#!/bin/sh
#
# sslwrap   starts and stops sslwrap in daemon-mode, if configured to do so

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/sslwrap
NAME=sslwrap
DESC="sslwrap"

cfg_file=/etc/sslwrap/debian_config

test -f $DAEMON || exit 1

if [ -f $cfg_file ] ; then
    . $cfg_file
else
    echo "Missing $cfg_file configuration file!" >&2
    echo "Please run 'dpkg-reconfigure --plow sslwrap' to generate one." >&2
    exit 1;
fi

sslwrap_args=''
if [ "$with_certificate" = "true" ] ; then
    if [ -z "$certfile" ] ; then
        echo <<EOF
The configuration file, $cfg_file, indicates that we should use a
certificate file but the directive 'certfile' is empty!!
EOF
        exit 1
    fi
    if [ -e "$certfile" ] ; then
        sslwrap_args="$sslwrap_args -cert $certfile"
    else
        echo "Missing certification file, $certfile!"
        exit 1
    fi
else
    sslwrap_args="$sslwrap_args -nocert"
fi
if [ -n "$used_addr" ] ; then
    sslwrap_args="$sslwrap_args -addr $used_addr"
fi

# start or stop an sslwrap daemon for a particular service
# arg 1: "start" or "stop"
# arg 2: the name of the service (e.g., "https" or "ftps") - used for pidfile
# arg 3: the non-ssl port to connect to (e.g., 80 or 21)
# arg 4: the ssl port to accept on (e.g., 443, 990)
start_stop_sslwrap ()
{
    case "$1" in
        start)
            start-stop-daemon --start --quiet --background --make-pidfile \
                --pidfile "/var/run/sslwrap-$2.pid" \
                --exec $DAEMON -- $sslwrap_args -port $3 -accept $4
            ;;
        stop)
            start-stop-daemon --stop --quiet --oknodo --signal 9 \
                --pidfile "/var/run/sslwrap-$2.pid" \
                --exec $DAEMON -- $sslwrap_args -port $3 -accept $4
            ;;
    esac
    echo -n " $2"
}

# arg 1: name of service (e.g., https) to listen on
# arg 2: port to connect to (e.g., 80)
my_update_inetd ()
{
    update-inetd --add "#<off># $1   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/sslwrap $sslwrap_args -port $2"
}

# start or stop all the sslwrap daemons
# arg 1: "start" or "stop" - pass to start_stop_sslwrap() for daemon mode 
#                            and use locally for inetd mode
start_stop_all ()
{
    # delete all previous sslwrap inetd entries, regardless
    update-inetd --multi --remove sslwrap 2>&1 > /dev/null

    if [ "$run_mode" = "daemon" ] ; then
        ports=`echo $ports|sed -e 's/ //g'|tr ',' '\n'`
        for port in $ports ; do
            case "$port" in
                https)      start_stop_sslwrap $1 $port  80  443 ;;
                ssmtp)      start_stop_sslwrap $1 $port  25  465 ;;
                nntps)      start_stop_sslwrap $1 $port 119  563 ;;
                telnets)    start_stop_sslwrap $1 $port  23  992 ;;
                imaps)      start_stop_sslwrap $1 $port 143  993 ;;
                ircs)       start_stop_sslwrap $1 $port 194  994 ;;
                pop3s)      start_stop_sslwrap $1 $port 110  995 ;;
                ftps-data)  start_stop_sslwrap $1 $port  20  989 ;;
                ftps)       start_stop_sslwrap $1 $port  21  990 ;;
                sswat)      start_stop_sslwrap $1 $port 901 1901 ;;
            esac
        done

    elif [ "$run_mode" = "inetd" ] ; then
        my_update_inetd https      80
        my_update_inetd ssmtp      25
        my_update_inetd nntps     119
        my_update_inetd telnets    23
        my_update_inetd imaps     143
        my_update_inetd ircs      194
        my_update_inetd pop3s     110
        my_update_inetd ftps-data  20
        my_update_inetd ftps       21
        my_update_inetd sswat     901

        ports=`echo $ports|sed -e 's/ //g'|tr ',' '\n'`
        for port in $ports ; do
            if [ "$1" = "start" ] ; then
                update-inetd --enable $port
            fi
            echo -n " $port"
        done

    else
        echo -n " disabled"
    fi

    # tell inetd to reload its configuration file, regardless
    /etc/init.d/inetd reload 2>&1 >/dev/null
}

case "$1" in
    start)
        echo -n "Starting $DESC:"
        start_stop_all start
        echo "."
        ;;
    stop)
        echo -n "Stopping $DESC:"
        start_stop_all stop
        echo "."
        ;;
    restart|force-reload)
        /etc/init.d/sslwrap stop
        /etc/init.d/sslwrap start
        ;;
    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

