class OpBase():
# Base case is reading a sites file from self.inputfilee.
- def read_in(self):
- if self.inputfile is None:
- pfile("stdin",sys.stdin.readlines())
- else:
- pfilepath(self.inputfile)
-
-class OpConf(OpBase):
- def is_service(self): return 0
+ # And writing a sites file to self.sitesfile.
def positional_args(self, av):
if len(av.arg)>3:
print("Too many arguments")
sys.exit(1)
(self.inputfile, self.outputfile) = (av.arg + [None]*2)[0:2]
+ def read_in(self):
+ if self.inputfile is None:
+ self.inputlines = pfile("stdin",sys.stdin.readlines())
+ else:
+ self.inputlines = pfilepath(self.inputfile)
+ def write_out(self):
+ if self.outputfile is None:
+ f=sys.stdout
+ else:
+ f=open(self.outputfile+"-tmp",'w')
+ f.write("# sites file autogenerated by make-secnet-sites\n")
+ self.write_out_heading(f)
+ f.write("# use make-secnet-sites to turn this file into a\n")
+ f.write("# valid /etc/secnet/sites.conf file\n\n")
+ self.write_out_contents(f)
+ f.write("# end of sites file\n")
+ if self.outputfile is not None:
+ f.close()
+ os.rename(self.outputfile+"-tmp",self.outputfile)
+
+class OpConf(OpBase):
+ opts = ['--conf']
+ help = 'sites.conf generation mode (default)'
def check_group(self,group,w): pass
def write_out(self):
if self.outputfile is None:
if self.outputfile is not None:
os.rename(tmp_outputfile,self.outputfile)
+class OpFilter(OpBase):
+ opts = ['--filter']
+ help = 'sites file filtering mode'
+ def positional_arXgs(self, av):
+ if len(av.arg)!=1:
+ print("Too many arguments")
+ (self.inputfile,) = (av.arg + [None])[0:1]
+ self.outputfile = None
+ def write_out_heading(self,f):
+ f.write("# --filter --output-version=%d\n"%output_version)
+ def write_out_contents(self,f):
+ for i in self.inputlines: f.write(i)
+
class OpUserv(OpBase):
opts = ['--userv','-u']
help = 'userv service fragment update mode'
- def is_service(self): return 1
def positional_args(self, av):
if len(av.arg)!=4:
print("Wrong number of arguments")
sys.exit(1)
(self.header, self.groupfiledir,
- self.sitesfile, self.group) = av.arg
+ self.outputfile, self.group) = av.arg
self.group = Tainted(self.group,0,'command line')
# untrusted argument from caller
if "USERV_USER" not in os.environ:
f.close()
os.rename(self.groupfiledir+"/T"+self.group.groupname(),
self.groupfiledir+"/R"+self.group.groupname())
- f=open(self.sitesfile+"-tmp",'w')
- f.write("# sites file autogenerated by make-secnet-sites\n")
+ OpBase.write_out(self)
+ def write_out_heading(self,f):
f.write("# generated %s, invoked by %s\n"%
(time.asctime(time.localtime(time.time())),
self.user))
- f.write("# use make-secnet-sites to turn this file into a\n")
- f.write("# valid /etc/secnet/sites.conf file\n\n")
+ def write_out_contents(self,f):
for i in self.headerinput: f.write(i)
files=os.listdir(self.groupfiledir)
for i in files:
j=open(self.groupfiledir+"/"+i)
f.write(j.read())
j.close()
- f.write("# end of sites file\n")
- f.close()
- os.rename(self.sitesfile+"-tmp",self.sitesfile)
-
def parse_args():
global opmode
- global service
global prefix
global key_prefix
global debug_level
nargs=0,
fn=(lambda v,ns,*x: setattr(ns,'opmode',how)),
help=how().help)
+ add_opmode(OpConf)
+ add_opmode(OpFilter)
add_opmode(OpUserv)
ap.add_argument('--conf-key-prefix', action=ActionNoYes,
default=True,
debug_level = av.debug
debugrepr('av',av)
opmode = getattr(av,'opmode',OpConf)()
- service = opmode.is_service()
prefix = '' if av.prefix is None else av.prefix[0]
key_prefix = av.conf_key_prefix
output_version = av.output_version[0]
def __str__(self):
return ",".join(map((lambda n: '"%s"'%n), self.set.networks()))
-class dhgroup (basetype):
+class trad_dhgroup (basetype):
"A Diffie-Hellman group"
def __init__(self,w):
self.mod=w[1].bignum_16('dh','dh mod')
self.gen=w[2].bignum_16('dh','dh gen')
def __str__(self):
return 'diffie-hellman("%s","%s")'%(self.mod,self.gen)
+def dhgroup(w):
+ if w[1] in ('x25519', 'x448'): return w[1]
+ else: return trad_dhgroup(w)
class hash (basetype):
"A choice of hash function"
def __init__(self,w):
hname=w[1]
self.ht=hname.raw()
- if (self.ht!='md5' and self.ht!='sha1'):
+ if (self.ht not in ('md5', 'sha1', 'sha512')):
complain("unknown hash type %s"%(self.ht))
self.ht=None
else:
# Possible properties of configuration nodes
keywords={
'contact':(email,"Contact address"),
- 'dh':(dhgroup,"Diffie-Hellman group"),
+ 'dh':(listof(dhgroup),"Diffie-Hellman group"),
'hash':(hash,"Hash function"),
'key-lifetime':(num,"Maximum key lifetime (ms)"),
'setup-timeout':(num,"Key setup timeout (ms)"),