the problem frequently occurs on the client side: admin need to configure
stunnel for multiple users.
every user has own key, certificate, own permissions on file system (for
log-files, etc)
this patch allow to write flexible config.
some examples:
cert = %USERPROFILE%\.config\my.pem (windows)
cert = ${HOME}/.config/my.pem (other)
output = %APPDATA%\stunnel.log (windows)
output = ${HOME}/stunnel.log (other)
CAfile = %ALLUSERSPROFILE%\ourCAbundle.crt (windows)
CAfile = /etc/ssl/certs/ourCAbundle.crt (other, not using variables)
"secure" :) random port example:
...
[srv1]
accept = 127.0.0.1:%SRV1_PORT% (windows)
accept = 127.0.0.1:${SRV1_PORT} (other)
...
start stunnel (batch-file or shell-script):
set SRV1_PORT=%RANDOM% (windows)
limitations:
1. don't support unicode on windows (localized usernames, files, etc)
2. only ${NAME} syntax supported on *nix (not $NAME).
--- stunnel-5.32/src/options.c.orig 2016-05-03 22:35:03.000000000 +0400
+++ stunnel-5.32/src/options.c 2016-05-23 15:21:14.059958210 +0400
@@ -329,10 +329,59 @@
return 0;
}
+#ifndef USE_WIN32
+unsigned int ExpandEnvironmentStringsA(const char *lpSrc, char *lpDst, size_t nSize) {
+ const char *from;
+ char *to;
+ const char *begin;
+ const char *end;
+ char *name;
+ const char *value;
+ size_t len;
+
+ from = lpSrc;
+ to = lpDst;
+ while ((begin = strchr(from, '$'))) {
+ len = (size_t)(begin - from);
+ if (*(begin + 1) == '{' && (end = strchr(begin, '}')) ) {
+ if ((size_t)(to - lpDst) + len >= nSize) return 0;
+ strncpy(to, from, len);
+ to += len;
+ len = (size_t)(end - begin - 2);
+ name = strndup(begin + 2, len);
+ value = getenv(name);
+ free(name);
+ if (value) {
+ len = strlen(value);
+ if ((size_t)(to - lpDst) + len >= nSize) return 0;
+ strncpy(to, value, len);
+ } else {
+ len = (size_t)(end - begin + 1);
+ if ((size_t)(to - lpDst) + len >= nSize) return 0;
+ strncpy(to, begin, len);
+ }
+ } else {
+ len++; /* +$ itself */
+ if ((size_t)(to - lpDst) + len >= nSize) return 0;
+ strncpy(to, from, len);
+ end = from + len - 1;
+ }
+ to += len;
+ from = end + 1;
+ }
+ len = strlen(from); /* rest of string */
+ if ((size_t)(to - lpDst) + len >= nSize) return 0;
+ strncpy(to, from, len);
+ to[len] = '\0';
+ return strlen(lpDst);
+}
+#endif
+
NOEXPORT int options_file(char *path, CONF_TYPE type, SERVICE_OPTIONS **section) {
DISK_FILE *df;
char line_text[CONFLINELEN], *errstr;
char config_line[CONFLINELEN], *config_opt, *config_arg;
+ char env_expanded[CONFLINELEN];
int i, line_number=0;
#ifndef USE_WIN32
int fd;
@@ -429,6 +478,16 @@
continue;
}
+ if(config_arg) {
+ if(ExpandEnvironmentStringsA(config_arg, env_expanded, sizeof(env_expanded))) {
+ config_arg=env_expanded;
+ } else {
+ s_log(LOG_ERR, "%s:%d: Failed to expand environment variables \"%s\"",
+ path, line_number, config_arg);
+ return 1;
+ }
+ }
+
errstr=option_not_found;
/* try global options first (e.g. for 'debug') */
if(!new_service_options.next)
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
