| 1 | #! /usr/bin/env python |
| 2 | # |
| 3 | # This file is part of secnet. |
| 4 | # See README for full list of copyright holders. |
| 5 | # |
| 6 | # secnet is free software; you can redistribute it and/or modify it |
| 7 | # under the terms of the GNU General Public License as published by |
| 8 | # the Free Software Foundation; either version 3 of the License, or |
| 9 | # (at your option) any later version. |
| 10 | # |
| 11 | # secnet is distributed in the hope that it will be useful, but |
| 12 | # WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | # General Public License for more details. |
| 15 | # |
| 16 | # You should have received a copy of the GNU General Public License |
| 17 | # version 3 along with secnet; if not, see |
| 18 | # https://www.gnu.org/licenses/gpl.html. |
| 19 | |
| 20 | """VPN sites file manipulation. |
| 21 | |
| 22 | This program enables VPN site descriptions to be submitted for |
| 23 | inclusion in a central database, and allows the resulting database to |
| 24 | be turned into a secnet configuration file. |
| 25 | |
| 26 | A database file can be turned into a secnet configuration file simply: |
| 27 | make-secnet-sites.py [infile [outfile]] |
| 28 | |
| 29 | It would be wise to run secnet with the "--just-check-config" option |
| 30 | before installing the output on a live system. |
| 31 | |
| 32 | The program expects to be invoked via userv to manage the database; it |
| 33 | relies on the USERV_USER and USERV_GROUP environment variables. The |
| 34 | command line arguments for this invocation are: |
| 35 | |
| 36 | make-secnet-sites.py -u header-filename groupfiles-directory output-file \ |
| 37 | group |
| 38 | |
| 39 | All but the last argument are expected to be set by userv; the 'group' |
| 40 | argument is provided by the user. A suitable userv configuration file |
| 41 | fragment is: |
| 42 | |
| 43 | reset |
| 44 | no-disconnect-hup |
| 45 | no-suppress-args |
| 46 | cd ~/secnet/sites-test/ |
| 47 | execute ~/secnet/make-secnet-sites.py -u vpnheader groupfiles sites |
| 48 | |
| 49 | This program is part of secnet. It relies on the "ipaddr" library from |
| 50 | Cendio Systems AB. |
| 51 | |
| 52 | """ |
| 53 | |
| 54 | import string |
| 55 | import time |
| 56 | import sys |
| 57 | import os |
| 58 | import getopt |
| 59 | import re |
| 60 | |
| 61 | import ipaddr |
| 62 | |
| 63 | sys.path.insert(0,"/usr/local/share/secnet") |
| 64 | sys.path.insert(0,"/usr/share/secnet") |
| 65 | import ipaddrset |
| 66 | |
| 67 | VERSION="0.1.18" |
| 68 | |
| 69 | # Classes describing possible datatypes in the configuration file |
| 70 | |
| 71 | class single_ipaddr: |
| 72 | "An IP address" |
| 73 | def __init__(self,w): |
| 74 | self.addr=ipaddr.IPAddress(w[1]) |
| 75 | def __str__(self): |
| 76 | return '"%s"'%self.addr |
| 77 | |
| 78 | class networks: |
| 79 | "A set of IP addresses specified as a list of networks" |
| 80 | def __init__(self,w): |
| 81 | self.set=ipaddrset.IPAddressSet() |
| 82 | for i in w[1:]: |
| 83 | x=ipaddr.IPNetwork(i,strict=True) |
| 84 | self.set.append([x]) |
| 85 | def __str__(self): |
| 86 | return ",".join(map((lambda n: '"%s"'%n), self.set.networks())) |
| 87 | |
| 88 | class dhgroup: |
| 89 | "A Diffie-Hellman group" |
| 90 | def __init__(self,w): |
| 91 | self.mod=w[1] |
| 92 | self.gen=w[2] |
| 93 | def __str__(self): |
| 94 | return 'diffie-hellman("%s","%s")'%(self.mod,self.gen) |
| 95 | |
| 96 | class hash: |
| 97 | "A choice of hash function" |
| 98 | def __init__(self,w): |
| 99 | self.ht=w[1] |
| 100 | if (self.ht!='md5' and self.ht!='sha1'): |
| 101 | complain("unknown hash type %s"%(self.ht)) |
| 102 | def __str__(self): |
| 103 | return '%s'%(self.ht) |
| 104 | |
| 105 | class email: |
| 106 | "An email address" |
| 107 | def __init__(self,w): |
| 108 | self.addr=w[1] |
| 109 | def __str__(self): |
| 110 | return '<%s>'%(self.addr) |
| 111 | |
| 112 | class boolean: |
| 113 | "A boolean" |
| 114 | def __init__(self,w): |
| 115 | if re.match('[TtYy1]',w[1]): |
| 116 | self.b=True |
| 117 | elif re.match('[FfNn0]',w[1]): |
| 118 | self.b=False |
| 119 | else: |
| 120 | complain("invalid boolean value"); |
| 121 | def __str__(self): |
| 122 | return ['False','True'][self.b] |
| 123 | |
| 124 | class num: |
| 125 | "A decimal number" |
| 126 | def __init__(self,w): |
| 127 | self.n=string.atol(w[1]) |
| 128 | def __str__(self): |
| 129 | return '%d'%(self.n) |
| 130 | |
| 131 | class address: |
| 132 | "A DNS name and UDP port number" |
| 133 | def __init__(self,w): |
| 134 | self.adr=w[1] |
| 135 | self.port=string.atoi(w[2]) |
| 136 | if (self.port<1 or self.port>65535): |
| 137 | complain("invalid port number") |
| 138 | def __str__(self): |
| 139 | return '"%s"; port %d'%(self.adr,self.port) |
| 140 | |
| 141 | class rsakey: |
| 142 | "An RSA public key" |
| 143 | def __init__(self,w): |
| 144 | self.l=string.atoi(w[1]) |
| 145 | self.e=w[2] |
| 146 | self.n=w[3] |
| 147 | def __str__(self): |
| 148 | return 'rsa-public("%s","%s")'%(self.e,self.n) |
| 149 | |
| 150 | # Possible properties of configuration nodes |
| 151 | keywords={ |
| 152 | 'contact':(email,"Contact address"), |
| 153 | 'dh':(dhgroup,"Diffie-Hellman group"), |
| 154 | 'hash':(hash,"Hash function"), |
| 155 | 'key-lifetime':(num,"Maximum key lifetime (ms)"), |
| 156 | 'setup-timeout':(num,"Key setup timeout (ms)"), |
| 157 | 'setup-retries':(num,"Maximum key setup packet retries"), |
| 158 | 'wait-time':(num,"Time to wait after unsuccessful key setup (ms)"), |
| 159 | 'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"), |
| 160 | 'restrict-nets':(networks,"Allowable networks"), |
| 161 | 'networks':(networks,"Claimed networks"), |
| 162 | 'pubkey':(rsakey,"RSA public site key"), |
| 163 | 'peer':(single_ipaddr,"Tunnel peer IP address"), |
| 164 | 'address':(address,"External contact address and port"), |
| 165 | 'mobile':(boolean,"Site is mobile"), |
| 166 | } |
| 167 | |
| 168 | def sp(name,value): |
| 169 | "Simply output a property - the default case" |
| 170 | return "%s %s;\n"%(name,value) |
| 171 | |
| 172 | # All levels support these properties |
| 173 | global_properties={ |
| 174 | 'contact':(lambda name,value:"# Contact email address: %s\n"%(value)), |
| 175 | 'dh':sp, |
| 176 | 'hash':sp, |
| 177 | 'key-lifetime':sp, |
| 178 | 'setup-timeout':sp, |
| 179 | 'setup-retries':sp, |
| 180 | 'wait-time':sp, |
| 181 | 'renegotiate-time':sp, |
| 182 | 'restrict-nets':(lambda name,value:"# restrict-nets %s\n"%value), |
| 183 | } |
| 184 | |
| 185 | class level: |
| 186 | "A level in the configuration hierarchy" |
| 187 | depth=0 |
| 188 | leaf=0 |
| 189 | allow_properties={} |
| 190 | require_properties={} |
| 191 | def __init__(self,w): |
| 192 | self.name=w[1] |
| 193 | self.properties={} |
| 194 | self.children={} |
| 195 | def indent(self,w,t): |
| 196 | w.write(" "[:t]) |
| 197 | def prop_out(self,n): |
| 198 | return self.allow_properties[n](n,str(self.properties[n])) |
| 199 | def output_props(self,w,ind): |
| 200 | for i in self.properties.keys(): |
| 201 | if self.allow_properties[i]: |
| 202 | self.indent(w,ind) |
| 203 | w.write("%s"%self.prop_out(i)) |
| 204 | def output_data(self,w,ind,np): |
| 205 | self.indent(w,ind) |
| 206 | w.write("%s {\n"%(self.name)) |
| 207 | self.output_props(w,ind+2) |
| 208 | if self.depth==1: w.write("\n"); |
| 209 | for c in self.children.values(): |
| 210 | c.output_data(w,ind+2,np+self.name+"/") |
| 211 | self.indent(w,ind) |
| 212 | w.write("};\n") |
| 213 | |
| 214 | class vpnlevel(level): |
| 215 | "VPN level in the configuration hierarchy" |
| 216 | depth=1 |
| 217 | leaf=0 |
| 218 | type="vpn" |
| 219 | allow_properties=global_properties.copy() |
| 220 | require_properties={ |
| 221 | 'contact':"VPN admin contact address" |
| 222 | } |
| 223 | def __init__(self,w): |
| 224 | level.__init__(self,w) |
| 225 | def output_vpnflat(self,w,ind,h): |
| 226 | "Output flattened list of site names for this VPN" |
| 227 | self.indent(w,ind) |
| 228 | w.write("%s {\n"%(self.name)) |
| 229 | for i in self.children.keys(): |
| 230 | self.children[i].output_vpnflat(w,ind+2, |
| 231 | h+"/"+self.name+"/"+i) |
| 232 | w.write("\n") |
| 233 | self.indent(w,ind+2) |
| 234 | w.write("all-sites %s;\n"% |
| 235 | string.join(self.children.keys(),',')) |
| 236 | self.indent(w,ind) |
| 237 | w.write("};\n") |
| 238 | |
| 239 | class locationlevel(level): |
| 240 | "Location level in the configuration hierarchy" |
| 241 | depth=2 |
| 242 | leaf=0 |
| 243 | type="location" |
| 244 | allow_properties=global_properties.copy() |
| 245 | require_properties={ |
| 246 | 'contact':"Location admin contact address", |
| 247 | } |
| 248 | def __init__(self,w): |
| 249 | level.__init__(self,w) |
| 250 | self.group=w[2] |
| 251 | def output_vpnflat(self,w,ind,h): |
| 252 | self.indent(w,ind) |
| 253 | # The "h=h,self=self" abomination below exists because |
| 254 | # Python didn't support nested_scopes until version 2.1 |
| 255 | w.write("%s %s;\n"%(self.name,string.join( |
| 256 | map(lambda x,h=h,self=self: |
| 257 | h+"/"+x,self.children.keys()),','))) |
| 258 | |
| 259 | class sitelevel(level): |
| 260 | "Site level (i.e. a leafnode) in the configuration hierarchy" |
| 261 | depth=3 |
| 262 | leaf=1 |
| 263 | type="site" |
| 264 | allow_properties=global_properties.copy() |
| 265 | allow_properties.update({ |
| 266 | 'address':sp, |
| 267 | 'networks':None, |
| 268 | 'peer':None, |
| 269 | 'pubkey':(lambda n,v:"key %s;\n"%v), |
| 270 | 'mobile':sp, |
| 271 | }) |
| 272 | require_properties={ |
| 273 | 'dh':"Diffie-Hellman group", |
| 274 | 'contact':"Site admin contact address", |
| 275 | 'networks':"Networks claimed by the site", |
| 276 | 'hash':"hash function", |
| 277 | 'peer':"Gateway address of the site", |
| 278 | 'pubkey':"RSA public key of the site", |
| 279 | } |
| 280 | def __init__(self,w): |
| 281 | level.__init__(self,w) |
| 282 | def output_data(self,w,ind,np): |
| 283 | self.indent(w,ind) |
| 284 | w.write("%s {\n"%(self.name)) |
| 285 | self.indent(w,ind+2) |
| 286 | w.write("name \"%s\";\n"%(np+self.name)) |
| 287 | self.output_props(w,ind+2) |
| 288 | self.indent(w,ind+2) |
| 289 | w.write("link netlink {\n"); |
| 290 | self.indent(w,ind+4) |
| 291 | w.write("routes %s;\n"%str(self.properties["networks"])) |
| 292 | self.indent(w,ind+4) |
| 293 | w.write("ptp-address %s;\n"%str(self.properties["peer"])) |
| 294 | self.indent(w,ind+2) |
| 295 | w.write("};\n") |
| 296 | self.indent(w,ind) |
| 297 | w.write("};\n") |
| 298 | |
| 299 | # Levels in the configuration file |
| 300 | # (depth,properties) |
| 301 | levels={'vpn':vpnlevel, 'location':locationlevel, 'site':sitelevel} |
| 302 | |
| 303 | # Reserved vpn/location/site names |
| 304 | reserved={'all-sites':None} |
| 305 | reserved.update(keywords) |
| 306 | reserved.update(levels) |
| 307 | |
| 308 | def complain(msg): |
| 309 | "Complain about a particular input line" |
| 310 | global complaints |
| 311 | print ("%s line %d: "%(file,line))+msg |
| 312 | complaints=complaints+1 |
| 313 | def moan(msg): |
| 314 | "Complain about something in general" |
| 315 | global complaints |
| 316 | print msg; |
| 317 | complaints=complaints+1 |
| 318 | |
| 319 | root=level(['root','root']) # All vpns are children of this node |
| 320 | obstack=[root] |
| 321 | allow_defs=0 # Level above which new definitions are permitted |
| 322 | prefix='' |
| 323 | |
| 324 | def set_property(obj,w): |
| 325 | "Set a property on a configuration node" |
| 326 | if obj.properties.has_key(w[0]): |
| 327 | complain("%s %s already has property %s defined"% |
| 328 | (obj.type,obj.name,w[0])) |
| 329 | else: |
| 330 | obj.properties[w[0]]=keywords[w[0]][0](w) |
| 331 | |
| 332 | def pline(i,allow_include=False): |
| 333 | "Process a configuration file line" |
| 334 | global allow_defs, obstack, root |
| 335 | w=string.split(i.rstrip('\n')) |
| 336 | if len(w)==0: return [i] |
| 337 | keyword=w[0] |
| 338 | current=obstack[len(obstack)-1] |
| 339 | if keyword=='end-definitions': |
| 340 | allow_defs=sitelevel.depth |
| 341 | obstack=[root] |
| 342 | return [i] |
| 343 | if keyword=='include': |
| 344 | if not allow_include: |
| 345 | complain("include not permitted here") |
| 346 | return [] |
| 347 | if len(w) != 2: |
| 348 | complain("include requires one argument") |
| 349 | return [] |
| 350 | newfile=os.path.join(os.path.dirname(file),w[1]) |
| 351 | return pfilepath(newfile,allow_include=allow_include) |
| 352 | if levels.has_key(keyword): |
| 353 | # We may go up any number of levels, but only down by one |
| 354 | newdepth=levels[keyword].depth |
| 355 | currentdepth=len(obstack) # actually +1... |
| 356 | if newdepth<=currentdepth: |
| 357 | obstack=obstack[:newdepth] |
| 358 | if newdepth>currentdepth: |
| 359 | complain("May not go from level %d to level %d"% |
| 360 | (currentdepth-1,newdepth)) |
| 361 | # See if it's a new one (and whether that's permitted) |
| 362 | # or an existing one |
| 363 | current=obstack[len(obstack)-1] |
| 364 | if current.children.has_key(w[1]): |
| 365 | # Not new |
| 366 | current=current.children[w[1]] |
| 367 | if service and group and current.depth==2: |
| 368 | if group!=current.group: |
| 369 | complain("Incorrect group!") |
| 370 | else: |
| 371 | # New |
| 372 | # Ignore depth check for now |
| 373 | nl=levels[keyword](w) |
| 374 | if nl.depth<allow_defs: |
| 375 | complain("New definitions not allowed at " |
| 376 | "level %d"%nl.depth) |
| 377 | # we risk crashing if we continue |
| 378 | sys.exit(1) |
| 379 | current.children[w[1]]=nl |
| 380 | current=nl |
| 381 | obstack.append(current) |
| 382 | return [i] |
| 383 | if not current.allow_properties.has_key(keyword): |
| 384 | complain("Property %s not allowed at %s level"% |
| 385 | (keyword,current.type)) |
| 386 | return [] |
| 387 | elif current.depth == vpnlevel.depth < allow_defs: |
| 388 | complain("Not allowed to set VPN properties here") |
| 389 | return [] |
| 390 | else: |
| 391 | set_property(current,w) |
| 392 | return [i] |
| 393 | |
| 394 | complain("unknown keyword '%s'"%(keyword)) |
| 395 | |
| 396 | def pfilepath(pathname,allow_include=False): |
| 397 | f=open(pathname) |
| 398 | outlines=pfile(pathname,f.readlines(),allow_include=allow_include) |
| 399 | f.close() |
| 400 | return outlines |
| 401 | |
| 402 | def pfile(name,lines,allow_include=False): |
| 403 | "Process a file" |
| 404 | global file,line |
| 405 | file=name |
| 406 | line=0 |
| 407 | outlines=[] |
| 408 | for i in lines: |
| 409 | line=line+1 |
| 410 | if (i[0]=='#'): continue |
| 411 | outlines += pline(i,allow_include=allow_include) |
| 412 | return outlines |
| 413 | |
| 414 | def outputsites(w): |
| 415 | "Output include file for secnet configuration" |
| 416 | w.write("# secnet sites file autogenerated by make-secnet-sites " |
| 417 | +"version %s\n"%VERSION) |
| 418 | w.write("# %s\n"%time.asctime(time.localtime(time.time()))) |
| 419 | w.write("# Command line: %s\n\n"%string.join(sys.argv)) |
| 420 | |
| 421 | # Raw VPN data section of file |
| 422 | w.write(prefix+"vpn-data {\n") |
| 423 | for i in root.children.values(): |
| 424 | i.output_data(w,2,"") |
| 425 | w.write("};\n") |
| 426 | |
| 427 | # Per-VPN flattened lists |
| 428 | w.write(prefix+"vpn {\n") |
| 429 | for i in root.children.values(): |
| 430 | i.output_vpnflat(w,2,prefix+"vpn-data") |
| 431 | w.write("};\n") |
| 432 | |
| 433 | # Flattened list of sites |
| 434 | w.write(prefix+"all-sites %s;\n"%string.join( |
| 435 | map(lambda x:"%svpn/%s/all-sites"%(prefix,x), |
| 436 | root.children.keys()),",")) |
| 437 | |
| 438 | # Are we being invoked from userv? |
| 439 | service=0 |
| 440 | # If we are, which group does the caller want to modify? |
| 441 | group=None |
| 442 | |
| 443 | line=0 |
| 444 | file=None |
| 445 | complaints=0 |
| 446 | |
| 447 | if len(sys.argv)<2: |
| 448 | pfile("stdin",sys.stdin.readlines()) |
| 449 | of=sys.stdout |
| 450 | else: |
| 451 | if sys.argv[1]=='-u': |
| 452 | if len(sys.argv)!=6: |
| 453 | print "Wrong number of arguments" |
| 454 | sys.exit(1) |
| 455 | service=1 |
| 456 | header=sys.argv[2] |
| 457 | groupfiledir=sys.argv[3] |
| 458 | sitesfile=sys.argv[4] |
| 459 | group=sys.argv[5] |
| 460 | if not os.environ.has_key("USERV_USER"): |
| 461 | print "Environment variable USERV_USER not found" |
| 462 | sys.exit(1) |
| 463 | user=os.environ["USERV_USER"] |
| 464 | # Check that group is in USERV_GROUP |
| 465 | if not os.environ.has_key("USERV_GROUP"): |
| 466 | print "Environment variable USERV_GROUP not found" |
| 467 | sys.exit(1) |
| 468 | ugs=os.environ["USERV_GROUP"] |
| 469 | ok=0 |
| 470 | for i in string.split(ugs): |
| 471 | if group==i: ok=1 |
| 472 | if not ok: |
| 473 | print "caller not in group %s"%group |
| 474 | sys.exit(1) |
| 475 | headerinput=pfilepath(header,allow_include=True) |
| 476 | userinput=sys.stdin.readlines() |
| 477 | pfile("user input",userinput) |
| 478 | else: |
| 479 | if sys.argv[1]=='-P': |
| 480 | prefix=sys.argv[2] |
| 481 | sys.argv[1:3]=[] |
| 482 | if len(sys.argv)>3: |
| 483 | print "Too many arguments" |
| 484 | sys.exit(1) |
| 485 | pfilepath(sys.argv[1]) |
| 486 | of=sys.stdout |
| 487 | if len(sys.argv)>2: |
| 488 | of=open(sys.argv[2],'w') |
| 489 | |
| 490 | # Sanity check section |
| 491 | # Delete nodes where leaf=0 that have no children |
| 492 | |
| 493 | def live(n): |
| 494 | "Number of leafnodes below node n" |
| 495 | if n.leaf: return 1 |
| 496 | for i in n.children.keys(): |
| 497 | if live(n.children[i]): return 1 |
| 498 | return 0 |
| 499 | def delempty(n): |
| 500 | "Delete nodes that have no leafnode children" |
| 501 | for i in n.children.keys(): |
| 502 | delempty(n.children[i]) |
| 503 | if not live(n.children[i]): |
| 504 | del n.children[i] |
| 505 | delempty(root) |
| 506 | |
| 507 | # Check that all constraints are met (as far as I can tell |
| 508 | # restrict-nets/networks/peer are the only special cases) |
| 509 | |
| 510 | def checkconstraints(n,p,ra): |
| 511 | new_p=p.copy() |
| 512 | new_p.update(n.properties) |
| 513 | for i in n.require_properties.keys(): |
| 514 | if not new_p.has_key(i): |
| 515 | moan("%s %s is missing property %s"% |
| 516 | (n.type,n.name,i)) |
| 517 | for i in new_p.keys(): |
| 518 | if not n.allow_properties.has_key(i): |
| 519 | moan("%s %s has forbidden property %s"% |
| 520 | (n.type,n.name,i)) |
| 521 | # Check address range restrictions |
| 522 | if n.properties.has_key("restrict-nets"): |
| 523 | new_ra=ra.intersection(n.properties["restrict-nets"].set) |
| 524 | else: |
| 525 | new_ra=ra |
| 526 | if n.properties.has_key("networks"): |
| 527 | if not n.properties["networks"].set <= new_ra: |
| 528 | moan("%s %s networks out of bounds"%(n.type,n.name)) |
| 529 | if n.properties.has_key("peer"): |
| 530 | if not n.properties["networks"].set.contains( |
| 531 | n.properties["peer"].addr): |
| 532 | moan("%s %s peer not in networks"%(n.type,n.name)) |
| 533 | for i in n.children.keys(): |
| 534 | checkconstraints(n.children[i],new_p,new_ra) |
| 535 | |
| 536 | checkconstraints(root,{},ipaddrset.complete_set()) |
| 537 | |
| 538 | if complaints>0: |
| 539 | if complaints==1: print "There was 1 problem." |
| 540 | else: print "There were %d problems."%(complaints) |
| 541 | sys.exit(1) |
| 542 | |
| 543 | if service: |
| 544 | # Put the user's input into their group file, and rebuild the main |
| 545 | # sites file |
| 546 | f=open(groupfiledir+"/T"+group,'w') |
| 547 | f.write("# Section submitted by user %s, %s\n"% |
| 548 | (user,time.asctime(time.localtime(time.time())))) |
| 549 | f.write("# Checked by make-secnet-sites version %s\n\n"%VERSION) |
| 550 | for i in userinput: f.write(i) |
| 551 | f.write("\n") |
| 552 | f.close() |
| 553 | os.rename(groupfiledir+"/T"+group,groupfiledir+"/R"+group) |
| 554 | f=open(sitesfile+"-tmp",'w') |
| 555 | f.write("# sites file autogenerated by make-secnet-sites\n") |
| 556 | f.write("# generated %s, invoked by %s\n"% |
| 557 | (time.asctime(time.localtime(time.time())),user)) |
| 558 | f.write("# use make-secnet-sites to turn this file into a\n") |
| 559 | f.write("# valid /etc/secnet/sites.conf file\n\n") |
| 560 | for i in headerinput: f.write(i) |
| 561 | files=os.listdir(groupfiledir) |
| 562 | for i in files: |
| 563 | if i[0]=='R': |
| 564 | j=open(groupfiledir+"/"+i) |
| 565 | f.write(j.read()) |
| 566 | j.close() |
| 567 | f.write("# end of sites file\n") |
| 568 | f.close() |
| 569 | os.rename(sitesfile+"-tmp",sitesfile) |
| 570 | else: |
| 571 | outputsites(of) |