1 (* OpenVPN module for Augeas
2 Author: Raphael Pinson <raphink@gmail.com>
4 Reference: http://openvpn.net/index.php/documentation/howto.html
11 (************************************************************************
13 *************************************************************************)
16 let indent = Util.indent
18 (* Define separators *)
19 let sep = Util.del_ws_spc
20 let sep_dquote = Util.del_str "\""
22 (* Define value regexps *)
24 let num_re = Rx.integer
25 let fn_re = /[^#; \t\n][^#;\n]*[^#; \t\n]|[^#; \t\n]/
26 let an_re = /[a-z][a-z0-9_-]*/
28 (* Define store aliases *)
30 let num = store num_re
31 let filename = store fn_re
32 let sto_to_dquote = store /[^"\n]+/ (* " Emacs, relax *)
34 (* define comments and empty lines *)
35 let comment = Util.comment_generic /[ \t]*[;#][ \t]*/ "# "
36 let comment_or_eol = eol | Util.comment_generic /[ \t]*[;#][ \t]*/ " # "
38 let empty = Util.empty
41 (************************************************************************
47 * - dev => (tun|tap)\d*
53 * - ifconfig-pool-persist => filename
54 * - learn-address => filename
55 * - cipher => [A-Z0-9-]+
56 * - max-clients => num
59 * - status => filename
61 * - log-append => filename
64 * - ns-cert-type => "server"
65 * - resolv-retry => "infinite"
66 *************************************************************************)
68 let single_ip = "local"
69 let single_num = "port"
77 | "ifconfig-pool-persist"
82 let single_an = "user"
86 let single_entry (kw:regexp) (re:regexp)
87 = [ key kw . sep . store re . comment_or_eol ]
89 let single = single_entry single_num num_re
90 | single_entry single_fn fn_re
91 | single_entry single_an an_re
92 | single_entry "local" ip_re
93 | single_entry "proto" /(tcp|udp)/
94 | single_entry "dev" /(tun|tap)[0-9]*/
95 | single_entry "dev-node" "MyTap"
96 | single_entry "cipher" /[A-Z][A-Z0-9-]*/
97 | single_entry "ns-cert-type" "server"
98 | single_entry "resolv-retry" "infinite"
101 (************************************************************************
112 * - mute-replay-warnings
114 *************************************************************************)
116 let flag_words = "client-to-client"
124 | "mute-replay-warnings"
127 let flag_entry (kw:regexp)
128 = [ key kw . comment_or_eol ]
130 let flag = flag_entry flag_words
133 (************************************************************************
137 * - server-bridge => IP IP IP IP
139 * - keepalive => num num
140 * - tls-auth => filename [01]
141 * - remote => hostname/IP num
142 *************************************************************************)
144 let server = [ key "server" . sep
145 . [ label "address" . ip ] . sep
146 . [ label "netmask" . ip ] . comment_or_eol
149 let server_bridge = [ key "server-bridge" . sep
150 . [ label "address" . ip ] . sep
151 . [ label "netmask" . ip ] . sep
152 . [ label "start" . ip ] . sep
153 . [ label "end" . ip ] . comment_or_eol
156 let push = [ key "push" . sep
163 let keepalive = [ key "keepalive" . sep
164 . [ label "ping" . num ] . sep
165 . [ label "timeout" . num ] . comment_or_eol
168 let tls_auth = [ key "tls-auth" . sep
169 . [ label "key" . filename ] . sep
170 . [ label "is_client" . store /[01]/ ] . comment_or_eol
173 let remote = [ key "remote" . sep
174 . [ label "server" . filename ] . sep
175 . [ label "port" . num ] . comment_or_eol
178 let http_proxy = [ key "http-proxy" .
179 ( sep . [ label "server" . store /[A-Za-z0-9\._-]+/ ] .
180 ( sep . [ label "port" . num ] )? )?
193 (************************************************************************
195 *************************************************************************)
197 let lns = ( comment | empty | single | flag | other )*
199 let filter = (incl "/etc/openvpn/client.conf")
200 . (incl "/etc/openvpn/server.conf")
202 let xfm = transform lns filter