From 204468735750c028641fa6438b956289b573194e Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sat, 9 Oct 2021 08:11:05 -0400 Subject: cleaning up --- cryptonomic-vpn | 83 +++++++++++++++++++++++++-------------------------------- 1 file changed, 37 insertions(+), 46 deletions(-) diff --git a/cryptonomic-vpn b/cryptonomic-vpn index 5e95558..d983e60 100755 --- a/cryptonomic-vpn +++ b/cryptonomic-vpn @@ -103,27 +103,14 @@ parse_options() shift done - case "$# $1" in - 1\ *.*.*.cryptonomic.net) CRYPTONOMIC_DOMAIN=$1; shift ;; - 1\ *) REMOTE_NAME=$1; shift ;; - esac - - if [ "$CRYPTONOMIC_DOMAIN" ] + if [ $# = 1 -a -z "$REMOTE_NAME" ] then - REMOTE_NAME=${CRYPTONOMIC_DOMAIN%%.*} - [ "$REMOTE_IP" ] || REMOTE_IP=$(resolve_domain_name "$REMOTE_NAME") - + REMOTE_NAME=$1 elif [ $# != 0 ] then help exit 1 fi - - # The validation functions modify the values to normalize them. - validate_remote_ip || die 'invalid remote ip' - validate_remote_name || die "invalid remote name '$REMOTE_NAME'" - validate_remote_key_type || die 'invalid remote key type' - validate_local_key || die 'invalid local key' } resolve_domain_name() @@ -170,10 +157,18 @@ validate_local_key() main() { parse_options "$@" + + # The validation functions modify the values to normalize them. + validate_remote_ip || die 'invalid remote ip' + validate_remote_name || die "invalid remote name '$REMOTE_NAME'" + validate_remote_key_type || die 'invalid remote key type' + validate_local_key || die 'invalid local key' + if [ "$NO_ACT" ] then exec 2>&1 - keycopy + install_local_private_key + install_remote_public_key test_new_config else die unimplemented @@ -197,33 +192,21 @@ match_and_drop_first_word() keyscan() { - if [ -e keyscan.cache ] - then - cat keyscan.cache - else - semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1" - fi + semi_quietly ssh-keyscan -t "${REMOTE_KEY_TYPE}" "$1" } +# Only write to the destination if the command is successful. write_successfully() { - local f=$(mktemp) || return - local out="$1" + local out="$1" f [ "$2" = -- ] || return shift 2 + f=$(mktemp) || return if "$@" > "$f" then if [ "$NO_ACT" ] then - ( - exec >&2 - echo "Write $out:" - case "$(file --mime-encoding "$f")" in - *': binary') xxd "$f" ;; - *) cat "$f" ;; - esac | sed 's/^/ /' - echo - ) + simulate_write "$f" "$out" rm -f "$f" else mv "$f" "$out" @@ -234,6 +217,19 @@ write_successfully() fi } +simulate_write() +{ + ( + exec >&2 + echo "Write $2:" + case "$(file --mime-encoding "$1")" in + *': binary') xxd "$1" ;; + *) cat "$1" ;; + esac | sed 's/^/ /' + echo + ) +} + semi_quietly() { local t=$(mktemp) @@ -267,7 +263,7 @@ write_remote_key() esac } -keycopy() +install_local_private_key() { private_key_tmp=$(mktemp) || return cp "$LOCAL_KEY" "$private_key_tmp" @@ -279,7 +275,10 @@ keycopy() trap - EXIT rm -f "$private_key_tmp" +} +install_remote_public_key() +{ trap 'rm -f "$t"' EXIT t=$(mktemp) keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" @@ -293,7 +292,7 @@ nocomments() sed 's/#.*//; /^ *$/d' } -config() +strongswan_config() { local conn="$1" remote_addrs="$2" local_key="$3" local public_key_file="$4" private_key_file="$5" @@ -328,14 +327,6 @@ config() END } -get_my_mac() -{ - iface=$(ip -oneline route get "$1" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p') - [ "$iface" ] || return - my_mac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p') - [ "$my_mac" ] -} - key_to_suffix() { local keytype=1 hashtype=2 @@ -347,10 +338,10 @@ NO_ACT() [ "$NO_ACT" ] || "$@" } -write_config() +install_stronswan_config() { write_successfully /etc/swanctl/conf.d/"$REMOTE_NAME".conf -- \ - config \ + strongswan_config \ "$REMOTE_NAME" \ "$REMOTE_IP" \ "$LOCAL_KEY" \ @@ -362,7 +353,7 @@ test_new_config() { NO_ACT ipsec stop - write_config + install_stronswan_config NO_ACT ipsec start NO_ACT sleep 2 -- cgit v1.2.3