Update of /cvsroot/leaf/src/config/webconf/var/webconf/lib
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv5209
Added Files:
ipsec.func
Log Message:
Initial version
--- NEW FILE: ipsec.func ---
#!/bin/sh
#
# Copyleft 2009 Erich Titl ([email protected])
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# $Id: ipsec.func,v 1.1 2009/06/10 06:49:26 etitl Exp $
#
IP=/sbin/ip
GREP=/bin/grep
SED=/bin/sed
IPSEC_DIR=/etc/ipsec.d
CERT_DIR=$IPSEC_DIR/certs
CACERT_DIR=$IPSEC_DIR/cacerts
CRL_DIR=$IPSEC_DIR/crls
KEY_DIR=$IPSEC_DIR/private
TEMPLATE_DIR=/var/webconf/templates
SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONFIG_FILE=/etc/ipsec.conf
CONNECTION_DIR=$IPSEC_DIR/connections
CONTROL_TEMPLATE=$TEMPLATE_DIR/ipsec
SECRETS_TEMPLATE=$TEMPLATE_DIR/ipsec.secrets
IPSEC_CMD="/usr/sbin/ipsec auto"
# *Swan IPSEC acronyms
# DH groups
DHGROUPS="DH2 DH5 DH14 DH15 DH16 DH17 DH18"
DH2=modp1024
DH5=modp1536
DH14=modp2048
DH15=modp3072
DH16=modp4096
DH17=modp6144
DH18=modp8192
# ciphers
CIPHERS="AES AES256 3DES"
AES=aes
AES256=aes256
TRIPLEDES=3des
SHA1=sha1
MD5=md5
DEBUG="1"
TEMP_CONTROL=/tmp/`basename $0`$$
. /var/webconf/lib/networking.func
init_ipsec_values(){
[ $# -lt 1 -o ! -s $1 ] && return
$SED -n -e "s/\"//g; s/^[^#]\W*\b\(\w*=\)\(.*\)\b.*$/CONFIG_\1'\2'/p" <
$1 > $TEMP_CONTROL
. $TEMP_CONTROL
rm $TEMP_CONTROL
parse_ike
parse_esp
}
parse_ike()
{
echo CONFIG_ike_cipher=`echo $CONFIG_ike | cut -f 1 -d'-'` >
$TEMP_CONTROL
echo CONFIG_ike_hash=`echo $CONFIG_ike | cut -f 2 -d'-'` >>
$TEMP_CONTROL
TMP_dhgroup=`echo $CONFIG_ike | cut -f 3 -d'-'`
[ "X$TMP_dhgroup" != "X" ] && TMP_dhgroup=`transform_dh $TMP_dhgroup`
[ "X$TMP_dhgroup" != "X" ] && CONFIG_ike_dh=$TMP_dhgroup >>
$TEMP_CONTROL
. $TEMP_CONTROL
rm $TEMP_CONTROL
}
assemble_ike()
{
result=""
for i in 1 2 3
do
value=`eval echo \\$$i`
[ "$value" = 3DES ] && value=TRIPLEDES
[ "$value" = "" ] && break
value=`eval echo \\$$value`
[ $i -gt 1 -a "$value" != "" ] && result=$result-
result=$result$value
done
echo $result
}
parse_esp()
{
echo CONFIG_esp_cipher=`echo $CONFIG_esp | cut -f 1 -d'-'` >
$TEMP_CONTROL
echo CONFIG_esp_hash=`echo $CONFIG_esp | cut -f 2 -d'-'` >>
$TEMP_CONTROL
. $TEMP_CONTROL
rm $TEMP_CONTROL
}
assemble_esp()
{
result=""
for i in 1 2
do
value=`eval echo \\$$i`
[ "$value" = 3DES ] && value=TRIPLEDES
[ "$value" = "" ] && break
value=`eval echo \\$$value`
[ $i -gt 1 -a "$value" != "" ] && result=$result-
result=$result$value
done
echo $result
}
transform_dh()
{
for i in $DHGROUPS
do
value=`eval echo \\$$i`
[ "X$value" = "X$1" ] && echo $i
done
}
transform_modp()
{
[ $# -lt 1 ] && return
modp=`eval echo \\$$1`
echo $modp
}
get_leftcert() {
[ $# -gt 0 ] && $GREP leftcert $1 | $SED -e 's/.*=\([^ ]*\).*/\1/'
}
get_key_file_name() {
[ $# -gt 0 ] && $GREP "^: RSA" $SECRETS_FILE | tail -1 | $SED -e
's/^.*RSA \([^ ]*\).*/\1/'
}
get_local_interface_from_ipsec() {
subnet=`echo $LEFTSUBNET | $SED -e 's/.*=\([0-9.]*\).*/\1/'`
get_interface_for_addr $subnet
}
get_local_subnet_from_ipsec() {
interface=`get_local_interface_from_ipsec`
address=`get_interface_address $interface`
echo $address
}
list_connections(){
for i in `ls $CONNECTION_DIR`
do
$SED -n -e 's/^conn\W*\(\w*\).*$/\1/p' < $CONNECTION_DIR/$i
done
}
is_active_connection() {
[ $# -gt 0 ] && $GREP "^include\W*$CONNECTION_DIR/$1$"
$IPSEC_CONFIG_FILE > /dev/null
}
get_psk(){
[ -z "$CONFIG_rightid" ] && rightid=$CONFIG_right
[ -n "$rightid" ] && $SED -n -e "s/^$rightid.*PSK.*\"\(.*\)\".*$/\1/p"
< $SECRETS_FILE
}
replace_psk(){
[ -z $CONFIG_rightid ] && rightid=$CONFIG_right
[ -n $rightid ] && $SED -e
"s/^\($rightid.*PSK.*\)\"\(.*\)\".*$/\1\"$1\"/" < $SECRETS_FILE $TEMP_CONTROL
mv $TEMP_CONTROL $SECRETS_FILE
}
delete_psk(){
[ $DEBUG ] && echo "delete_psk rightid=$rightid
CONFIG_right=$CONFIG_right"
[ -z "$CONFIG_rightid" ] && rightid=$CONFIG_right
psk_is_still_needed "$rightid" && return
[ -n $rightid ] && $GREP -v "^[^#]*.*$rightid.*PSK.*\".*\".*$" <
$SECRETS_FILE > $TEMP_CONTROL
mv $TEMP_CONTROL $SECRETS_FILE
}
add_psk(){
[ -z $CONFIG_rightid ] && rightid=$CONFIG_right
[ -z $CONFIG_leftid ] && leftid=$CONFIG_left
if [ "$leftid" = "%defaultroute" -o "X$leftid" = "X" ]; then
gateway_interface=`get_gateway_interface`
leftid=`get_interface_address $gateway_interface`
fi
cp $SECRETS_FILE $TEMP_CONTROL
echo $rightid $leftid: PSK \"$1\" >> $TEMP_CONTROL
mv $TEMP_CONTROL $SECRETS_FILE
}
psk_is_still_needed(){
[ $# -lt 1 ] && true && return
for i in `list_connections`
do
$GREP right=$1 $CONNECTION_DIR/$i > /dev/null
[ $? -eq 0 ] && return
done
false
}
add_connection(){
[ $# -lt 1 ] && return
is_active_connection $1 && return # DO NOTHING IF IT IS ALREADY PRESENT
cp $IPSEC_CONFIG_FILE $TEMP_CONTROL
echo "include $CONNECTION_DIR/$1" >> $TEMP_CONTROL
mv $TEMP_CONTROL $IPSEC_CONFIG_FILE
}
delete_connection(){
[ $# -lt 1 ] && return
down_connection $1
rm -f $CONNECTION_DIR/$1 2> /dev/null
$GREP -v "^include\W*$CONNECTION_DIR/$1$" $IPSEC_CONFIG_FILE >
$TEMP_CONTROL
mv $TEMP_CONTROL $IPSEC_CONFIG_FILE
}
down_connection(){
[ $# -lt 1 ] && return
$IPSEC_CMD --rereadall > /dev/null 2>&1
$IPSEC_CMD --down $1 > /dev/null 2>&1
}
up_connection(){
[ $# -lt 1 ] && return
$IPSEC_CMD --rereadall > /dev/null 2>&1
$IPSEC_CMD --add $1 > /dev/null 2>&1
$IPSEC_CMD --replace $1 > /dev/null 2>&1
$IPSEC_CMD --up $1 > /dev/null 2>&1
}
listen_connection(){
[ $# -lt 1 ] && return
$IPSEC_CMD --rereadall > /dev/null 2>&1
$IPSEC_CMD --add $1 > /dev/null 2>&1
$IPSEC_CMD --replace $1 > /dev/null 2>&1
}
ipsec_restart()
{
echo $1
}
uppercase(){
[ $# -gt 0 ] && echo $1 | tr a-z A-Z
}
lowercase(){
[ $# -gt 0 ] && echo $1 | tr A-Z a-z
}
get_X509_secret()
{
[ $# -lt 1 ] && return
sed -n -e "s/^: RSA\W*$1\W*\(\w*\)\W*/\1/p" < $SECRETS_FILE
}
set_X509_secret()
{
[ $# -lt 1 ] && return
has_X509_entry $1 && return
echo ": RSA $1 \"$2\"" >> $SECRETS_FILE
}
has_X509_entry()
{
[ $# -gt 0 ] && grep $1 $SECRETS_FILE > /dev/null
}
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
