make-secnet-sites: Introduce a couple of local variables

[secnet.git] / make-secnet-sites
diff --git a/make-secnet-sites b/make-secnet-sites

index d6f9ee0aa621f359614b04b12ef376ed6fb9765c..a24c06f6abe555e31902ffa83bc1b1c2b55040bd 100755 (executable)
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
  #
  # This file is part of secnet.
  # See README for full list of copyright holders.
@@ -46,12 +46,13 @@ no-suppress-args
  cd ~/secnet/sites-test/
  execute ~/secnet/make-secnet-sites.py -u vpnheader groupfiles sites
  
-This program is part of secnet. It relies on the "ipaddr" library from
-Cendio Systems AB.
+This program is part of secnet.
  
  """
  
  from __future__ import print_function
+from __future__ import unicode_literals
+from builtins import int
  
  import string
  import time
@@ -59,59 +60,74 @@ import sys
  import os
  import getopt
  import re
+import argparse
  
-import ipaddr
+import ipaddress
  
-sys.path.insert(0,"/usr/local/share/secnet")
-sys.path.insert(0,"/usr/share/secnet")
+# entry 0 is "near the executable", or maybe from PYTHONPATH=.,
+# which we don't want to preempt
+sys.path.insert(1,"/usr/local/share/secnet")
+sys.path.insert(1,"/usr/share/secnet")
  import ipaddrset
  
  VERSION="0.1.18"
  
-# Are we being invoked from userv?
-service=0
-# If we are, which group does the caller want to modify?
-group=None
-
-if len(sys.argv)<2:
-       inputfile=None
-       of=sys.stdout
-else:
-       if sys.argv[1]=='-u':
-               if len(sys.argv)!=6:
+from sys import version_info
+if version_info.major == 2:  # for python2
+    import codecs
+    sys.stdin = codecs.getreader('utf-8')(sys.stdin)
+    sys.stdout = codecs.getwriter('utf-8')(sys.stdout)
+    import io
+    open=lambda f,m='r': io.open(f,m,encoding='utf-8')
+
+def parse_args():
+       global service
+       global inputfile
+       global header
+       global groupfiledir
+       global sitesfile
+       global group
+       global user
+       global of
+
+       ap = argparse.ArgumentParser(description='process secnet sites files')
+       ap.add_argument('--userv', '-u', action='store_true',
+                       help='userv service fragment update mode')
+       ap.add_argument('--prefix', '-P', nargs=1,
+                       help='set prefix')
+       ap.add_argument('arg',nargs=argparse.REMAINDER)
+       av = ap.parse_args()
+       #print(repr(av), file=sys.stderr)
+       service = 1 if av.userv else 0
+       if service:
+               if len(av.arg)!=4:
                         print("Wrong number of arguments")
                         sys.exit(1)
-               service=1
-               header=sys.argv[2]
-               groupfiledir=sys.argv[3]
-               sitesfile=sys.argv[4]
-               group=sys.argv[5]
-               if not os.environ.has_key("USERV_USER"):
+               (header, groupfiledir, sitesfile, group) = av.arg
+               if "USERV_USER" not in os.environ:
                         print("Environment variable USERV_USER not found")
                         sys.exit(1)
                 user=os.environ["USERV_USER"]
                 # Check that group is in USERV_GROUP
-               if not os.environ.has_key("USERV_GROUP"):
+               if "USERV_GROUP" not in os.environ:
                         print("Environment variable USERV_GROUP not found")
                         sys.exit(1)
                 ugs=os.environ["USERV_GROUP"]
                 ok=0
-               for i in string.split(ugs):
+               for i in ugs.split():
                         if group==i: ok=1
                 if not ok:
                         print("caller not in group %s"%group)
                         sys.exit(1)
         else:
-               if sys.argv[1]=='-P':
-                       prefix=sys.argv[2]
-                       sys.argv[1:3]=[]
-               if len(sys.argv)>3:
+               if len(av.arg)>3:
                         print("Too many arguments")
                         sys.exit(1)
-               inputfile=sys.argv[1]
-               of=sys.stdout
-               if len(sys.argv)>2:
-                       of=open(sys.argv[2],'w')
+               (inputfile, outputfile) = (av.arg + [None]*2)[0:2]
+               if outputfile is None: of=sys.stdout
+               else: of=open(sys.argv[2],'w')
+
+parse_args()
  
  # Classes describing possible datatypes in the configuration file
  
@@ -136,7 +152,7 @@ def listof(subtype):
  class single_ipaddr (basetype):
         "An IP address"
         def __init__(self,w):
-               self.addr=ipaddr.IPAddress(w[1])
+               self.addr=ipaddress.ip_address(w[1])
         def __str__(self):
                 return '"%s"'%self.addr
  
@@ -145,7 +161,7 @@ class networks (basetype):
         def __init__(self,w):
                 self.set=ipaddrset.IPAddressSet()
                 for i in w[1:]:
-                       x=ipaddr.IPNetwork(i,strict=True)
+                       x=ipaddress.ip_network(i,strict=True)
                         self.set.append([x])
         def __str__(self):
                 return ",".join(map((lambda n: '"%s"'%n), self.set.networks()))
@@ -161,7 +177,8 @@ class dhgroup (basetype):
  class hash (basetype):
         "A choice of hash function"
         def __init__(self,w):
-               self.ht=w[1]
+               hname=w[1]
+               self.ht=hname
                 if (self.ht!='md5' and self.ht!='sha1'):
                         complain("unknown hash type %s"%(self.ht))
         def __str__(self):
@@ -189,7 +206,7 @@ class boolean (basetype):
  class num (basetype):
         "A decimal number"
         def __init__(self,w):
-               self.n=string.atol(w[1])
+               self.n=int(w[1])
         def __str__(self):
                 return '%d'%(self.n)
  
@@ -197,7 +214,7 @@ class address (basetype):
         "A DNS name and UDP port number"
         def __init__(self,w):
                 self.adr=w[1]
-               self.port=string.atoi(w[2])
+               self.port=int(w[2])
                 if (self.port<1 or self.port>65535):
                         complain("invalid port number")
         def __str__(self):
@@ -206,7 +223,7 @@ class address (basetype):
  class rsakey (basetype):
         "An RSA public key"
         def __init__(self,w):
-               self.l=string.atoi(w[1])
+               self.l=int(w[1])
                 self.e=w[2]
                 self.n=w[3]
         def __str__(self):
@@ -254,6 +271,7 @@ class level:
         allow_properties={}
         require_properties={}
         def __init__(self,w):
+               self.type=w[0]
                 self.name=w[1]
                 self.properties={}
                 self.children={}
@@ -297,7 +315,7 @@ class vpnlevel(level):
                 w.write("\n")
                 self.indent(w,ind+2)
                 w.write("all-sites %s;\n"%
-                       string.join(self.children.keys(),','))
+                       ','.join(self.children.keys()))
                 self.indent(w,ind)
                 w.write("};\n")
  
@@ -317,9 +335,9 @@ class locationlevel(level):
                 self.indent(w,ind)
                 # The "h=h,self=self" abomination below exists because
                 # Python didn't support nested_scopes until version 2.1
-               w.write("%s %s;\n"%(self.name,string.join(
+               w.write("%s %s;\n"%(self.name,','.join(
                         map(lambda x,h=h,self=self:
-                               h+"/"+x,self.children.keys()),',')))
+                               h+"/"+x,self.children.keys()))))
  
  class sitelevel(level):
         "Site level (i.e. a leafnode) in the configuration hierarchy"
@@ -388,15 +406,16 @@ prefix=''
  
  def set_property(obj,w):
         "Set a property on a configuration node"
-       if obj.properties.has_key(w[0]):
-               obj.properties[w[0]].add(obj,w)
+       prop=w[0]
+       if prop in obj.properties:
+               obj.properties[prop].add(obj,w)
         else:
-               obj.properties[w[0]]=keywords[w[0]][0](w)
+               obj.properties[prop]=keywords[prop][0](w)
  
  def pline(i,allow_include=False):
         "Process a configuration file line"
         global allow_defs, obstack, root
-       w=string.split(i.rstrip('\n'))
+       w=i.rstrip('\n').split()
         if len(w)==0: return [i]
         keyword=w[0]
         current=obstack[len(obstack)-1]
@@ -413,7 +432,7 @@ def pline(i,allow_include=False):
                         return []
                 newfile=os.path.join(os.path.dirname(file),w[1])
                 return pfilepath(newfile,allow_include=allow_include)
-       if levels.has_key(keyword):
+       if keyword in levels:
                 # We may go up any number of levels, but only down by one
                 newdepth=levels[keyword].depth
                 currentdepth=len(obstack) # actually +1...
@@ -425,9 +444,10 @@ def pline(i,allow_include=False):
                 # See if it's a new one (and whether that's permitted)
                 # or an existing one
                 current=obstack[len(obstack)-1]
-               if current.children.has_key(w[1]):
+               tname=w[1]
+               if tname in current.children:
                         # Not new
-                       current=current.children[w[1]]
+                       current=current.children[tname]
                         if service and group and current.depth==2:
                                 if group!=current.group:
                                         complain("Incorrect group!")
@@ -440,11 +460,11 @@ def pline(i,allow_include=False):
                                         "level %d"%nl.depth)
                                 # we risk crashing if we continue
                                 sys.exit(1)
-                       current.children[w[1]]=nl
+                       current.children[tname]=nl
                         current=nl
                 obstack.append(current)
                 return [i]
-       if not current.allow_properties.has_key(keyword):
+       if keyword not in current.allow_properties:
                 complain("Property %s not allowed at %s level"%
                         (keyword,current.type))
                 return []
@@ -480,7 +500,7 @@ def outputsites(w):
         w.write("# secnet sites file autogenerated by make-secnet-sites "
                 +"version %s\n"%VERSION)
         w.write("# %s\n"%time.asctime(time.localtime(time.time())))
-       w.write("# Command line: %s\n\n"%string.join(sys.argv))
+       w.write("# Command line: %s\n\n"%' '.join(sys.argv))
  
         # Raw VPN data section of file
         w.write(prefix+"vpn-data {\n")
@@ -495,9 +515,9 @@ def outputsites(w):
         w.write("};\n")
  
         # Flattened list of sites
-       w.write(prefix+"all-sites %s;\n"%string.join(
+       w.write(prefix+"all-sites %s;\n"%",".join(
                 map(lambda x:"%svpn/%s/all-sites"%(prefix,x),
-                       root.children.keys()),","))
+                       root.children.keys())))
  
  line=0
  file=None
@@ -514,7 +534,7 @@ def live(n):
         return 0
  def delempty(n):
         "Delete nodes that have no leafnode children"
-       for i in n.children.keys():
+       for i in list(n.children.keys()):
                 delempty(n.children[i])
                 if not live(n.children[i]):
                         del n.children[i]
@@ -526,22 +546,22 @@ def checkconstraints(n,p,ra):
         new_p=p.copy()
         new_p.update(n.properties)
         for i in n.require_properties.keys():
-               if not new_p.has_key(i):
+               if i not in new_p:
                         moan("%s %s is missing property %s"%
                                 (n.type,n.name,i))
         for i in new_p.keys():
-               if not n.allow_properties.has_key(i):
+               if i not in n.allow_properties:
                         moan("%s %s has forbidden property %s"%
                                 (n.type,n.name,i))
         # Check address range restrictions
-       if n.properties.has_key("restrict-nets"):
+       if "restrict-nets" in n.properties:
                 new_ra=ra.intersection(n.properties["restrict-nets"].set)
         else:
                 new_ra=ra
-       if n.properties.has_key("networks"):
+       if "networks" in n.properties:
                 if not n.properties["networks"].set <= new_ra:
                         moan("%s %s networks out of bounds"%(n.type,n.name))
-               if n.properties.has_key("peer"):
+               if "peer" in n.properties:
                         if not n.properties["networks"].set.contains(
                                 n.properties["peer"].addr):
                                 moan("%s %s peer not in networks"%(n.type,n.name))