peer2anonet changes made:

      * parse quicktun.keypair</dev/random directly to seckey variable.
      * removed y/n questions with file tests and automatic
        configuration.
      * README file updated
      * ported for autoconfig file pipes
      * some security checks created

2 files changed, 120 insertions, 48 deletions

diff --git a/contrib/peer2anonet/README b/contrib/peer2anonet/README
index 3ddecd5..8d4e73d 100644
--- a/contrib/peer2anonet/README
+++ b/contrib/peer2anonet/README
@@ -7,6 +7,8 @@
 
 SYNOPSIS:
      peer2anonet
+        -OR-
+     peer2anonet < autoconfig
 
 
 DESCRIPTION:
@@ -50,6 +52,31 @@ INSTALL AND UNINSTALL:
 
       make install-deb
 
+USAGE:
+      You may execute peer2anonet and answer configuration questions
+      via interface or pipe a file containing the new peering
+      session's specifications to the executable. peer2anonet has
+      some security checks but it is highly recommended you check
+      a autoconfig file manually before using to prevent malicious
+      attacks. An autoconfig file should be in the following format:
+      Plain text file, one block of data per line, no spaces, and
+      without including the following '<-- comments'.
+
+================== Not Actual Line on File ============================
+anon        <--your peer's alias
+1.2.3.0       <--your new anonet network address
+1.2.3.1       <--your new anonet router address
+1.2.3.2       <--your new anonet ip
+1001          <--your new anonet client port
+1230          <--you new asn
+11.22.33.44   <--your peer's remote ip
+3.5.7.9       <--your peer's anonet ip
+3571          <--your peer's client port
+3570          <--your peer's asn
+3c6e0b8a9c15224a8228b9a98ca1531d <--your peer's public key
+================== Not Actual Line on File ============================ 
+
+
 CHANGES:
       Sat Jul  9 06:48:58 CDT 2011 - d3v1150m471c
       * quicktun's "EXPORT DEBUG=1" removed on peering script.
@@ -63,4 +90,15 @@ CHANGES:
       * bash added to dependencies
       * file tests with mkdir changed to `mkdir -p`... .
       * peering file removed, passes directly to run file now.
+
+      Sun Jul 10 05:47:22 CDT 2011 - d3v1150m471c
+      * makefile changed to Makefile
+      * parse quicktun.keypair</dev/random directly to seckey variable.
+      * removed y/n questions with file tests and automatic
+        configuration.
+      * README file updated
+      * ported for autoconfig file pipes
+      * some security checks created
+
+
       
diff --git a/contrib/peer2anonet/peer2anonet b/contrib/peer2anonet/peer2anonet
index 9e4d8de..a3a7b4d 100644
--- a/contrib/peer2anonet/peer2anonet
+++ b/contrib/peer2anonet/peer2anonet
@@ -2,7 +2,7 @@
 #########################################################################
 # We need to check for root privileges:
 if [[ $(id -u) != 0 ]]; then
- echo "peer2anonet: error: root priviliges required."
+ echo "peer2anonet: error: root privileges required."
  exit 1
 fi
 
@@ -13,10 +13,16 @@ mkdir -p /services/bird
 mkdir -p /service
 
 #########################################################################
-# See if we need new keys:
-read -p "Would you like to generate new keys? [y/n]: " ASK
-[[ $ASK == *y* ]] && quicktun.keypair</dev/random && echo
-[[ $ASK == *Y* ]] && quicktun.keypair</dev/random && echo
+# Generate new keys:
+KEYS=`quicktun.keypair</dev/random`
+SECKEY=`echo $KEYS | head -1`
+YPUBKEY=`echo $KEYS | head -2 | tail -1`
+echo "
+peer2anonet: your public key is:
+
+$YPUBKEY
+
+"
 
 #########################################################################
 # We need to get info for the new peering and BGP session:
@@ -30,10 +36,70 @@ read -p "Enter your peer remote ip: " REMOTEIP
 read -p "Enter your peer anonet ip: " PEERIP
 read -p "Enter your peer remote port: " PEERPORT
 read -p "Enter your peer asn: " PEERASN
-read -p "Enter your secret key: " SECKEY
 read -p "Enter your peer's public key: " PUBKEY
 
 #########################################################################
+# Do some security checks on variables:
+TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP
+TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP
+                   TEST[8]=$PEERPORT; TEST[9]=$PEERASN
+
+SECURE() {
+          echo "peer2anonet: error: possible malicious code detected"
+          echo "offending data: $CHECK"
+          exit 1
+         }
+          
+
+for CHECK in ${TEST[@]}; do
+[[ $CHECK == *'rm '* ]] && SECURE
+[[ $CHECK == *'mail '* ]] && SECURE
+[[ $CHECK == *'cp '* ]] && SECURE
+[[ $CHECK == *'mv '* ]] && SECURE
+[[ $CHECK == *'ipconfig'* ]] && SECURE
+[[ $CHECK == *'iwconfig'* ]] && SECURE
+[[ $CHECK == *'ping '* ]] && SECURE
+[[ $CHECK == *'make '* ]] && SECURE
+[[ $CHECK == *'install'* ]] && SECURE
+[[ $CHECK == *'uninstall'* ]] && SECURE
+[[ $CHECK == *'map '* ]] && SECURE
+[[ $CHECK == *'su '* ]] && SECURE
+[[ $CHECK == *'sudo'* ]] && SECURE
+[[ $CHECK == *'$'* ]] && SECURE
+[[ $CHECK == *'!'* ]] && SECURE
+[[ $CHECK == *'echo'* ]] && SECURE
+[[ $CHECK == *'netcat'* ]] && SECURE
+[[ $CHECK == *'id '* ]] && SECURE
+[[ $CHECK == *'source'* ]] && SECURE
+[[ $CHECK == *'alias '* ]] && SECURE
+[[ $CHECK == *'passwd'* ]] && SECURE
+[[ $CHECK == *'user'* ]] && SECURE
+[[ $CHECK == *'bash'* ]] && SECURE
+[[ $CHECK == *'ls '* ]] && SECURE
+[[ $CHECK == *'ssh'* ]] && SECURE
+[[ $CHECK == *'nc '* ]] && SECURE
+[[ $CHECK == *'telnet'* ]] && SECURE
+[[ $CHECK == *'rdesktop'* ]] && SECURE
+[[ $CHECK == *'iptables'* ]] && SECURE
+[[ $CHECK == *'}'* ]] && SECURE
+[[ $CHECK == *'{'* ]] && SECURE
+[[ $CHECK == *'['* ]] && SECURE
+[[ $CHECK == *']'* ]] && SECURE
+[[ $CHECK == *'('* ]] && SECURE
+[[ $CHECK == *')'* ]] && SECURE
+[[ $CHECK == *'exec'* ]] && SECURE
+[[ $CHECK == *'dash'* ]] && SECURE
+[[ $CHECK == *'perl'* ]] && SECURE
+[[ $CHECK == *'python'* ]] && SECURE
+[[ $CHECK == *'netstat'* ]] && SECURE
+[[ $CHECK == *'sockstat'* ]] && SECURE
+[[ $CHECK == *'>'* ]] && SECURE
+[[ $CHECK == *'<'* ]] && SECURE
+[[ $CHECK == *'/'* ]] && SECURE
+[[ $CHECK == *'kill'* ]] && SECURE
+done
+
+#########################################################################
 # We need to check if base files need to be imported to services for bird:
 NEW_PROTOCOL="
 protocol bgp $PEERNAME'_bgp' { table AnoNet_routes;
@@ -96,49 +162,18 @@ protocol direct direct_AnoNet_routes { table AnoNet_routes;
  import filter only_AnoNet;
 }"
 
-while true; do
- read -p "Is this your first peering session?" ASK
- if [[ $ASK == *y* ]]; then
-  echo "$BIRD_CONF" > /services/bird/bird.conf
-  echo "$BIRD_RUN" > /services/bird/run
-  chmod +x /services/bird/run
-  echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
-  break
- elif [[ $ASK == *Y* ]]; then
-  echo "$BIRD_CONF" > /services/bird/bird.conf
-  echo "$BIRD_RUN" > /services/bird/run
-  chmod +x /services/bird/run
-  echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
-  break
- elif [[ $ASK == *n* ]]; then
-  break
- elif [[ $ASK == *N* ]]; then
-  break
- fi
-done
+
+
+test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf
+test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run
+chmod +x /services/bird/run
+echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
 
 #########################################################################
 # We need to check if this peering session already exists:
-if [ -e /services/"$PEERNAME" ]; then
- while true; do
-  read -p "$PEERNAME already exists, would you like to replace it? [y/n]: " ASK
-  if [[ $ASK == *y* ]]; then
-   rm -r /services/"$PEERNAME"
-   mkdir /services/"$PEERNAME"
-   break
-  elif [[ $ASK == *Y* ]]; then
-   rm -r /services/"$PEERNAME"
-   mkdir /services/"$PEERNAME"
-   break
-  elif [[ $ASK == *n* ]]; then
-   exit 0
-  elif [[ $ASK == *N* ]]; then
-   exit 0
-  fi
- done 
-else
- mkdir /services/"$PEERNAME"
-fi
+test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME"
+mkdir -p /services/"$PEERNAME"
+
 
 #########################################################################
 # Create files to configure the new peering session:
@@ -146,7 +181,7 @@ echo "#!/bin/sh
 export REMOTE_ADDRESS=$REMOTEIP
 export REMOTE_PORT=$PEERPORT
 export LOCAL_PORT=$YOURPORT
-export PRIVATE_KEY=$SECKEY
+export PRIVATE_KEY=${SECKEY/'SECRET: /}
 export PUBLIC_KEY=$PUBKEY
 export TUN_MODE=1
 export INTERFACE=ppp-$PEERNAME
@@ -161,7 +196,6 @@ chmod +x /services/"$PEERNAME"/run
 #########################################################################
 # Configure and start our new peering session:
 ln -s /services/"$PEERNAME" /service/
-echo
 echo "peer2anonet: New peering session configured
 "
 exit 0