#!/bin/ksh
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# ike720 src/bos/usr/sbin/isakmp/cmd/ikeconvert.sh 1.8
#
# Licensed Materials - Property of IBM
#
# Restricted Materials of IBM
#
# COPYRIGHT International Business Machines Corp. 2000,2007
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
# @(#)02 1.8 src/bos/usr/sbin/isakmp/cmd/ikeconvert.sh, ike_cmds, ike720 10/17/07 06:25:37
###############################################################################
# Initializes tunnel definitions to the default values. Used by ReadIpsecConf
###############################################################################
function InitializeData {
TYPE="tunnel"
COMPRESS=""
AUTO=""
KEYEXCHANGE=""
AUTH=""
AUTHBY=""
PFS=""
KEYLIFE=""
REKEYMARGIN=""
REKEYFUZZ=""
KEYINGTRIES=""
IKELIFETIME=""
KEY=
LEFT=""
LEFTID=""
LEFTSUBNET=""
LEFTNEXTHOP=""
LEFTUPDOWN=""
RIGHT=""
RIGHTID=""
RIGHTSUBNET=""
RIGHTNEXTHOP=""
RIGHTUPDOWN=""
ALSO=""
}
###############################################################################
# Saves data according to the standard format for XML generation
###############################################################################
function SaveData {
# if [[ $TUNN_NAME != "%default" ]]; then
# if [[ $LEFTID != "" ]]; then LOCAL=$LEFTID; else LOCAL=$LEFT; fi
# if [[ $RIGHTID != "" ]]; then REMOTE=$RIGHTID; else REMOTE=$RIGHT; fi
#
# DATA=`/usr/bin/grep $LOCAL $KEY_FILE|/usr/bin/grep $REMOTE`
# if [[ $? = 0 ]]; then
# KEY=`echo $DATA|/usr/bin/cut -f2 -d"\""`
# fi
# fi
#
if [[ $TYPE = "tunnel" ]]; then TYPE="Tunnel"
else TYPE="Transport"
fi
ALSO=`echo ${ALSO#,}` # strip the leading "," from also if there is any
INFO="$TUNN_NAME|$TYPE|$COMPRESS|$AUTO|$LEFT|$LEFTID|$LEFTSUBNET"
INFO="$INFO|$LEFTNEXTHOP|$LEFTUPDOWN|$RIGHT|$RIGHTID|$RIGHTSUBNET"
INFO="$INFO|$RIGHTNEXTHOP|$RIGHTUPDOWN|$KEYEXCHANGE|$AUTH|$AUTHBY|$PFS"
INFO="$INFO|$KEYLIFE|$REKEYMARGIN|$REKEYFUZZ|$KEYINGTRIES|$IKELIFETIME"
INFO="$INFO|$KEY|$ALSO"
TUNN_INFO[$NUM_TUNNELS]="$INFO"
NUM_TUNNELS=$NUM_TUNNELS+1
InitializeData
}
###############################################################################
# Parses linux config file and processes includes
###############################################################################
function ProcessIncludes {
integer RETURN_CODE=0
while [ $RETURN_CODE -eq 0 ]
do
read DATA
RETURN_CODE=$?
PARAM=`echo $DATA|/usr/bin/cut -f1 -d" "`
VALUE=`echo $DATA|/usr/bin/cut -f2 -d" "`
case $PARAM in
include) ProcessIncludes < $VALUE;;
*) echo $DATA;;
esac
done
}
###############################################################################
# Parses linux config file and populates the internal structure with tunnel info
###############################################################################
function ProcessTunnelData {
DATA=${TUNN_INFO}
TUNN_NAME=`echo $DATA|/usr/bin/cut -f1 -d"|"`
# Obtain the default values
if [[ $TUNN_NAME = "%default" ]]; then
DEF02=`echo $DATA|/usr/bin/cut -f2 -d"|"`
DEF03=`echo $DATA|/usr/bin/cut -f3 -d"|"`
DEF04=`echo $DATA|/usr/bin/cut -f4 -d"|"`
DEF15=`echo $DATA|/usr/bin/cut -f15 -d"|"`
DEF16=`echo $DATA|/usr/bin/cut -f16 -d"|"`
DEF17=`echo $DATA|/usr/bin/cut -f17 -d"|"`
DEF18=`echo $DATA|/usr/bin/cut -f18 -d"|"`
DEF19=`echo $DATA|/usr/bin/cut -f19 -d"|"`
DEF20=`echo $DATA|/usr/bin/cut -f20 -d"|"`
DEF21=`echo $DATA|/usr/bin/cut -f21 -d"|"`
DEF22=`echo $DATA|/usr/bin/cut -f22 -d"|"`
DEF23=`echo $DATA|/usr/bin/cut -f23 -d"|"`
fi
if [[ $DEF02 = "" ]]; then DEF02=tunnel; fi
if [[ $DEF03 = "" ]]; then DEF03=no; fi
if [[ $DEF04 = "" ]]; then DEF04=add; fi
if [[ $DEF15 = "" ]]; then DEF15=ike; fi
if [[ $DEF16 = "" ]]; then DEF16=esp; fi
if [[ $DEF17 = "" ]]; then DEF15=secret; fi
if [[ $DEF18 = "" ]]; then DEF18=yes; fi
if [[ $DEF19 = "" ]]; then DEF19=8h; fi
if [[ $DEF20 = "" ]]; then DEF20=9m; fi
if [[ $DEF21 = "" ]]; then DEF21=100%; fi
if [[ $DEF22 = "" ]]; then DEF22=3; fi
if [[ $DEF23 = "" ]]; then DEF23=1h; fi
integer i=0
while [[ $i < $NUM_TUNNELS ]]; do
# Read tunnel data
DATA=${TUNN_INFO[$i]}
V01=`echo $DATA|/usr/bin/cut -f1 -d"|"`
if [[ $V01 != "%default" ]]; then
V02=`echo $DATA|/usr/bin/cut -f2 -d"|"`
V03=`echo $DATA|/usr/bin/cut -f3 -d"|"`
V04=`echo $DATA|/usr/bin/cut -f4 -d"|"`
V05=`echo $DATA|/usr/bin/cut -f5 -d"|"`
V06=`echo $DATA|/usr/bin/cut -f6 -d"|"`
V07=`echo $DATA|/usr/bin/cut -f7 -d"|"`
V08=`echo $DATA|/usr/bin/cut -f8 -d"|"`
V09=`echo $DATA|/usr/bin/cut -f9 -d"|"`
V10=`echo $DATA|/usr/bin/cut -f10 -d"|"`
V11=`echo $DATA|/usr/bin/cut -f11 -d"|"`
V12=`echo $DATA|/usr/bin/cut -f12 -d"|"`
V13=`echo $DATA|/usr/bin/cut -f13 -d"|"`
V14=`echo $DATA|/usr/bin/cut -f14 -d"|"`
V15=`echo $DATA|/usr/bin/cut -f15 -d"|"`
V16=`echo $DATA|/usr/bin/cut -f16 -d"|"`
V17=`echo $DATA|/usr/bin/cut -f17 -d"|"`
V18=`echo $DATA|/usr/bin/cut -f18 -d"|"`
V19=`echo $DATA|/usr/bin/cut -f19 -d"|"`
V20=`echo $DATA|/usr/bin/cut -f20 -d"|"`
V21=`echo $DATA|/usr/bin/cut -f21 -d"|"`
V22=`echo $DATA|/usr/bin/cut -f22 -d"|"`
V23=`echo $DATA|/usr/bin/cut -f23 -d"|"`
V24=`echo $DATA|/usr/bin/cut -f24 -d"|"`
V25=`echo $DATA|/usr/bin/cut -f25 -d"|"`
while [[ $V25 != "" ]]; do
# Section has an also clause that need to be processed
SCTN=`echo $V25 | /usr/bin/cut -f1 -d ","` # No -s option needed here
V25=`echo $V25 | /usr/bin/cut -f2- -s -d ","` # -s option is needed here
# Search for the also section from here to end
integer j=i+1
integer found=0
while [[ $j < $NUM_TUNNELS ]]; do
S=${TUNN_INFO[$j]}
NEW_NAME=`echo $S|/usr/bin/cut -f1 -d"|"`
if [[ $NEW_NAME = $SCTN ]]; then
# Found section, now update with new values if no value
# is given by the user
if [[ $V02 = "" ]];then V02=`echo $S|/usr/bin/cut -f2 -d"|"`; fi
if [[ $V03 = "" ]];then V03=`echo $S|/usr/bin/cut -f3 -d"|"`; fi
if [[ $V04 = "" ]];then V04=`echo $S|/usr/bin/cut -f4 -d"|"`; fi
if [[ $V05 = "" ]];then V05=`echo $S|/usr/bin/cut -f5 -d"|"`; fi
if [[ $V06 = "" ]];then V06=`echo $S|/usr/bin/cut -f6 -d"|"`; fi
if [[ $V07 = "" ]];then V07=`echo $S|/usr/bin/cut -f7 -d"|"`; fi
if [[ $V08 = "" ]];then V08=`echo $S|/usr/bin/cut -f8 -d"|"`; fi
if [[ $V09 = "" ]];then V09=`echo $S|/usr/bin/cut -f9 -d"|"`; fi
if [[ $V10 = "" ]];then V10=`echo $S|/usr/bin/cut -f10 -d"|"`; fi
if [[ $V11 = "" ]];then V11=`echo $S|/usr/bin/cut -f11 -d"|"`; fi
if [[ $V12 = "" ]];then V12=`echo $S|/usr/bin/cut -f12 -d"|"`; fi
if [[ $V13 = "" ]];then V13=`echo $S|/usr/bin/cut -f13 -d"|"`; fi
if [[ $V14 = "" ]];then V14=`echo $S|/usr/bin/cut -f14 -d"|"`; fi
if [[ $V15 = "" ]];then V15=`echo $S|/usr/bin/cut -f15 -d"|"`; fi
if [[ $V16 = "" ]];then V16=`echo $S|/usr/bin/cut -f16 -d"|"`; fi
if [[ $V17 = "" ]];then V17=`echo $S|/usr/bin/cut -f17 -d"|"`; fi
if [[ $V18 = "" ]];then V18=`echo $S|/usr/bin/cut -f18 -d"|"`; fi
if [[ $V19 = "" ]];then V19=`echo $S|/usr/bin/cut -f19 -d"|"`; fi
if [[ $V20 = "" ]];then V20=`echo $S|/usr/bin/cut -f20 -d"|"`; fi
if [[ $V21 = "" ]];then V21=`echo $S|/usr/bin/cut -f21 -d"|"`; fi
if [[ $V22 = "" ]];then V22=`echo $S|/usr/bin/cut -f22 -d"|"`; fi
if [[ $V23 = "" ]];then V23=`echo $S|/usr/bin/cut -f23 -d"|"`; fi
if [[ $V24 = "" ]];then V24=`echo $S|/usr/bin/cut -f24 -d"|"`; fi
j=$NUM_TUNNELS # Gets out of the loop
found=found+1 # Found the section
fi
j=j+1
done
if [ $found = 0 ]; then
echo "Warning: Section $SCTN not found. Ignoring $SCTN"
fi
done
# Update all uninitalized parameters with default values
if [[ $V02 = "" ]]; then V02=$DEF02; fi
if [[ $V03 = "" ]]; then V03=$DEF03; fi
if [[ $V04 = "" ]]; then V04=$DEF04; fi
if [[ $V15 = "" ]]; then V15=$DEF15; fi
if [[ $V16 = "" ]]; then V16=$DEF16; fi
if [[ $V17 = "" ]]; then V17=$DEF15; fi
if [[ $V18 = "" ]]; then V18=$DEF18; fi
if [[ $V19 = "" ]]; then V19=$DEF19; fi
if [[ $V20 = "" ]]; then V20=$DEF20; fi
if [[ $V21 = "" ]]; then V21=$DEF21; fi
if [[ $V22 = "" ]]; then V22=$DEF22; fi
if [[ $V23 = "" ]]; then V23=$DEF23; fi
INFO="$V01|$V02|$V03|$V04|$V05|$V06|$V07|$V08|$V09"
INFO="$INFO|$V10|$V11|$V12|$V13|$V14|$V15|$V16|$V17"
INFO="$INFO|$V18|$V19|$V20|$V21|$V22|$V23|$V24|$V25"
# Write back the tunnel information
TUNN_INFO[$i]="$INFO"
fi
i=i+1
done
integer i=0
while [[ $i < $NUM_TUNNELS ]]; do
# Read tunnel data
DATA=${TUNN_INFO[$i]}
V01=`echo $DATA|/usr/bin/cut -f1 -d"|"`
if [[ $V01 != "%default" ]]; then
V02=`echo $DATA|/usr/bin/cut -f2 -d"|"`
V03=`echo $DATA|/usr/bin/cut -f3 -d"|"`
V04=`echo $DATA|/usr/bin/cut -f4 -d"|"`
V05=`echo $DATA|/usr/bin/cut -f5 -d"|"`
V06=`echo $DATA|/usr/bin/cut -f6 -d"|"`
V07=`echo $DATA|/usr/bin/cut -f7 -d"|"`
V08=`echo $DATA|/usr/bin/cut -f8 -d"|"`
V09=`echo $DATA|/usr/bin/cut -f9 -d"|"`
V10=`echo $DATA|/usr/bin/cut -f10 -d"|"`
V11=`echo $DATA|/usr/bin/cut -f11 -d"|"`
V12=`echo $DATA|/usr/bin/cut -f12 -d"|"`
V13=`echo $DATA|/usr/bin/cut -f13 -d"|"`
V14=`echo $DATA|/usr/bin/cut -f14 -d"|"`
V15=`echo $DATA|/usr/bin/cut -f15 -d"|"`
V16=`echo $DATA|/usr/bin/cut -f16 -d"|"`
V17=`echo $DATA|/usr/bin/cut -f17 -d"|"`
V18=`echo $DATA|/usr/bin/cut -f18 -d"|"`
V19=`echo $DATA|/usr/bin/cut -f19 -d"|"`
V20=`echo $DATA|/usr/bin/cut -f20 -d"|"`
V21=`echo $DATA|/usr/bin/cut -f21 -d"|"`
V22=`echo $DATA|/usr/bin/cut -f22 -d"|"`
V23=`echo $DATA|/usr/bin/cut -f23 -d"|"`
V24=`echo $DATA|/usr/bin/cut -f24 -d"|"`
V25=`echo $DATA|/usr/bin/cut -f25 -d"|"`
if [[ $V06 != "" ]]; then LOCAL=$V06; else LOCAL=$V05; fi
if [[ $V11 != "" ]]; then REMOTE=$V11; else REMOTE=$V10; fi
if [[ ( $LOCAL != "" ) && ( $REMOTE != "" ) ]]; then
DATA=`/usr/bin/grep $LOCAL $KEY_FILE|/usr/bin/grep $REMOTE`
if [[ $? = 0 ]]; then
V24=`echo $DATA|/usr/bin/cut -f2 -d"\""`
fi
fi
INFO="$V01|$V02|$V03|$V04|$V05|$V06|$V07|$V08|$V09"
INFO="$INFO|$V10|$V11|$V12|$V13|$V14|$V15|$V16|$V17"
INFO="$INFO|$V18|$V19|$V20|$V21|$V22|$V23|$V24|$V25"
# Write back the tunnel information
TUNN_INFO[$i]="$INFO"
fi
i=i+1
done
}
###############################################################################
# Parses linux config file and populates the internal structure with tunnel info
###############################################################################
function ReadIpsecConf {
FIRST="y"
integer RETURN_CODE=0
InitializeData
while [ $RETURN_CODE -eq 0 ]
do
read DATA
RETURN_CODE=$?
CMNT=`echo $DATA|/usr/bin/cut -c1`
if [[ ( $RETURN_CODE -eq 0 ) && ( $DATA != "" ) && ( $CMNT != "#" ) ]]
then
PARAM=`echo $DATA|/usr/bin/cut -f1 -d" "`
VALUE=`echo $DATA|/usr/bin/cut -f2 -d" "`
case $PARAM in
conn) if [[ $FIRST = "y" ]]; then FIRST="n"
else SaveData
fi
TUNN_NAME=$VALUE;;
*) PARAM=`echo $DATA|/usr/bin/cut -f1 -d"="`
VALUE=`echo $DATA|/usr/bin/cut -f2- -d"="`
case $PARAM in
also) ALSO=$ALSO,$VALUE;;
type) TYPE=$VALUE;;
compress) COMPRESS=$VALUE;;
auto) AUTO=$VALUE;;
left) LEFT=$VALUE;;
leftid) LEFTID=$VALUE;;
leftsubnet) LEFTSUBNET=$VALUE;;
leftnexthop) LEFTNEXTHOP=$VALUE;;
leftupdown) LEFTUPDOWN=$VALUE;;
right) RIGHT=$VALUE;;
rightid) RIGHTID=$VALUE;;
rightsubnet) RIGHTSUBNET=$VALUE;;
rightnexthop) RIGHTNEXTHOP=$VALUE;;
rightupdown) RIGHTUPDOWN=$VALUE;;
keyexchange) KEYEXCHANGE=$VALUE;;
auth) AUTH=$VALUE;;
authby) AUTHBY=$VALUE;;
pfs) PFS=$VALUE;;
keylife) KEYLIFE=$VALUE;;
rekeymargin) REKEYMARGIN=$VALUE;;
rekeyfuzz) REKEYFUZZ=$VALUE;;
keyingtries) KEYINGTRIES=$VALUE;;
ikelifetime) IKELIFETIME=$VALUE;;
interfaces) INTERFACES=$VALUE;;
key) KEY=$VALUE;;
forwardcontrol) FORWARDCONTROL=$VALUE;;
syslog) SYSLOG=$VALUE;;
klipsdebug) KLIPSDEBUG=$VALUE;;
plutodebug) PLUTODEBUG=$VALUE;;
dumpdir) DUMPDIR=$VALUE;;
dump) DUMP=$VALUE;;
pluto) PLUTO=$VALUE;;
plutoload) PLUTOLOAD=$VALUE;;
plutostart) PLUTOSTART=$VALUE;;
plutowait) PLUTOWAIT=$VALUE;;
plutobackgroundload) PLUTOBGD=$VALUE;;
prepluto) PREPLUTO=$VALUE;;
postpluto) POSTPLUTO=$VALUE;;
fragicmp) FRAGICMP=$VALUE;;
no_eroute_pass) NO_EROUTE_PASS=$VALUE;;
opportunistic) OPPORTUNISTIC=$VALUE;;
uniqueids) UNIQUEIDS=$VALUE;;
*) ;;
esac ;;
esac
fi
done
if [[ $FIRST != "y" ]]; then
SaveData
fi
ProcessTunnelData
}
###############################################################################
# Generates XML for the Phase1 Policy
###############################################################################
function GenerateXML_Phase1Policy {
/usr/bin/cat << EOD
EOD
}
###############################################################################
# Generates XML for the Phase1 Tunnel
###############################################################################
function GenerateXML_Phase1Tunnel {
GenerateXML_Phase1Policy
case $LEFTID in
"") LOCALID=IPV4_Address;;
*) LOCALID=FQDN;;
esac
case $RIGHTID in
"") REMOTEID=IPV4_Address;;
*) REMOTEID=FQDN;;
esac
if [[ $LEFT = "" ]]; then
# The following line looks wrong, because there is no recovery
# mechanism in case the user gives an invalid FQDN (causing the
# "/usr/bin/host" command to fail), but I cannot find a code path that
# actually executes this line. -Dave
LEFT=`/usr/bin/host $LEFTID | /usr/bin/awk '{print $3}'|/usr/bin/cut -f1 -d","`
fi
if [[ $RIGHT = "" ]]; then
RIGHT=`/usr/bin/host $RIGHTID | /usr/bin/awk '{print $3}'|/usr/bin/cut -f1 -d","`
fi
# check and see whether the ids are ipaddress or fqdns
if [[ $LEFT = $LEFTID ]]; then LOCALID=IPV4_Address; fi
if [[ $RIGHT = $RIGHTID ]]; then REMOTEID=IPV4_Address; fi
LOCALIDVAL=""
REMOTEIDVAL=""
PK_REMOTEIDVAL=""
OP_IPVAL="No"
case $LOCALID in
FQDN) LOCALIDVAL="
$LOCALIDVAL
";;
esac
case $REMOTEID in
FQDN) REMOTEIDVAL="
$REMOTEIDVAL
"
PK_REMOTEIDVAL=""
OP_IPVAL="Yes";;
esac
/usr/bin/cat << EOD
$LOCALIDVAL
$REMOTEIDVAL
$PK_REMOTEIDVAL
EOD
}
###############################################################################
# Generates XML for the Phase2 policy
###############################################################################
function GenerateXML_Phase2_Policy {
case $AUTH in
ah) PROTOCOL="AH"; AUTHPROT="AH_"
PROTOCOL_TAG="IPSecAHProtocol";;
esp) PROTOCOL="ESP"; AUTHPROT="HMAC-"
PROTOCOL_TAG="IPSecESPProtocol
ESP_Encryption=\"ESP_3DES\"";;
esac
/usr/bin/cat << EOD
<$PROTOCOL_TAG
${PROTOCOL}_Authentication="${AUTHPROT}SHA"
${PROTOCOL}_EncapsulationMode="$TYPE"
${PROTOCOL}_KeyRefreshMinutes="$P2REFRESHVAL"/>
<$PROTOCOL_TAG
${PROTOCOL}_Authentication="${AUTHPROT}MD5"
${PROTOCOL}_EncapsulationMode="$TYPE"
${PROTOCOL}_KeyRefreshMinutes="$P2REFRESHVAL"/>
EOD
}
###############################################################################
# Generates the local or remote XML for a host Phase2 tunnel
###############################################################################
function GenerateHostXML {
LOC=$1
IPADDR=$2
/usr/bin/cat << EOD
EOD
}
###############################################################################
# Generates the local or remote XML for a subnet Phase2 tunnel
###############################################################################
function GenerateSubnetXML {
LOC=$1
SUBNET=$2
IPADDR=`echo $SUBNET|/usr/bin/cut -f1 -d"/"`
MASK=`echo $SUBNET|/usr/bin/cut -f2 -d"/"`
case $MASK in
0) MASK="0.0.0.0";;
1) MASK="128.0.0.0";;
2) MASK="192.0.0.0";;
3) MASK="224.0.0.0";;
4) MASK="240.0.0.0";;
5) MASK="248.0.0.0";;
6) MASK="252.0.0.0";;
7) MASK="254.0.0.0";;
8) MASK="255.0.0.0";;
9) MASK="255.128.0.0";;
10) MASK="255.192.0.0";;
11) MASK="255.224.0.0";;
12) MASK="255.240.0.0";;
13) MASK="255.248.0.0";;
14) MASK="255.252.0.0";;
15) MASK="255.254.0.0";;
16) MASK="255.255.0.0";;
17) MASK="255.255.128.0";;
18) MASK="255.255.192.0";;
19) MASK="255.255.224.0";;
20) MASK="255.255.240.0";;
21) MASK="255.255.248.0";;
22) MASK="255.255.252.0";;
23) MASK="255.255.254.0";;
24) MASK="255.255.255.0";;
25) MASK="255.255.255.128";;
26) MASK="255.255.255.192";;
27) MASK="255.255.255.224";;
28) MASK="255.255.255.240";;
29) MASK="255.255.255.248";;
30) MASK="255.255.255.252";;
31) MASK="255.255.255.254";;
32) MASK="255.255.255.255";;
esac
/usr/bin/cat << EOD
EOD
}
###############################################################################
# Generates the XML for a Phase2 tunnel
###############################################################################
function GenerateXML_Phase2Tunnel {
GenerateXML_Phase2_Policy
/usr/bin/cat << EOD
EOD
case $LEFTSUBNET in
"") GenerateHostXML Local $LEFT ;;
*) GenerateSubnetXML Local $LEFTSUBNET ;;
esac
case $RIGHTSUBNET in
"") GenerateHostXML Remote $RIGHT ;;
*) GenerateSubnetXML Remote $RIGHTSUBNET ;;
esac
echo ""
}
###############################################################################
# Initializes tunnel definitions to the default values. Used by ReadIpsecConf
###############################################################################
function GenerateXML {
integer i=0
echo ""
echo ""
echo ""
echo ""
while [[ $i < $NUM_TUNNELS ]]; do
DATA=${TUNN_INFO[$i]}
TUNN_NAME=`echo $DATA|/usr/bin/cut -f1 -d"|"`
TYPE=`echo $DATA|/usr/bin/cut -f2 -d"|"`
COMPRESS=`echo $DATA|/usr/bin/cut -f3 -d"|"`
AUTO=`echo $DATA|/usr/bin/cut -f4 -d"|"`
LEFT=`echo $DATA|/usr/bin/cut -f5 -d"|"`
LEFTID=`echo $DATA|/usr/bin/cut -f6 -d"|"`
LEFTSUBNET=`echo $DATA|/usr/bin/cut -f7 -d"|"`
LEFTNEXTHOP=`echo $DATA|/usr/bin/cut -f8 -d"|"`
LEFTUPDOWN=`echo $DATA|/usr/bin/cut -f9 -d"|"`
RIGHT=`echo $DATA|/usr/bin/cut -f10 -d"|"`
RIGHTID=`echo $DATA|/usr/bin/cut -f11 -d"|"`
RIGHTSUBNET=`echo $DATA|/usr/bin/cut -f12 -d"|"`
RIGHTNEXTHOP=`echo $DATA|/usr/bin/cut -f13 -d"|"`
RIGHTUPDOWN=`echo $DATA|/usr/bin/cut -f14 -d"|"`
KEYEXCHANGE=`echo $DATA|/usr/bin/cut -f15 -d"|"`
AUTH=`echo $DATA|/usr/bin/cut -f16 -d"|"`
AUTHBY=`echo $DATA|/usr/bin/cut -f17 -d"|"`
PFS=`echo $DATA|/usr/bin/cut -f18 -d"|"`
KEYLIFE=`echo $DATA|/usr/bin/cut -f19 -d"|"`
REKEYMARGIN=`echo $DATA|/usr/bin/cut -f20 -d"|"`
REKEYFUZZ=`echo $DATA|/usr/bin/cut -f21 -d"|"`
KEYINGTRIES=`echo $DATA|/usr/bin/cut -f22 -d"|"`
IKELIFETIME=`echo $DATA|/usr/bin/cut -f23 -d"|"`
KEY=`echo $DATA|/usr/bin/cut -f24 -d"|"`
i=$i+1
case $PFS in
no) PFSVAL=0;;
*) PFSVAL=2;;
esac
P1REFRESHUNIT=`echo $IKELIFETIME|/usr/bin/sed 's/\([0-9][0-9]*\)\(.\)$/\2/'`
P1REFRESHVAL=`echo $IKELIFETIME|/usr/bin/sed 's/\([0-9][0-9]*\)\(.\)$/\1/'`
case $P1REFRESHUNIT in
d) integer P1REFRESHVAL=$P1REFRESHVAL*24*60;;
h) integer P1REFRESHVAL=$P1REFRESHVAL*60;;
m) integer P1REFRESHVAL=$P1REFRESHVAL;;
s) integer P1REFRESHVAL=$P1REFRESHVAL/60;;
*) ;;
esac
P2REFRESHUNIT=`echo $KEYLIFE|/usr/bin/sed 's/\([0-9][0-9]*\)\(.\)$/\2/'`
P2REFRESHVAL=`echo $KEYLIFE|/usr/bin/sed 's/\([0-9][0-9]*\)\(.\)$/\1/'`
case $P2REFRESHUNIT in
d) integer P2REFRESHVAL=$P2REFRESHVAL*24*60;;
h) integer P2REFRESHVAL=$P2REFRESHVAL*60;;
m) integer P2REFRESHVAL=$P2REFRESHVAL;;
s) integer P2REFRESHVAL=$P2REFRESHVAL/60;;
*) ;;
esac
HOSTNAME=`/usr/bin/hostname`
if [[ ( $TUNN_NAME != "%default" ) && \
( $LEFT != "" ) && ( $RIGHT != "" ) ]]; then
SWAP="no"
/usr/sbin/netstat -in|/usr/bin/grep $LEFT > /dev/null 2>&1
if [[ $? != 0 ]]; then
SWAP="yes"
fi
TEMP=`echo $LEFTID | /usr/bin/cut -f2 -d'@'`
if [[ $TEMP != $HOSTNAME ]]; then
SWAP="yes"
fi
if [[ $SWAP = "yes" ]]; then
TEMP=$LEFT; LEFT=$RIGHT; RIGHT=$TEMP
TEMP=$LEFTID; LEFTID=$RIGHTID; RIGHTID=$TEMP
TEMP=$LEFTSUBNET; LEFTSUBNET=$RIGHTSUBNET; RIGHTSUBNET=$TEMP
TEMP=$LEFTNEXTHOP; LEFTNEXTHOP=$RIGHTNEXTHOP; RIGHTNEXTHOP=$TEMP
TEMP=$LEFTUPDOWN; LEFTUPDOWN=$RIGHTUPDOWN; RIGHTUPDOWN=$TEMP
fi
AUTOSTART=No
if [[ $AUTO = "start" ]]; then AUTOSTART=Yes; fi
GenerateXML_Phase1Tunnel
GenerateXML_Phase2Tunnel
echo
fi
done
echo ""
}
###############################################################################
# Displays syntax of this command
###############################################################################
function ShowUsage {
echo "Usage : ikeconvert "
exit 1
}
###############################################################################
# Start of the script
###############################################################################
integer NUM_TUNNELS=0
CONFIG_FILE=/tmp/ipsec.conf.$$
if [ $# != 3 ]
then
ShowUsage $0
exit 1
fi
CNF_FILE=$1
KEY_FILE=$2
XML_FILE=$3
ProcessIncludes < $CNF_FILE > $CONFIG_FILE
ReadIpsecConf < $CONFIG_FILE
case $XML_FILE in
"-" ) GenerateXML ;;
* ) GenerateXML > $XML_FILE ;;
esac
/usr/bin/rm -rf $CONFIG_FILE
exit 0