X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=make-secnet-sites;h=d1c174c9e9fd885a49a48b7b17b328391b5f9ef1;hb=1a31efc58a242c637a8274647449db9f67b9aded;hp=2fd182e29dcb3119cc625aba873a4bf071f0d60b;hpb=d74dde997bca95c00ae14ee646e705ae7e9001b1;p=secnet.git diff --git a/make-secnet-sites b/make-secnet-sites index 2fd182e..d1c174c 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -85,6 +85,10 @@ if version_info.major == 2: # for python2 max={'rsa_bits':8200,'name':33,'dh_bits':8200} +def debugrepr(*args): + if debug_level > 0: + print(repr(args), file=sys.stderr) + class Tainted: def __init__(self,s,tline=None,tfile=None): self._s=s @@ -116,7 +120,9 @@ class Tainted: if maxlen is None: maxlen=max[what] self._max_ok(what,maxlen) if self._ok is False: return False - if bad.search(self._s): return self._bad(what,'bad syntax') + if bad.search(self._s): + #print(repr(self), file=sys.stderr) + return self._bad(what,'bad syntax') return True def _rtnval(self, is_ok, ifgood, ifbad=''): @@ -182,6 +188,13 @@ class Tainted: % (minn,maxx)) return self._rtnval(ok,v,minn) + def hexid(self,byteslen,what): + ok=self._re_ok(Tainted.bad_hex,what,byteslen*2) + if ok: + if len(self._s) < byteslen*2: + ok=self._bad(what,'too short') + return self._rtn(ok,ifbad='00'*byteslen) + bad_host=re.compile(r'[^-\][_.:0-9a-zA-Z]') # We permit _ so we can refer to special non-host domains # which have A and AAAA RRs. This is a crude check and we may @@ -205,6 +218,11 @@ class Tainted: ok=self._re_ok(Tainted.bad_groupname,'group name',64) return self._rtn(ok) + bad_base91=re.compile(r'[^!-~]|[\'\"\\]') + def base91(self,what='base91'): + ok=self._re_ok(Tainted.bad_base91,what,4096) + return self._rtn(ok) + def parse_args(): global service global inputfile @@ -217,6 +235,7 @@ def parse_args(): global of global prefix global key_prefix + global debug_level ap = argparse.ArgumentParser(description='process secnet sites files') ap.add_argument('--userv', '-u', action='store_true', @@ -226,9 +245,11 @@ def parse_args(): help='prefix conf file key names derived from sites data') ap.add_argument('--prefix', '-P', nargs=1, help='set prefix') + ap.add_argument('--debug', '-D', action='count', default=0) ap.add_argument('arg',nargs=argparse.REMAINDER) av = ap.parse_args() - #print(repr(av), file=sys.stderr) + debug_level = av.debug + debugrepr('av',av) service = 1 if av.userv else 0 prefix = '' if av.prefix is None else av.prefix[0] key_prefix = av.conf_key_prefix @@ -379,7 +400,7 @@ keywords={ 'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"), 'restrict-nets':(networks,"Allowable networks"), 'networks':(networks,"Claimed networks"), - 'pubkey':(rsakey,"RSA public site key"), + 'pubkey':(listof(rsakey),"RSA public site key"), 'peer':(single_ipaddr,"Tunnel peer IP address"), 'address':(address,"External contact address and port"), 'mobile':(boolean,"Site is mobile"), @@ -499,7 +520,7 @@ class sitelevel(level): 'address':sp, 'networks':None, 'peer':None, - 'pubkey':(lambda n,v:"key %s;\n"%v), + 'pubkey':None, 'mobile':sp, }) require_properties={ @@ -519,6 +540,8 @@ class sitelevel(level): w.write("%s {\n"%(self.kname())) self.indent(w,ind+2) w.write("name \"%s\";\n"%(np,)) + self.indent(w,ind+2) + w.write("key %s;\n"%str(self.properties["pubkey"].list[0])) self.output_props(w,ind+2) self.indent(w,ind+2) w.write("link netlink {\n"); @@ -558,10 +581,13 @@ allow_defs=0 # Level above which new definitions are permitted def set_property(obj,w): "Set a property on a configuration node" prop=w[0] - if prop.raw() in obj.properties: - obj.properties[prop.raw_mark_ok()].add(obj,w) + propname=prop.raw_mark_ok() + kw=keywords[propname] + if len(kw) >= 3: propname=kw[2] # for aliases + if propname in obj.properties: + obj.properties[propname].add(obj,w) else: - obj.properties[prop.raw()]=keywords[prop.raw_mark_ok()][0](w) + obj.properties[propname]=kw[0](w) def pline(il,allow_include=False):