HEX
Server: Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips
System: Linux WORDPRESS 3.10.0-1160.118.1.el7.x86_64 #1 SMP Thu Apr 4 03:33:23 EDT 2024 x86_64
User: digital (1020)
PHP: 7.2.24
Disabled: NONE
$ pwd: /usr/libexec/ipsec/
Upload Files
File: //usr/libexec/ipsec/newhostkey
#! /bin/sh
#
# generate new key for this host
#
# Copyright (C) 2001, 2002  Henry Spencer.
# Copyright (C) 2014 Paul Wouters <[email protected]>
# Copyright (C) 2014, 2016 Tuomo Soini <[email protected]>
# Copyright (C) 2016, Andrew Cagney <[email protected]>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#

me="ipsec newhostkey"
usage="Usage: $me [--output filename] [--seeddev device] [--bits n] \\
    [--quiet] [--hostname host] [--nssdir /etc/ipsec.d] [--password password] "

bits=
verbose=
host=
seeddev="--seeddev /dev/random"
output=
nssdir="/etc/ipsec.d"
password=
for dummy; do
    case "$1" in
	--bits)
	    bits="${2}"
	    shift
	    ;;
	--quiet)
	    verbose=
	    ;;
	--hostname)
	    host="--hostname ${2}"
	    shift
	    ;;
	--output)
	    output="${2}"
	    shift
	    ;;
	--verbose)
	    verbose="--verbose"
	    ;;
	--version)
	    echo "${me} $IPSEC_VERSION"
	    exit 0
	    ;;
	--random)
	    echo "${me} warning: --random is obsoleted, using --seeddev" >&2
	    seeddev="--seeddev ${2}"
	    shift
	    ;;
	--seeddev)
	    seeddev="--seeddev ${2}"
	    shift
	    ;;
	--configdir)
	    echo "${me} warning: --configdir is obsoleted, use --nssdir" >&2
	    nssdir="${2}"
	    shift
	    ;;
	--nssdir)
	    nssdir="${2}"
	    shift
	    ;;
	--password)
	    password="--password ${2}"
	    shift
	    ;;
	--help)
	    echo "$usage"
	    exit 0
	    ;;
	--)
	    shift
	    break
	    ;;
	-*)
	    echo "${me}: unknown option \`$1'" >&2
	    exit 2
	    ;;
	*)
	    break
	    ;;
    esac
    shift
done

if [ -n "${output}" -a -d "${output}" ]; then
    echo "ERROR: output file should be a secrets file, not a directory"
    exit 255
fi

if [ -n "${output}" -a -s "${output}" ]; then
    printf "%s: WARNING: file \"%s\" exists, appending to it\n" "${0}" "${output}" >&2
fi

if [ ! -d ${nssdir} ]; then
    echo "No such directory: ${nssdir}"
    exit 255
fi

certutil -L -d "sql:${nssdir}" >/dev/null 2>/dev/null
RETVAL=$?
if [ ${RETVAL} -eq 255 ]; then
    echo "NSS database in ${nssdir} not initialized."
    echo "    Please run 'ipsec initnss --nssdir ${nssdir}'"
    exit 255
fi

key=$(ipsec rsasigkey ${verbose} ${seeddev} --nssdir ${nssdir} ${password} ${host} ${bits})
RETVAL=$?
if [ ${RETVAL} -ne 0 ]; then
    exit ${RETVAL}
fi

out()
(
    echo ': RSA	{'
    printf "%s\n" "${key}"
    echo '	}'
    echo '# do not change the indenting of that "}"'
)

# Write out the #ckaid= and #pubkey= lines
# echo "${key}" | sed -n 's/.*#\([a-z]*)=/\1/p'

if [ -n "${output}" ]; then
    umask 077
    TEMPFILE=$(mktemp ${output}.XXXXXXX)
    RETVAL=$?
    if [ ${RETVAL} -gt 0 ]; then
	echo "${me}: error creating temporary file, aborting" >&2
	exit ${RETVAL}
    fi
    if [ -f ${output} ]; then
       cat ${output} >> ${TEMPFILE}
    fi
    out >> ${TEMPFILE}
    mv ${TEMPFILE} ${output}
fi
@ Telegram