chiark / gitweb /
make-secnet-sites: New -P <prefix> option
[secnet.git] / make-secnet-sites
index 8e3ec73..c49467a 100755 (executable)
@@ -54,6 +54,7 @@ import time
 import sys
 import os
 import getopt
+import re
 
 # The ipaddr library is installed as part of secnet
 sys.path.append("/usr/local/share/secnet")
@@ -108,6 +109,18 @@ class email:
        def __str__(self):
                return '<%s>'%(self.addr)
 
+class boolean:
+       "A boolean"
+       def __init__(self,w):
+               if re.match('[TtYy1]',w[1]):
+                       self.b=True
+               elif re.match('[FfNn0]',w[1]):
+                       self.b=False
+               else:
+                       complain("invalid boolean value");
+       def __str__(self):
+               return ['False','True'][self.b]
+
 class num:
        "A decimal number"
        def __init__(self,w):
@@ -148,7 +161,8 @@ keywords={
  'networks':(networks,"Claimed networks"),
  'pubkey':(rsakey,"RSA public site key"),
  'peer':(single_ipaddr,"Tunnel peer IP address"),
- 'address':(address,"External contact address and port")
+ 'address':(address,"External contact address and port"),
+ 'mobile':(boolean,"Site is mobile"),
 }
 
 def sp(name,value):
@@ -165,7 +179,7 @@ global_properties={
        'setup-retries':sp,
        'wait-time':sp,
        'renegotiate-time':sp,
-       'restrict-nets':(lambda name,value:"# restrict-nets %s\n"%value)
+       'restrict-nets':(lambda name,value:"# restrict-nets %s\n"%value),
 }
 
 class level:
@@ -252,16 +266,17 @@ class sitelevel(level):
         'address':sp,
         'networks':None,
         'peer':None,
-        'pubkey':(lambda n,v:"key %s;\n"%v)
+        'pubkey':(lambda n,v:"key %s;\n"%v),
+        'address':None,
+        'mobile':sp,
        })
        require_properties={
         'dh':"Diffie-Hellman group",
         'contact':"Site admin contact address",
-        'address':"Site external access address",
         'networks':"Networks claimed by the site",
         'hash':"hash function",
         'peer':"Gateway address of the site",
-        'pubkey':"RSA public key of the site"
+        'pubkey':"RSA public key of the site",
        }
        def __init__(self,w):
                level.__init__(self,w)
@@ -305,6 +320,7 @@ def moan(msg):
 root=level(['root','root'])   # All vpns are children of this node
 obstack=[root]
 allow_defs=0   # Level above which new definitions are permitted
+prefix=''
 
 def set_property(obj,w):
        "Set a property on a configuration node"
@@ -314,7 +330,7 @@ def set_property(obj,w):
        else:
                obj.properties[w[0]]=keywords[w[0]][0](w)
 
-def pline(i):
+def pline(i,allow_include=False):
        "Process a configuration file line"
        global allow_defs, obstack, root
        w=string.split(i)
@@ -325,6 +341,16 @@ def pline(i):
                allow_defs=sitelevel.depth
                obstack=[root]
                return
+       if keyword=='include':
+               if not allow_include:
+                       complain("include not permitted here")
+                       return
+               if len(w) != 2:
+                       complain("include requires one argument")
+                       return
+               newfile=os.path.join(os.path.dirname(file),w[1])
+               pfilepath(newfile,allow_include=allow_include)
+               return
        if levels.has_key(keyword):
                # We may go up any number of levels, but only down by one
                newdepth=levels[keyword].depth
@@ -364,7 +390,14 @@ def pline(i):
 
        complain("unknown keyword '%s'"%(keyword))
 
-def pfile(name,lines):
+def pfilepath(pathname,allow_include=False):
+       f=open(pathname)
+       lines=f.readlines()
+       pfile(pathname,lines,allow_include=allow_include)
+       f.close()
+       return lines
+
+def pfile(name,lines,allow_include=False):
        "Process a file"
        global file,line
        file=name
@@ -373,7 +406,7 @@ def pfile(name,lines):
                line=line+1
                if (i[0]=='#'): continue
                if (i[len(i)-1]=='\n'): i=i[:len(i)-1] # strip trailing LF
-               pline(i)
+               pline(i,allow_include=allow_include)
 
 def outputsites(w):
        "Output include file for secnet configuration"
@@ -383,20 +416,21 @@ def outputsites(w):
        w.write("# Command line: %s\n\n"%string.join(sys.argv))
 
        # Raw VPN data section of file
-       w.write("vpn-data {\n")
+       w.write(prefix+"vpn-data {\n")
        for i in root.children.values():
                i.output_data(w,2,"")
        w.write("};\n")
 
        # Per-VPN flattened lists
-       w.write("vpn {\n")
+       w.write(prefix+"vpn {\n")
        for i in root.children.values():
-               i.output_vpnflat(w,2,"vpn-data")
+               i.output_vpnflat(w,2,prefix+"vpn-data")
        w.write("};\n")
 
        # Flattened list of sites
-       w.write("all-sites %s;\n"%string.join(map(lambda x:"vpn/%s/all-sites"%
-               x,root.children.keys()),","))
+       w.write(prefix+"all-sites %s;\n"%string.join(
+               map(lambda x:"%svpn/%s/all-sites"%(prefix,x),
+                       root.children.keys()),","))
 
 # Are we being invoked from userv?
 service=0
@@ -435,19 +469,17 @@ else:
                if not ok:
                        print "caller not in group %s"%group
                        sys.exit(1)
-               f=open(header)
-               headerinput=f.readlines()
-               f.close()
-               pfile(header,headerinput)
+               headerinput=pfilepath(header,allow_include=True)
                userinput=sys.stdin.readlines()
                pfile("user input",userinput)
        else:
+               if sys.argv[1]=='-P':
+                       prefix=sys.argv[2]
+                       sys.argv[1:3]=[]
                if len(sys.argv)>3:
                        print "Too many arguments"
                        sys.exit(1)
-               f=open(sys.argv[1])
-               pfile(sys.argv[1],f.readlines())
-               f.close()
+               pfilepath(sys.argv[1],allow_include=True)
                of=sys.stdout
                if len(sys.argv)>2:
                        of=open(sys.argv[2],'w')