X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/21fd3a92a61d31ce848177c0049cb6eb39963161..1fc8a4acb3ef658696038c9c4bd3c155fbc27ac3:/make-secnet-sites diff --git a/make-secnet-sites b/make-secnet-sites index 966bb77..a7f14de 100755 --- a/make-secnet-sites +++ b/make-secnet-sites @@ -1,19 +1,21 @@ #! /usr/bin/env python -# Copyright (C) 2001-2002 Stephen Early # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# This file is part of secnet. +# See README for full list of copyright holders. +# +# secnet is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version d of the License, or # (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# secnet is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# version 3 along with secnet; if not, see +# https://www.gnu.org/licenses/gpl.html. """VPN sites file manipulation. @@ -56,11 +58,12 @@ import os import getopt import re -# The ipaddr library is installed as part of secnet -sys.path.append("/usr/local/share/secnet") -sys.path.append("/usr/share/secnet") import ipaddr +sys.path.insert(0,"/usr/local/share/secnet") +sys.path.insert(0,"/usr/share/secnet") +import ipaddrset + VERSION="0.1.18" # Classes describing possible datatypes in the configuration file @@ -68,22 +71,19 @@ VERSION="0.1.18" class single_ipaddr: "An IP address" def __init__(self,w): - self.addr=ipaddr.ipaddr(w[1]) + self.addr=ipaddr.IPAddress(w[1]) def __str__(self): - return '"%s"'%self.addr.ip_str() + return '"%s"'%self.addr class networks: "A set of IP addresses specified as a list of networks" def __init__(self,w): - self.set=ipaddr.ip_set() + self.set=ipaddrset.IPAddressSet() for i in w[1:]: - x=string.split(i,"/") - self.set.append(ipaddr.network(x[0],x[1], - ipaddr.DEMAND_NETWORK)) + x=ipaddr.IPNetwork(i,strict=True) + self.set.append([x]) def __str__(self): - return string.join(map(lambda x:'"%s/%s"'%(x.ip_str(), - x.mask.netmask_bits_str), - self.set.as_list_of_networks()),",") + return ",".join(map((lambda n: '"%s"'%n), self.set.networks())) class dhgroup: "A Diffie-Hellman group" @@ -522,13 +522,7 @@ def checkconstraints(n,p,ra): else: new_ra=ra if n.properties.has_key("networks"): - # I'd like to do this: - # n.properties["networks"].set.is_subset(new_ra) - # but there isn't an is_subset() method - # Instead we see if we intersect with the complement of new_ra - rac=new_ra.complement() - i=rac.intersection(n.properties["networks"].set) - if not i.is_empty(): + if not n.properties["networks"].set <= new_ra: moan("%s %s networks out of bounds"%(n.type,n.name)) if n.properties.has_key("peer"): if not n.properties["networks"].set.contains( @@ -537,7 +531,7 @@ def checkconstraints(n,p,ra): for i in n.children.keys(): checkconstraints(n.children[i],new_p,new_ra) -checkconstraints(root,{},ipaddr.complete_set) +checkconstraints(root,{},ipaddrset.complete_set()) if complaints>0: if complaints==1: print "There was 1 problem."