev/urandom \
--with-threads=fork \
--with-ssl=$(STAGING_DIR)/usr \
define Build/Compile
mkdir -p $(PKG_INSTALL_DIR)/etc/stunnel
echo '#dummy' > $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.pem
$(call Build/Compile/Default)
endef
define Package/stunnel/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stunnel $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/lib/stunnel
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
$(INSTALL_DIR) $(1)/etc/stunnel
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.conf-sample $(1)/etc/stunnel/stunnel.conf
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel
endef
$(eval $(call BuildPackage,stunnel))

34
net/stunnel/files/stunnel.init
View File

@ -1,34 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2008 OpenWrt.org
START=90
RUN_D=/var
PID_F=$RUN_D/stunnel.pid
start() {
if [ -s "/etc/stunnel/stunnel.pem" ]; then
chmod og-rwx /etc/stunnel/stunnel.pem
[ ! -f $PID_F ] && stunnel
else
[ -e /etc/stunnel/config ] && \
. /etc/stunnel/config
X509_CN=${X509_CN:-"router"}
X509_O=${X509_O:-"openwrt.org"}
X509_OU=${X509_OU:-"open-source firmware"}
[ -x /sbin/keygen ] && {
(keygen "$X509_CN" "$X509_O" "$X509_OU" > /etc/stunnel/stunnel.pem;
chmod og-rwx /etc/stunnel/stunnel.pem;
stunnel) &
}
fi
}
stop() {
[ -f $PID_F ] && {
kill $(cat $PID_F)
kill -9 $(cat $PID_F)
rm -f $PID_F
}
}

126
net/stunnel/patches/100-cross-compile.patch
View File

@ -1,126 +0,0 @@
--- a/configure
+++ b/configure
@@ -21552,56 +21552,56 @@ _ACEOF
fi
rm -f conftest*
-
-{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
-echo "$as_me: **************************************** PTY device files" >&6;}
-{ echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
-echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6; }
-if test "${ac_cv_file___dev_ptmx_+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r ""/dev/ptmx""; then
- ac_cv_file___dev_ptmx_=yes
-else
- ac_cv_file___dev_ptmx_=no
-fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
-echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6; }
-if test $ac_cv_file___dev_ptmx_ = yes; then
+#
+#{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
+#echo "$as_me: **************************************** PTY device files" >&6;}
+#{ echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
+#echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6; }
+#if test "${ac_cv_file___dev_ptmx_+set}" = set; then
+# echo $ECHO_N "(cached) $ECHO_C" >&6
+#else
+# test "$cross_compiling" = yes &&
+# { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+# { (exit 1); exit 1; }; }
+#if test -r ""/dev/ptmx""; then
+# ac_cv_file___dev_ptmx_=yes
+#else
+# ac_cv_file___dev_ptmx_=no
+#fi
+#fi
+#{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
+#echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6; }
+#if test $ac_cv_file___dev_ptmx_ = yes; then
cat >>confdefs.h <<\_ACEOF
-#define HAVE_DEV_PTMX 1
+#define HAVE_DEV_PTMX 0
_ACEOF
-fi
+#fi
-{ echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
-echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6; }
-if test "${ac_cv_file___dev_ptc_+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r ""/dev/ptc""; then
- ac_cv_file___dev_ptc_=yes
-else
- ac_cv_file___dev_ptc_=no
-fi
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
-echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6; }
-if test $ac_cv_file___dev_ptc_ = yes; then
+#{ echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
+#echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6; }
+#if test "${ac_cv_file___dev_ptc_+set}" = set; then
+# echo $ECHO_N "(cached) $ECHO_C" >&6
+#else
+# test "$cross_compiling" = yes &&
+# { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+# { (exit 1); exit 1; }; }
+#if test -r ""/dev/ptc""; then
+# ac_cv_file___dev_ptc_=yes
+#else
+# ac_cv_file___dev_ptc_=no
+#fi
+#fi
+#{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
+#echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6; }
+#if test $ac_cv_file___dev_ptc_ = yes; then
cat >>confdefs.h <<\_ACEOF
-#define HAVE_DEV_PTS_AND_PTC 1
+#define HAVE_DEV_PTS_AND_PTC 0
_ACEOF
-fi
+#fi
{ echo "$as_me:$LINENO: **************************************** entropy" >&5
@@ -24049,8 +24049,8 @@ _ACEOF
# Add SSL includes and libraries
-CFLAGS="$CFLAGS -I$ssldir/include"
-LIBS="$LIBS -L$ssldir/lib -lssl -lcrypto"
+CFLAGS="$CFLAGS"
+LIBS="$LIBS -lssl -lcrypto"
# Check for obsolete RSAref library
{ echo "$as_me:$LINENO: checking for obsolete RSAref library" >&5
--- a/configure.ac
+++ b/configure.ac
@@ -44,10 +44,6 @@ AC_EGREP_HEADER(socklen_t, sys/socket.h,
AC_MSG_RESULT([no (defined as int)])
AC_DEFINE(socklen_t, int))
-AC_MSG_NOTICE([**************************************** PTY device files])
-AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(HAVE_DEV_PTMX))
-AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC))
-
AC_MSG_NOTICE([**************************************** entropy])
AC_ARG_WITH(egd-socket,

28
net/stunnel/patches/101-no-comp.patch
View File

@ -1,28 +0,0 @@
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -72,14 +72,17 @@ int ssl_configure(void) { /* configure g
s_log(LOG_NOTICE, "FIPS mode %s",
global_options.option.fips ? "enabled" : "disabled");
#endif /* USE_FIPS */
+#ifndef OPENSSL_NO_COMP
if(global_options.compression!=COMP_NONE && !init_compression())
return 0;
+#endif
if(!init_prng())
return 0;
s_log(LOG_DEBUG, "PRNG seeded successfully");
return 1; /* SUCCESS */
}
+#ifndef OPENSSL_NO_COMP
static int init_compression(void) {
int id=0;
COMP_METHOD *cm=NULL;
@@ -111,6 +114,7 @@ static int init_compression(void) {
s_log(LOG_INFO, "Compression enabled using %s method", name);
return 1;
}
+#endif
static int init_prng(void) {
int totbytes=0;

13
net/stunnel/patches/102-no-ssl2.patch
View File

@ -1,13 +0,0 @@
--- a/src/options.c
+++ b/src/options.c
@@ -1234,8 +1234,10 @@ static char *parse_service_option(CMD cm
section->client_method=(SSL_METHOD *)SSLv23_client_method();
section->server_method=(SSL_METHOD *)SSLv23_server_method();
} else if(!strcasecmp(arg, "SSLv2")) {
+#ifndef OPENSSL_NO_SSL2
section->client_method=(SSL_METHOD *)SSLv2_client_method();
section->server_method=(SSL_METHOD *)SSLv2_server_method();
+#endif
} else if(!strcasecmp(arg, "SSLv3")) {
section->client_method=(SSL_METHOD *)SSLv3_client_method();
section->server_method=(SSL_METHOD *)SSLv3_server_method();

12
net/stunnel/patches/103-no-zlib-link.patch
View File

@ -1,12 +0,0 @@
Avoid linking with zlib, which is a dependency of openssl, not ours.
--- a/configure
+++ b/configure
@@ -23017,7 +23017,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
#define HAVE_LIBZ 1
_ACEOF
- LIBS="-lz $LIBS"
+# LIBS="-lz $LIBS"
fi

42
net/stunnel/patches/104-fix-paths.patch
View File

@ -1,42 +0,0 @@
## Do several path fixups, removing unneeded @prefix@s
--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
@@ -4,15 +4,15 @@
; please read the manual and make sure you understand them
; certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/stunnel.pem
+;key = @sysconfdir@/stunnel/stunnel.pem
; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; security enhancements for UNIX systems - comment them out on Win32
; for chroot a copy of some devices and files is needed within the jail
-chroot = @prefix@/var/lib/stunnel/
+chroot = @localstatedir@
setuid = nobody
setgid = @DEFAULT_GROUP@
; PID is created inside the chroot jail
@@ -33,16 +33,16 @@ socket = r:TCP_NODELAY=1
; CApath is located inside chroot jail
;CApath = /certs
; it's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
; don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
; debugging stuff (may useful for troubleshooting)
;debug = 7
-;output = stunnel.log
+;output = @localstatedir@/log/stunnel.log
; SSL client mode
;client = yes

54
net/stunnel/patches/105-stunnel-conf.patch
View File

@ -1,54 +0,0 @@
--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
@@ -8,7 +8,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
;key = @sysconfdir@/stunnel/stunnel.pem
; protocol version (all, SSLv2, SSLv3, TLSv1)
-sslVersion = SSLv3
+sslVersion = all
; security enhancements for UNIX systems - comment them out on Win32
; for chroot a copy of some devices and files is needed within the jail
@@ -49,21 +49,26 @@ socket = r:TCP_NODELAY=1
; service-level configuration
-[pop3s]
-accept = 995
-connect = 110
-
-[imaps]
-accept = 993
-connect = 143
-
-[ssmtp]
-accept = 465
-connect = 25
-
-;[https]
-;accept = 443
-;connect = 80
-;TIMEOUTclose = 0
+;[pop3s]
+;accept = 995
+;connect = 110
+
+;[imaps]
+;accept = 993
+;connect = 143
+
+;[ssmtp]
+;accept = 465
+;connect = 25
+
+[https]
+accept = 443
+connect = 80
+TIMEOUTclose = 0
+
+[chilli]
+accept = 3443
+connect = 3442
+TIMEOUTclose = 0
; vim:ft=dosini

248
net/stunnel/patches/106-stunnel-xforwardedfor.patch
View File

@ -1,248 +0,0 @@
--- a/doc/stunnel.8
+++ b/doc/stunnel.8
@@ -504,7 +504,10 @@ time to keep an idle connection
.IP "\fBtransparent\fR = yes | no (Unix only)" 4
.IX Item "transparent = yes | no (Unix only)"
transparent proxy mode
-.Sp
+.IP "\fBxforwardedfor\fR = yes | no" 4
+.IX Item "xforwardedfor = yes | no"
+append an 'X-Forwarded-For:' HTTP request header providing the
+client's IP address to the server.
Re-write address to appear as if wrapped daemon is connecting
from the \s-1SSL\s0 client machine instead of the machine running \fBstunnel\fR.
.Sp
--- a/doc/stunnel.fr.8
+++ b/doc/stunnel.fr.8
@@ -445,6 +445,10 @@ Cette option permet de relier une adress
Négocie avec \s-1SSL\s0 selon le protocole indiqué
.Sp
Actuellement gérés\ : cifs, nntp, pop3, smtp
+.IP "\fBxforwardedfor\fR = yes | no" 4
+.IX Item "xforwardedfor = yes | no"
+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant
+au serveur l'adresse IP du client.
.IP "\fBpty\fR = yes | no (Unix seulement)" 4
.IX Item "pty = yes | no (Unix seulement)"
Alloue un pseudo-terminal pour l'option «\ exec\ »
--- a/src/client.c
+++ b/src/client.c
@@ -86,6 +86,12 @@ CLI *alloc_client_session(SERVICE_OPTION
return NULL;
}
c->opt=opt;
+ /* some options need space to add some information */
+ if (c->opt->option.xforwardedfor)
+ c->buffsize = BUFFSIZE - BUFF_RESERVED;
+ else
+ c->buffsize = BUFFSIZE;
+ c->crlf_seen=0;
c->local_rfd.fd=rfd;
c->local_wfd.fd=wfd;
return c;
@@ -376,6 +382,29 @@ static void init_ssl(CLI *c) {
}
}
+/* Moves all data from the buffer <buffer> between positions <start> and <stop>
+ * to insert <string> of length <len>. <start> and <stop> are updated to their
+ * new respective values, and the number of characters inserted is returned.
+ * If <len> is too long, nothing is done and -1 is returned.
+ * Note that neither <string> nor <buffer> can be NULL.
+*/
+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) {
+ if (len > limit - *stop)
+ return -1;
+ if (*start > *stop)
+ return -1;
+ memmove(buffer + *start + len, buffer + *start, *stop - *start);
+ memcpy(buffer + *start, string, len);
+ *start += len;
+ *stop += len;
+ return len;
+}
+
+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) {
+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string));
+}
+
+
/****************************** some defines for transfer() */
/* is socket/SSL open for read/write? */
#define sock_rd (c->sock_rfd->rd)
@@ -410,13 +439,16 @@ static void transfer(CLI *c) {
check_SSL_pending=0;
SSL_read_wants_read=
- ssl_rd && c->ssl_ptr<BUFFSIZE && !SSL_read_wants_write;
+ //ssl_rd && c->ssl_ptr<BUFFSIZE && !SSL_read_wants_write;
+ ssl_rd && c->ssl_ptr<c->buffsize && !SSL_read_wants_write;
+
SSL_write_wants_write=
ssl_wr && c->sock_ptr && !SSL_write_wants_read;
/****************************** setup c->fds structure */
s_poll_init(&c->fds); /* initialize the structure */
- if(sock_rd && c->sock_ptr<BUFFSIZE)
+ //if(sock_rd && c->sock_ptr<BUFFSIZE)
+ if(sock_rd && c->sock_ptr<c->buffsize)
s_poll_add(&c->fds, c->sock_rfd->fd, 1, 0);
if(SSL_read_wants_read ||
SSL_write_wants_read ||
@@ -515,7 +547,8 @@ static void transfer(CLI *c) {
break;
default:
memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num);
- if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */
+ //if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */
+ if(c->ssl_ptr>=c->buffsize) /* buffer was previously full */
check_SSL_pending=1; /* check for data buffered by SSL */
c->ssl_ptr-=num;
c->sock_bytes+=num;
@@ -577,7 +610,8 @@ static void transfer(CLI *c) {
/****************************** read from socket */
if(sock_rd && sock_can_rd) {
num=readsocket(c->sock_rfd->fd,
- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
+ //c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr);
switch(num) {
case -1:
parse_socket_error(c, "readsocket");
@@ -597,10 +631,73 @@ static void transfer(CLI *c) {
(SSL_read_wants_write && ssl_can_wr) ||
(check_SSL_pending && SSL_pending(c->ssl))) {
SSL_read_wants_write=0;
- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
+ //num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
case SSL_ERROR_NONE:
+ //c->ssl_ptr+=num;
+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */
+ int last = c->ssl_ptr;
+ c->ssl_ptr += num;
+
+ /* Look for end of HTTP headers between last and ssl_ptr.
+ * To achieve this reliably, we have to count the number of
+ * successive [CR]LF and to memorize it in case it's spread
+ * over multiple segments. --WT.
+ */
+ while (last < c->ssl_ptr) {
+ if (c->ssl_buff[last] == '\n') {
+ if (++c->crlf_seen == 2)
+ break;
+ } else if (last < c->ssl_ptr - 1 &&
+ c->ssl_buff[last] == '\r' &&
+ c->ssl_buff[last+1] == '\n') {
+ if (++c->crlf_seen == 2)
+ break;
+ last++;
+ } else if (c->ssl_buff[last] != '\r')
+ /* don't refuse '\r' because we may get a '\n' on next read */
+ c->crlf_seen = 0;
+ last++;
+ }
+ if (c->crlf_seen >= 2) {
+ /* We have all the HTTP headers now. We don't need to
+ * reserve any space anymore. <ssl_ptr> points to the
+ * first byte of unread data, and <last> points to the
+ * exact location where we want to insert our headers,
+ * which is right before the empty line.
+ */
+ c->buffsize = BUFFSIZE;
+
+ if (c->opt->option.xforwardedfor) {
+ /* X-Forwarded-For: xxxx \r\n\0 */
+ char xforw[17 + IPLEN + 3];
+
+ /* We will insert our X-Forwarded-For: header here.
+ * We need to write the IP address, but if we use
+ * sprintf, it will pad with the terminating 0.
+ * So we will pass via a temporary buffer allocated
+ * on the stack.
+ */
+ memcpy(xforw, "X-Forwarded-For: ", 17);
+ if (getnameinfo(&c->peer_addr.addr[0].sa,
+ addr_len(c->peer_addr.addr[0]),
+ xforw + 17, IPLEN, NULL, 0,
+ NI_NUMERICHOST) == 0) {
+ strcat(xforw + 17, "\r\n");
+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr,
+ c->buffsize, xforw);
+ }
+ /* last still points to the \r\n and ssl_ptr to the
+ * end of the buffer, so we may add as many headers
+ * as wee need to.
+ */
+ }
+ }
+ }
+ else
c->ssl_ptr+=num;
+
watchdog=0; /* reset watchdog */
break;
case SSL_ERROR_WANT_WRITE:
--- a/src/common.h
+++ b/src/common.h
@@ -53,6 +53,9 @@
/* I/O buffer size */
#define BUFFSIZE 16384
+/* maximum space reserved for header insertion in BUFFSIZE */
+#define BUFF_RESERVED 1024
+
/* length of strings (including the terminating '\0' character) */
/* it can't be lower than 256 bytes or NTLM authentication will break */
#define STRLEN 256
--- a/src/options.c
+++ b/src/options.c
@@ -792,6 +792,28 @@ static char *parse_service_option(CMD cm
}
#endif
+ /* xforwardedfor */
+ switch(cmd) {
+ case CMD_INIT:
+ section->option.xforwardedfor=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "xforwardedfor"))
+ break;
+ if(!strcasecmp(arg, "yes"))
+ section->option.xforwardedfor=1;
+ else if(!strcasecmp(arg, "no"))
+ section->option.xforwardedfor=0;
+ else
+ return "argument should be either 'yes' or 'no'";
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ break;
+ case CMD_HELP:
+ s_log("%-15s = yes|no append an HTTP X-Forwarded-For header","xforwardedfor");
+ break;
+ }
+
/* exec */
switch(cmd) {
case CMD_INIT:
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -177,6 +177,7 @@ typedef struct service_options_struct {
unsigned int remote:1;
unsigned int retry:1; /* loop remote+program */
unsigned int sessiond:1;
+ unsigned int xforwardedfor:1;
unsigned int program:1;
#ifndef USE_WIN32
unsigned int pty:1;
@@ -351,6 +352,8 @@ typedef struct {
FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */
s_poll_set fds; /* file descriptors */
+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */
+ int crlf_seen; /* the number of successive CRLF seen */
} CLI;
extern int max_fds, max_clients;