import io
open=lambda f,m='r': io.open(f,m,encoding='utf-8')
-max={'rsa_bits':8200,'name':33,'dh_bits':8200}
+max={'rsa_bits':8200,'name':33,'dh_bits':8200,'algname':127}
def debugrepr(*args):
if debug_level > 0:
ok=self._re_ok(Tainted.bad_base91,what,4096)
return self._rtn(ok)
+class ArgActionLambda(argparse.Action):
+ def __init__(self, fn, **kwargs):
+ self.fn=fn
+ argparse.Action.__init__(self,**kwargs)
+ def __call__(self,ap,ns,values,option_string):
+ self.fn(values,ns,ap,option_string)
+
def parse_args():
global service
global inputfile
def add(self,obj,w):
complain("%s %s already has property %s defined"%
(obj.type,obj.name,w[0].raw()))
+ def forsites(self,version,copy,fs):
+ return copy
class conflist:
"A list of some kind of configuration type."
self.list.append(self.subtype(w))
def __str__(self):
return ', '.join(map(str, self.list))
+ def forsites(self,version,copy,fs):
+ most_recent=self.list[len(self.list)-1]
+ return most_recent.forsites(version,copy,fs)
def listof(subtype):
return lambda w: conflist(subtype, w)
def __str__(self):
return '%d'%(self.n)
+class serial (basetype):
+ def __init__(self,w):
+ self.i=w[1].hexid(4,'serial')
+ def __str__(self):
+ return self.i
+ def forsites(self,version,copy,fs):
+ if version < 2: return []
+ return copy
+
class address (basetype):
"A DNS name and UDP port number"
def __init__(self,w):
def __str__(self):
return '"%s"; port %d'%(self.adr,self.port)
-class rsakey (basetype):
+class pubkey (basetype):
+ "Some kind of publie key"
+ def __init__(self,w):
+ self.a=w[1].name('algname')
+ self.d=w[2].base91();
+ def __str__(self):
+ return 'make-public("%s","%s")'%(self.a,self.d)
+
+class rsakey (pubkey):
"An RSA public key"
def __init__(self,w):
self.l=w[1].number(0,max['rsa_bits'],'rsa len')
if len(w) >= 5: w[4].email()
def __str__(self):
return 'rsa-public("%s","%s")'%(self.e,self.n)
+ # this specialisation means we can generate files
+ # compatible with old secnet executables
+
+def somepubkey(w):
+ if w[0]=='pubkey':
+ return rsakey(w)
+ elif w[0]=='pub':
+ return pubkey(w)
+ else:
+ assert(False)
# Possible properties of configuration nodes
keywords={
'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
'restrict-nets':(networks,"Allowable networks"),
'networks':(networks,"Claimed networks"),
- 'pubkey':(listof(rsakey),"RSA public site key"),
+ 'pub':(listof(somepubkey),"new style public site key",'pubkey'),
+ 'pubkey':(listof(somepubkey),"RSA public site key"),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
'mobile':(boolean,"Site is mobile"),
'address':sp,
'networks':None,
'peer':None,
+ 'pub':None,
'pubkey':None,
'mobile':sp,
})
obj.properties[propname].add(obj,w)
else:
obj.properties[propname]=kw[0](w)
+ return obj.properties[propname]
class FilterState:
def __init__(self):
complain("Not allowed to set VPN properties here")
return []
else:
- set_property(current,w)
- return copyout()
+ prop=set_property(current,w)
+ out=[copyout_core()]
+ out=prop.forsites(output_version,out,filterstate)
+ if len(out)==0: return [indent + '#', copyout_core(), '\n']
+ return [indent + ' '.join(out) + '\n']
complain("unknown keyword '%s'"%(keyword.raw()))