summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStig Thormodsrud <stig@vyatta.com>2008-01-10 13:30:45 -0800
committerStig Thormodsrud <stig@vyatta.com>2008-01-10 13:30:45 -0800
commit6f32c7aeea3834d58f903209ab3e3908a37e9dd5 (patch)
tree9751e83205e665b3e04c2cce12385ffd99b79b6c /scripts
parent4ddf2e3407577987dd2f0ce408e7a6949c22c417 (diff)
downloadvyatta-cfg-vpn-6f32c7aeea3834d58f903209ab3e3908a37e9dd5.tar.gz
vyatta-cfg-vpn-6f32c7aeea3834d58f903209ab3e3908a37e9dd5.zip
Fix "set vpn rsa-key local-file file".
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/VyattaVPNUtil.pm2
-rwxr-xr-xscripts/vpn-config.pl96
2 files changed, 47 insertions, 51 deletions
diff --git a/scripts/VyattaVPNUtil.pm b/scripts/VyattaVPNUtil.pm
index b31c0e5..55c8ba4 100755
--- a/scripts/VyattaVPNUtil.pm
+++ b/scripts/VyattaVPNUtil.pm
@@ -47,7 +47,7 @@ sub rsa_get_local_key_file {
#
my $vc = new VyattaConfig();
$vc->setLevel('vpn');
- my $key_file_override = $vc->returnValue('rsa-keys local-key file');
+ my $key_file_override = $vc->returnOrigValue('rsa-keys local-key file');
#
# We'll assume validation for valid path/file was handled in the
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index fb8aa29..1216923 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -152,57 +152,54 @@ if ($vcVPN->exists('ipsec')) {
}
}
- {
+ #
+ # Check the local key file
+ # Note: $local_key_file will be used later when reading the keys
+ #
+ my $running_local_key_file = VyattaVPNUtil::rsa_get_local_key_file();
+ my $local_key_file = $vcVPN->returnValue('rsa-keys local-key file');
+ if (!defined($local_key_file)) {
+ $local_key_file = VyattaVPNUtil::LOCAL_KEY_FILE_DEFAULT;
+ }
+ if ($local_key_file ne $running_local_key_file) {
+
+ # Sanity check the usr specified local_key_file
#
- # Check the local key file
+ # 1). Must start with "/"
+ # 2). Only allow alpha-numeric, ".", "-", "_", or "/".
+ # 3). Don't allow "//"
+ # 4). Verify that it's not a directory
#
- my $local_key_file = $vcVPN->returnValue('rsa-keys local-key file');
- if (defined($local_key_file) && $local_key_file ne '') {
-
- # Sanity check the usr specified local_key_file
- #
- # 1). Must start with "/"
- # 2). Only allow alpha-numeric, ".", "-", "_", or "/".
- # 3). Don't allow "//"
- # 4). Verify that it's not a directory
- #
- if ($local_key_file !~ /^\//) {
- $error = 1;
- print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Does not start with a '/'.\n";
- }
- if ($local_key_file =~ /[^a-zA-Z0-9\.\-\_\/]/g) {
- $error = 1;
- print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Contains a character that is not alpha-numeric and not '.', '-', '_', '/'.\n";
- }
- if ($local_key_file =~ /\/\//g) {
- $error = 1;
- print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Contains string \"//\".\n";
- }
- if (-d $local_key_file) {
- $error = 1;
- print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Path is a directory rather than a file.\n";
- }
-
- if ($error == 0) {
- my $prev_local_key_file = $vcVPN->returnOrigValue('rsa-keys local-key file');
- if (!defined($prev_local_key_file) || $prev_local_key_file eq '') {
- $prev_local_key_file = VyattaVPNUtil::LOCAL_KEY_FILE_DEFAULT;
- }
- if ($local_key_file ne $prev_local_key_file) {
- if (-r $prev_local_key_file && !(-e $local_key_file)) {
- VyattaVPNUtil::vpn_debug "cp $prev_local_key_file $local_key_file";
- my ($dirpath) = ($local_key_file =~ m#^(.*/)?.*#s);
- my $rc = system("mkdir -p $dirpath");
- if ($rc != 0) {
- $error = 1;
- print STDERR "VPN configuration error. Could not copy previous local RSA key file \"$prev_local_key_file\" to new local RSA key file \"$local_key_file\". Could not mkdir [$dirpath] $!\n";
- } else {
- $rc = system("cp $prev_local_key_file $local_key_file");
- if ($rc != 0) {
- $error = 1;
- print STDERR "VPN configuration error. Could not copy previous local RSA key file \"$prev_local_key_file\" to new local RSA key file \"$local_key_file\". $!\n";
- }
- }
+ if ($local_key_file !~ /^\//) {
+ $error = 1;
+ print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Does not start with a '/'.\n";
+ }
+ if ($local_key_file =~ /[^a-zA-Z0-9\.\-\_\/]/g) {
+ $error = 1;
+ print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Contains a character that is not alpha-numeric and not '.', '-', '_', '/'.\n";
+ }
+ if ($local_key_file =~ /\/\//g) {
+ $error = 1;
+ print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Contains string \"//\".\n";
+ }
+ if (-d $local_key_file) {
+ $error = 1;
+ print STDERR "VPN configuration error. Invalid local RSA key file path \"$local_key_file\". Path is a directory rather than a file.\n";
+ }
+
+ if ($error == 0) {
+ if (-r $running_local_key_file && !(-e $local_key_file)) {
+ VyattaVPNUtil::vpn_debug "cp $running_local_key_file $local_key_file";
+ my ($dirpath) = ($local_key_file =~ m#^(.*/)?.*#s);
+ my $rc = system("mkdir -p $dirpath");
+ if ($rc != 0) {
+ $error = 1;
+ print STDERR "VPN configuration error. Could not copy previous local RSA key file \"$running_local_key_file\" to new local RSA key file \"$local_key_file\". Could not mkdir [$dirpath] $!\n";
+ } else {
+ $rc = system("cp $running_local_key_file $local_key_file");
+ if ($rc != 0) {
+ $error = 1;
+ print STDERR "VPN configuration error. Could not copy previous local RSA key file \"$running_local_key_file\" to new local RSA key file \"$local_key_file\". $!\n";
}
}
}
@@ -664,7 +661,6 @@ if ($vcVPN->exists('ipsec')) {
$genout .= "\tauthby=secret\n";
} elsif (defined($auth_mode) && $auth_mode eq 'rsa') {
- my $local_key_file = VyattaVPNUtil::rsa_get_local_key_file();
unless (-r $local_key_file) {
$error = 1;
if (-e $local_key_file) {