X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=make-secnet-sites;h=ebf7468cdfa90e2960ff2999a91ae55ccde03b6d;hp=c49467a19f687c5f1fb78dfb15ebe44a5790c9ae;hb=423936d35d7671fd017d2d611d418d1b8eeb6195;hpb=26f727b913e16936c8f319fde9d7e06b677345f6 diff --git a/make-secnet-sites b/make-secnet-sites index c49467a..ebf7468 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -56,11 +56,12 @@ import os import getopt import re -# The ipaddr library is installed as part of secnet -sys.path.append("/usr/local/share/secnet") -sys.path.append("/usr/share/secnet") import ipaddr +sys.path.insert(0,"/usr/local/share/secnet") +sys.path.insert(0,"/usr/share/secnet") +import ipaddrset + VERSION="0.1.18" # Classes describing possible datatypes in the configuration file @@ -68,22 +69,19 @@ VERSION="0.1.18" class single_ipaddr: "An IP address" def __init__(self,w): - self.addr=ipaddr.ipaddr(w[1]) + self.addr=ipaddr.IPAddress(w[1]) def __str__(self): - return '"%s"'%self.addr.ip_str() + return '"%s"'%self.addr class networks: "A set of IP addresses specified as a list of networks" def __init__(self,w): - self.set=ipaddr.ip_set() + self.set=ipaddrset.IPAddressSet() for i in w[1:]: - x=string.split(i,"/") - self.set.append(ipaddr.network(x[0],x[1], - ipaddr.DEMAND_NETWORK)) + x=ipaddr.IPNetwork(i,strict=True) + self.set.append([x]) def __str__(self): - return string.join(map(lambda x:'"%s/%s"'%(x.ip_str(), - x.mask.netmask_bits_str), - self.set.as_list_of_networks()),",") + return ",".join(map((lambda n: '"%s"'%n), self.set.networks())) class dhgroup: "A Diffie-Hellman group" @@ -267,7 +265,7 @@ class sitelevel(level): 'networks':None, 'peer':None, 'pubkey':(lambda n,v:"key %s;\n"%v), - 'address':None, + 'address':(lambda n,v:"address %s;\n"%v), 'mobile':sp, }) require_properties={ @@ -333,24 +331,23 @@ def set_property(obj,w): def pline(i,allow_include=False): "Process a configuration file line" global allow_defs, obstack, root - w=string.split(i) - if len(w)==0: return + w=string.split(i.rstrip('\n')) + if len(w)==0: return [i] keyword=w[0] current=obstack[len(obstack)-1] if keyword=='end-definitions': allow_defs=sitelevel.depth obstack=[root] - return + return [i] if keyword=='include': if not allow_include: complain("include not permitted here") - return + return [] if len(w) != 2: complain("include requires one argument") - return + return [] newfile=os.path.join(os.path.dirname(file),w[1]) - pfilepath(newfile,allow_include=allow_include) - return + return pfilepath(newfile,allow_include=allow_include) if levels.has_key(keyword): # We may go up any number of levels, but only down by one newdepth=levels[keyword].depth @@ -376,37 +373,39 @@ def pline(i,allow_include=False): if nl.depth3: print "Too many arguments" sys.exit(1) - pfilepath(sys.argv[1],allow_include=True) + pfilepath(sys.argv[1]) of=sys.stdout if len(sys.argv)>2: of=open(sys.argv[2],'w') @@ -521,13 +520,7 @@ def checkconstraints(n,p,ra): else: new_ra=ra if n.properties.has_key("networks"): - # I'd like to do this: - # n.properties["networks"].set.is_subset(new_ra) - # but there isn't an is_subset() method - # Instead we see if we intersect with the complement of new_ra - rac=new_ra.complement() - i=rac.intersection(n.properties["networks"].set) - if not i.is_empty(): + if not n.properties["networks"].set <= new_ra: moan("%s %s networks out of bounds"%(n.type,n.name)) if n.properties.has_key("peer"): if not n.properties["networks"].set.contains( @@ -536,7 +529,7 @@ def checkconstraints(n,p,ra): for i in n.children.keys(): checkconstraints(n.children[i],new_p,new_ra) -checkconstraints(root,{},ipaddr.complete_set) +checkconstraints(root,{},ipaddrset.complete_set()) if complaints>0: if complaints==1: print "There was 1 problem."