2 # show key for this host, in DNS (or other) format
3 # Copyright (C) 2000, 2001 Henry Spencer.
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # RCSID $Id: showhostkey,v 1.12 2001/10/26 16:17:02 henry Exp $
17 me="ipsec showhostkey"
18 usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]"
20 file=/etc/ipsec.secrets
27 --file) file="$2" ; shift ;;
29 --right) fmt="right" ;;
30 --txt) fmt="txt" ; gw="$2" ; shift ;;
31 --id) id="$2" ; shift ;;
32 --version) echo "$me $IPSEC_VERSION" ; exit 0 ;;
33 --help) echo "$usage" ; exit 0 ;;
35 -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
40 if test " $fmt" = " txt" -a " $gw" = " "
42 echo "$me: --txt gateway value cannot be empty" >&2
48 echo "$me: file \`$file' does not exist" >&2
52 echo "$me: permission denied (cannot read \`$file')" >&2
56 host="`hostname --fqdn`"
74 suffix = ":" os "[rR][sS][aA]" os "{" os oc "$"
79 pat = "^(" x s ")*" id "(" s x ")*" os suffix
91 inkey && $0 ~ /^[ \t]+# RSA [0-9]+ bits/ {
93 if (fmt == "dns" || fmt == "txt")
94 sub(/^[ \t]+#/, ";", comment)
97 inkey && fmt == "dns" && $0 ~ /^[ \t]+#IN[ \t]+KEY[ \t]+/ {
99 sub(/^[ \t]+#IN[ \t]+KEY[ \t]+/, (host ".\tIN\tKEY\t"), out)
102 inkey && fmt == "txt" && $0 ~ /^[ \t]+#IN[ \t]+KEY[ \t]+/ {
104 gsub(/[ \t]+/, " ", out)
105 sub(/^ #IN KEY [^ ]+ [^ ]+ [^ ]+ /, "", out)
106 str = "X-IPsec-Server(10)=" gw " " out
107 if (length(str) <= 255) {
111 while (length(str) > 255) {
112 out = out " " quote(substr(str, 1, 255))
113 str = substr(str, 256)
117 out = out " " quote(str)
119 out = "\tIN\tTXT\t" out
122 inkey && (fmt == "left" || fmt == "right") && $0 ~ /^[ \t]+#pubkey=/ {
124 sub(/^[ \t]+#pubkey=/, ("\t" fmt "rsasigkey="), out)
136 grump("no " printid " key in " quote(file))
137 else if (nfound == 0) {
138 want = (fmt == "dns") ? "IN KEY" : "pubkey"
139 grump("no " want " line found -- key information old?")
140 } else if (nfound > 1)
141 grump("multiple " printid " keys found!?!")