Commit 0ee76b06 authored by Guillaume Bury's avatar Guillaume Bury

Better handling of the connection to registry ( public/private address )

parent 66582a60
...@@ -25,6 +25,11 @@ OPTIONS : REGISTRY.PY ...@@ -25,6 +25,11 @@ OPTIONS : REGISTRY.PY
port port
The port on which the server will listen The port on which the server will listen
--private ip
Ipv6 address of the vifibnet client running on the machine. This
address will be advertised only to nodes having a valid
certificate.
--db path --db path
Path to the server Database file. A new DB file will be created Path to the server Database file. A new DB file will be created
and correctly initialized if the file doesn't exists. and correctly initialized if the file doesn't exists.
...@@ -42,6 +47,14 @@ OPTIONS : REGISTRY.PY ...@@ -42,6 +47,14 @@ OPTIONS : REGISTRY.PY
Path to the server key file. To generate a key file, see the --ca Path to the server key file. To generate a key file, see the --ca
option option
--bootstrap prefix ip port proto
Connection informations of a node given to other as a bootstrap
node to initiate connection with the network.
Prefix should be the prefix number of a node, given in binary and
with correct length. For instance the VPN address
2001:db8:42:1::/64 ( asusming a network prefix 2001:db8:42::/48 )
corresponds to a prefix 1/16 i.e 0000000000000001.
--mailhost mailhost --mailhost mailhost
Mailhost to be used to send email containing token for registration Mailhost to be used to send email containing token for registration
...@@ -123,13 +136,10 @@ OPTIONS : VIFIBNET.PY ...@@ -123,13 +136,10 @@ OPTIONS : VIFIBNET.PY
This parameter is also given to openvpn and babel for their log. This parameter is also given to openvpn and babel for their log.
Default : 0 Default : 0
--server address --registry address
Ip address of the peer discovery server. SHOULD be an ipv6 address Complete publi ( reachable from the internet ) address of the machine
belonging to the VPN network, as the server only allows requests running a registry. Will be used to get the pirvate address of the
from inside the VPN (feature not used now for debugging purposes) registry and/or bootstrap peers
--server-port port
Port number on the peer discovery server to which we connect
--hello duration --hello duration
Set hello interval, in seconds, for both wired and wireless Set hello interval, in seconds, for both wired and wireless
......
...@@ -5,75 +5,91 @@ import utils ...@@ -5,75 +5,91 @@ import utils
class PeerManager: class PeerManager:
# internal ip = temp arg/attribute # internal ip = temp arg/attribute
def __init__(self, db_dir_path, server, server_port, refresh_time, address, def __init__(self, db_dir_path, registry, key_path, refresh_time, address,
internal_ip, prefix, manual, pp , db_size): internal_ip, prefix, manual, pp , db_size):
self._refresh_time = refresh_time self._refresh_time = refresh_time
self._address = address self._address = address
self._internal_ip = internal_ip self._internal_ip = internal_ip
self._prefix = prefix self._prefix = prefix
self._server = server
self._server_port = server_port
self._db_size = db_size self._db_size = db_size
self._registry = registry
self._key_path = key_path
self._pp = pp self._pp = pp
self._blacklist = [(prefix,)]
self._manual = manual self._manual = manual
self._proxy = xmlrpclib.ServerProxy('http://%s:%u'
% (server, server_port))
utils.log('Connectiong to peers database...', 4) utils.log('Connectiong to peers database...', 4)
self._db = sqlite3.connect(os.path.join(db_dir_path, 'peers.db'), self._db = sqlite3.connect(os.path.join(db_dir_path, 'peers.db'),
isolation_level=None) isolation_level=None)
utils.log('Database opened', 5) utils.log('Database opened', 5)
utils.log('Preparing peers database...', 4) utils.log('Preparing peers database...', 4)
try: self._db.execute("""CREATE TABLE IF NOT EXISTS peers (
prefix TEXT PRIMARY KEY,
address TEXT NOT NULL,
used INTEGER NOT NULL DEFAULT 0,
date INTEGER DEFAULT (strftime('%s', 'now')))""")
self._db.execute("UPDATE peers SET used = 0") self._db.execute("UPDATE peers SET used = 0")
self._db.execute("CREATE INDEX IF NOT EXISTS _peers_used ON peers(used)")
self._db.execute("""CREATE TABLE IF NOT EXISTS blacklist ( self._db.execute("""CREATE TABLE IF NOT EXISTS blacklist (
prefix TEXT PRIMARY KEY, prefix TEXT PRIMARY KEY,
flag INTEGER NOT NULL)""") flag INTEGER NOT NULL)""")
self._db.execute("""CREATE INDEX IF NOT EXISTS self._db.execute("""CREATE INDEX IF NOT EXISTS
blacklist_flag ON blacklist(flag)""") blacklist_flag ON blacklist(flag)""")
self._db.execute("INSERT OR REPLACE INTO blacklist VALUES (?,?)",
(prefix, 1))
self._db.execute("""CREATE TABLE IF NOT EXISTS config (
name text primary key,
value text)""")
try:
a = self._db.execute("SELECT value FROM config WHERE name='registry'").next()
except StopIteration:
proxy = xmlrpclib.ServerProxy(registry)
a = proxy.getPrivateAddress()
self._db.execute("INSERT INTO config VALUES ('registry',?)", a)
self._proxy = xmlrpclib.ServerProxy(a)
utils.log('Database prepared', 5) utils.log('Database prepared', 5)
except sqlite3.OperationalError, e:
if e.args[0] == 'no such table: peers':
raise RuntimeError
else:
utils.log(e, 1)
except sqlite3.Error, e:
utils.log(e, 1)
self.next_refresh = time.time() self.next_refresh = time.time()
def _boot(self):
utils.log('Getting Boot peer...', 3)
try:
utils.log("Contacting registry's private address", 5)
bootpeer = self._proxy.getBootstrapPeer(self._prefix).data
except socket.error, e:
utils.log("""Registry's private address unreachable,
trying public address""")
proxy = xmlrpclib.ServerProxy(self._registry)
bootpeer = proxy.getBootstrapPeer(self._prefix).data
utils.log('Boot peer received from server', 4)
p = subprocess.Popen(('openssl', 'rsautl', '-decrypt', '-inkey', self._key_path),
stdin=subprocess.PIPE, stdout=subprocess.PIPE)
try:
prefix, address = p.communicate(bootpeer).split()
except ValueError:
# DO something
pass
self.db.execute("INSERT INTO peers (prefix, address) VALUES (?,?)",
(prefix, address))
utils.log('Boot peer added', 4)
def clear_blacklist(self, flag): def clear_blacklist(self, flag):
utils.log('Clearing blacklist from flag %u' % (flag,), 3) utils.log('Clearing blacklist from flag %u' % (flag,), 3)
try:
with self._db:
self._db.execute("DELETE FROM blacklist WHERE flag = ?", self._db.execute("DELETE FROM blacklist WHERE flag = ?",
(flag,)) (flag,))
utils.log('Blacklist cleared', 5) utils.log('Blacklist cleared', 5)
except sqlite3.Error, e:
utils.log(e, 1)
def blacklist(self, prefix, flag): def blacklist(self, prefix, flag):
utils.log('Blacklisting %s' % (prefix,), 4) utils.log('Blacklisting %s' % (prefix,), 4)
try: self._db.execute("DELETE FROM peers WHERE prefix = ?", (prefix,))
with self._db: self._db.execute("INSERT OR REPLACE INTO blacklist VALUES (?,?)",
self._db.execute("DELETE FROM peers WHERE prefix = ?", (prefix, flag))
(prefix,))
self._db.execute("""INSERT OR REPLACE INTO blacklist
VALUES (?,?)""", (prefix, flag))
utils.log('%s blacklisted' % (prefix,), 5) utils.log('%s blacklisted' % (prefix,), 5)
except sqlite3.Error, e:
utils.log(e, 1)
def whitelist(self, prefix): def whitelist(self, prefix):
utils.log('Unblacklisting %s' % (prefix,), 4) utils.log('Unblacklisting %s' % (prefix,), 4)
try:
with self._db:
self._db.execute("DELETE FROM blacklist WHERE prefix = ?", (prefix,)) self._db.execute("DELETE FROM blacklist WHERE prefix = ?", (prefix,))
utils.log('%s whitelisted' % (prefix,), 5) utils.log('%s whitelisted' % (prefix,), 5)
except sqlite3.Error, e:
utils.log(e, 1)
def refresh(self): def refresh(self):
utils.log('Refreshing the peers DB...', 2) utils.log('Refreshing the peers DB...', 2)
...@@ -100,11 +116,10 @@ class PeerManager: ...@@ -100,11 +116,10 @@ class PeerManager:
utils.log('Populating the peers DB...', 2) utils.log('Populating the peers DB...', 2)
new_peer_list = self._proxy.getPeerList(self._db_size, new_peer_list = self._proxy.getPeerList(self._db_size,
self._internal_ip) self._internal_ip)
try:
with self._db: with self._db:
self._db.execute("""DELETE FROM peers WHERE used <= 0 ORDER BY self._db.execute("""DELETE FROM peers WHERE used <= 0 ORDER BY used,
used,random() LIMIT MAX(0, ? + (SELECT RANDOM() LIMIT MAX(0, ? + (SELECT COUNT(*)
COUNT(*) FROM peers WHERE used <= 0))""", FROM peers WHERE used <= 0))""",
(str(len(new_peer_list) - self._db_size),)) (str(len(new_peer_list) - self._db_size),))
self._db.executemany("""INSERT OR IGNORE INTO peers (prefix, address) self._db.executemany("""INSERT OR IGNORE INTO peers (prefix, address)
VALUES (?,?)""", new_peer_list) VALUES (?,?)""", new_peer_list)
...@@ -112,47 +127,29 @@ class PeerManager: ...@@ -112,47 +127,29 @@ class PeerManager:
(SELECT prefix FROM blacklist)""") (SELECT prefix FROM blacklist)""")
utils.log('DB populated', 3) utils.log('DB populated', 3)
utils.log('New peers : %s' % ', '.join(map(str, new_peer_list)), 5) utils.log('New peers : %s' % ', '.join(map(str, new_peer_list)), 5)
except sqlite3.Error, e:
utils.log(e, 1)
def getUnusedPeers(self, peer_count): def getUnusedPeers(self, peer_count):
try:
return self._db.execute("""SELECT prefix, address FROM peers WHERE used return self._db.execute("""SELECT prefix, address FROM peers WHERE used
<= 0 ORDER BY used DESC,RANDOM() LIMIT ?""", <= 0 ORDER BY used DESC,RANDOM() LIMIT ?""",
(peer_count,)) (peer_count,))
except sqlite3.Error, e:
utils.log(e, 1)
return [('0', '')]
def usePeer(self, prefix): def usePeer(self, prefix):
utils.log('Updating peers database : using peer ' + str(prefix), 5) utils.log('Updating peers database : using peer ' + str(prefix), 5)
try:
with self._db:
self._db.execute("UPDATE peers SET used = 1 WHERE prefix = ?", self._db.execute("UPDATE peers SET used = 1 WHERE prefix = ?",
(prefix,)) (prefix,))
utils.log('DB updated', 5) utils.log('DB updated', 5)
except sqlite3.Error, e:
utils.log(e, 1)
def unusePeer(self, prefix): def unusePeer(self, prefix):
utils.log('Updating peers database : unusing peer ' + str(prefix), 5) utils.log('Updating peers database : unusing peer ' + str(prefix), 5)
try:
with self._db:
self._db.execute("UPDATE peers SET used = 0 WHERE prefix = ?", self._db.execute("UPDATE peers SET used = 0 WHERE prefix = ?",
(prefix,)) (prefix,))
utils.log('DB updated', 5) utils.log('DB updated', 5)
except sqlite3.Error, e:
utils.log(e, 1)
def flagPeer(self, prefix): def flagPeer(self, prefix):
utils.log('Updating peers database : flagging peer ' + str(prefix), 5) utils.log('Updating peers database : flagging peer ' + str(prefix), 5)
try:
with self._db:
self._db.execute("UPDATE peers SET used = -1 WHERE prefix = ?", self._db.execute("UPDATE peers SET used = -1 WHERE prefix = ?",
(prefix,)) (prefix,))
utils.log('DB updated', 5) utils.log('DB updated', 5)
except sqlite3.Error, e:
utils.log(e, 1)
def handle_message(self, msg): def handle_message(self, msg):
script_type, arg = msg.split() script_type, arg = msg.split()
......
#!/usr/bin/env python #!/usr/bin/env python
import argparse, math, random, select, smtplib, sqlite3, string, socket, time, traceback, errno import argparse, math, random, select, smtplib, sqlite3, string, socket, time,
import subprocess, threading, traceback, errno
from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
from email.mime.text import MIMEText from email.mime.text import MIMEText
from OpenSSL import crypto from OpenSSL import crypto
import utils import utils
# To generate server ca and key with serial for 2001:db8:42::/48 # To generate server ca and key with serial for 2001:db8:42::/48
# openssl req -nodes -new -x509 -key ca.key -set_serial 0x120010db80042 -days 365 -out ca.crt # openssl req -nodes -new -x509 -key ca.key -set_serial 0x120010db80042 -days 365 -out ca.crt
...@@ -58,6 +57,8 @@ class main(object): ...@@ -58,6 +57,8 @@ class main(object):
_('--bootstrap', nargs=4, action="append", _('--bootstrap', nargs=4, action="append",
help='''VPN prefix, ip address, port and protocol to send as help='''VPN prefix, ip address, port and protocol to send as
bootstrap peers, instead of random ones''') bootstrap peers, instead of random ones''')
_('--private',
help='VPN IP of the node on which runs the registry')
self.config = parser.parse_args() self.config = parser.parse_args()
# Database initializing # Database initializing
...@@ -179,10 +180,14 @@ class main(object): ...@@ -179,10 +180,14 @@ class main(object):
def getCa(self, handler): def getCa(self, handler):
return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca) return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca)
def getBootstrapPeer(self, handler): def getPrivateAddress(self, handler):
return 'http://[%s]:%u' % (self.config.private, self.config.port)
def getBootstrapPeer(self, handler, client_prefix):
# TODO: Insert a flag column for bootstrap ready servers in peers # TODO: Insert a flag column for bootstrap ready servers in peers
# ( servers which shouldn't go down or change ip and port as opposed to servers owned by particulars ) # ( servers which shouldn't go down or change ip and port as opposed to servers owned by particulars )
# that way, we also ascertain that the server sent is not the new node.... # that way, we also ascertain that the server sent is not the new node....
cert = self.db.execute("SELECT cert FROM vpn WHERE prefix = ?", (client_prefix,))
if self.config.bootstrap: if self.config.bootstrap:
bootpeer = random.choice(self.config.bootstrap) bootpeer = random.choice(self.config.bootstrap)
prefix = bootpeer[0] prefix = bootpeer[0]
...@@ -190,8 +195,16 @@ class main(object): ...@@ -190,8 +195,16 @@ class main(object):
else: else:
prefix, address = self.db.execute("""SELECT prefix, address prefix, address = self.db.execute("""SELECT prefix, address
FROM peers ORDER BY random() LIMIT 1""") FROM peers ORDER BY random() LIMIT 1""")
r, w = os.pipe()
try:
threading.Thread(target=os.write, args=(w, cert)).start()
p = subprocess.Popen(('openssl', 'rsautl', '-encrypt', '-certin', '-inkey', '/proc/self/fd/%u' % r),
stdin=subprocess.PIPE, stdout=subprocess.PIPE)
print "Sending bootstrap peer (%s, %s)" % (prefix, address) print "Sending bootstrap peer (%s, %s)" % (prefix, address)
return prefix, address return xmlrpclib.Binary(p.communicate('%s %s' % (prefix, address)))
finally:
os.close(r)
os.close(w)
def declare(self, handler, address): def declare(self, handler, address):
print "declaring new node" print "declaring new node"
......
#!/usr/bin/env python #!/usr/bin/env python
import argparse, errno, os, select, subprocess, time import argparse, errno, os, select, subprocess, sqlite3, time
from argparse import ArgumentParser from argparse import ArgumentParser
import db, plib, upnpigd, utils, tunnel import db, plib, upnpigd, utils, tunnel
...@@ -17,7 +17,7 @@ class ArgParser(ArgumentParser): ...@@ -17,7 +17,7 @@ class ArgParser(ArgumentParser):
yield arg yield arg
def ovpnArgs(optional_args, ca_path, cert_path): def ovpnArgs(optional_args, ca_path, cert_path, key_path):
# Treat openvpn arguments # Treat openvpn arguments
if optional_args[0] == "--": if optional_args[0] == "--":
del optional_args[0] del optional_args[0]
...@@ -25,6 +25,8 @@ def ovpnArgs(optional_args, ca_path, cert_path): ...@@ -25,6 +25,8 @@ def ovpnArgs(optional_args, ca_path, cert_path):
optional_args.append(ca_path) optional_args.append(ca_path)
optional_args.append('--cert') optional_args.append('--cert')
optional_args.append(cert_path) optional_args.append(cert_path)
optional_args.append('--key')
optional_args.append(key_path)
return optional_args return optional_args
...@@ -46,10 +48,8 @@ def getConfig(): ...@@ -46,10 +48,8 @@ def getConfig():
help='Defines the verbose level') help='Defines the verbose level')
_('-i', '--interface', action='append', dest='iface_list', default=[], _('-i', '--interface', action='append', dest='iface_list', default=[],
help='Extra interface for LAN discovery') help='Extra interface for LAN discovery')
_('--server', required=True, _('--registry', required=True,
help="VPN address of the discovery peer server") help="Complete public address of the discovery peer server")
_('--server-port', required=True, type=int,
help="VPN port of the discovery peer server")
# Routing algorithm options # Routing algorithm options
_('--hello', type=int, default=15, _('--hello', type=int, default=15,
...@@ -69,6 +69,8 @@ def getConfig(): ...@@ -69,6 +69,8 @@ def getConfig():
help='Path to the certificate authority file') help='Path to the certificate authority file')
_('--cert', required=True, _('--cert', required=True,
help='Path to the certificate file') help='Path to the certificate file')
_('--key', required=True,
help='Path to the private key file')
# args to be removed ? # args to be removed ?
_('--connection-count', default=20, type=int, _('--connection-count', default=20, type=int,
help='Number of tunnels') help='Number of tunnels')
...@@ -89,7 +91,8 @@ def main(): ...@@ -89,7 +91,8 @@ def main():
manual = bool(config.address) manual = bool(config.address)
network = utils.networkFromCa(config.ca) network = utils.networkFromCa(config.ca)
internal_ip, prefix = utils.ipFromCert(network, config.cert) internal_ip, prefix = utils.ipFromCert(network, config.cert)
openvpn_args = ovpnArgs(config.openvpn_args, config.ca, config.cert) openvpn_args = ovpnArgs(config.openvpn_args, config.ca, config.cert,
config.key)
# Set global variables # Set global variables
tunnel.log = config.log tunnel.log = config.log
...@@ -119,7 +122,7 @@ def main(): ...@@ -119,7 +122,7 @@ def main():
except upnpigd.NoUPnPDevice: except upnpigd.NoUPnPDevice:
utils.log('No upnp device found', 4) utils.log('No upnp device found', 4)
peer_db = db.PeerManager(config.state, config.server, config.server_port, peer_db = db.PeerManager(config.state, config.registry,
config.peers_db_refresh, config.address, internal_ip, prefix, config.peers_db_refresh, config.address, internal_ip, prefix,
manual, config.pp, 200) manual, config.pp, 200)
tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db, openvpn_args, tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db, openvpn_args,
...@@ -146,6 +149,7 @@ def main(): ...@@ -146,6 +149,7 @@ def main():
tunnel_manager.refresh() tunnel_manager.refresh()
# main loop # main loop
try:
try: try:
while True: while True:
utils.log('Sleeping ...', 2) utils.log('Sleeping ...', 2)
...@@ -163,31 +167,22 @@ def main(): ...@@ -163,31 +167,22 @@ def main():
tunnel_manager.refresh() tunnel_manager.refresh()
if forwarder != None and time.time() > forwarder.next_refresh: if forwarder != None and time.time() > forwarder.next_refresh:
forwarder.refresh() forwarder.refresh()
except KeyboardInterrupt: finally:
try: for p in [router] + server_process:
router.terminate()
except:
pass
try:
server_process.terminate()
except:
pass
tunnel_manager.killAll()
return 0
except:
try:
router.terminate()
except:
pass
try: try:
server_process.terminate() p.terminate()
except: except:
pass pass
try: try:
tunnel_manager.killAll() tunnel_manager.killAll()
except: except:
pass pass
raise except sqlite3.Error:
traceback.print_exc()
os.rename(db_path, db_path + '.bak')
os.execvp(sys.executable, sys.argv)
except KeyboardInterrupt:
return 0
if __name__ == "__main__": if __name__ == "__main__":
main() main()
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment