diff options
| author | Andrew Cady <d@jerkface.net> | 2021-10-10 08:01:05 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2021-10-10 08:01:05 -0400 |
| commit | 41d7bc1e8955d047488678826c8b3cc50ae3d795 (patch) | |
| tree | 21963972946524118489069854235282b74c724a | |
| parent | ac6292125bc088d3fba6cabe617f56e0b815c6df (diff) | |
trivial cleanups
renamed several functions
removed unused code
| -rwxr-xr-x | cryptonomic-vpn | 57 |
1 files changed, 16 insertions, 41 deletions
diff --git a/cryptonomic-vpn b/cryptonomic-vpn index 8bc726c..196e2d1 100755 --- a/cryptonomic-vpn +++ b/cryptonomic-vpn | |||
| @@ -151,8 +151,8 @@ main() | |||
| 151 | exec 2>&1 | 151 | exec 2>&1 |
| 152 | # Start with the remote public key, to fail early if the server is | 152 | # Start with the remote public key, to fail early if the server is |
| 153 | # unavailable. | 153 | # unavailable. |
| 154 | install_remote_public_key | 154 | install_remote_public_rsa_key |
| 155 | install_local_private_key | 155 | install_local_private_rsa_key |
| 156 | test_new_config | 156 | test_new_config |
| 157 | else | 157 | else |
| 158 | die unimplemented | 158 | die unimplemented |
| @@ -160,27 +160,7 @@ main() | |||
| 160 | exit | 160 | exit |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | match_and_drop_first_word() | 163 | write_if_successful() |
| 164 | { | ||
| 165 | expect=$1 | ||
| 166 | while read word rest | ||
| 167 | do | ||
| 168 | if [ "$word" = "$expect" ] | ||
| 169 | then | ||
| 170 | printf '%s\n' "$rest" | ||
| 171 | return | ||
| 172 | fi | ||
| 173 | done | ||
| 174 | false | ||
| 175 | } | ||
| 176 | |||
| 177 | keyscan() | ||
| 178 | { | ||
| 179 | semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1" | ||
| 180 | } | ||
| 181 | |||
| 182 | # Only write to the destination if the command is successful. | ||
| 183 | write_successfully() | ||
| 184 | { | 164 | { |
| 185 | local out="$1" f | 165 | local out="$1" f |
| 186 | [ "$2" = -- ] || return | 166 | [ "$2" = -- ] || return |
| @@ -214,7 +194,7 @@ simulate_write() | |||
| 214 | ) | 194 | ) |
| 215 | } | 195 | } |
| 216 | 196 | ||
| 217 | semi_quietly() | 197 | quiet_if_successful() |
| 218 | { | 198 | { |
| 219 | local t=$(mktemp) | 199 | local t=$(mktemp) |
| 220 | if "$@" 2>"$t" | 200 | if "$@" 2>"$t" |
| @@ -225,25 +205,20 @@ semi_quietly() | |||
| 225 | fi | 205 | fi |
| 226 | } | 206 | } |
| 227 | 207 | ||
| 228 | openssl() | 208 | write_public_rsa_key() |
| 229 | { | ||
| 230 | semi_quietly command openssl "$@" | ||
| 231 | } | ||
| 232 | |||
| 233 | write_public_key() | ||
| 234 | { | 209 | { |
| 235 | openssl rsa -in "$1" -outform DER -pubout | 210 | quiet_if_successful openssl rsa -in "$1" -outform DER -pubout |
| 236 | } | 211 | } |
| 237 | 212 | ||
| 238 | write_private_key() | 213 | write_private_rsa_key() |
| 239 | { | 214 | { |
| 240 | openssl rsa -in "$1" -outform DER | 215 | quiet_if_successful openssl rsa -in "$1" -outform DER |
| 241 | } | 216 | } |
| 242 | 217 | ||
| 243 | write_remote_key() | 218 | write_remote_rsa_key() |
| 244 | { | 219 | { |
| 245 | case "$REMOTE_KEY_TYPE" in | 220 | case "$REMOTE_KEY_TYPE" in |
| 246 | rsa) ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER ;; | 221 | rsa) ssh-keygen -e -f "$1" -m PEM | quiet_if_successful openssl rsa -RSAPublicKey_in -outform DER ;; |
| 247 | *) echo "Unsupported key type." >&2; exit 1 ;; | 222 | *) echo "Unsupported key type." >&2; exit 1 ;; |
| 248 | esac | 223 | esac |
| 249 | } | 224 | } |
| @@ -255,15 +230,15 @@ sshfp_rsa_filename_string() | |||
| 255 | } | 230 | } |
| 256 | 231 | ||
| 257 | 232 | ||
| 258 | install_local_private_key() | 233 | install_local_private_rsa_key() |
| 259 | { | 234 | { |
| 260 | private_key_tmp=$(mktemp) || return | 235 | private_key_tmp=$(mktemp) || return |
| 261 | cp "$LOCAL_KEY" "$private_key_tmp" | 236 | cp "$LOCAL_KEY" "$private_key_tmp" |
| 262 | ssh-keygen -N '' -p -m PEM -f "$private_key_tmp" >/dev/null 2>&1 | 237 | ssh-keygen -N '' -p -m PEM -f "$private_key_tmp" >/dev/null 2>&1 |
| 263 | trap 'rm -f "$private_key_tmp"' EXIT | 238 | trap 'rm -f "$private_key_tmp"' EXIT |
| 264 | 239 | ||
| 265 | write_successfully "$LOCAL_PRIVATE_KEY_DEST" -- write_private_key "$private_key_tmp" | 240 | write_if_successful "$LOCAL_PRIVATE_KEY_DEST" -- write_private_rsa_key "$private_key_tmp" |
| 266 | write_successfully "$LOCAL_PUBLIC_KEY_DEST" -- write_public_key "$private_key_tmp" | 241 | write_if_successful "$LOCAL_PUBLIC_KEY_DEST" -- write_public_rsa_key "$private_key_tmp" |
| 267 | 242 | ||
| 268 | trap - EXIT | 243 | trap - EXIT |
| 269 | rm -f "$private_key_tmp" | 244 | rm -f "$private_key_tmp" |
| @@ -299,7 +274,7 @@ find_known_ssh_host_rsa_key_by_name() | |||
| 299 | ) | 274 | ) |
| 300 | } | 275 | } |
| 301 | 276 | ||
| 302 | install_remote_public_key() | 277 | install_remote_public_rsa_key() |
| 303 | { | 278 | { |
| 304 | trap 'rm -f "$t"' EXIT | 279 | trap 'rm -f "$t"' EXIT |
| 305 | t=$(mktemp) | 280 | t=$(mktemp) |
| @@ -314,7 +289,7 @@ install_remote_public_key() | |||
| 314 | fi | 289 | fi |
| 315 | 290 | ||
| 316 | REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub | 291 | REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub |
| 317 | write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t" | 292 | write_if_successful "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_rsa_key "$t" |
| 318 | 293 | ||
| 319 | trap - EXIT | 294 | trap - EXIT |
| 320 | rm -f "$t" | 295 | rm -f "$t" |
| @@ -373,7 +348,7 @@ NO_ACT() | |||
| 373 | 348 | ||
| 374 | install_stronswan_config() | 349 | install_stronswan_config() |
| 375 | { | 350 | { |
| 376 | write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ | 351 | write_if_successful /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ |
| 377 | strongswan_config \ | 352 | strongswan_config \ |
| 378 | "$REMOTE_NAME" \ | 353 | "$REMOTE_NAME" \ |
| 379 | "$REMOTE_IP" \ | 354 | "$REMOTE_IP" \ |