X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=ipif%2Fudptunnel-reconf.pl;h=6b77f97b7369a327f935ed8fbf7746234eb154c4;hb=44a77f4851d3c819f9b364018a9695f332758a71;hp=e21d123959749039ce92cb25f8229fbf9fa8075b;hpb=2e082dfed76851117cafd488388a010cac25df09;p=userv-utils.git diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl index e21d123..6b77f97 100755 --- a/ipif/udptunnel-reconf.pl +++ b/ipif/udptunnel-reconf.pl @@ -3,6 +3,9 @@ # Set up the relevant stuff in /etc/userv/vpn, and then run # this. It should tell you what to do to inittab and ipif-networks. +# Copyright (C) 1999-2000,2003 Ian Jackson +# This file is part of ipif, part of userv-utils +# # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or @@ -55,7 +58,7 @@ sub run_m4 ($$$) { undef $/; $m4out= ; $/= "\n"; - close X; $? and exit -1; + $!=0; close X; $? and die "m4 failed with code $? $!"; $m4out =~ s/^\s+//; $m4out =~ s/\n+/\n/g; $m4out =~ s/\s+$//; @@ -94,12 +97,6 @@ sub parse_addr_mask ($) { return ($iaddr, $mask); } -$forbid_remote= var_global('forbid_remote'); -@forbid_remote= (); -foreach $r (split /[, \t]+/, $forbid_remote) { - push @forbid_remote, [ parse_addr_mask($r) ]; -} - sub ipif_permit ($$$$) { my ($group,$local,$net,$why) = @_; my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid); @@ -131,6 +128,14 @@ if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ && } foreach $site (@actives, @passives) { + $forbid_remote= var_site('forbid_remote'); + @forbid_remote= (); + if ($forbid_remote ne '-') { + foreach $r (split /[, \t]+/, $forbid_remote) { + push @forbid_remote, [ parse_addr_mask($r) ]; + } + } + $tlend= var_site('lend')."/32"; $tlgroup= var_site('lgroup'); if ($tlend ne $glend || $tlgroup ne $glgroup) { @@ -161,16 +166,21 @@ $ipifnetsfile= var_global(ipifnetsfile); write_file($ipifnetsfile,'ipifnetsfile','', $ipif_file); $active_file= ''; +$knownhosts_file= ''; $inittab= ''; $ix= 0; foreach $site (@actives) { $active_file.= "$site\t".var_site('activesxinfo')."\n"; $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n"; + $hostkey= var_site('rhostkey'); + $knownhosts_file.= var_site('sshdest').' '.$hostkey."\n" + if length $hostkey; $invoke_file= var_site('invoke_file'); write_file($invoke_file, 'invoke_file', - var_site('invoke_head'), var_site('invoke_body')); + var_site('invoke_head')."\n", var_site('invoke_body')); chmod 0777&~umask, $invoke_file or die $!; } +write_file(var_global('knownhostsfile'),'knownhostsfile', '',$knownhosts_file); write_file(var_global('activesfile'),'activesfile', '',$active_file); print