debian/: groupmanage: Prep for move (nfc)

[userv-utils.git] / ipif / udptunnel-reconf.pl

diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl
index 7fd14bc59643fe360cb6885b2fe2cddf2fd185ca..4a5423c89a28283ed49df44cf80018c750ecaa77 100755 (executable)
--- a/ipif/udptunnel-reconf.pl
+++ b/ipif/udptunnel-reconf.pl
@@ -3,9 +3,17 @@
 # Set up the relevant stuff in /etc/userv/vpn, and then run
 # this.  It should tell you what to do to inittab and ipif-networks.
 
+# This file is part of ipif, part of userv-utils
+#
+# Copyright 1996-2013 Ian Jackson <ijackson@chiark.greenend.org.uk>
+# Copyright 1998 David Damerell <damerell@chiark.greenend.org.uk>
+# Copyright 1999,2003
+#    Chancellor Masters and Scholars of the University of Cambridge
+# Copyright 2010 Tony Finch <fanf@dotat.at>
+#
 # This is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful, but
@@ -14,10 +22,7 @@
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with userv-utils; if not, write to the Free Software
-# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# $Id$
+# along with userv-utils; if not, see http://www.gnu.org/licenses/.
 
 use Socket;
 
@@ -55,7 +60,7 @@ sub run_m4 ($$$) {
     undef $/;
     $m4out= <X>;
     $/= "\n";
-    close X; $? and exit -1;
+    $!=0; close X; $? and die "m4 failed with code $? $!";
     $m4out =~ s/^\s+//;
     $m4out =~ s/\n+/\n/g;
     $m4out =~ s/\s+$//;
@@ -94,14 +99,6 @@ sub parse_addr_mask ($) {
     return ($iaddr, $mask);
 }
 
-$forbid_remote= var_global('forbid_remote');
-@forbid_remote= ();
-if ($forbid_remote ne '-') {
-    foreach $r (split /[, \t]+/, $forbid_remote) {
-       push @forbid_remote, [ parse_addr_mask($r) ];
-    }
-}
-
 sub ipif_permit ($$$$) {
     my ($group,$local,$net,$why) = @_;
     my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid);
@@ -133,6 +130,14 @@ if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ &&
 }
 
 foreach $site (@actives, @passives) {
+    $forbid_remote= var_site('forbid_remote');
+    @forbid_remote= ();
+    if ($forbid_remote ne '-') {
+       foreach $r (split /[, \t]+/, $forbid_remote) {
+           push @forbid_remote, [ parse_addr_mask($r) ];
+       }
+    }
+
     $tlend= var_site('lend')."/32";
     $tlgroup= var_site('lgroup');
     if ($tlend ne $glend || $tlgroup ne $glgroup) {
@@ -163,16 +168,21 @@ $ipifnetsfile= var_global(ipifnetsfile);
 write_file($ipifnetsfile,'ipifnetsfile','', $ipif_file);
 
 $active_file= '';
+$knownhosts_file= '';
 $inittab= '';
 $ix= 0;
 foreach $site (@actives) {
     $active_file.= "$site\t".var_site('activesxinfo')."\n";
     $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n";
+    $hostkey= var_site('rhostkey');
+    $knownhosts_file.= var_site('sshdest').' '.$hostkey."\n"
+       if length $hostkey;
     $invoke_file= var_site('invoke_file');
     write_file($invoke_file, 'invoke_file',
-              var_site('invoke_head'), var_site('invoke_body'));
+              var_site('invoke_head')."\n", var_site('invoke_body'));
     chmod 0777&~umask, $invoke_file or die $!;
 }
+write_file(var_global('knownhostsfile'),'knownhostsfile', '',$knownhosts_file);
 write_file(var_global('activesfile'),'activesfile', '',$active_file);
 
 print