#!/bin/bash
# version 1.2

# Peter Poeml <poeml@suse.de>
# This is a public domain software.  Use it at your oun risk.

# a wrapper for stunnel 4, so it can be used just as stunnel 3
# (with cmdline arguments instead of a config file. A config file is 
# written on the fly.)

# Version 1.1
#  Minor edits to 'daemon_{host,port}' substitutions and added
#  'break' to the execargs section to be compatible with non
#  bash Bourne shells.
#   -- bri@stunnel.org 16-Jun-2003

# Version 1.2
#  In an attempt to merge with the stunnel3_concert script for maintenance
#  reasons, allow to be called as "stunnel3_convert" -- showing the suggested
#  configuration without actually spawning stunnel.
#   -- poeml@suse.de, 30-Jul-2003
#

# defaults
: ${STUNNEL_DEBUG:=false}
quiet=false
foreground_mode=
overwrite_random_seed=
pty=

function usage() {
	cat >&2 <<-EOF

	Usage:
	
	  ${0##*/}
	        [-V] [-c | -T] [-D level] [-C cipherlist] [-p pemfile]
	        [-v level] [-A certfile] [-a directory] [-t timeout]
	        [-u ident_username] [-s setuid_user] [-g setgid_group] [-n protocol]
	        [-R randfile] [-E egdsock] [-B bytes] [-P filename ]
	        [-d [host:]port [-f] ]
	        [-r [host:]port | { -l | -L }  program [-- args] ]

	  -S is not supported. -P only takes filenames.

	EOF
}

while getopts d:r:P:s:g:cD:fN:u:n:p:E:R:WB:v:a:A:C:t:Tl:L:V opt; do
	case $opt in
	d) 	daemon_host_port=$OPTARG;;
	r) 	rem_host_port=$OPTARG;;
	P) 	pid=$OPTARG;;
	s) 	setuid_user=$OPTARG;;
	g) 	setgid_user=$OPTARG;;
	c) 	client_mode=true;;
	D) 	debug=$OPTARG;;
	f) 	foreground_mode=true;;
	N) 	service_name=$OPTARG;;
	u) 	ident_username=$OPTARG;;
	n) 	protocol=$OPTARG;;
	E) 	eg_daemon=$OPTARG;;
	W) 	overwrite_random_seed=false;;
	B) 	rnd_bytes=$OPTARG;;
	R) 	rnd_file=$OPTARG;;
	p) 	pem_file=$OPTARG;;
	v) 	verify=$OPTARG;;
	a) 	ca_path=$OPTARG;;
	A) 	ca_file=$OPTARG;;
	C) 	cipher_list=$OPTARG;;
	t) 	session_timeout=$OPTARG;;
	T) 	transparent_mode=true;;
	l) 	program=$OPTARG;;
	L) 	program=$OPTARG; pty=true;;
	V)	stunnel -version; exit 0;;

	q) quiet=true;;
	*) usage; exit 1;;
	esac
done

if [ -z "$daemon_host_port" -a -z "$rem_host_port" ]; then
	echo >&2 Error: Either program or remote service must be specified
	usage
	exit 1
fi

daemon_port=$daemon_host_port
case $daemon_host_port in
    *:*)	
	daemon_host=${daemon_host_port%:*}
	daemon_port=${daemon_host_port#*:}
	;;
esac

for i in $*; do
	case $i in 
	--)	shift; exec=$1; shift; execargs=$@; break;;
	*) 	shift;;
	esac
done

if $STUNNEL_DEBUG; then 
	for i in daemon_host_port rem_host_port pid setuid_user setgid_user client_mode debug exec execargs; do
		eval 'printf "%-20s = %s \n"' $i \$$i;
	done
fi

tmpconf=`mktemp /tmp/stunnel.conf.XXXXXXX` || exit 1

(uniq | grep -v "^[[:space:]]*$") >$tmpconf <<EOF
${pid:+pid = $pid}
${setuid_user:+setuid = $setuid_user}
${setgid_user:+setgid = $setgid_user}
${client_mode:+client = yes}
${foreground_mode:+foreground = yes}
${debug:+debug = $debug}
${pem_file:+cert = $pem_file}
${verify:+verify = $verify}
${ca_path:+CApath = $ca_path}
${ca_file:+CAfile = $ca_file}
${cipher_list:+ciphers = $cipher_list}
${eg_daemon:+EGD = $eg_daemon}
${rnd_file:+RNDfile = $rnd_file}
${overwrite_random_seed:+RNDoverwrite = no}
${rnd_bytes:+RNDbytes = $rnd_bytes}
${session_timeout:+session = $session_timeout}

`if [ -n "$daemon_host_port" ]; then echo [${service_name:-${daemon_port:-stunnel}}]; fi`

	${daemon_host_port:+accept = $daemon_host_port}
	${rem_host_port:+connect = $rem_host_port}
	${transparent_mode:+transparent = yes}
	${ident_username:+ident = $ident_username}
	${protocol:+protocol = $protocol}
	${program:+exec = $program}
	${execargs:+execargs = $exec $execargs}
	${pty:+pty = yes}


EOF

case $0 in 
    *convert)
	cat $tmpconf
	;;

    *)
	echo "----------------------->"
	cat $tmpconf
	echo "<-----------------------"

	echo executing \'stunnel $tmpconf\'
	stunnel $tmpconf
	;;
esac

rm -f $tmpconf

# vim: ai