summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2021-10-09 08:11:05 -0400
committerAndrew Cady <d@jerkface.net>2021-10-09 08:26:30 -0400
commit204468735750c028641fa6438b956289b573194e (patch)
treeac1bfe55f4d1dbb7cd1e18d1a9ada4d3e19cae0f
parentbdec7d13e5514489693f29111783592ba613988a (diff)
cleaning up
Diffstat
-rwxr-xr-xcryptonomic-vpn83
1 files changed, 37 insertions, 46 deletions
diff --git a/cryptonomic-vpn b/cryptonomic-vpn
index 5e95558..d983e60 100755
--- a/cryptonomic-vpn
+++ b/cryptonomic-vpn
@@ -103,27 +103,14 @@ parse_options()
103 shift 103 shift
104 done 104 done
105 105
106 case "$# $1" in 106 if [ $# = 1 -a -z "$REMOTE_NAME" ]
107 1\ *.*.*.cryptonomic.net) CRYPTONOMIC_DOMAIN=$1; shift ;;
108 1\ *) REMOTE_NAME=$1; shift ;;
109 esac
110
111 if [ "$CRYPTONOMIC_DOMAIN" ]
112 then 107 then
113 REMOTE_NAME=${CRYPTONOMIC_DOMAIN%%.*} 108 REMOTE_NAME=$1
114 [ "$REMOTE_IP" ] || REMOTE_IP=$(resolve_domain_name "$REMOTE_NAME")
115
116 elif [ $# != 0 ] 109 elif [ $# != 0 ]
117 then 110 then
118 help 111 help
119 exit 1 112 exit 1
120 fi 113 fi
121
122 # The validation functions modify the values to normalize them.
123 validate_remote_ip || die 'invalid remote ip'
124 validate_remote_name || die "invalid remote name '$REMOTE_NAME'"
125 validate_remote_key_type || die 'invalid remote key type'
126 validate_local_key || die 'invalid local key'
127} 114}
128 115
129resolve_domain_name() 116resolve_domain_name()
@@ -170,10 +157,18 @@ validate_local_key()
170main() 157main()
171{ 158{
172 parse_options "$@" 159 parse_options "$@"
160
161 # The validation functions modify the values to normalize them.
162 validate_remote_ip || die 'invalid remote ip'
163 validate_remote_name || die "invalid remote name '$REMOTE_NAME'"
164 validate_remote_key_type || die 'invalid remote key type'
165 validate_local_key || die 'invalid local key'
166
173 if [ "$NO_ACT" ] 167 if [ "$NO_ACT" ]
174 then 168 then
175 exec 2>&1 169 exec 2>&1
176 keycopy 170 install_local_private_key
171 install_remote_public_key
177 test_new_config 172 test_new_config
178 else 173 else
179 die unimplemented 174 die unimplemented
@@ -197,33 +192,21 @@ match_and_drop_first_word()
197 192
198keyscan() 193keyscan()
199{ 194{
200 if [ -e keyscan.cache ] 195 semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1"
201 then
202 cat keyscan.cache
203 else
204 semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1"
205 fi
206} 196}
207 197
198# Only write to the destination if the command is successful.
208write_successfully() 199write_successfully()
209{ 200{
210 local f=$(mktemp) || return 201 local out="$1" f
211 local out="$1"
212 [ "$2" = -- ] || return 202 [ "$2" = -- ] || return
213 shift 2 203 shift 2
204 f=$(mktemp) || return
214 if "$@" > "$f" 205 if "$@" > "$f"
215 then 206 then
216 if [ "$NO_ACT" ] 207 if [ "$NO_ACT" ]
217 then 208 then
218 ( 209 simulate_write "$f" "$out"
219 exec >&2
220 echo "Write $out:"
221 case "$(file --mime-encoding "$f")" in
222 *': binary') xxd "$f" ;;
223 *) cat "$f" ;;
224 esac | sed 's/^/ /'
225 echo
226 )
227 rm -f "$f" 210 rm -f "$f"
228 else 211 else
229 mv "$f" "$out" 212 mv "$f" "$out"
@@ -234,6 +217,19 @@ write_successfully()
234 fi 217 fi
235} 218}
236 219
220simulate_write()
221{
222 (
223 exec >&2
224 echo "Write $2:"
225 case "$(file --mime-encoding "$1")" in
226 *': binary') xxd "$1" ;;
227 *) cat "$1" ;;
228 esac | sed 's/^/ /'
229 echo
230 )
231}
232
237semi_quietly() 233semi_quietly()
238{ 234{
239 local t=$(mktemp) 235 local t=$(mktemp)
@@ -267,7 +263,7 @@ write_remote_key()
267 esac 263 esac
268} 264}
269 265
270keycopy() 266install_local_private_key()
271{ 267{
272 private_key_tmp=$(mktemp) || return 268 private_key_tmp=$(mktemp) || return
273 cp "$LOCAL_KEY" "$private_key_tmp" 269 cp "$LOCAL_KEY" "$private_key_tmp"
@@ -279,7 +275,10 @@ keycopy()
279 275
280 trap - EXIT 276 trap - EXIT
281 rm -f "$private_key_tmp" 277 rm -f "$private_key_tmp"
278}
282 279
280install_remote_public_key()
281{
283 trap 'rm -f "$t"' EXIT 282 trap 'rm -f "$t"' EXIT
284 t=$(mktemp) 283 t=$(mktemp)
285 keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" 284 keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t"
@@ -293,7 +292,7 @@ nocomments()
293 sed 's/#.*//; /^ *$/d' 292 sed 's/#.*//; /^ *$/d'
294} 293}
295 294
296config() 295strongswan_config()
297{ 296{
298 local conn="$1" remote_addrs="$2" local_key="$3" 297 local conn="$1" remote_addrs="$2" local_key="$3"
299 local public_key_file="$4" private_key_file="$5" 298 local public_key_file="$4" private_key_file="$5"
@@ -328,14 +327,6 @@ config()
328END 327END
329} 328}
330 329
331get_my_mac()
332{
333 iface=$(ip -oneline route get "$1" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
334 [ "$iface" ] || return
335 my_mac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
336 [ "$my_mac" ]
337}
338
339key_to_suffix() 330key_to_suffix()
340{ 331{
341 local keytype=1 hashtype=2 332 local keytype=1 hashtype=2
@@ -347,10 +338,10 @@ NO_ACT()
347 [ "$NO_ACT" ] || "$@" 338 [ "$NO_ACT" ] || "$@"
348} 339}
349 340
350write_config() 341install_stronswan_config()
351{ 342{
352 write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ 343 write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \
353 config \ 344 strongswan_config \
354 "$REMOTE_NAME" \ 345 "$REMOTE_NAME" \
355 "$REMOTE_IP" \ 346 "$REMOTE_IP" \
356 "$LOCAL_KEY" \ 347 "$LOCAL_KEY" \
@@ -362,7 +353,7 @@ test_new_config()
362{ 353{
363 NO_ACT ipsec stop 354 NO_ACT ipsec stop
364 355
365 write_config 356 install_stronswan_config
366 357
367 NO_ACT ipsec start 358 NO_ACT ipsec start
368 NO_ACT sleep 2 359 NO_ACT sleep 2
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 20:35:09 +0000