[augeas-devel] [PATCH] Add OpenVPN lens and associated test
Raphaël Pinson
raphink at gmail.com
Tue Aug 26 13:08:42 UTC 2008
Ooops, don't commit this, there's a few mistakes here and there :(
On Tue, Aug 26, 2008 at 3:07 PM, Raphael Pinson <raphink at gmail.com> wrote:
> # HG changeset patch
> # User Raphael Pinson <raphink at gmail.com>
> # Date 1219756015 -7200
> # Node ID dce2521115ff34ad35f06a60c3234dffc6b7be77
> # Parent f58164c15e84bb9ec1e6b7b4132be6e56c8cd001
> Add OpenVPN lens and associated test
>
> diff -r f58164c15e84 -r dce2521115ff lenses/openvpn.aug
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/lenses/openvpn.aug Tue Aug 26 15:06:55 2008 +0200
> @@ -0,0 +1,184 @@
> +(* Parsing /etc/openvpn/openvpn.conf *)
> +
> +module OpenVPN =
> +autoload xfm
> +
> +let sep = Util.del_ws_spc
> +let sep_dquote = Util.del_str "\""
> +let eol = Util.eol
> +let indent = Util.indent
> +
> +let ip_re = /[0-9\.]+/
> +let num_re = /[0-9]+/
> +let fn_re = /[^#; \t\n][^#;\n]*[^#; \t\n]|[^#; \t\n]/
> +let an_re = /[a-z][a-z0-9_-]*/
> +
> +let ip = store ip_re
> +let num = store num_re
> +let filename = store fn_re
> +
> +let sto_to_dquote = store /[^"\n]+/
> +
> +let comment = [ indent . label "#comment"
> + . del /[;#][ \t]*/ "# "
> + . store /([^ \t\n].*[^ \t\n]|[^ \t\n])/
> + . eol ]
> +
> +let empty = Util.empty
> +
> +
> +(* Single values
> + - local => IP
> + - port => num
> + - proto => tcp|udp
> + - dev => (tun|tap)\d*
> + - dev-node => MyTap
> + - ca => filename
> + - cert => filename
> + - key => filename
> + - dh => filename
> + - ifconfig-pool-persist => filename
> + - learn-address => filename
> + - cipher => [A-Z0-9-]+
> + - max-clients => num
> + - user => alphanum
> + - group => alphanum
> + - status => filename
> + - log => filename
> + - log-append => filename
> + - verb => num
> + - mute => num
> + - ns-cert-type => "server"
> + - resolv-retry => "infinite"
> +*)
> +let single_ip = "local"
> +let single_num = "port"
> + | "max-clients"
> + | "verb"
> + | "mute"
> +let single_fn = "ca"
> + | "cert"
> + | "key"
> + | "dh"
> + | "ifconfig-pool-persist"
> + | "learn-address"
> + | "status"
> + | "log"
> + | "log-append"
> +let single_an = "user"
> + | "group"
> +
> +
> +let single_entry (kw:regexp) (re:regexp)
> + = [ key kw . sep . store re . (eol|comment) ]
> +
> +let single = single_entry single_num num_re
> + | single_entry single_fn fn_re
> + | single_entry single_an an_re
> + | single_entry "local" ip_re
> + | single_entry "proto" /(tcp|udp)/
> + | single_entry "dev" /(tun|tap)[0-9]*/
> + | single_entry "dev-node" "MyTap"
> + | single_entry "cipher" /[A-Z][A-Z0-9-]*/
> + | single_entry "ns-cert-type" "server"
> + | single_entry "resolv-retry" "infinite"
> +
> +(* Flags
> + - client-to-client
> + - duplicate-cn
> + - comp-lzo
> + - persist-key
> + - persist-tun
> + - client
> + - remote-random
> + - nobind
> + - mute-replay-warnings
> + - http-proxy-retry
> +*)
> +
> +let flag_words = "client-to-client"
> + | "duplicate-cn"
> + | "comp-lzo"
> + | "persist-key"
> + | "persist-tun"
> + | "client"
> + | "remote-random"
> + | "nobind"
> + | "mute-replay-warnings"
> + | "http-proxy-retry"
> +
> +let flag_entry (kw:regexp)
> + = [ key kw . (eol|comment) ]
> +
> +let flag = flag_entry flag_words
> +
> +
> +(* Others
> + - server => IP IP
> + - server-bridge => IP IP IP IP
> + - push => "string"
> + - keepalive => num num
> + - tls-auth => filename [01]
> + - remote => hostname/IP num
> +*)
> +
> +let server = [ key "server" . sep
> + . [ label "address" . ip ] . sep
> + . [ label "netmask" . ip ] . (eol|comment)
> + ]
> +
> +let server_bridge = [ key "server-bridge" . sep
> + . [ label "address" . ip ] . sep
> + . [ label "netmask" . ip ] . sep
> + . [ label "start" . ip ] . sep
> + . [ label "end" . ip ] . (eol|comment)
> + ]
> +
> +let push = [ key "push" . sep
> + . sep_dquote
> + . sto_to_dquote
> + . sep_dquote
> + . (eol|comment)
> + ]
> +
> +let keepalive = [ key "keepalive" . sep
> + . [ label "ping" . num ] . sep
> + . [ label "timeout" . num ] . (eol|comment)
> + ]
> +
> +let tls_auth = [ key "tls-auth" . sep
> + . [ label "key" . filename ] . sep
> + . [ label "is_client" . store /[01]/ ] . (eol|comment)
> + ]
> +
> +let remote = [ key "remote" . sep
> + . [ label "server" . filename ] . sep
> + . [ label "port" . num ] . (eol|comment)
> + ]
> +
> +let http_proxy = [ key "http-proxy" .
> + ( sep . [ label "server" . store /[A-Za-z0-9\._-]+/ ]
> .
> + ( sep . [ label "port" . num ] )? )?
> + . (eol|comment)
> + ]
> +
> +let other = server
> + | server_bridge
> + | push
> + | keepalive
> + | tls_auth
> + | remote
> + | http_proxy
> +
> +
> +(* Define lens *)
> +
> +let lns = (comment|empty|single|flag|other)*
> +
> +let xfm = transform lns (incl "/etc/openvpn/openvpn.conf")
> +
> +(* Local Variables: *)
> +(* mode: caml *)
> +(* End: *)
> +
> +
> diff -r f58164c15e84 -r dce2521115ff lenses/tests/test_openvpn.aug
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/lenses/tests/test_openvpn.aug Tue Aug 26 15:06:55 2008 +0200
> @@ -0,0 +1,143 @@
> +
> +module Test_OpenVPN =
> +
> +let server_conf = "
> +local 10.0.5.20
> +port 1194
> +# TCP or UDP server?
> +proto udp
> +;dev tap
> +dev tun
> +
> +dev-node MyTap
> +ca ca.crt
> +cert server.crt
> +key server.key # This file should be kept secret
> +
> +# Diffie hellman parameters.
> +dh dh1024.pem
> +
> +server 10.8.0.0 255.255.255.0
> +ifconfig-pool-persist ipp.txt
> +
> +server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
> +push \"route 192.168.10.0 255.255.255.0\"
> +learn-address ./script
> +push \"redirect-gateway\"
> +push \"dhcp-option DNS 10.8.0.1\"
> +push \"dhcp-option WINS 10.8.0.1\"
> +client-to-client
> +duplicate-cn
> +keepalive 10 120
> +tls-auth ta.key 0 # This file is secret
> +cipher BF-CBC # Blowfish (default)
> +;cipher AES-128-CBC # AES
> +;cipher DES-EDE3-CBC # Triple-DES
> +comp-lzo
> +max-clients 100
> +user nobody
> +group nobody
> +persist-key
> +persist-tun
> +status openvpn-status.log
> +log openvpn.log
> +log-append openvpn.log
> +verb 3
> +mute 20
> +"
> +
> +test OpenVPN.lns get server_conf =
> + {}
> + { "local" = "10.0.5.20" }
> + { "port" = "1194" }
> + { "#comment" = "TCP or UDP server?" }
> + { "proto" = "udp" }
> + { "#comment" = "dev tap" }
> + { "dev" = "tun" }
> + {}
> + { "dev-node" = "MyTap" }
> + { "ca" = "ca.crt" }
> + { "cert" = "server.crt" }
> + { "key" = "server.key"
> + { "#comment" = "This file should be kept secret" } }
> + {}
> + { "#comment" = "Diffie hellman parameters." }
> + { "dh" = "dh1024.pem" }
> + {}
> + { "server"
> + { "address" = "10.8.0.0" }
> + { "netmask" = "255.255.255.0" } }
> + { "ifconfig-pool-persist" = "ipp.txt" }
> + {}
> + { "server-bridge"
> + { "address" = "10.8.0.4" }
> + { "netmask" = "255.255.255.0" }
> + { "start" = "10.8.0.50" }
> + { "end" = "10.8.0.100" } }
> + { "push" = "route 192.168.10.0 255.255.255.0" }
> + { "learn-address" = "./script" }
> + { "push" = "redirect-gateway" }
> + { "push" = "dhcp-option DNS 10.8.0.1" }
> + { "push" = "dhcp-option WINS 10.8.0.1" }
> + { "client-to-client" }
> + { "duplicate-cn" }
> + { "keepalive"
> + { "ping" = "10" }
> + { "timeout" = "120" } }
> + { "tls-auth"
> + { "key" = "ta.key" }
> + { "is_client" = "0" }
> + { "#comment" = "This file is secret" } }
> + { "cipher" = "BF-CBC"
> + { "#comment" = "Blowfish (default)" } }
> + { "#comment" = "cipher AES-128-CBC # AES" }
> + { "#comment" = "cipher DES-EDE3-CBC # Triple-DES" }
> + { "comp-lzo" }
> + { "max-clients" = "100" }
> + { "user" = "nobody" }
> + { "group" = "nobody" }
> + { "persist-key" }
> + { "persist-tun" }
> + { "status" = "openvpn-status.log" }
> + { "log" = "openvpn.log" }
> + { "log-append" = "openvpn.log" }
> + { "verb" = "3" }
> + { "mute" = "20" }
> +
> +
> +
> +let client_conf = "
> +client
> +remote my-server-1 1194
> +;remote my-server-2 1194
> +remote-random
> +resolv-retry infinite
> +nobind
> +http-proxy-retry # retry on connection failures
> +http-proxy mytest 1024
> +http-proxy mytest2
> +http-proxy
> +mute-replay-warnings
> +ns-cert-type server
> +"
> +
> +test OpenVPN.lns get client_conf =
> + {}
> + { "client" }
> + { "remote"
> + { "server" = "my-server-1" }
> + { "port" = "1194" } }
> + { "#comment" = "remote my-server-2 1194" }
> + { "remote-random" }
> + { "resolv-retry" = "infinite" }
> + { "nobind" }
> + { "http-proxy-retry"
> + { "#comment" = "retry on connection failures" } }
> + { "http-proxy"
> + { "server" = "mytest" }
> + { "port" = "1024" } }
> + { "http-proxy"
> + { "server" = "mytest2" } }
> + { "http-proxy" }
> + { "mute-replay-warnings" }
> + { "ns-cert-type" = "server" }
>
> _______________________________________________
> augeas-devel mailing list
> augeas-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/augeas-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20080826/767a1727/attachment.htm>
More information about the augeas-devel
mailing list