bd8e3a558c
- Fix Opportunistic IPsec _unbound-hook argument parsing - Make rundir readable for all (so we can hand out permissions later)
36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
commit 9dce290a0d2df5c278ed9442b10954d65cc238e4
|
|
Author: Paul Wouters <pwouters@redhat.com>
|
|
Date: Sun Jul 8 22:29:52 2018 -0400
|
|
|
|
_unbound-hook: Fixup adding IPv4 pubkey into pluto. Expect unbound to quote argument as 1
|
|
|
|
diff --git a/programs/_unbound-hook/_unbound-hook.in b/programs/_unbound-hook/_unbound-hook.in
|
|
index 0d266d5..38279de 100755
|
|
--- a/programs/_unbound-hook/_unbound-hook.in
|
|
+++ b/programs/_unbound-hook/_unbound-hook.in
|
|
@@ -29,14 +29,17 @@ try:
|
|
except:
|
|
sys.exit("Bad arguments to ipsec _unbound")
|
|
|
|
-while (argv != []):
|
|
+# unbound now quotes the entire RRDATAs, so it counts as 1 argument in the list
|
|
+data = argv.pop(0).split(" ")
|
|
+
|
|
+while (data != []):
|
|
try:
|
|
- gwprec = argv.pop(0)
|
|
- gwtype = argv.pop(0)
|
|
- gwalg = argv.pop(0)
|
|
- gwid = argv.pop(0)
|
|
- pubkey = argv.pop(0)
|
|
- addkeyip = "ipsec whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(ip, pubkey)
|
|
+ gwprec = data.pop(0)
|
|
+ gwtype = data.pop(0)
|
|
+ gwalg = data.pop(0)
|
|
+ gwid = data.pop(0)
|
|
+ pubkey = data.pop(0)
|
|
+ addkeyip = "ipsec whack --keyid %s --addkey --pubkeyrsa 0s%s"%(ip, pubkey)
|
|
addkeyhostname = "ipsec whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(qname, pubkey)
|
|
print("processing an IPSECKEY record for Opportunistic IPsec to %s(%s)"%(qname,ip))
|
|
print(subprocess.call(addkeyip, shell=True))
|