From: ian <ian>
Date: Mon, 11 Dec 2000 00:19:23 +0000 (+0000)
Subject: About to be obsolete program; check in to preserve in case we want it back.
X-Git-Tag: mergepoint-1-2000-12-10-udptunnelconf~9
X-Git-Url: https://git.distorted.org.uk/~mdw/userv-utils/commitdiff_plain/f685ef8c8f8d346a6b94b0fcb61a74d0ba431a67

About to be obsolete program; check in to preserve in case we want it back.
---

diff --git a/ipif/udptunnel-reconf.pl b/ipif/udptunnel-reconf.pl
index 383b553..e57b4b4 100755
--- a/ipif/udptunnel-reconf.pl
+++ b/ipif/udptunnel-reconf.pl
@@ -1,5 +1,7 @@
 #!/usr/bin/perl
 
+use Socket;
+
 #$sharedir= '/usr/local/share/userv/udptunnelconf';
 $sharedir= '/home/ian/things/userv-utils/udptunnelconf';
 $confdir= '/etc/udptunnel';
@@ -7,6 +9,8 @@ $confdir= '/etc/udptunnel';
 sub badusage () { die "usage: udptunnel-reconf [<directory>]\n"; }
 $debug=0;
 
+sub fault ($) { die "$0: $_[0]\n"; }
+
 while ($ARGV[0] =~ m/^-/) {
     $_= shift @ARGV;
     last if m/^--$/;
@@ -15,9 +19,9 @@ while ($ARGV[0] =~ m/^-/) {
 }
 
 if (@ARGV) { $confdir= shift @ARGV; }
-#badusage() if @ARGV;
+badusage() if @ARGV;
 
-chdir $confdir or die "$0: $confdir: $!\n";
+chdir $confdir or fault("$confdir: $!");
 
 sub run_m4 ($$$) {
     my ($wanted, $site, $variable) = @_;
@@ -25,8 +29,7 @@ sub run_m4 ($$$) {
 	"-DV_site=$site ".
   	"-DV_defaults=$sharedir/defaults $sharedir/config.m4";
     print STDERR $x,"\n" if $debug>=2;
-    open X, "$x |"
-	or die $!;
+    open X, "$x |" or die $!;
     undef $/;
     $m4out= <X>;
     $/= "\n";
@@ -35,6 +38,7 @@ sub run_m4 ($$$) {
     $m4out =~ s/\n+/\n/g;
     $m4out =~ s/\s+$//;
     print STDERR "$wanted/$variable($site) -> \`$m4out'\n" if $debug>=1;
+#    $m4out='' if $wanted eq 'VARIABLE' && substr($m4out,0,2) eq 'V_';
     return $m4out;
 }
 
@@ -42,9 +46,12 @@ sub check_junk ($$) {
     my ($emsg, $site) = @_;
     $j= run_m4('JUNK',$site,'');
     $j =~ s/^\# //g;
-    die "$0: $emsg: $j\n" if length $j;
+    fault("$emsg: $j") if length $j;
 }
 
+sub var_global ($) { return run_m4('VARIABLE','',$_[0]) }
+sub var_site ($) { return run_m4('VARIABLE',$site,$_[0]) }
+
 check_junk("error in config",'');
 
 @actives= split /\s+/, run_m4('ACTIVES','','');
@@ -54,7 +61,98 @@ foreach $site (@actives, @passives) {
     check_junk("error in config for site $site",$site);
 }
 
-$_= run_m4('VARIABLE','greenend','command');
-s/\\\n/ /g;
-s/\s+/\n/g;
-print $_,"\n" or die $!;
+$lgroup= var_global('lgroup');
+@lgroup= getgrnam($lgroup);
+@lgroup or fault("invalid group $lgroup");
+$lgid= $lgroup[2];
+$forbid_remote= var_global('forbid_remote');
+@forbid_remote= ();
+
+sub parse_addr_mask ($) {
+    my ($r) = @_;
+    my ($mask,$iaddr);
+    if ($r =~ s,/(\d+)$,,) { $mask=$1; } else { $mask=32; }
+    fault("invalid mask length $1") if $mask<0 || $mask>32;
+    $mask= $mask ? ~0 << (32-$mask) : 0;
+    $iaddr= inet_aton($r); fault("invalid address $r") unless defined $iaddr;
+    $iaddr= (unpack "N",$iaddr)[0];
+    return ($iaddr, $mask);
+}
+
+foreach $r (split /[, \t]+/, $forbid_remote) {
+    push @forbid_remote, [ parse_addr_mask($r) ];
+}
+
+sub ipif_permit ($$$) {
+    my ($local,$net,$why) = @_;
+    my ($pmask,$piaddr,$fmask,$fiaddr);
+    if (!$local) {
+	($piaddr,$pmask) = parse_addr_mask($net);
+	foreach $fref (@forbid_remote) {
+	    ($fiaddr,$fmask) = @$fref;
+	    $jmask= $fmask & $pmask;
+#printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask
+	    fault("local network $net claimed as remote ($why) by $site")
+		if (($fiaddr&$jmask) == ($piaddr&$jmask));
+	}
+    }
+    $ipif_file .= "$lgid,$local$net,	$lgroup,	$why\n";
+}
+
+$glend= var_site('lend')."/32";
+if ($glend !~ m/^V_/) {
+    ipif_permit('=', "$glend", 'local endpoint');
+}
+
+foreach $site (@actives, @passives) {
+    $tlend= var_site('lend')."/32";
+    if ($tlend != $glend) {
+	ipif_permit('=', $tlend.'/32', "$site - local endpoint");
+    }
+    $trend= var_site('rend').'/32';
+    $ix= 0;
+    $trnets= var_site('rnets');
+    ipif_permit('', $trend, "$site - remote endpoint");
+    if ($trnets ne '-') {
+	foreach $rnet (split /,/, $trnets) {
+	    ipif_permit('', $rnet, "$site - remote network #$ix");
+		$ix++;
+	}
+    }
+}
+
+sub write_file ($$$$) {
+    my ($fn,$why,$head,$body) = @_;
+    length $fn or fault("location to write $why not specified");
+    open F, ">$fn.new" or fault("create $fn.new: $!");
+    print F $head."\n# AUTOGENERATED BY $0 - DO NOT EDIT\n".$body or die $!;
+    close F or die $!;
+    rename "$fn.new",$fn or die $!;
+}
+
+write_file(var_global(ipifnetsfile),'ipifnetsfile','', $ipif_file);
+
+$active_file= '';
+$inittab= '';
+$ix= 0;
+foreach $site (@actives) {
+    $active_file.= "$site\t".var_site('activesxinfo')."\n";
+    $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n";
+    write_file(var_site('invoke_file'), 'invoke_file',
+	       var_site('invoke_head'),
+	       var_site('invoke_body'));
+}
+write_file(var_global('activesfile'),'activesfile', '',$active_file);
+write_file(var_global('inittab_fragfile'),'inittab_fragfile',
+"# You can cut and paste all or part of this into your inittab if you like.",
+	   $inittab);
+
+$passive_file= '';
+foreach $site (@passives) {
+    $passive_file.= "$site\t".var_site('passivesxinfo')."\n";
+}
+write_file(var_global('passivesfile'),'passivesfile', '',$passive_file);
+
+system var_global('postconfigure'); $? and exit -1;
+
+exit 0;
diff --git a/ipif/udptunnel-vpn-defaults b/ipif/udptunnel-vpn-defaults
index 93427c9..04fa4fc 100644
--- a/ipif/udptunnel-vpn-defaults
+++ b/ipif/udptunnel-vpn-defaults
@@ -1,6 +1,7 @@
 SET(	lcommand,	[udptunnel])
-SET(	crypto,		[-e nonce -e timestamp/10/30 -e pkcs5/8		\
-			 -e blowfish-cbcmac/128 -e blowfish-cbc/128])
+SET( crypto,
+	[-e nonce -e timestamp/10/30 -e pkcs5/8 \
+	-e blowfish-cbcmac/128 -e blowfish-cbc/128])
 
 SET(	lpublic,	[`hostname`])
 SET(	lport,		[Any])
@@ -16,26 +17,70 @@ SET(	to_report,	[1800])
 SET(	timeouts,	[V_to_poll,V_to_quit,V_to_report])
 SET(	lnets,		[-])m4_dnl often overridden in global
 SET(	rnets,		[-])m4_dnl often overridden in sites
+SET(	forbid_remote,	[V_lnets])
 
 SET(	rcommandprefix,	[])
 SET(	rcommand,	[V_rcommandprefix udptunnel])
 
-SET(	sshopts,	[-o 'ForwardAgent no' -o 'ForwardX11 no' 	\
-			 -o 'BatchMode yes' -o 'ProtocolKeepAlives 300'])
-SET(	ssh,		[ssh -v V_sshopts])
+SET( sshprotoka,	[-o 'ProtocolKeepAlives 300'])
+SET( sshstdopts, [-o 'ForwardAgent no' -o 'ForwardX11 no' -o 'BatchMode yes'])
+SET( sshverbose,	[-v])
+SET( ssh,
+	[ssh	V_sshstdopts \
+		V_sshprotoka V_sshverbose])
+
 SET(	sshdest,	[V_rpublic])
 
 SET(	sites,		[sites])
 SET(	tunnels,	[tunnels])
 
+SET(	varlib,		[/var/lib/udptunnel-vpn])
+
+SET(	ipifnetsfile,	[V_varlib/ipif-networks])
+SET(	activesfile,	[V_varlib/active-sites])
+SET(	activesxinfo,	[])
+SET(	passivesfile,	[passive-sites])
+SET(	passivesxinfo,	[])
+
+SET(	postconfigure,	[])
+
+SET(	invoke_file,	[V_varlib/V_site.command])
+SET(	invoke_head,	[#!/bin/sh])
+SET(	invoke_hook,	[])
+
+SET(	syslog_facility,	local2)
+SET(	syslog_priority,	info)
+
+SET(	inittab_runlevels,	2345)
+SET(	inittab_fragfile,	[inittab-fragment])
+SET(	inittab_pfx,		[])
+SET(	inittab_sfx,
+ [2>&1 | logger -p V_syslog_facility.V_syslog_priority -t tunnel-V_site])
+SET(	inittab_command,[V_inittab_pfx V_invoke_file V_inittab_sfx])
+SET(	inittab_line, 	[V_inittab_runlevels:respawn:V_inittab_command])
+
+SET( invoke_body,
+[set -e
+V_invoke_hook
+echo "STARTING TUNNEL `date`" >&2
+V_command
+rc=$?
+echo "TUNNEL CLOSED rc=$rc" >&2
+exit $rc
+])
+
 m4_dnl	lgroup		-- usually set in global
 
-SET(	command,	[ \
-	V_lcommand 						\
-		V_crypto					\
-		V_lpublic,V_lport	V_rpublic,V_rport	\
-		V_lend,V_rend,V_mtu,V_proto			\
-		V_timeouts					\
-		V_rnets			V_lnets			\
-		V_ssh V_ruser@V_sshdest	V_rcommand
-		])
+SET(	command,
+[V_lcommand \
+	V_crypto \
+	V_lpublic,V_lport \
+	V_rpublic,V_rport \
+	V_lend,V_rend,V_mtu,V_proto \
+	V_timeouts \
+	V_rnets \
+	V_lnets \
+	V_ssh \
+		V_ruser@V_sshdest \
+		V_rcommand
+	])
diff --git a/ipif/udptunnel-vpnd b/ipif/udptunnel-vpnd
new file mode 100644
index 0000000..75a9cfc
--- /dev/null
+++ b/ipif/udptunnel-vpnd
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+@ARGV == 2 && $ARGV[0] != m/^-/
+    or die
+    "usage: udptunnel-vpnd SYSLOGFAC LIBDIR LOGDIR\n"
+    " eg udptunnel-vpnd local2 /var/lib/udptunnel-vpn /var/log/udptunnel-vpn\n"
+
+($syslocfac,$libdir,$logdir) = @ARGV;
+
+chdir($logdir) or die "$logdir: $!\n";
+
+open A, "$libdir/active-sites" or die "$libdir/active-sites: $!\n";
+while (<A>) {
+    next if m/^\#/ || !m/\S/;
+    m/^(\w+)\s/ or die;
+    push @restart_queue, $1;
+}
+close A;
+
+$c= open LO, "|logger -p $syslogfac.notice -t vpnd[$$]" or die $!;
+$pid{$c}= ' LOGGER NOTICE';
+
+$c= open LE, "|logger -p $syslogfac.err -t vpnd[$$]" or die $!;
+$pid{$c}= ' LOGGER NOTICE';
+
+sleep 1;
+
+print LO "starting vpnd\n" or die $!;
+
+open STDERR, ">&LE";
+open STDOUT, ">&L";
+
+for (;;) {
+