summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorjoe <joe@jerkface.net>2016-05-03 12:37:33 +0200
committerjoe <joe@jerkface.net>2016-05-03 12:37:33 +0200
commitaa85e30ff97c2b4c94f47621bbe1372142a55b7e (patch)
tree4e8cfb7336ac7bbcc48d0d4d399e113aed972d2a /lib
parentb04dd1bba833852e22844696ecad365a11248e98 (diff)
fix rightip strongswan blah blah
Diffstat (limited to 'lib')
-rw-r--r--lib/Kiki.hs17
-rw-r--r--lib/ProcessUtils.hs2
2 files changed, 16 insertions, 3 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index cfff667..f21e8d8 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -31,6 +31,7 @@ import qualified Data.ByteString.Lazy.Char8 as Char8
31import qualified Data.Map.Strict as Map 31import qualified Data.Map.Strict as Map
32import qualified SSHKey as SSH 32import qualified SSHKey as SSH
33import Network.Socket -- (SockAddr) 33import Network.Socket -- (SockAddr)
34import ProcessUtils
34 35
35import CommandLine 36import CommandLine
36import KeyRing 37import KeyRing
@@ -363,11 +364,21 @@ refreshCache rt rootdir = do
363 ipsecs :: [Packet] 364 ipsecs :: [Packet]
364 ipsecs = sortOn (Down . timestamp) 365 ipsecs = sortOn (Down . timestamp)
365 $ getSubkeys CrossSigned their_master (keySubKeys kd) "ipsec" 366 $ getSubkeys CrossSigned their_master (keySubKeys kd) "ipsec"
367 sshs :: [Packet]
368 sshs = sortOn (Down . timestamp)
369 $ getSubkeys CrossSigned their_master (keySubKeys kd) "ssh-server"
366 bss <- forM (take 1 ipsecs) $ \k -> do 370 bss <- forM (take 1 ipsecs) $ \k -> do
367 let warn' x = warn x >> return Char8.empty 371 let warn' x = warn x >> return Char8.empty
368 flip (either warn') (pemFromPacket k :: Either String String) $ \pem -> do 372 flip (either warn') (pemFromPacket k :: Either String String) $ \pem -> do
369 write (mkpath cpath) pem 373 write (mkpath cpath) pem
370 return $ strongswanForContact addr contactname 374 case take 1 sshs of
375 [sshkey] -> do
376 (_,(sout,serr)) <- runExternal "(f=$(mktemp); cat > \"$f\"; ssh-keygen -l -f \"$f\" | (read _ hash _; echo -n $hash.ssh.cryptonomic.net) | tr -d ':')"
377 (Just $ sshblobFromPacket sshkey)
378 -- ssh-keygen -l -f /dev/stdin
379 putStrLn $ "wtf="++show(sout,serr, sshblobFromPacket sshkey)
380 return $ strongswanForContact addr contactname (Char8.fromChunks [sout])
381 [] -> error "fuck."
371 return $ Char8.concat bss 382 return $ Char8.concat bss
372 383
373 known_hosts = L.concat $ map getssh onionkeys 384 known_hosts = L.concat $ map getssh onionkeys
@@ -408,9 +419,9 @@ refreshCache rt rootdir = do
408 ] ++ filter (not . Char8.null) cons 419 ] ++ filter (not . Char8.null) cons
409 commit 420 commit
410 421
411strongswanForContact addr oname = Char8.unlines 422strongswanForContact addr oname rightip = Char8.unlines
412 [ "conn " <> oname 423 [ "conn " <> oname
413 , " right=%" <> oname <> ".ipv4" 424 , " right=" <> rightip
414 , " rightsubnet=" <> p (showA addr) <> "/128" 425 , " rightsubnet=" <> p (showA addr) <> "/128"
415 , " rightauth=pubkey" 426 , " rightauth=pubkey"
416 , " rightid=" <> p (showA addr) 427 , " rightid=" <> p (showA addr)
diff --git a/lib/ProcessUtils.hs b/lib/ProcessUtils.hs
index b89edb9..1a9cc04 100644
--- a/lib/ProcessUtils.hs
+++ b/lib/ProcessUtils.hs
@@ -126,10 +126,12 @@ readProcessWithErrorH cmd args stdin erH = do
126runExternal :: String -> Maybe String -> IO (Int,(S.ByteString,S.ByteString)) 126runExternal :: String -> Maybe String -> IO (Int,(S.ByteString,S.ByteString))
127runExternal cmd input = do 127runExternal cmd input = do
128 cwd <- getCurrentDirectory 128 cwd <- getCurrentDirectory
129 {-
129 putStr $ takeFileName cwd ++ "> " ++ cmd 130 putStr $ takeFileName cwd ++ "> " ++ cmd
130 ++ case input of 131 ++ case input of
131 Nothing -> "\n" 132 Nothing -> "\n"
132 Just s -> " <<EOF\n" ++ s ++ "EOF\n" 133 Just s -> " <<EOF\n" ++ s ++ "EOF\n"
134 -}
133 let p = (shell cmd) { std_in = maybe Inherit (const CreatePipe) input 135 let p = (shell cmd) { std_in = maybe Inherit (const CreatePipe) input
134 , std_out = CreatePipe 136 , std_out = CreatePipe
135 , std_err = CreatePipe } 137 , std_err = CreatePipe }