X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=make-secnet-sites;h=ebf7468cdfa90e2960ff2999a91ae55ccde03b6d;hp=dc6ec78dd5ac5bcbb446e79ddecbbf5ef9d05d53;hb=6b30affc1ec14bf38a73994e8fdd39f26b5bccb3;hpb=2489e9eb9441582ab9f3c33896d6ced309f0767b diff --git a/make-secnet-sites b/make-secnet-sites index dc6ec78..ebf7468 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -56,11 +56,12 @@ import os import getopt import re -# The ipaddr library is installed as part of secnet -sys.path.append("/usr/local/share/secnet") -sys.path.append("/usr/share/secnet") import ipaddr +sys.path.insert(0,"/usr/local/share/secnet") +sys.path.insert(0,"/usr/share/secnet") +import ipaddrset + VERSION="0.1.18" # Classes describing possible datatypes in the configuration file @@ -68,22 +69,19 @@ VERSION="0.1.18" class single_ipaddr: "An IP address" def __init__(self,w): - self.addr=ipaddr.ipaddr(w[1]) + self.addr=ipaddr.IPAddress(w[1]) def __str__(self): - return '"%s"'%self.addr.ip_str() + return '"%s"'%self.addr class networks: "A set of IP addresses specified as a list of networks" def __init__(self,w): - self.set=ipaddr.ip_set() + self.set=ipaddrset.IPAddressSet() for i in w[1:]: - x=string.split(i,"/") - self.set.append(ipaddr.network(x[0],x[1], - ipaddr.DEMAND_NETWORK)) + x=ipaddr.IPNetwork(i,strict=True) + self.set.append([x]) def __str__(self): - return string.join(map(lambda x:'"%s/%s"'%(x.ip_str(), - x.mask.netmask_bits_str), - self.set.as_list_of_networks()),",") + return ",".join(map((lambda n: '"%s"'%n), self.set.networks())) class dhgroup: "A Diffie-Hellman group" @@ -333,24 +331,23 @@ def set_property(obj,w): def pline(i,allow_include=False): "Process a configuration file line" global allow_defs, obstack, root - w=string.split(i) - if len(w)==0: return + w=string.split(i.rstrip('\n')) + if len(w)==0: return [i] keyword=w[0] current=obstack[len(obstack)-1] if keyword=='end-definitions': allow_defs=sitelevel.depth obstack=[root] - return + return [i] if keyword=='include': if not allow_include: complain("include not permitted here") - return + return [] if len(w) != 2: complain("include requires one argument") - return + return [] newfile=os.path.join(os.path.dirname(file),w[1]) - pfilepath(newfile,allow_include=allow_include) - return + return pfilepath(newfile,allow_include=allow_include) if levels.has_key(keyword): # We may go up any number of levels, but only down by one newdepth=levels[keyword].depth @@ -381,34 +378,34 @@ def pline(i,allow_include=False): current.children[w[1]]=nl current=nl obstack.append(current) - return + return [i] if current.allow_properties.has_key(keyword): set_property(current,w) - return + return [i] else: complain("Property %s not allowed at %s level"% (keyword,current.type)) - return + return [] complain("unknown keyword '%s'"%(keyword)) def pfilepath(pathname,allow_include=False): f=open(pathname) - lines=f.readlines() - pfile(pathname,lines,allow_include=allow_include) + outlines=pfile(pathname,f.readlines(),allow_include=allow_include) f.close() - return lines + return outlines def pfile(name,lines,allow_include=False): "Process a file" global file,line file=name line=0 + outlines=[] for i in lines: line=line+1 if (i[0]=='#'): continue - if (i[len(i)-1]=='\n'): i=i[:len(i)-1] # strip trailing LF - pline(i,allow_include=allow_include) + outlines += pline(i,allow_include=allow_include) + return outlines def outputsites(w): "Output include file for secnet configuration" @@ -481,7 +478,7 @@ else: if len(sys.argv)>3: print "Too many arguments" sys.exit(1) - pfilepath(sys.argv[1],allow_include=True) + pfilepath(sys.argv[1]) of=sys.stdout if len(sys.argv)>2: of=open(sys.argv[2],'w') @@ -523,13 +520,7 @@ def checkconstraints(n,p,ra): else: new_ra=ra if n.properties.has_key("networks"): - # I'd like to do this: - # n.properties["networks"].set.is_subset(new_ra) - # but there isn't an is_subset() method - # Instead we see if we intersect with the complement of new_ra - rac=new_ra.complement() - i=rac.intersection(n.properties["networks"].set) - if not i.is_empty(): + if not n.properties["networks"].set <= new_ra: moan("%s %s networks out of bounds"%(n.type,n.name)) if n.properties.has_key("peer"): if not n.properties["networks"].set.contains( @@ -538,7 +529,7 @@ def checkconstraints(n,p,ra): for i in n.children.keys(): checkconstraints(n.children[i],new_p,new_ra) -checkconstraints(root,{},ipaddr.complete_set) +checkconstraints(root,{},ipaddrset.complete_set()) if complaints>0: if complaints==1: print "There was 1 problem."