From b29f8a94064f0f92fdaff4fa2059009a0b8b4071 Mon Sep 17 00:00:00 2001 From: Reidar Cederqvist Date: Wed, 22 Nov 2017 10:03:58 +0100 Subject: [PATCH] owsd: update config and init.d files to work with ubusproxy --- owsd/files/owsd.config | 16 +++++++++----- owsd/files/owsd.init | 49 ++++++++++++++++++++++++++++++------------ 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/owsd/files/owsd.config b/owsd/files/owsd.config index 6aeb32091..52a7157f8 100644 --- a/owsd/files/owsd.config +++ b/owsd/files/owsd.config @@ -3,11 +3,17 @@ config owsd 'global' option www '/www' option redirect '/cgi-bin/luci:/cacheflush.html' # option www_maxage '3600' -# list ubusproxy 'https://repeater1url/' -# list ubusproxy 'wss://repeater2url/' -# option client_cert '/etc/ssl/certs/owsd-repeater-control-cert.pem' -# option client_key '/etc/ssl/private/owsd-repeater-control-key.pem' -# option client_ca '/etc/ssl/certs/owsd-server-ca.pem' + +# ubusproxy is enbaled if: enable = 1 or peer exists or path exists +config ubusproxy 'ubusproxy' + option enable '0' +# list peer 'https://repeater1_hostname/' +# list peer 'wss://repeater2_hostname/' +# list object 'router.*' +# list object 'system' +# option peer_cert '/etc/ssl/certs/owsd-repeater-control-cert.pem' +# option peer_key '/etc/ssl/private/owsd-repeater-control-key.pem' +# option peer_ca '/etc/ssl/certs/owsd-server-ca.pem' config owsd-listen 'loopback' option port '80' diff --git a/owsd/files/owsd.init b/owsd/files/owsd.init index 4dd603bb6..fa47d955a 100644 --- a/owsd/files/owsd.init +++ b/owsd/files/owsd.init @@ -104,16 +104,23 @@ load_dhcp_domains() { config_foreach dhcp_domain_section "domain" } -validate_owsd() { +validate_owsd_ubusproxy() { + uci_validate_section "owsd" "ubusproxy" "ubusproxy" \ + 'enable:bool:1' \ + 'peer:list(string)' \ + 'object:list(string)' \ + 'peer_key:file' \ + 'peer_cert:file' \ + 'peer_ca:file' \ + +} + +validate_owsd_global() { uci_validate_section "owsd" "owsd" "global" \ 'sock:string' \ 'redirect:string' \ 'www:string' \ 'www_maxage:integer' \ - 'ubusproxy:list(string)' \ - 'client_key:file' \ - 'client_cert:file' \ - 'client_ca:file' \ } @@ -237,9 +244,9 @@ start_service() { procd_set_param command $PROG local sock www redirect www_maxage - local client_cert client_key client_ca + local enable peer_cert peer_key peer_ca - validate_owsd || { + validate_owsd_global || { echo "Global validation failed" return 1 } @@ -249,15 +256,29 @@ start_service() { [ -n "${redirect}" ] && procd_append_param command -r"${redirect}" [ -n "${www_maxage}" ] && procd_append_param command -t"${www_maxage}" - [ -n "${client_cert}" ] && procd_append_param command -C"${client_cert}" - [ -n "${client_key}" ] && procd_append_param command -K"${client_key}" - [ -n "${client_ca}" ] && procd_append_param command -A"${client_ca}" - - append_ubusproxy () { - [ -n "$1" ] && procd_append_param command -P"$1" + validate_owsd_ubusproxy || { + echo "Ubusproxy validation failed" + return 1 } - config_list_foreach "global" "ubusproxy" append_ubusproxy + if [ "${enable}" -eq 1 ]; then + procd_append_param command -U + + [ -n "${peer_cert}" ] && procd_append_param command -C"${peer_cert}" + [ -n "${peer_key}" ] && procd_append_param command -K"${peer_key}" + [ -n "${peer_ca}" ] && procd_append_param command -A"${peer_ca}" + + append_peer () { + [ -n "$1" ] && procd_append_param command -P"$1" + } + + append_object () { + [ -n "$1" ] && procd_append_param command -U"$1" + } + + config_list_foreach "ubusproxy" "peer" append_peer + config_list_foreach "ubusproxy" "object" append_object + fi config_foreach parse_owsd_iface "owsd-listen"