2dba6494 |
1 | #!/usr/bin/perl |
ee498ba1 |
2 | # udptunnel-reconf |
3 | # Set up the relevant stuff in /etc/userv/vpn, and then run |
4 | # this. It should tell you what to do to inittab and ipif-networks. |
5 | |
6 | # This is free software; you can redistribute it and/or modify it |
7 | # under the terms of the GNU General Public License as published by |
8 | # the Free Software Foundation; either version 2 of the License, or |
9 | # (at your option) any later version. |
10 | # |
11 | # This program is distributed in the hope that it will be useful, but |
12 | # WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | # General Public License for more details. |
15 | # |
16 | # You should have received a copy of the GNU General Public License |
17 | # along with userv-utils; if not, write to the Free Software |
18 | # Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | # |
20 | # $Id: udptunnel-reconf.pl,v 1.1.2.3 2000/12/11 01:53:01 ian Exp $ |
2dba6494 |
21 | |
f685ef8c |
22 | use Socket; |
23 | |
ee498ba1 |
24 | # @@@- |
25 | $shareuserv= "`pwd`"; |
26 | $etcvpn= "`pwd`"; |
27 | $varlibvpn= "`pwd`"; |
28 | # -@@@ |
2dba6494 |
29 | |
30 | sub badusage () { die "usage: udptunnel-reconf [<directory>]\n"; } |
31 | $debug=0; |
32 | |
f685ef8c |
33 | sub fault ($) { die "$0: $_[0]\n"; } |
34 | |
2dba6494 |
35 | while ($ARGV[0] =~ m/^-/) { |
36 | $_= shift @ARGV; |
37 | last if m/^--$/; |
38 | if (m/^-d$/) { $debug++; next; } |
39 | badusage(); |
40 | } |
41 | |
ee498ba1 |
42 | if (@ARGV) { $etcvpn= shift @ARGV; } |
f685ef8c |
43 | badusage() if @ARGV; |
2dba6494 |
44 | |
ee498ba1 |
45 | chdir $etcvpn or fault("$etcvpn: $!"); |
2dba6494 |
46 | |
47 | sub run_m4 ($$$) { |
48 | my ($wanted, $site, $variable) = @_; |
49 | $x= "m4 -P -DWANTED=$wanted -DWHVARIABLE=V_$variable -DV_global=global ". |
ee498ba1 |
50 | "-DV_site=$site -DV_varlibvpn=$varlibvpn ". |
51 | "-DV_defaults=$shareuserv/udptunnel-vpn-defaults ". |
52 | "$shareuserv/udptunnel-vpn-config.m4"; |
2dba6494 |
53 | print STDERR $x,"\n" if $debug>=2; |
f685ef8c |
54 | open X, "$x |" or die $!; |
2dba6494 |
55 | undef $/; |
56 | $m4out= <X>; |
57 | $/= "\n"; |
58 | close X; $? and exit -1; |
59 | $m4out =~ s/^\s+//; |
60 | $m4out =~ s/\n+/\n/g; |
61 | $m4out =~ s/\s+$//; |
62 | print STDERR "$wanted/$variable($site) -> \`$m4out'\n" if $debug>=1; |
f685ef8c |
63 | # $m4out='' if $wanted eq 'VARIABLE' && substr($m4out,0,2) eq 'V_'; |
2dba6494 |
64 | return $m4out; |
65 | } |
66 | |
67 | sub check_junk ($$) { |
68 | my ($emsg, $site) = @_; |
69 | $j= run_m4('JUNK',$site,''); |
70 | $j =~ s/^\# //g; |
f685ef8c |
71 | fault("$emsg: $j") if length $j; |
2dba6494 |
72 | } |
73 | |
f685ef8c |
74 | sub var_global ($) { return run_m4('VARIABLE','',$_[0]) } |
75 | sub var_site ($) { return run_m4('VARIABLE',$site,$_[0]) } |
76 | |
2dba6494 |
77 | check_junk("error in config",''); |
78 | |
79 | @actives= split /\s+/, run_m4('ACTIVES','',''); |
80 | @passives= split /\s+/, run_m4('PASSIVES','',''); |
81 | |
82 | foreach $site (@actives, @passives) { |
83 | check_junk("error in config for site $site",$site); |
84 | } |
85 | |
f685ef8c |
86 | $lgroup= var_global('lgroup'); |
87 | @lgroup= getgrnam($lgroup); |
88 | @lgroup or fault("invalid group $lgroup"); |
89 | $lgid= $lgroup[2]; |
90 | $forbid_remote= var_global('forbid_remote'); |
91 | @forbid_remote= (); |
92 | |
93 | sub parse_addr_mask ($) { |
94 | my ($r) = @_; |
95 | my ($mask,$iaddr); |
96 | if ($r =~ s,/(\d+)$,,) { $mask=$1; } else { $mask=32; } |
97 | fault("invalid mask length $1") if $mask<0 || $mask>32; |
98 | $mask= $mask ? ~0 << (32-$mask) : 0; |
99 | $iaddr= inet_aton($r); fault("invalid address $r") unless defined $iaddr; |
100 | $iaddr= (unpack "N",$iaddr)[0]; |
101 | return ($iaddr, $mask); |
102 | } |
103 | |
104 | foreach $r (split /[, \t]+/, $forbid_remote) { |
105 | push @forbid_remote, [ parse_addr_mask($r) ]; |
106 | } |
107 | |
108 | sub ipif_permit ($$$) { |
109 | my ($local,$net,$why) = @_; |
110 | my ($pmask,$piaddr,$fmask,$fiaddr); |
111 | if (!$local) { |
112 | ($piaddr,$pmask) = parse_addr_mask($net); |
113 | foreach $fref (@forbid_remote) { |
114 | ($fiaddr,$fmask) = @$fref; |
115 | $jmask= $fmask & $pmask; |
116 | #printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask |
117 | fault("local network $net claimed as remote ($why) by $site") |
118 | if (($fiaddr&$jmask) == ($piaddr&$jmask)); |
119 | } |
120 | } |
121 | $ipif_file .= "$lgid,$local$net, $lgroup, $why\n"; |
122 | } |
123 | |
124 | $glend= var_site('lend')."/32"; |
125 | if ($glend !~ m/^V_/) { |
126 | ipif_permit('=', "$glend", 'local endpoint'); |
127 | } |
128 | |
129 | foreach $site (@actives, @passives) { |
130 | $tlend= var_site('lend')."/32"; |
131 | if ($tlend != $glend) { |
132 | ipif_permit('=', $tlend.'/32', "$site - local endpoint"); |
133 | } |
134 | $trend= var_site('rend').'/32'; |
135 | $ix= 0; |
136 | $trnets= var_site('rnets'); |
137 | ipif_permit('', $trend, "$site - remote endpoint"); |
138 | if ($trnets ne '-') { |
139 | foreach $rnet (split /,/, $trnets) { |
140 | ipif_permit('', $rnet, "$site - remote network #$ix"); |
141 | $ix++; |
142 | } |
143 | } |
144 | } |
145 | |
146 | sub write_file ($$$$) { |
147 | my ($fn,$why,$head,$body) = @_; |
148 | length $fn or fault("location to write $why not specified"); |
149 | open F, ">$fn.new" or fault("create $fn.new: $!"); |
150 | print F $head."\n# AUTOGENERATED BY $0 - DO NOT EDIT\n".$body or die $!; |
151 | close F or die $!; |
152 | rename "$fn.new",$fn or die $!; |
153 | } |
154 | |
ee498ba1 |
155 | $ipifnetsfile= var_global(ipifnetsfile); |
156 | write_file($ipifnetsfile,'ipifnetsfile','', $ipif_file); |
f685ef8c |
157 | |
158 | $active_file= ''; |
159 | $inittab= ''; |
160 | $ix= 0; |
161 | foreach $site (@actives) { |
162 | $active_file.= "$site\t".var_site('activesxinfo')."\n"; |
163 | $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n"; |
ee498ba1 |
164 | $invoke_file= var_site('invoke_file'); |
165 | write_file($invoke_file, 'invoke_file', |
166 | var_site('invoke_head'), var_site('invoke_body')); |
167 | chmod 0777&~umask, $invoke_file or die $!; |
f685ef8c |
168 | } |
169 | write_file(var_global('activesfile'),'activesfile', '',$active_file); |
ee498ba1 |
170 | |
171 | print |
172 | "# You can cut and paste all or part of this into your inittab if you like:\n", |
173 | $inittab; |
174 | |
175 | print |
176 | "# And consider adding this line, or some of this file's contents,\n". |
177 | "# to your /etc/userv/ipif-networks:\n", |
178 | "$ipifnetsfile\n" |
179 | if $ipifnetsfile =~ m,^/,; |
f685ef8c |
180 | |
181 | $passive_file= ''; |
182 | foreach $site (@passives) { |
183 | $passive_file.= "$site\t".var_site('passivesxinfo')."\n"; |
184 | } |
185 | write_file(var_global('passivesfile'),'passivesfile', '',$passive_file); |
186 | |
187 | system var_global('postconfigure'); $? and exit -1; |
188 | |
189 | exit 0; |