#! /bin/sh
#
# skeleton	example file to build /etc/init.d/ scripts.
#		This file should be used to construct scripts for /etc/init.d.
#
#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
#		Modified for Debian GNU/Linux
#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
# Version:	@(#)skeleton  1.8  03-Mar-1998  miquels@cistron.nl
#
SSLWRAP_CONFIG=/etc/sslwrap/debian_config
if [ -f $SSLWRAP_CONFIG ]; then
	. $SSLWRAP_CONFIG
else
	echo "Missing /etc/sslwrap/debian_config configuration file !" >&2
	echo "Please restart dpkg-reconfigure --priority=low sslwrap to correct this" >&2
	exit 0;
fi

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/sslwrap
NAME=sslwrap
DESC="sslwrap"

test -f $DAEMON || exit 0
umask 077

start_sslwrap()
{
	if [ "$with_certificate" = "true" ]; then
		if [ -f "$certfile" ]; then
			chmod 600 $certfile
			test=`/usr/bin/openssl verify $certfile 2>&1|sed -e 's/.*: //g'`
			if [ "$test" != "OK" ]; then
				if [ "$overwrite_corrupted_certfile" = "replace through new (with backup)" ]; then
					nr=`date +%Y%m%d%H%M%S`
					echo "***"
					echo "***  YOUR CERTIFICATION FILE $certfile WILL BE OVERWRITTEN BY A NEW ONE !!!"
					echo "***  THE OLD FILE WILL BE RENAMED TO $certfile.$nr"
					echo "***  YOU CAN CHECK THE ERROR REPORT CAUSED THIS STEP USING 'openssl verify $certfile.$nr'"
					echo "***"
					mv $certfile $certfile.$nr
				elif [ "$overwrite_corrupted_certfile" = "keep it untouched" ]; then
					test=OK
				else
					certfile=""
				fi
			fi
			if [ -n "$certfile" ]; then
				with_certificate=false
			fi
		fi
		if [ "$certfile" -a "$test" != "OK" ]; then
			rm -f $certfile
			if [ -z "$hostname" ]; then
				hostname=`hostname -f`
			fi
			if [ -z "$email" ]; then
				email="root@$hostname"
			fi
			if [ ${#country} -gt 2 ]; then
				country="."
			fi
			if [ ${#email} -gt 40 ]; then
				email="."
			fi
			( echo "$country";
			  echo "$state";
			  echo "$locality";
			  echo "$organization";
			  echo "$unit";
			  echo "$hostname";
			  echo "$email"; ) | /usr/bin/openssl req -new -x509 -nodes -out $certfile -keyout $certfile
			test=`/usr/bin/openssl verify $certfile 2>&1|sed -e 's/.*: //g'`
		fi
		if [ "$test" != "OK" ]; then
			sslwrap_args="$sslwrap_args -nocert"
		else
			sslwrap_args="$sslwrap_args -cert $certfile"
		fi
	else
		sslwrap_args="$sslwrap_args -nocert"
	fi
	if [ "$used_addr" != "127.0.0.1" ]; then
		sslwrap_args="$sslwrap_args -addr $used_addr"
	fi
}

case "$1" in
  start|stop)
  	if [ "$1" = "start" ]; then
		echo -n "Starting $DESC:"
		start_sslwrap
	else
		echo -n "Stopping $DESC:"
	fi
	ports=`echo $ports|sed -e 's/ //g'|tr ',' '\n'`
	if [ "$run_mode" = "daemon" ]; then
		for i in $ports; do
			case "$i" in
				https)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap443.pid --exec $DAEMON -- $sslwrap_args -port 80 -accept 443
					;;
				ssmtp)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap465.pid --exec $DAEMON -- $sslwrap_args -port 25 -accept 465
					;;
				nntps)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap563.pid --exec $DAEMON -- $sslwrap_args -port 119 -accept 563
					;;
				telnets)start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap992.pid --exec $DAEMON -- $sslwrap_args -port 23 -accept 992
					;;
				imaps)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap993.pid --exec $DAEMON -- $sslwrap_args -port 143 -accept 993
					;;
				ircs)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap994.pid --exec $DAEMON -- $sslwrap_args -port 194 -accept 994
					;;
				pop3s)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap995.pid --exec $DAEMON -- $sslwrap_args -port 110 -accept 995
					;;
				ftps-data)
					start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap989.pid --exec $DAEMON -- $sslwrap_args -port 20 -accept 989
					;;
				ftps)	start-stop-daemon "--$1" --quiet --pidfile /var/run/sslwrap990.pid --exec $DAEMON -- $sslwrap_args -port 21 -accept 990
					;;
			esac
			echo -n " $i"
		done
	else
		if [ "$1" = "start" ]; then
			param="--enable"
			
			# We remove all entries because sometimes teh $sslwrap_args change
			update-inetd --multi --remove sslwrap 2>&1 > /dev/null

			update-inetd --add "#<off># https	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 80 -without_pid"
			update-inetd --add "#<off># ssmtp	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 25 -without_pid"
			update-inetd --add "#<off># nntps	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 119 -without_pid"
			update-inetd --add "#<off># telnets	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 23 -without_pid"
			update-inetd --add "#<off># imaps	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 143 -without_pid"
			update-inetd --add "#<off># ircs	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 194 -without_pid"
			update-inetd --add "#<off># pop3s	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 110 -without_pid"
			update-inetd --add "#<off># ftps-data	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 20 -without_pid"
			update-inetd --add "#<off># ftps	stream	tcp	nowait	root	/usr/sbin/tcpd	/usr/sbin/sslwrap $sslwrap_args -port 21 -without_pid"
		else
			param="--disable --multi"
		fi
		for i in $ports; do
			case "$i" in
				https)	update-inetd $param https
					;;
				ssmtp)	update-inetd $param ssmtp
					;;
				nntps)	update-inetd $param nntps
					;;
				telnets)update-inetd $param telnets
					;;
				imaps)	update-inetd $param imaps
					;;
				ircs)	update-inetd $param ircs
					;;
				pop3s)	update-inetd $param pop3s
					;;
				ftps-data)
					update-inetd $param ftps-data
					;;
				ftps)	update-inetd $param ftps
					;;
			esac
			echo -n " $i"
		done
	fi
    	echo "."
	;;

  #reload)
	#
	#	If the daemon can reload its config files on the fly
	#	for example by sending it SIGHUP, do it here.
	#
	#	If the daemon responds to changes in its config file
	#	directly anyway, make this a do-nothing entry.
	#
	# echo "Reloading $DESC configuration files."
	# start-stop-daemon --start --signal 1 --quiet --pidfile \
	#	/var/run/$NAME.pid --exec $DAEMON
  #;;
  restop|force-reload)
	#
	#	If the "reload" option is implemented, move the "force-reload"
	#	option to the "reload" entry above. If not, "force-reload" is
	#	just the same as "restop".
	#
	# echo -n "Restoping $DESC: "
	# start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
	# 	--exec $DAEMON
	# sleep 1
	# start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
	# 	--exec $DAEMON
	# echo "$NAME."
	/etc/init.d/sslwrap stop
	/etc/init.d/sslwrap stop
	;;
  *)
	N=/etc/init.d/$NAME
	# echo "Usage: $N {stop|stop|restart|reload|force-reload}" >&2
	echo "Usage: $N {start|stop|restart|force-reload}" >&2
	exit 1
	;;
esac

exit 0

# vim: ts=4 noexpandtab nowrap
