#! /usr/bin/env python
-# Copyright (C) 2001-2002 Stephen Early <steve@greenend.org.uk>
#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
+# This file is part of secnet.
+# See README for full list of copyright holders.
+#
+# secnet is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
+# secnet is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# version 3 along with secnet; if not, see
+# https://www.gnu.org/licenses/gpl.html.
"""VPN sites file manipulation.
VERSION="0.1.18"
+# Are we being invoked from userv?
+service=0
+# If we are, which group does the caller want to modify?
+group=None
+
+if len(sys.argv)<2:
+ inputfile=None
+ of=sys.stdout
+else:
+ if sys.argv[1]=='-u':
+ if len(sys.argv)!=6:
+ print "Wrong number of arguments"
+ sys.exit(1)
+ service=1
+ header=sys.argv[2]
+ groupfiledir=sys.argv[3]
+ sitesfile=sys.argv[4]
+ group=sys.argv[5]
+ if not os.environ.has_key("USERV_USER"):
+ print "Environment variable USERV_USER not found"
+ sys.exit(1)
+ user=os.environ["USERV_USER"]
+ # Check that group is in USERV_GROUP
+ if not os.environ.has_key("USERV_GROUP"):
+ print "Environment variable USERV_GROUP not found"
+ sys.exit(1)
+ ugs=os.environ["USERV_GROUP"]
+ ok=0
+ for i in string.split(ugs):
+ if group==i: ok=1
+ if not ok:
+ print "caller not in group %s"%group
+ sys.exit(1)
+ else:
+ if sys.argv[1]=='-P':
+ prefix=sys.argv[2]
+ sys.argv[1:3]=[]
+ if len(sys.argv)>3:
+ print "Too many arguments"
+ sys.exit(1)
+ inputfile=sys.argv[1]
+ of=sys.stdout
+ if len(sys.argv)>2:
+ of=open(sys.argv[2],'w')
+
# Classes describing possible datatypes in the configuration file
-class single_ipaddr:
+class basetype:
+ "Common protocol for configuration types."
+ def add(self,obj,w):
+ complain("%s %s already has property %s defined"%
+ (obj.type,obj.name,w[0]))
+
+class conflist:
+ "A list of some kind of configuration type."
+ def __init__(self,subtype,w):
+ self.subtype=subtype
+ self.list=[subtype(w)]
+ def add(self,obj,w):
+ self.list.append(self.subtype(w))
+ def __str__(self):
+ return ', '.join(map(str, self.list))
+def listof(subtype):
+ return lambda w: conflist(subtype, w)
+
+class single_ipaddr (basetype):
"An IP address"
def __init__(self,w):
self.addr=ipaddr.IPAddress(w[1])
def __str__(self):
return '"%s"'%self.addr
-class networks:
+class networks (basetype):
"A set of IP addresses specified as a list of networks"
def __init__(self,w):
self.set=ipaddrset.IPAddressSet()
def __str__(self):
return ",".join(map((lambda n: '"%s"'%n), self.set.networks()))
-class dhgroup:
+class dhgroup (basetype):
"A Diffie-Hellman group"
def __init__(self,w):
self.mod=w[1]
def __str__(self):
return 'diffie-hellman("%s","%s")'%(self.mod,self.gen)
-class hash:
+class hash (basetype):
"A choice of hash function"
def __init__(self,w):
self.ht=w[1]
def __str__(self):
return '%s'%(self.ht)
-class email:
+class email (basetype):
"An email address"
def __init__(self,w):
self.addr=w[1]
def __str__(self):
return '<%s>'%(self.addr)
-class boolean:
+class boolean (basetype):
"A boolean"
def __init__(self,w):
if re.match('[TtYy1]',w[1]):
def __str__(self):
return ['False','True'][self.b]
-class num:
+class num (basetype):
"A decimal number"
def __init__(self,w):
self.n=string.atol(w[1])
def __str__(self):
return '%d'%(self.n)
-class address:
+class address (basetype):
"A DNS name and UDP port number"
def __init__(self,w):
self.adr=w[1]
def __str__(self):
return '"%s"; port %d'%(self.adr,self.port)
-class rsakey:
+class rsakey (basetype):
"An RSA public key"
def __init__(self,w):
self.l=string.atoi(w[1])
'networks':None,
'peer':None,
'pubkey':(lambda n,v:"key %s;\n"%v),
- 'address':(lambda n,v:"address %s;\n"%v),
'mobile':sp,
})
require_properties={
def set_property(obj,w):
"Set a property on a configuration node"
if obj.properties.has_key(w[0]):
- complain("%s %s already has property %s defined"%
- (obj.type,obj.name,w[0]))
+ obj.properties[w[0]].add(obj,w)
else:
obj.properties[w[0]]=keywords[w[0]][0](w)
current=nl
obstack.append(current)
return [i]
- if current.allow_properties.has_key(keyword):
- set_property(current,w)
- return [i]
- else:
+ if not current.allow_properties.has_key(keyword):
complain("Property %s not allowed at %s level"%
(keyword,current.type))
return []
+ elif current.depth == vpnlevel.depth < allow_defs:
+ complain("Not allowed to set VPN properties here")
+ return []
+ else:
+ set_property(current,w)
+ return [i]
complain("unknown keyword '%s'"%(keyword))
map(lambda x:"%svpn/%s/all-sites"%(prefix,x),
root.children.keys()),","))
-# Are we being invoked from userv?
-service=0
-# If we are, which group does the caller want to modify?
-group=None
-
line=0
file=None
complaints=0
-if len(sys.argv)<2:
- pfile("stdin",sys.stdin.readlines())
- of=sys.stdout
-else:
- if sys.argv[1]=='-u':
- if len(sys.argv)!=6:
- print "Wrong number of arguments"
- sys.exit(1)
- service=1
- header=sys.argv[2]
- groupfiledir=sys.argv[3]
- sitesfile=sys.argv[4]
- group=sys.argv[5]
- if not os.environ.has_key("USERV_USER"):
- print "Environment variable USERV_USER not found"
- sys.exit(1)
- user=os.environ["USERV_USER"]
- # Check that group is in USERV_GROUP
- if not os.environ.has_key("USERV_GROUP"):
- print "Environment variable USERV_GROUP not found"
- sys.exit(1)
- ugs=os.environ["USERV_GROUP"]
- ok=0
- for i in string.split(ugs):
- if group==i: ok=1
- if not ok:
- print "caller not in group %s"%group
- sys.exit(1)
- headerinput=pfilepath(header,allow_include=True)
- userinput=sys.stdin.readlines()
- pfile("user input",userinput)
- else:
- if sys.argv[1]=='-P':
- prefix=sys.argv[2]
- sys.argv[1:3]=[]
- if len(sys.argv)>3:
- print "Too many arguments"
- sys.exit(1)
- pfilepath(sys.argv[1])
- of=sys.stdout
- if len(sys.argv)>2:
- of=open(sys.argv[2],'w')
-
# Sanity check section
# Delete nodes where leaf=0 that have no children
delempty(n.children[i])
if not live(n.children[i]):
del n.children[i]
-delempty(root)
# Check that all constraints are met (as far as I can tell
# restrict-nets/networks/peer are the only special cases)
for i in n.children.keys():
checkconstraints(n.children[i],new_p,new_ra)
+if service:
+ headerinput=pfilepath(header,allow_include=True)
+ userinput=sys.stdin.readlines()
+ pfile("user input",userinput)
+else:
+ if inputfile is None:
+ pfile("stdin",sys.stdin.readlines())
+ else:
+ pfilepath(inputfile)
+
+delempty(root)
checkconstraints(root,{},ipaddrset.complete_set())
if complaints>0: