make-secnet-sites: Support new `pub' directive

[secnet.git] / make-secnet-sites

diff --git a/make-secnet-sites b/make-secnet-sites
index a51b53d992e22943960463575a03dd42a1b1a44c..820d272cad726bb8b451780ebaef4de87daf59a0 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -86,7 +86,7 @@ if version_info.major == 2:  # for python2
     import io
     open=lambda f,m='r': io.open(f,m,encoding='utf-8')
 
-max={'rsa_bits':8200,'name':33,'dh_bits':8200}
+max={'rsa_bits':8200,'name':33,'dh_bits':8200,'algname':127}
 
 def debugrepr(*args):
        if debug_level > 0:
@@ -232,6 +232,13 @@ class Tainted:
                ok=self._re_ok(Tainted.bad_base91,what,4096)
                return self._rtn(ok)
 
+class ArgActionLambda(argparse.Action):
+       def __init__(self, fn, **kwargs):
+               self.fn=fn
+               argparse.Action.__init__(self,**kwargs)
+       def __call__(self,ap,ns,values,option_string):
+               self.fn(values,ns,ap,option_string)
+
 def parse_args():
        global service
        global inputfile
@@ -304,6 +311,8 @@ class basetype:
        def add(self,obj,w):
                complain("%s %s already has property %s defined"%
                        (obj.type,obj.name,w[0].raw()))
+       def forsites(self,version,copy,fs):
+               return copy
 
 class conflist:
        "A list of some kind of configuration type."
@@ -314,6 +323,9 @@ class conflist:
                self.list.append(self.subtype(w))
        def __str__(self):
                return ', '.join(map(str, self.list))
+       def forsites(self,version,copy,fs):
+               most_recent=self.list[len(self.list)-1]
+               return most_recent.forsites(version,copy,fs)
 def listof(subtype):
        return lambda w: conflist(subtype, w)
 
@@ -384,6 +396,15 @@ class num (basetype):
        def __str__(self):
                return '%d'%(self.n)
 
+class serial (basetype):
+       def __init__(self,w):
+               self.i=w[1].hexid(4,'serial')
+       def __str__(self):
+               return self.i
+       def forsites(self,version,copy,fs):
+               if version < 2: return []
+               return copy
+
 class address (basetype):
        "A DNS name and UDP port number"
        def __init__(self,w):
@@ -392,7 +413,15 @@ class address (basetype):
        def __str__(self):
                return '"%s"; port %d'%(self.adr,self.port)
 
-class rsakey (basetype):
+class pubkey (basetype):
+       "Some kind of publie key"
+       def __init__(self,w):
+               self.a=w[1].name('algname')
+               self.d=w[2].base91();
+       def __str__(self):
+               return 'make-public("%s","%s")'%(self.a,self.d)
+
+class rsakey (pubkey):
        "An RSA public key"
        def __init__(self,w):
                self.l=w[1].number(0,max['rsa_bits'],'rsa len')
@@ -401,6 +430,16 @@ class rsakey (basetype):
                if len(w) >= 5: w[4].email()
        def __str__(self):
                return 'rsa-public("%s","%s")'%(self.e,self.n)
+               # this specialisation means we can generate files
+               # compatible with old secnet executables
+
+def somepubkey(w):
+       if w[0]=='pubkey':
+               return rsakey(w)
+       elif w[0]=='pub':
+               return pubkey(w)
+       else:
+               assert(False)
 
 # Possible properties of configuration nodes
 keywords={
@@ -414,7 +453,8 @@ keywords={
  'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
  'restrict-nets':(networks,"Allowable networks"),
  'networks':(networks,"Claimed networks"),
- 'pubkey':(listof(rsakey),"RSA public site key"),
+ 'pub':(listof(somepubkey),"new style public site key",'pubkey'),
+ 'pubkey':(listof(somepubkey),"RSA public site key"),
  'peer':(single_ipaddr,"Tunnel peer IP address"),
  'address':(address,"External contact address and port"),
  'mobile':(boolean,"Site is mobile"),
@@ -534,6 +574,7 @@ class sitelevel(level):
         'address':sp,
         'networks':None,
         'peer':None,
+        'pub':None,
         'pubkey':None,
         'mobile':sp,
        })
@@ -602,6 +643,7 @@ def set_property(obj,w):
                obj.properties[propname].add(obj,w)
        else:
                obj.properties[propname]=kw[0](w)
+       return obj.properties[propname]
 
 class FilterState:
        def __init__(self):
@@ -679,8 +721,11 @@ def pline(il,filterstate,allow_include=False):
                complain("Not allowed to set VPN properties here")
                return []
        else:
-               set_property(current,w)
-               return copyout()
+               prop=set_property(current,w)
+               out=[copyout_core()]
+               out=prop.forsites(output_version,out,filterstate)
+               if len(out)==0: return [indent + '#', copyout_core(), '\n']
+               return [indent + ' '.join(out) + '\n']
 
        complain("unknown keyword '%s'"%(keyword.raw()))