From 0a89c7e5a37b84a1c9e96343ba519982fa00f6cb Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 21 Nov 2008 16:33:30 -0800 Subject: Rename VyattaVPNUtil to Vyatta::VPNUtil --- lib/Vyatta/VPNUtil.pm | 131 +++++++++++++++++++++++++++++++++++++++++++++++ scripts/VyattaVPNUtil.pm | 129 ---------------------------------------------- scripts/vpn-config.pl | 20 ++++---- 3 files changed, 141 insertions(+), 139 deletions(-) create mode 100755 lib/Vyatta/VPNUtil.pm delete mode 100755 scripts/VyattaVPNUtil.pm diff --git a/lib/Vyatta/VPNUtil.pm b/lib/Vyatta/VPNUtil.pm new file mode 100755 index 0000000..a5bfe71 --- /dev/null +++ b/lib/Vyatta/VPNUtil.pm @@ -0,0 +1,131 @@ +# +# Module: Vyatta::VPNUtil.pm +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2005, 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Marat +# Date: 2007 +# Description: +# +# **** End License **** +# + +package Vyatta::VPNUtil; +our @EXPORT = qw(rsa_get_local_key_file LOCAL_KEY_FILE_DEFAULT rsa_get_local_pubkey + is_vpn_running vpn_debug enableICMP); +use base qw(Exporter); + +use strict; +use warnings; + +use VyattaConfig; + +use constant LOCAL_KEY_FILE_DEFAULT + => '/opt/vyatta/etc/config/ipsec.d/rsa-keys/localhost.key'; + +sub is_vpn_running { + return ( -e '/var/run/pluto/pluto.ctl'); +} + +sub rsa_get_local_key_file { + my $file = LOCAL_KEY_FILE_DEFAULT; + + # + # Read configuration tree + # + my $vc = new VyattaConfig(); + $vc->setLevel('vpn'); + my $key_file_override = $vc->returnOrigValue('rsa-keys local-key file'); + + # + # We'll assume validation for valid path/file was handled in the + # commit. + # + $file = $key_file_override if defined($key_file_override); + + return $file +} + +sub rsa_get_local_pubkey { + my ($file) = @_; + + unless ( -r $file) { + return 0; + } + + open(DAT, $file) || die("Could not open file $file!"); + my @raw_data=; + close(DAT); + + foreach my $line (@raw_data) { + my $file_pubkey; + if (($file_pubkey) = ($line =~ m/\s+\#pubkey=(\S+)/)) { + return $file_pubkey; + } + } + return 0; +} + +sub vpn_debug { + use POSIX; + my $timestamp = strftime("%Y%m%d-%H:%M.%S", localtime); + open LOG, ">>", "/var/log/vpn-debug.log"; + print LOG "$timestamp: ", @_ , "\n"; + close LOG; +} + +sub vpn_log { + my ($msg) = @_; + + open LOG, ">> /tmp/ipsec.log"; + + use POSIX; + my $timestamp = strftime("%Y-%m-%d %H:%M.%S", localtime); + + print LOG "$timestamp\nLog: $msg\n"; + close LOG; +} + +sub vpn_system { + my ($cmdline) = @_; + vpn_debug("START $cmdline"); + my $ret = system($cmdline); + if ($ret) { + vpn_debug("END ERROR $cmdline"); + } else { + vpn_debug("END OK $cmdline"); + } +} + +sub enableICMP { + my ($enable) = @_; + + opendir DIR, '/proc/sys/net/ipv4/conf/' or return undef; + my @nodes = grep !/^\./, readdir DIR; + closedir DIR; + + foreach my $node (@nodes) { + my $OUT; + open OUT, ">/proc/sys/net/ipv4/conf/$node/accept_redirects" or return undef; + print OUT $enable; + close OUT; + open OUT, ">/proc/sys/net/ipv4/conf/$node/send_redirects" or return undef; + print OUT $enable; + close OUT; + } + return 1; +} + +1; diff --git a/scripts/VyattaVPNUtil.pm b/scripts/VyattaVPNUtil.pm deleted file mode 100755 index f46a122..0000000 --- a/scripts/VyattaVPNUtil.pm +++ /dev/null @@ -1,129 +0,0 @@ -# -# Module: VyattaVPNUtil.pm -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2005, 2006, 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Marat -# Date: 2007 -# Description: -# -# **** End License **** -# - -package VyattaVPNUtil; - -use strict; -use warnings; - -use VyattaConfig; - - -use constant LOCAL_KEY_FILE_DEFAULT => '/opt/vyatta/etc/config/ipsec.d/rsa-keys/localhost.key'; - -sub is_vpn_running { - return ( -e '/var/run/pluto/pluto.ctl'); -} - -sub rsa_get_local_key_file { - my $file = LOCAL_KEY_FILE_DEFAULT; - - # - # Read configuration tree - # - my $vc = new VyattaConfig(); - $vc->setLevel('vpn'); - my $key_file_override = $vc->returnOrigValue('rsa-keys local-key file'); - - # - # We'll assume validation for valid path/file was handled in the - # commit. - # - $file = $key_file_override if defined($key_file_override); - - return $file -} - -sub rsa_get_local_pubkey { - my ($file) = @_; - - unless ( -r $file) { - return 0; - } - - open(DAT, $file) || die("Could not open file $file!"); - my @raw_data=; - close(DAT); - - foreach my $line (@raw_data) { - my $file_pubkey; - if (($file_pubkey) = ($line =~ m/\s+\#pubkey=(\S+)/)) { - return $file_pubkey; - } - } - return 0; -} - -sub vpn_debug { - use POSIX; - my $timestamp = strftime("%Y%m%d-%H:%M.%S", localtime); - open LOG, ">>", "/var/log/vpn-debug.log"; - print LOG "$timestamp: ", @_ , "\n"; - close LOG; -} - -sub vpn_log { - my ($msg) = @_; - - open LOG, ">> /tmp/ipsec.log"; - - use POSIX; - my $timestamp = strftime("%Y-%m-%d %H:%M.%S", localtime); - - print LOG "$timestamp\nLog: $msg\n"; - close LOG; -} - -sub vpn_system { - my ($cmdline) = @_; - vpn_debug("START $cmdline"); - my $ret = system($cmdline); - if ($ret) { - vpn_debug("END ERROR $cmdline"); - } else { - vpn_debug("END OK $cmdline"); - } -} - -sub enableICMP { - my ($enable) = @_; - - opendir DIR, '/proc/sys/net/ipv4/conf/' or return undef; - my @nodes = grep !/^\./, readdir DIR; - closedir DIR; - - foreach my $node (@nodes) { - my $OUT; - open OUT, ">/proc/sys/net/ipv4/conf/$node/accept_redirects" or return undef; - print OUT $enable; - close OUT; - open OUT, ">/proc/sys/net/ipv4/conf/$node/send_redirects" or return undef; - print OUT $enable; - close OUT; - } - return 1; -} - -1; - diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index ad7cae1..ae7e052 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -24,7 +24,7 @@ # use strict; -use lib "/opt/vyatta/share/perl5/"; +use lib "/opt/vyatta/share/perl5"; use constant IKELIFETIME_DEFAULT => 28800; # 8 hours use constant ESPLIFETIME_DEFAULT => 3600; # 1 hour @@ -33,7 +33,7 @@ use constant REKEYFUZZ_DEFAULT => 100; use constant INVALID_LOCAL_IP => 254; use constant VPN_MAX_PROPOSALS => 10; -use VyattaVPNUtil; +use Vyatta::VPNUtil; use Getopt::Long; my $changes_dir; @@ -153,10 +153,10 @@ if ($vcVPN->exists('ipsec')) { # Check the local key file # Note: $local_key_file will be used later when reading the keys # - my $running_local_key_file = VyattaVPNUtil::rsa_get_local_key_file(); + my $running_local_key_file = rsa_get_local_key_file(); my $local_key_file = $vcVPN->returnValue('rsa-keys local-key file'); if (!defined($local_key_file)) { - $local_key_file = VyattaVPNUtil::LOCAL_KEY_FILE_DEFAULT; + $local_key_file = LOCAL_KEY_FILE_DEFAULT; } if ($local_key_file ne $running_local_key_file) { @@ -186,7 +186,7 @@ if ($vcVPN->exists('ipsec')) { if ($error == 0) { if (-r $running_local_key_file && !(-e $local_key_file)) { - VyattaVPNUtil::vpn_debug "cp $running_local_key_file $local_key_file"; + vpn_debug "cp $running_local_key_file $local_key_file"; my ($dirpath) = ($local_key_file =~ m#^(.*/)?.*#s); my $rc = system("mkdir -p $dirpath"); if ($rc != 0) { @@ -725,7 +725,7 @@ if ($vcVPN->exists('ipsec')) { } $genout .= "\tauthby=rsasig\n"; - my $local_key = VyattaVPNUtil::rsa_get_local_pubkey($local_key_file); + my $local_key = rsa_get_local_pubkey($local_key_file); if (!defined($local_key) || $local_key eq "") { $error = 1; print STDERR "VPN configuration error. Unable to determine local public key from local key file \"$local_key_file\" for peer \"$peer\".\n"; @@ -783,16 +783,16 @@ if (!(defined($config_file) && ($config_file ne '') && defined($secrets_file) && if ($error == 0) { if ($vcVPN->isDeleted('.') || !$vcVPN->exists('.') || $vcVPN->isDeleted('ipsec') || !$vcVPN->exists('ipsec')) { - if (VyattaVPNUtil::is_vpn_running()) { + if (is_vpn_running()) { vpn_exec('ipsec setup --stop', 'stop ipsec'); } - if (!VyattaVPNUtil::enableICMP('1')) { + if (!enableICMP('1')) { $error = 1; print STDERR "VPN commit error. Unable to re-enable ICMP redirects.\n"; } write_config($genout, $config_file, $genout_secrets, $secrets_file); } else { - if (!VyattaVPNUtil::enableICMP('0')) { + if (!enableICMP('0')) { $error = 1; print STDERR "VPN commit error. Unable to disable ICMP redirects.\n"; } @@ -807,7 +807,7 @@ if ($error == 0) { vpn_log("Wrote out configuration to files '$config_file' and '$secrets_file'. VPN/ipsec daemons not started due to clustering.\n"); } else { - if (VyattaVPNUtil::is_vpn_running()) { + if (is_vpn_running()) { if (isFullRestartRequired($vcVPN)) { # # Full restart required -- cgit v1.2.3