X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv-utils.git;a=blobdiff_plain;f=ipif%2Fudptunnel-reconf.pl;h=4a5423c89a28283ed49df44cf80018c750ecaa77;hp=7fd14bc59643fe360cb6885b2fe2cddf2fd185ca;hb=af0fdc2725972c0723e14ffe34a5dfae5c0b3594;hpb=94808710d2f7eda4f4e114a2a138f473ad832703 diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl index 7fd14bc..4a5423c 100755 --- a/ipif/udptunnel-reconf.pl +++ b/ipif/udptunnel-reconf.pl @@ -3,9 +3,17 @@ # Set up the relevant stuff in /etc/userv/vpn, and then run # this. It should tell you what to do to inittab and ipif-networks. +# This file is part of ipif, part of userv-utils +# +# Copyright 1996-2013 Ian Jackson +# Copyright 1998 David Damerell +# Copyright 1999,2003 +# Chancellor Masters and Scholars of the University of Cambridge +# Copyright 2010 Tony Finch +# # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -14,10 +22,7 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with userv-utils; if not, write to the Free Software -# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# $Id$ +# along with userv-utils; if not, see http://www.gnu.org/licenses/. use Socket; @@ -55,7 +60,7 @@ sub run_m4 ($$$) { undef $/; $m4out= ; $/= "\n"; - close X; $? and exit -1; + $!=0; close X; $? and die "m4 failed with code $? $!"; $m4out =~ s/^\s+//; $m4out =~ s/\n+/\n/g; $m4out =~ s/\s+$//; @@ -94,14 +99,6 @@ sub parse_addr_mask ($) { return ($iaddr, $mask); } -$forbid_remote= var_global('forbid_remote'); -@forbid_remote= (); -if ($forbid_remote ne '-') { - foreach $r (split /[, \t]+/, $forbid_remote) { - push @forbid_remote, [ parse_addr_mask($r) ]; - } -} - sub ipif_permit ($$$$) { my ($group,$local,$net,$why) = @_; my ($pmask,$piaddr,$fmask,$fiaddr,@lgroup,$lgid); @@ -133,6 +130,14 @@ if ($glend !~ m/^V_/ && $glgroup !~ m/^V_/ && } foreach $site (@actives, @passives) { + $forbid_remote= var_site('forbid_remote'); + @forbid_remote= (); + if ($forbid_remote ne '-') { + foreach $r (split /[, \t]+/, $forbid_remote) { + push @forbid_remote, [ parse_addr_mask($r) ]; + } + } + $tlend= var_site('lend')."/32"; $tlgroup= var_site('lgroup'); if ($tlend ne $glend || $tlgroup ne $glgroup) { @@ -163,16 +168,21 @@ $ipifnetsfile= var_global(ipifnetsfile); write_file($ipifnetsfile,'ipifnetsfile','', $ipif_file); $active_file= ''; +$knownhosts_file= ''; $inittab= ''; $ix= 0; foreach $site (@actives) { $active_file.= "$site\t".var_site('activesxinfo')."\n"; $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n"; + $hostkey= var_site('rhostkey'); + $knownhosts_file.= var_site('sshdest').' '.$hostkey."\n" + if length $hostkey; $invoke_file= var_site('invoke_file'); write_file($invoke_file, 'invoke_file', - var_site('invoke_head'), var_site('invoke_body')); + var_site('invoke_head')."\n", var_site('invoke_body')); chmod 0777&~umask, $invoke_file or die $!; } +write_file(var_global('knownhostsfile'),'knownhostsfile', '',$knownhosts_file); write_file(var_global('activesfile'),'activesfile', '',$active_file); print