[augeas-devel] [PATCH] Add OpenVPN lens and associated test
Raphael Pinson
raphink at gmail.com
Tue Aug 26 13:07:43 UTC 2008
# HG changeset patch
# User Raphael Pinson <raphink at gmail.com>
# Date 1219756015 -7200
# Node ID dce2521115ff34ad35f06a60c3234dffc6b7be77
# Parent f58164c15e84bb9ec1e6b7b4132be6e56c8cd001
Add OpenVPN lens and associated test
diff -r f58164c15e84 -r dce2521115ff lenses/openvpn.aug
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lenses/openvpn.aug Tue Aug 26 15:06:55 2008 +0200
@@ -0,0 +1,184 @@
+(* Parsing /etc/openvpn/openvpn.conf *)
+
+module OpenVPN =
+autoload xfm
+
+let sep = Util.del_ws_spc
+let sep_dquote = Util.del_str "\""
+let eol = Util.eol
+let indent = Util.indent
+
+let ip_re = /[0-9\.]+/
+let num_re = /[0-9]+/
+let fn_re = /[^#; \t\n][^#;\n]*[^#; \t\n]|[^#; \t\n]/
+let an_re = /[a-z][a-z0-9_-]*/
+
+let ip = store ip_re
+let num = store num_re
+let filename = store fn_re
+
+let sto_to_dquote = store /[^"\n]+/
+
+let comment = [ indent . label "#comment"
+ . del /[;#][ \t]*/ "# "
+ . store /([^ \t\n].*[^ \t\n]|[^ \t\n])/
+ . eol ]
+
+let empty = Util.empty
+
+
+(* Single values
+ - local => IP
+ - port => num
+ - proto => tcp|udp
+ - dev => (tun|tap)\d*
+ - dev-node => MyTap
+ - ca => filename
+ - cert => filename
+ - key => filename
+ - dh => filename
+ - ifconfig-pool-persist => filename
+ - learn-address => filename
+ - cipher => [A-Z0-9-]+
+ - max-clients => num
+ - user => alphanum
+ - group => alphanum
+ - status => filename
+ - log => filename
+ - log-append => filename
+ - verb => num
+ - mute => num
+ - ns-cert-type => "server"
+ - resolv-retry => "infinite"
+*)
+let single_ip = "local"
+let single_num = "port"
+ | "max-clients"
+ | "verb"
+ | "mute"
+let single_fn = "ca"
+ | "cert"
+ | "key"
+ | "dh"
+ | "ifconfig-pool-persist"
+ | "learn-address"
+ | "status"
+ | "log"
+ | "log-append"
+let single_an = "user"
+ | "group"
+
+
+let single_entry (kw:regexp) (re:regexp)
+ = [ key kw . sep . store re . (eol|comment) ]
+
+let single = single_entry single_num num_re
+ | single_entry single_fn fn_re
+ | single_entry single_an an_re
+ | single_entry "local" ip_re
+ | single_entry "proto" /(tcp|udp)/
+ | single_entry "dev" /(tun|tap)[0-9]*/
+ | single_entry "dev-node" "MyTap"
+ | single_entry "cipher" /[A-Z][A-Z0-9-]*/
+ | single_entry "ns-cert-type" "server"
+ | single_entry "resolv-retry" "infinite"
+
+(* Flags
+ - client-to-client
+ - duplicate-cn
+ - comp-lzo
+ - persist-key
+ - persist-tun
+ - client
+ - remote-random
+ - nobind
+ - mute-replay-warnings
+ - http-proxy-retry
+*)
+
+let flag_words = "client-to-client"
+ | "duplicate-cn"
+ | "comp-lzo"
+ | "persist-key"
+ | "persist-tun"
+ | "client"
+ | "remote-random"
+ | "nobind"
+ | "mute-replay-warnings"
+ | "http-proxy-retry"
+
+let flag_entry (kw:regexp)
+ = [ key kw . (eol|comment) ]
+
+let flag = flag_entry flag_words
+
+
+(* Others
+ - server => IP IP
+ - server-bridge => IP IP IP IP
+ - push => "string"
+ - keepalive => num num
+ - tls-auth => filename [01]
+ - remote => hostname/IP num
+*)
+
+let server = [ key "server" . sep
+ . [ label "address" . ip ] . sep
+ . [ label "netmask" . ip ] . (eol|comment)
+ ]
+
+let server_bridge = [ key "server-bridge" . sep
+ . [ label "address" . ip ] . sep
+ . [ label "netmask" . ip ] . sep
+ . [ label "start" . ip ] . sep
+ . [ label "end" . ip ] . (eol|comment)
+ ]
+
+let push = [ key "push" . sep
+ . sep_dquote
+ . sto_to_dquote
+ . sep_dquote
+ . (eol|comment)
+ ]
+
+let keepalive = [ key "keepalive" . sep
+ . [ label "ping" . num ] . sep
+ . [ label "timeout" . num ] . (eol|comment)
+ ]
+
+let tls_auth = [ key "tls-auth" . sep
+ . [ label "key" . filename ] . sep
+ . [ label "is_client" . store /[01]/ ] . (eol|comment)
+ ]
+
+let remote = [ key "remote" . sep
+ . [ label "server" . filename ] . sep
+ . [ label "port" . num ] . (eol|comment)
+ ]
+
+let http_proxy = [ key "http-proxy" .
+ ( sep . [ label "server" . store /[A-Za-z0-9\._-]+/ ] .
+ ( sep . [ label "port" . num ] )? )?
+ . (eol|comment)
+ ]
+
+let other = server
+ | server_bridge
+ | push
+ | keepalive
+ | tls_auth
+ | remote
+ | http_proxy
+
+
+(* Define lens *)
+
+let lns = (comment|empty|single|flag|other)*
+
+let xfm = transform lns (incl "/etc/openvpn/openvpn.conf")
+
+(* Local Variables: *)
+(* mode: caml *)
+(* End: *)
+
+
diff -r f58164c15e84 -r dce2521115ff lenses/tests/test_openvpn.aug
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lenses/tests/test_openvpn.aug Tue Aug 26 15:06:55 2008 +0200
@@ -0,0 +1,143 @@
+
+module Test_OpenVPN =
+
+let server_conf = "
+local 10.0.5.20
+port 1194
+# TCP or UDP server?
+proto udp
+;dev tap
+dev tun
+
+dev-node MyTap
+ca ca.crt
+cert server.crt
+key server.key # This file should be kept secret
+
+# Diffie hellman parameters.
+dh dh1024.pem
+
+server 10.8.0.0 255.255.255.0
+ifconfig-pool-persist ipp.txt
+
+server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+push \"route 192.168.10.0 255.255.255.0\"
+learn-address ./script
+push \"redirect-gateway\"
+push \"dhcp-option DNS 10.8.0.1\"
+push \"dhcp-option WINS 10.8.0.1\"
+client-to-client
+duplicate-cn
+keepalive 10 120
+tls-auth ta.key 0 # This file is secret
+cipher BF-CBC # Blowfish (default)
+;cipher AES-128-CBC # AES
+;cipher DES-EDE3-CBC # Triple-DES
+comp-lzo
+max-clients 100
+user nobody
+group nobody
+persist-key
+persist-tun
+status openvpn-status.log
+log openvpn.log
+log-append openvpn.log
+verb 3
+mute 20
+"
+
+test OpenVPN.lns get server_conf =
+ {}
+ { "local" = "10.0.5.20" }
+ { "port" = "1194" }
+ { "#comment" = "TCP or UDP server?" }
+ { "proto" = "udp" }
+ { "#comment" = "dev tap" }
+ { "dev" = "tun" }
+ {}
+ { "dev-node" = "MyTap" }
+ { "ca" = "ca.crt" }
+ { "cert" = "server.crt" }
+ { "key" = "server.key"
+ { "#comment" = "This file should be kept secret" } }
+ {}
+ { "#comment" = "Diffie hellman parameters." }
+ { "dh" = "dh1024.pem" }
+ {}
+ { "server"
+ { "address" = "10.8.0.0" }
+ { "netmask" = "255.255.255.0" } }
+ { "ifconfig-pool-persist" = "ipp.txt" }
+ {}
+ { "server-bridge"
+ { "address" = "10.8.0.4" }
+ { "netmask" = "255.255.255.0" }
+ { "start" = "10.8.0.50" }
+ { "end" = "10.8.0.100" } }
+ { "push" = "route 192.168.10.0 255.255.255.0" }
+ { "learn-address" = "./script" }
+ { "push" = "redirect-gateway" }
+ { "push" = "dhcp-option DNS 10.8.0.1" }
+ { "push" = "dhcp-option WINS 10.8.0.1" }
+ { "client-to-client" }
+ { "duplicate-cn" }
+ { "keepalive"
+ { "ping" = "10" }
+ { "timeout" = "120" } }
+ { "tls-auth"
+ { "key" = "ta.key" }
+ { "is_client" = "0" }
+ { "#comment" = "This file is secret" } }
+ { "cipher" = "BF-CBC"
+ { "#comment" = "Blowfish (default)" } }
+ { "#comment" = "cipher AES-128-CBC # AES" }
+ { "#comment" = "cipher DES-EDE3-CBC # Triple-DES" }
+ { "comp-lzo" }
+ { "max-clients" = "100" }
+ { "user" = "nobody" }
+ { "group" = "nobody" }
+ { "persist-key" }
+ { "persist-tun" }
+ { "status" = "openvpn-status.log" }
+ { "log" = "openvpn.log" }
+ { "log-append" = "openvpn.log" }
+ { "verb" = "3" }
+ { "mute" = "20" }
+
+
+
+let client_conf = "
+client
+remote my-server-1 1194
+;remote my-server-2 1194
+remote-random
+resolv-retry infinite
+nobind
+http-proxy-retry # retry on connection failures
+http-proxy mytest 1024
+http-proxy mytest2
+http-proxy
+mute-replay-warnings
+ns-cert-type server
+"
+
+test OpenVPN.lns get client_conf =
+ {}
+ { "client" }
+ { "remote"
+ { "server" = "my-server-1" }
+ { "port" = "1194" } }
+ { "#comment" = "remote my-server-2 1194" }
+ { "remote-random" }
+ { "resolv-retry" = "infinite" }
+ { "nobind" }
+ { "http-proxy-retry"
+ { "#comment" = "retry on connection failures" } }
+ { "http-proxy"
+ { "server" = "mytest" }
+ { "port" = "1024" } }
+ { "http-proxy"
+ { "server" = "mytest2" } }
+ { "http-proxy" }
+ { "mute-replay-warnings" }
+ { "ns-cert-type" = "server" }
More information about the augeas-devel
mailing list