X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=make-secnet-sites;h=966bb77528e409cd3991e2c5bd5306d4c1c264d1;hp=8024c16d000b99ade42a7490b1b633d205f75820;hb=cfd794827e3243c681590845063309fa628cfef4;hpb=3b83c93292fbf6c4e859ce513bdf54ad90733f96

diff --git a/make-secnet-sites b/make-secnet-sites
index 8024c16..966bb77 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -54,13 +54,14 @@ import time
 import sys
 import os
 import getopt
+import re
 
 # The ipaddr library is installed as part of secnet
 sys.path.append("/usr/local/share/secnet")
 sys.path.append("/usr/share/secnet")
 import ipaddr
 
-VERSION="0.1.16"
+VERSION="0.1.18"
 
 # Classes describing possible datatypes in the configuration file
 
@@ -108,6 +109,18 @@ class email:
 	def __str__(self):
 		return '<%s>'%(self.addr)
 
+class boolean:
+	"A boolean"
+	def __init__(self,w):
+		if re.match('[TtYy1]',w[1]):
+			self.b=True
+		elif re.match('[FfNn0]',w[1]):
+			self.b=False
+		else:
+			complain("invalid boolean value");
+	def __str__(self):
+		return ['False','True'][self.b]
+
 class num:
 	"A decimal number"
 	def __init__(self,w):
@@ -148,7 +161,8 @@ keywords={
  'networks':(networks,"Claimed networks"),
  'pubkey':(rsakey,"RSA public site key"),
  'peer':(single_ipaddr,"Tunnel peer IP address"),
- 'address':(address,"External contact address and port")
+ 'address':(address,"External contact address and port"),
+ 'mobile':(boolean,"Site is mobile"),
 }
 
 def sp(name,value):
@@ -165,7 +179,7 @@ global_properties={
 	'setup-retries':sp,
 	'wait-time':sp,
 	'renegotiate-time':sp,
-	'restrict-nets':(lambda name,value:"# restrict-nets %s\n"%value)
+	'restrict-nets':(lambda name,value:"# restrict-nets %s\n"%value),
 }
 
 class level:
@@ -252,16 +266,17 @@ class sitelevel(level):
 	 'address':sp,
 	 'networks':None,
 	 'peer':None,
-	 'pubkey':(lambda n,v:"key %s;\n"%v)
+	 'pubkey':(lambda n,v:"key %s;\n"%v),
+	 'address':(lambda n,v:"address %s;\n"%v),
+	 'mobile':sp,
 	})
 	require_properties={
 	 'dh':"Diffie-Hellman group",
 	 'contact':"Site admin contact address",
-	 'address':"Site external access address",
 	 'networks':"Networks claimed by the site",
 	 'hash':"hash function",
 	 'peer':"Gateway address of the site",
-	 'pubkey':"RSA public key of the site"
+	 'pubkey':"RSA public key of the site",
 	}
 	def __init__(self,w):
 		level.__init__(self,w)
@@ -305,6 +320,7 @@ def moan(msg):
 root=level(['root','root'])   # All vpns are children of this node
 obstack=[root]
 allow_defs=0   # Level above which new definitions are permitted
+prefix=''
 
 def set_property(obj,w):
 	"Set a property on a configuration node"
@@ -314,17 +330,26 @@ def set_property(obj,w):
 	else:
 		obj.properties[w[0]]=keywords[w[0]][0](w)
 
-def pline(i):
+def pline(i,allow_include=False):
 	"Process a configuration file line"
 	global allow_defs, obstack, root
-	w=string.split(i)
-	if len(w)==0: return
+	w=string.split(i.rstrip('\n'))
+	if len(w)==0: return [i]
 	keyword=w[0]
 	current=obstack[len(obstack)-1]
 	if keyword=='end-definitions':
 		allow_defs=sitelevel.depth
 		obstack=[root]
-		return
+		return [i]
+	if keyword=='include':
+		if not allow_include:
+			complain("include not permitted here")
+			return []
+		if len(w) != 2:
+			complain("include requires one argument")
+			return []
+		newfile=os.path.join(os.path.dirname(file),w[1])
+		return pfilepath(newfile,allow_include=allow_include)
 	if levels.has_key(keyword):
 		# We may go up any number of levels, but only down by one
 		newdepth=levels[keyword].depth
@@ -350,30 +375,39 @@ def pline(i):
 			if nl.depth<allow_defs:
 				complain("New definitions not allowed at "
 					"level %d"%nl.depth)
+				# we risk crashing if we continue
+				sys.exit(1)
 			current.children[w[1]]=nl
 			current=nl
 		obstack.append(current)
-		return
+		return [i]
 	if current.allow_properties.has_key(keyword):
 		set_property(current,w)
-		return
+		return [i]
 	else:
 		complain("Property %s not allowed at %s level"%
 			(keyword,current.type))
-		return
+		return []
 
 	complain("unknown keyword '%s'"%(keyword))
 
-def pfile(name,lines):
+def pfilepath(pathname,allow_include=False):
+	f=open(pathname)
+	outlines=pfile(pathname,f.readlines(),allow_include=allow_include)
+	f.close()
+	return outlines
+
+def pfile(name,lines,allow_include=False):
 	"Process a file"
 	global file,line
 	file=name
 	line=0
+	outlines=[]
 	for i in lines:
 		line=line+1
 		if (i[0]=='#'): continue
-		if (i[len(i)-1]=='\n'):	i=i[:len(i)-1] # strip trailing LF
-		pline(i)
+		outlines += pline(i,allow_include=allow_include)
+	return outlines
 
 def outputsites(w):
 	"Output include file for secnet configuration"
@@ -383,20 +417,21 @@ def outputsites(w):
 	w.write("# Command line: %s\n\n"%string.join(sys.argv))
 
 	# Raw VPN data section of file
-	w.write("vpn-data {\n")
+	w.write(prefix+"vpn-data {\n")
 	for i in root.children.values():
 		i.output_data(w,2,"")
 	w.write("};\n")
 
 	# Per-VPN flattened lists
-	w.write("vpn {\n")
+	w.write(prefix+"vpn {\n")
 	for i in root.children.values():
-		i.output_vpnflat(w,2,"vpn-data")
+		i.output_vpnflat(w,2,prefix+"vpn-data")
 	w.write("};\n")
 
 	# Flattened list of sites
-	w.write("all-sites %s;\n"%string.join(map(lambda x:"vpn/%s/all-sites"%
-		x,root.children.keys()),","))
+	w.write(prefix+"all-sites %s;\n"%string.join(
+		map(lambda x:"%svpn/%s/all-sites"%(prefix,x),
+			root.children.keys()),","))
 
 # Are we being invoked from userv?
 service=0
@@ -435,19 +470,17 @@ else:
 		if not ok:
 			print "caller not in group %s"%group
 			sys.exit(1)
-		f=open(header)
-		headerinput=f.readlines()
-		f.close()
-		pfile(header,headerinput)
+		headerinput=pfilepath(header,allow_include=True)
 		userinput=sys.stdin.readlines()
 		pfile("user input",userinput)
 	else:
+		if sys.argv[1]=='-P':
+			prefix=sys.argv[2]
+			sys.argv[1:3]=[]
 		if len(sys.argv)>3:
 			print "Too many arguments"
 			sys.exit(1)
-		f=open(sys.argv[1])
-		pfile(sys.argv[1],f.readlines())
-		f.close()
+		pfilepath(sys.argv[1])
 		of=sys.stdout
 		if len(sys.argv)>2:
 			of=open(sys.argv[2],'w')