class OpBase():
# Base case is reading a sites file from self.inputfilee.
# And writing a sites file to self.sitesfile.
+ def positional_args(self, av):
+ if len(av.arg)>3:
+ print("Too many arguments")
+ sys.exit(1)
+ (self.inputfile, self.outputfile) = (av.arg + [None]*2)[0:2]
def read_in(self):
if self.inputfile is None:
self.inputlines = pfile("stdin",sys.stdin.readlines())
else:
self.inputlines = pfilepath(self.inputfile)
def write_out(self):
- f=open(self.sitesfile+"-tmp",'w')
+ if self.outputfile is None:
+ f=sys.stdout
+ else:
+ f=open(self.outputfile+"-tmp",'w')
f.write("# sites file autogenerated by make-secnet-sites\n")
- f.write("# generated %s, invoked by %s\n"%
- (time.asctime(time.localtime(time.time())),
- self.user))
+ self.write_out_heading(f)
f.write("# use make-secnet-sites to turn this file into a\n")
f.write("# valid /etc/secnet/sites.conf file\n\n")
self.write_out_contents(f)
f.write("# end of sites file\n")
- f.close()
- os.rename(self.sitesfile+"-tmp",self.sitesfile)
+ if self.outputfile is not None:
+ f.close()
+ os.rename(self.outputfile+"-tmp",self.outputfile)
class OpConf(OpBase):
opts = ['--conf']
help = 'sites.conf generation mode (default)'
- def positional_args(self, av):
- if len(av.arg)>3:
- print("Too many arguments")
- sys.exit(1)
- (self.inputfile, self.outputfile) = (av.arg + [None]*2)[0:2]
def check_group(self,group,w): pass
def write_out(self):
if self.outputfile is None:
if self.outputfile is not None:
os.rename(tmp_outputfile,self.outputfile)
+class OpFilter(OpBase):
+ opts = ['--filter']
+ help = 'sites file filtering mode'
+ def positional_arXgs(self, av):
+ if len(av.arg)!=1:
+ print("Too many arguments")
+ (self.inputfile,) = (av.arg + [None])[0:1]
+ self.outputfile = None
+ def write_out_heading(self,f):
+ f.write("# --filter --output-version=%d\n"%output_version)
+ def write_out_contents(self,f):
+ for i in self.inputlines: f.write(i)
+
class OpUserv(OpBase):
opts = ['--userv','-u']
help = 'userv service fragment update mode'
print("Wrong number of arguments")
sys.exit(1)
(self.header, self.groupfiledir,
- self.sitesfile, self.group) = av.arg
+ self.outputfile, self.group) = av.arg
self.group = Tainted(self.group,0,'command line')
# untrusted argument from caller
if "USERV_USER" not in os.environ:
os.rename(self.groupfiledir+"/T"+self.group.groupname(),
self.groupfiledir+"/R"+self.group.groupname())
OpBase.write_out(self)
+ def write_out_heading(self,f):
+ f.write("# generated %s, invoked by %s\n"%
+ (time.asctime(time.localtime(time.time())),
+ self.user))
def write_out_contents(self,f):
for i in self.headerinput: f.write(i)
files=os.listdir(self.groupfiledir)
fn=(lambda v,ns,*x: setattr(ns,'opmode',how)),
help=how().help)
add_opmode(OpConf)
+ add_opmode(OpFilter)
add_opmode(OpUserv)
ap.add_argument('--conf-key-prefix', action=ActionNoYes,
default=True,
def __str__(self):
return ",".join(map((lambda n: '"%s"'%n), self.set.networks()))
-class dhgroup (basetype):
+class trad_dhgroup (basetype):
"A Diffie-Hellman group"
def __init__(self,w):
self.mod=w[1].bignum_16('dh','dh mod')
self.gen=w[2].bignum_16('dh','dh gen')
def __str__(self):
return 'diffie-hellman("%s","%s")'%(self.mod,self.gen)
+def dhgroup(w):
+ if w[1] in ('x25519', 'x448'): return w[1]
+ else: return trad_dhgroup(w)
class hash (basetype):
"A choice of hash function"
def __init__(self,w):
hname=w[1]
self.ht=hname.raw()
- if (self.ht!='md5' and self.ht!='sha1'):
+ if (self.ht not in ('md5', 'sha1', 'sha512')):
complain("unknown hash type %s"%(self.ht))
self.ht=None
else:
# Possible properties of configuration nodes
keywords={
'contact':(email,"Contact address"),
- 'dh':(dhgroup,"Diffie-Hellman group"),
+ 'dh':(listof(dhgroup),"Diffie-Hellman group"),
'hash':(hash,"Hash function"),
'key-lifetime':(num,"Maximum key lifetime (ms)"),
'setup-timeout':(num,"Key setup timeout (ms)"),
~ian / secnet.git / blobdiff