#! /bin/sh # show key for this host, in DNS (or other) format # Copyright (C) 2000, 2001 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: showhostkey,v 1.12 2001/10/26 16:17:02 henry Exp $ me="ipsec showhostkey" usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]" file=/etc/ipsec.secrets fmt="dns" gw= id= for dummy do case "$1" in --file) file="$2" ; shift ;; --left) fmt="left" ;; --right) fmt="right" ;; --txt) fmt="txt" ; gw="$2" ; shift ;; --id) id="$2" ; shift ;; --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; --help) echo "$usage" ; exit 0 ;; --) shift ; break ;; -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; *) break ;; esac shift done if test " $fmt" = " txt" -a " $gw" = " " then echo "$me: --txt gateway value cannot be empty" >&2 exit 2 fi if test ! -f $file then echo "$me: file \`$file' does not exist" >&2 exit 1 elif test ! -r $file then echo "$me: permission denied (cannot read \`$file')" >&2 exit 1 fi host="`hostname --fqdn`" awk ' BEGIN { inkey = 0 seenkey = 0 nfound = 0 err = "cat >&2" me = "'"$me"'" host = "'"$host"'" file = "'"$file"'" fmt = "'"$fmt"'" gw = "'"$gw"'" id = "'"$id"'" comment = "" s = "[ \t]+" os = "[ \t]*" x = "[^ \t]+" oc = "(#.*)?" suffix = ":" os "[rR][sS][aA]" os "{" os oc "$" if (id == "") { pat = "^" suffix printid = "default" } else { pat = "^(" x s ")*" id "(" s x ")*" os suffix printid = quote(id) } status = 0 } $0 ~ pat { inkey = 1 seenkey = 1 } /^[ \t]+}$/ { inkey = 0 } inkey && $0 ~ /^[ \t]+# RSA [0-9]+ bits/ { comment = $0 if (fmt == "dns" || fmt == "txt") sub(/^[ \t]+#/, ";", comment) host = $5 } inkey && fmt == "dns" && $0 ~ /^[ \t]+#IN[ \t]+KEY[ \t]+/ { out = $0 sub(/^[ \t]+#IN[ \t]+KEY[ \t]+/, (host ".\tIN\tKEY\t"), out) nfound++ } inkey && fmt == "txt" && $0 ~ /^[ \t]+#IN[ \t]+KEY[ \t]+/ { out = $0 gsub(/[ \t]+/, " ", out) sub(/^ #IN KEY [^ ]+ [^ ]+ [^ ]+ /, "", out) str = "X-IPsec-Server(10)=" gw " " out if (length(str) <= 255) { out = quote(str) } else { out = "" while (length(str) > 255) { out = out " " quote(substr(str, 1, 255)) str = substr(str, 256) } out = substr(out, 2) if (length(str) > 0) out = out " " quote(str) } out = "\tIN\tTXT\t" out nfound++ } inkey && (fmt == "left" || fmt == "right") && $0 ~ /^[ \t]+#pubkey=/ { out = $0 sub(/^[ \t]+#pubkey=/, ("\t" fmt "rsasigkey="), out) nfound++ } function quote(s) { return "\"" s "\"" } function grump(s) { print me ": " s |err status = 1 } END { if (!seenkey) grump("no " printid " key in " quote(file)) else if (nfound == 0) { want = (fmt == "dns") ? "IN KEY" : "pubkey" grump("no " want " line found -- key information old?") } else if (nfound > 1) grump("multiple " printid " keys found!?!") else { if (comment != "") print comment print out } exit(status) }' $file