diff options
author | Andrew Cady <d@jerkface.net> | 2021-10-09 08:11:05 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2021-10-09 08:26:30 -0400 |
commit | 204468735750c028641fa6438b956289b573194e (patch) | |
tree | ac1bfe55f4d1dbb7cd1e18d1a9ada4d3e19cae0f | |
parent | bdec7d13e5514489693f29111783592ba613988a (diff) |
cleaning up
-rwxr-xr-x | cryptonomic-vpn | 83 |
1 files changed, 37 insertions, 46 deletions
diff --git a/cryptonomic-vpn b/cryptonomic-vpn index 5e95558..d983e60 100755 --- a/cryptonomic-vpn +++ b/cryptonomic-vpn | |||
@@ -103,27 +103,14 @@ parse_options() | |||
103 | shift | 103 | shift |
104 | done | 104 | done |
105 | 105 | ||
106 | case "$# $1" in | 106 | if [ $# = 1 -a -z "$REMOTE_NAME" ] |
107 | 1\ *.*.*.cryptonomic.net) CRYPTONOMIC_DOMAIN=$1; shift ;; | ||
108 | 1\ *) REMOTE_NAME=$1; shift ;; | ||
109 | esac | ||
110 | |||
111 | if [ "$CRYPTONOMIC_DOMAIN" ] | ||
112 | then | 107 | then |
113 | REMOTE_NAME=${CRYPTONOMIC_DOMAIN%%.*} | 108 | REMOTE_NAME=$1 |
114 | [ "$REMOTE_IP" ] || REMOTE_IP=$(resolve_domain_name "$REMOTE_NAME") | ||
115 | |||
116 | elif [ $# != 0 ] | 109 | elif [ $# != 0 ] |
117 | then | 110 | then |
118 | help | 111 | help |
119 | exit 1 | 112 | exit 1 |
120 | fi | 113 | fi |
121 | |||
122 | # The validation functions modify the values to normalize them. | ||
123 | validate_remote_ip || die 'invalid remote ip' | ||
124 | validate_remote_name || die "invalid remote name '$REMOTE_NAME'" | ||
125 | validate_remote_key_type || die 'invalid remote key type' | ||
126 | validate_local_key || die 'invalid local key' | ||
127 | } | 114 | } |
128 | 115 | ||
129 | resolve_domain_name() | 116 | resolve_domain_name() |
@@ -170,10 +157,18 @@ validate_local_key() | |||
170 | main() | 157 | main() |
171 | { | 158 | { |
172 | parse_options "$@" | 159 | parse_options "$@" |
160 | |||
161 | # The validation functions modify the values to normalize them. | ||
162 | validate_remote_ip || die 'invalid remote ip' | ||
163 | validate_remote_name || die "invalid remote name '$REMOTE_NAME'" | ||
164 | validate_remote_key_type || die 'invalid remote key type' | ||
165 | validate_local_key || die 'invalid local key' | ||
166 | |||
173 | if [ "$NO_ACT" ] | 167 | if [ "$NO_ACT" ] |
174 | then | 168 | then |
175 | exec 2>&1 | 169 | exec 2>&1 |
176 | keycopy | 170 | install_local_private_key |
171 | install_remote_public_key | ||
177 | test_new_config | 172 | test_new_config |
178 | else | 173 | else |
179 | die unimplemented | 174 | die unimplemented |
@@ -197,33 +192,21 @@ match_and_drop_first_word() | |||
197 | 192 | ||
198 | keyscan() | 193 | keyscan() |
199 | { | 194 | { |
200 | if [ -e keyscan.cache ] | 195 | semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1" |
201 | then | ||
202 | cat keyscan.cache | ||
203 | else | ||
204 | semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1" | ||
205 | fi | ||
206 | } | 196 | } |
207 | 197 | ||
198 | # Only write to the destination if the command is successful. | ||
208 | write_successfully() | 199 | write_successfully() |
209 | { | 200 | { |
210 | local f=$(mktemp) || return | 201 | local out="$1" f |
211 | local out="$1" | ||
212 | [ "$2" = -- ] || return | 202 | [ "$2" = -- ] || return |
213 | shift 2 | 203 | shift 2 |
204 | f=$(mktemp) || return | ||
214 | if "$@" > "$f" | 205 | if "$@" > "$f" |
215 | then | 206 | then |
216 | if [ "$NO_ACT" ] | 207 | if [ "$NO_ACT" ] |
217 | then | 208 | then |
218 | ( | 209 | simulate_write "$f" "$out" |
219 | exec >&2 | ||
220 | echo "Write $out:" | ||
221 | case "$(file --mime-encoding "$f")" in | ||
222 | *': binary') xxd "$f" ;; | ||
223 | *) cat "$f" ;; | ||
224 | esac | sed 's/^/ /' | ||
225 | echo | ||
226 | ) | ||
227 | rm -f "$f" | 210 | rm -f "$f" |
228 | else | 211 | else |
229 | mv "$f" "$out" | 212 | mv "$f" "$out" |
@@ -234,6 +217,19 @@ write_successfully() | |||
234 | fi | 217 | fi |
235 | } | 218 | } |
236 | 219 | ||
220 | simulate_write() | ||
221 | { | ||
222 | ( | ||
223 | exec >&2 | ||
224 | echo "Write $2:" | ||
225 | case "$(file --mime-encoding "$1")" in | ||
226 | *': binary') xxd "$1" ;; | ||
227 | *) cat "$1" ;; | ||
228 | esac | sed 's/^/ /' | ||
229 | echo | ||
230 | ) | ||
231 | } | ||
232 | |||
237 | semi_quietly() | 233 | semi_quietly() |
238 | { | 234 | { |
239 | local t=$(mktemp) | 235 | local t=$(mktemp) |
@@ -267,7 +263,7 @@ write_remote_key() | |||
267 | esac | 263 | esac |
268 | } | 264 | } |
269 | 265 | ||
270 | keycopy() | 266 | install_local_private_key() |
271 | { | 267 | { |
272 | private_key_tmp=$(mktemp) || return | 268 | private_key_tmp=$(mktemp) || return |
273 | cp "$LOCAL_KEY" "$private_key_tmp" | 269 | cp "$LOCAL_KEY" "$private_key_tmp" |
@@ -279,7 +275,10 @@ keycopy() | |||
279 | 275 | ||
280 | trap - EXIT | 276 | trap - EXIT |
281 | rm -f "$private_key_tmp" | 277 | rm -f "$private_key_tmp" |
278 | } | ||
282 | 279 | ||
280 | install_remote_public_key() | ||
281 | { | ||
283 | trap 'rm -f "$t"' EXIT | 282 | trap 'rm -f "$t"' EXIT |
284 | t=$(mktemp) | 283 | t=$(mktemp) |
285 | keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" | 284 | keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" |
@@ -293,7 +292,7 @@ nocomments() | |||
293 | sed 's/#.*//; /^ *$/d' | 292 | sed 's/#.*//; /^ *$/d' |
294 | } | 293 | } |
295 | 294 | ||
296 | config() | 295 | strongswan_config() |
297 | { | 296 | { |
298 | local conn="$1" remote_addrs="$2" local_key="$3" | 297 | local conn="$1" remote_addrs="$2" local_key="$3" |
299 | local public_key_file="$4" private_key_file="$5" | 298 | local public_key_file="$4" private_key_file="$5" |
@@ -328,14 +327,6 @@ config() | |||
328 | END | 327 | END |
329 | } | 328 | } |
330 | 329 | ||
331 | get_my_mac() | ||
332 | { | ||
333 | iface=$(ip -oneline route get "$1" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') | ||
334 | [ "$iface" ] || return | ||
335 | my_mac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') | ||
336 | [ "$my_mac" ] | ||
337 | } | ||
338 | |||
339 | key_to_suffix() | 330 | key_to_suffix() |
340 | { | 331 | { |
341 | local keytype=1 hashtype=2 | 332 | local keytype=1 hashtype=2 |
@@ -347,10 +338,10 @@ NO_ACT() | |||
347 | [ "$NO_ACT" ] || "$@" | 338 | [ "$NO_ACT" ] || "$@" |
348 | } | 339 | } |
349 | 340 | ||
350 | write_config() | 341 | install_stronswan_config() |
351 | { | 342 | { |
352 | write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ | 343 | write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ |
353 | config \ | 344 | strongswan_config \ |
354 | "$REMOTE_NAME" \ | 345 | "$REMOTE_NAME" \ |
355 | "$REMOTE_IP" \ | 346 | "$REMOTE_IP" \ |
356 | "$LOCAL_KEY" \ | 347 | "$LOCAL_KEY" \ |
@@ -362,7 +353,7 @@ test_new_config() | |||
362 | { | 353 | { |
363 | NO_ACT ipsec stop | 354 | NO_ACT ipsec stop |
364 | 355 | ||
365 | write_config | 356 | install_stronswan_config |
366 | 357 | ||
367 | NO_ACT ipsec start | 358 | NO_ACT ipsec start |
368 | NO_ACT sleep 2 | 359 | NO_ACT sleep 2 |