lenses/openvpn.aug

   1 (* OpenVPN module for Augeas
   2  Author: Raphael Pinson <raphink@gmail.com>
   3
   4  Reference: http://openvpn.net/index.php/documentation/howto.html
   5 *)
   6
   7
   8 module OpenVPN =
   9   autoload xfm
  10
  11 (************************************************************************
  12  *                           USEFUL PRIMITIVES
  13  *************************************************************************)
  14
  15 let eol    = Util.eol
  16 let indent = Util.indent
  17
  18 (* Define separators *)
  19 let sep    = Util.del_ws_spc
  20 let sep_dquote = Util.del_str "\""
  21
  22 (* Define value regexps *)
  23 let ip_re  = Rx.ipv4
  24 let num_re = Rx.integer
  25 let fn_re  = /[^#; \t\n][^#;\n]*[^#; \t\n]|[^#; \t\n]/
  26 let an_re  = /[a-z][a-z0-9_-]*/
  27
  28 (* Define store aliases *)
  29 let ip     = store ip_re
  30 let num    = store num_re
  31 let filename = store fn_re
  32 let sto_to_dquote = store /[^"\n]+/   (* " Emacs, relax *)
  33
  34 (* define comments and empty lines *)
  35 let comment = Util.comment_generic /[ \t]*[;#][ \t]*/ "# "
  36 let comment_or_eol = eol | Util.comment_generic /[ \t]*[;#][ \t]*/ " # "
  37
  38 let empty   = Util.empty
  39
  40
  41 (************************************************************************
  42  *                               SINGLE VALUES
  43  *
  44  *   - local => IP
  45  *   - port  => num
  46  *   - proto => tcp|udp
  47  *   - dev   => (tun|tap)\d*
  48  *   - dev-node => MyTap
  49  *   - ca    => filename
  50  *   - cert  => filename
  51  *   - key   => filename
  52  *   - dh    => filename
  53  *   - ifconfig-pool-persist => filename
  54  *   - learn-address => filename
  55  *   - cipher => [A-Z0-9-]+
  56  *   - max-clients => num
  57  *   - user  => alphanum
  58  *   - group => alphanum
  59  *   - status => filename
  60  *   - log   => filename
  61  *   - log-append => filename
  62  *   - verb => num
  63  *   - mute => num
  64  *   - ns-cert-type => "server"
  65  *   - resolv-retry => "infinite"
  66  *************************************************************************)
  67
  68 let single_ip  = "local"
  69 let single_num = "port"
  70                | "max-clients"
  71                | "verb"
  72                | "mute"
  73 let single_fn  = "ca"
  74                | "cert"
  75                | "key"
  76                | "dh"
  77                | "ifconfig-pool-persist"
  78                | "learn-address"
  79                | "status"
  80                | "log"
  81                | "log-append"
  82 let single_an  = "user"
  83                | "group"
  84
  85
  86 let single_entry (kw:regexp) (re:regexp)
  87                = [ key kw . sep . store re . comment_or_eol ]
  88
  89 let single     = single_entry single_num num_re
  90                | single_entry single_fn  fn_re
  91                | single_entry single_an  an_re
  92                | single_entry "local"    ip_re
  93                | single_entry "proto"    /(tcp|udp)/
  94                | single_entry "dev"      /(tun|tap)[0-9]*/
  95                | single_entry "dev-node" "MyTap"
  96                | single_entry "cipher"   /[A-Z][A-Z0-9-]*/
  97                | single_entry "ns-cert-type" "server"
  98                | single_entry "resolv-retry" "infinite"
  99
 100
 101 (************************************************************************
 102  *                               FLAGS
 103  *
 104  *   - client-to-client
 105  *   - duplicate-cn
 106  *   - comp-lzo
 107  *   - persist-key
 108  *   - persist-tun
 109  *   - client
 110  *   - remote-random
 111  *   - nobind
 112  *   - mute-replay-warnings
 113  *   - http-proxy-retry
 114  *************************************************************************)
 115
 116 let flag_words = "client-to-client"
 117                | "duplicate-cn"
 118                | "comp-lzo"
 119                | "persist-key"
 120                | "persist-tun"
 121                | "client"
 122                | "remote-random"
 123                | "nobind"
 124                | "mute-replay-warnings"
 125                | "http-proxy-retry"
 126
 127 let flag_entry (kw:regexp)
 128                = [ key kw . comment_or_eol ]
 129
 130 let flag       = flag_entry flag_words
 131
 132
 133 (************************************************************************
 134  *                               OTHER FIELDS
 135  *
 136  *   - server        => IP IP
 137  *   - server-bridge => IP IP IP IP
 138  *   - push          => "string"
 139  *   - keepalive     => num num
 140  *   - tls-auth      => filename [01]
 141  *   - remote        => hostname/IP num
 142  *************************************************************************)
 143
 144 let server        = [ key "server" . sep
 145                     . [ label "address" . ip ] . sep
 146                     . [ label "netmask" . ip ] . comment_or_eol
 147                     ]
 148
 149 let server_bridge = [ key "server-bridge" . sep
 150                     . [ label "address" . ip ] . sep
 151                     . [ label "netmask" . ip ] . sep
 152                     . [ label "start"   . ip ] . sep
 153                     . [ label "end"     . ip ] . comment_or_eol
 154                     ]
 155
 156 let push          = [ key "push" . sep
 157                     . sep_dquote
 158                     . sto_to_dquote
 159                     . sep_dquote
 160                     . comment_or_eol
 161                     ]
 162
 163 let keepalive     = [ key "keepalive" . sep
 164                     . [ label "ping"    . num ] . sep
 165                     . [ label "timeout" . num ] . comment_or_eol
 166                     ]
 167
 168 let tls_auth      = [ key "tls-auth" . sep
 169                     . [ label "key"       . filename     ] . sep
 170                     . [ label "is_client" . store /[01]/ ] . comment_or_eol
 171                     ]
 172
 173 let remote        = [ key "remote" . sep
 174                     . [ label "server" . filename ] . sep
 175                     . [ label "port"   . num      ] . comment_or_eol
 176                     ]
 177
 178 let http_proxy    = [ key "http-proxy" .
 179                     ( sep . [ label "server" . store /[A-Za-z0-9\._-]+/ ] .
 180                     ( sep . [ label "port"   . num      ] )? )?
 181                     . comment_or_eol
 182                     ]
 183
 184 let other         = server
 185                   | server_bridge
 186                   | push
 187                   | keepalive
 188                   | tls_auth
 189                   | remote
 190                   | http_proxy
 191
 192
 193 (************************************************************************
 194  *                              LENS & FILTER
 195  *************************************************************************)
 196
 197 let lns    = ( comment | empty | single | flag | other )*
 198
 199 let filter = (incl "/etc/openvpn/client.conf")
 200            . (incl "/etc/openvpn/server.conf")
 201
 202 let xfm = transform lns filter
 203
 204
 205