Commit 483e034f authored by Guillaume Bury's avatar Guillaume Bury

Added registry ca and key files

parent 6452f083
...@@ -37,5 +37,5 @@ import os, sys ...@@ -37,5 +37,5 @@ import os, sys
'untrusted_port': '59345', 'untrusted_port': '59345',
'verb': '3'} 'verb': '3'}
open(sys.argv[2], 'w').write('push "setenv external_ip %s"\n' % os.environ[trusted_ip]) open(sys.argv[2], 'w').write('push "setenv external_ip %s"\n' % os.environ['trusted_ip'])
os.write(int(sys.argv[1]), '%(script_type)s %(common_name)s\n' % os.environ) os.write(int(sys.argv[1]), '%(script_type)s %(common_name)s\n' % os.environ)
...@@ -20,6 +20,8 @@ class main(object): ...@@ -20,6 +20,8 @@ class main(object):
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description='Peer discovery http server for vifibnet') description='Peer discovery http server for vifibnet')
_ = parser.add_argument _ = parser.add_argument
_('host', help='Address of the host server')
_('port', type=int, help='Port of the host server')
_('--db', required=True, _('--db', required=True,
help='Path to database file') help='Path to database file')
_('--ca', required=True, _('--ca', required=True,
...@@ -64,7 +66,7 @@ class main(object): ...@@ -64,7 +66,7 @@ class main(object):
print "Network prefix : %s/%u" % (self.network, len(self.network)) print "Network prefix : %s/%u" % (self.network, len(self.network))
# Starting server # Starting server
server = SimpleXMLRPCServer(("localhost", 8000), requestHandler=RequestHandler, allow_none=True) server = SimpleXMLRPCServer((self.config.host, self.config.port), requestHandler=RequestHandler, allow_none=True)
server.register_instance(self) server.register_instance(self)
server.serve_forever() server.serve_forever()
...@@ -138,20 +140,24 @@ class main(object): ...@@ -138,20 +140,24 @@ class main(object):
def getCa(self, handler): def getCa(self, handler):
return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca) return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca)
def getBootstrapPeer(self, handler):
# TODO: Insert a flag column for bootstrap ready servers in peers
# ( servers which shouldn't go down or change ip and port as opposed to servers owned by particulars )
return self.db.execute("SELECT ip, port proto FROM peers ORDER BY random() LIMIT 1").next()
def declare(self, handler, address): def declare(self, handler, address):
client_address, _ = handler.client_address
# For Testing purposes only
client_address = "2001:db8:42::"
ip1, ip2 = struct.unpack('>QQ', socket.inet_pton(socket.AF_INET6, client_address))
ip = bin(ip1)[2:].rjust(64, '0') + bin(ip2)[2:].rjust(64, '0')
if ip.startswith(self.network):
prefix = ip[len(self.network):]
prefix, = self.db.execute("SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC", (prefix,)).next()
ip, port, proto = address ip, port, proto = address
client_address, _ = handler.client_address
client_ip1, client_ip2 = struct.unpack('>QQ', socket.inet_pton(socket.AF_INET6, client_address))
client_ip = bin(client_ip1)[2:].rjust(64, '0') + bin(client_ip2)[2:].rjust(64, '0')
if client_ip.startswith(self.network):
prefix = client_ip[len(self.network):]
prefix, = self.db.execute("SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC LIMIT 1", (prefix,)).next()
self.db.execute("INSERT OR REPLACE INTO peers VALUES (?,?,?,?)", (prefix, ip, port, proto)) self.db.execute("INSERT OR REPLACE INTO peers VALUES (?,?,?,?)", (prefix, ip, port, proto))
return True return True
else: else:
print "Unauthorized connection from %s which does not start with %s" % (ip, self.network) # TODO: use log + DO NOT PRINT BINARY IP
print "Unauthorized connection from %s which does not start with %s" % (client_ip, self.network)
return False return False
def getPeerList(self, handler, n, address): def getPeerList(self, handler, n, address):
......
-----BEGIN CERTIFICATE-----
MIIBejBkAgcBIAENuABCMA0GCSqGSIb3DQEBBQUAMAAwHhcNMTIwNzEyMTE1OTQz
WhcNMTMwNzA0MjEyOTQ4WjAeMQswCQYDVQQGEwJGUjEPMA0GA1UEChMGVlBOIEFD
MAgwAwYBAAMBADANBgkqhkiG9w0BAQUFAAOCAQEAFYuU4QGUcs60LlThDqQhhyN8
ZFAaHcPROkUkHE5HNqQ1kOjApzneA7lcEV2gO6vO0qmHW5aBfUYQKGxosqiiCtaT
SD6IltD7qMxx0dtXH0W/SSo7d0JifnZh15isjHi0jEv5Cq3NOKlX0115+HrS/uS2
scI1ujV9PHUUJiwigb2AZ7gHZP/Ug54yYY+w6Ail85CmZ6txmZvC16obqeRmRZyv
g7fvNEg9dmuG8Lj/eXZZTZlrRA5jv2NdWjFl09469t3rGFDFFLop+76H10qR3U/F
Fn8h12o4qLJhIaDV0vRZh9/tg18N0BrBTkX4BET5AD3mqZ6w8xkrs4pVqHM9/A==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzKdaI1gddt8iN
5MTNMe+bKuVt0Cfq34OUh0y73NQm1HjUMDHiU/5djkBuw+Y8q8OMIwCuN8Pgyp6C
fFivLH3a42ebgxJn2kfU7078gibCEuIPWD9GXQjSgP+7MJVv3q24g4YZTsa6lKJ8
Y1OfP2i2uNR3v7/3BBIsob8pial2kbLgz96L+czDjPOVsV+VH91Mkq6kO7jfNpNo
BHVSXzkQpVupxi86wEFIrkzlAYZRmY0fRcprhovI1iDLpdsJsY/yyPgfXNJk9xhT
lPUoNxyH0EPhGv0KArJZkwlzdDj5RVYYcLTEge374gr1EIMyzex/kN5y1as2tX9l
wXTROc5pAgMBAAECggEAE6L/R4olzojJK3wqcc8KUvh1ov6QkXakBlB6AZEnk4Xw
JFmP7h2EoJ5pw3onLvkoeqCPf4jPKEEs9GJKmhCHTslj3rCUANv0yYrdHmHpe5X0
PvhOHxktUV0gKlUd2+ANLE8GEJoIwARwdq+wR6D8iiJh7yoOETXaBBhKSnQzJbKN
NoIm7SNnRSZhGSd+cECFFVdhkSrUApL5CodhHaEVZchrO8rbUeHoa5QTAe14lkO/
7UezQHw6/Ma8YfXSsCTgngoM/gvZRR9iHK6Kj/oL/JWZ939wKeLrdnWSflEHtOyv
9XYODYcY0PQfGCOh3gWWllhe0SX5jZFsklxTnq9x7QKBgQDtM0kZOEATB29bDuA9
mhvOluQYcSRtNa6scMJbY4kkGY2fbHZQHqse2iL+6DjnYO2oxnWZSySfk1JCSyA3
F845LLnPVNvvoT0bUAGlsWfg4+k57uthi5jg15JSGqmCuO3zfYRPje2O5ZrZJRKe
hhsAPLOkfastXzlpOBQkaLeAbwKBgQDBXQDbYK/EenGyWK2ULeAMpcUmYNaaaWFI
UM5I8QDQHTK2x3LCQDaNwuK+W/7z/GKJ5G1hMqYDaQY7yC+ngpCp0TDNVgnfoRja
VY8hwWrWVGettPpozXWRKiZRWZfILgIsv49//lW0Xvw+GU/4pSmnFj6o2ZaY8bdi
2NuumoJapwKBgGqfOgWHHm4vUmPZDP1Dz6oOc5t1CE266riCuyq/VD8Q6XM3Gvuq
vXrRzRdOJX4EOPA7vVLZzy2X2EsKYAHDxqQ2sZM77t0JWmFzljn3w9z4Nbcf6Vhg
mqi+3fvgFkA3hmaEDjyAbL9mADQJkRQG7g4uOwX+ozpy6micl5lCJPIrAoGAAKYr
RpFAhcxTbWHW01SEGAbGbqaMkeAgr3l199C3S/uNHAf3XqeQh1FMKY9tf6wtOIFH
zLe6zvAfUTwOzOUnTyqgm0/aoKGNz83RuS9JCIcoAfFFlex6pI4bqtI+LDHbWAMc
nDViXESlXCABoLgNN75fX3m7g6/sCazor+Fc5qkCgYEAjWm1mwj+qaL31/nLZ2eE
PbV6paORRRvKDA2I7qb/FGEQmselhdI/2V5felyuJ1yNfFEwpY9A0n93Bj77DmjM
SVALmLZgnks0OZ6ZXZ5SpO7P48k5m00+ikec/Eojfy0TrxeCMxk+kC1qv7g0lpMP
n6LSHs8XW5znCNoS86UTVcc=
-----END PRIVATE KEY-----
...@@ -18,7 +18,7 @@ def main(): ...@@ -18,7 +18,7 @@ def main():
config = parser.parse_args() config = parser.parse_args()
if config.req and len(config.req) % 2 == 1: if config.req and len(config.req) % 2 == 1:
print "Sorry, request argument was incorrect, there must be an even number of request arguments" print "Sorry, request argument was incorrect, there must be an even number of request arguments"
exit(1) sys.exit(1)
# Get token # Get token
email = raw_input('Please enter your email address : ') email = raw_input('Please enter your email address : ')
......
...@@ -7,7 +7,6 @@ import openvpn ...@@ -7,7 +7,6 @@ import openvpn
import random import random
import log import log
VIFIB_NET = ''
connection_dict = {} # to remember current connections we made connection_dict = {} # to remember current connections we made
free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5', free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5',
'client6', 'client7', 'client8', 'client9', 'client10')) 'client6', 'client7', 'client8', 'client9', 'client10'))
...@@ -34,15 +33,14 @@ class PeersDB: ...@@ -34,15 +33,14 @@ class PeersDB:
except sqlite3.OperationalError, e: except sqlite3.OperationalError, e:
if e.args[0] != 'table peers already exists': if e.args[0] != 'table peers already exists':
raise RuntimeError raise RuntimeError
else:
self.populateDB(100)
def populateDB(self, n): def populateDB(self, n):
log.log('Populating Peers DB', 2) log.log('Populating Peers DB', 2)
(ip, port) = upnpigd.GetExternalInfo(1194) port = 1194
proto = 'udp' proto = 'udp'
new_peer_list = self.proxy.getPeerList(n, (ip, port, proto)) new_peer_list = self.proxy.getPeerList(n, (config.external_ip, port, proto))
self.db.executemany("INSERT INTO peers (ip, port, proto) VALUES (?,?,?)", new_peer_list) self.db.executemany("INSERT OR REPLACE INTO peers (ip, port, proto) VALUES (?,?,?)", new_peer_list)
self.db.execute("DELETE FROM peers WHERE ip = ?", (config.external_ip,))
def getUnusedPeers(self, nPeers): def getUnusedPeers(self, nPeers):
return self.db.execute("SELECT id, ip, port, proto FROM peers WHERE used = 0 " return self.db.execute("SELECT id, ip, port, proto FROM peers WHERE used = 0 "
...@@ -70,13 +68,13 @@ def ipFromPrefix(prefix, prefix_len): ...@@ -70,13 +68,13 @@ def ipFromPrefix(prefix, prefix_len):
def startBabel(**kw): def startBabel(**kw):
args = ['babeld', args = ['babeld',
'-C', 'redistribute local ip %s' % (config.ip), '-C', 'redistribute local ip %s' % (config.internal_ip),
'-C', 'redistribute local deny', '-C', 'redistribute local deny',
# Route VIFIB ip adresses # Route VIFIB ip adresses
'-C', 'in ip %s::/%u' % (ipFromBin(config.vifibnet), len(config.vifibnet)), '-C', 'in ip %s::/%u' % (ipFromBin(config.vifibnet), len(config.vifibnet)),
# Route only addresse in the 'local' network, # Route only addresse in the 'local' network,
# or other entire networks # or other entire networks
#'-C', 'in ip %s' % (config.ip), #'-C', 'in ip %s' % (config.internal_ip),
#'-C', 'in ip ::/0 le %s' % network_mask, #'-C', 'in ip ::/0 le %s' % network_mask,
# Don't route other addresses # Don't route other addresses
'-C', 'in deny', '-C', 'in deny',
...@@ -119,6 +117,8 @@ def getConfig(): ...@@ -119,6 +117,8 @@ def getConfig():
help='Path to the certificate authority file') help='Path to the certificate authority file')
_('--cert', required=True, _('--cert', required=True,
help='Path to the certificate file') help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options # Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER, _('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)") help="Common OpenVPN options (e.g. certificates)")
...@@ -133,8 +133,8 @@ def getConfig(): ...@@ -133,8 +133,8 @@ def getConfig():
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject() subject = cert.get_subject()
prefix, prefix_len = subject.serialNumber.split('/') prefix, prefix_len = subject.serialNumber.split('/')
config.ip = ipFromPrefix(prefix, int(prefix_len)) config.internal_ip = ipFromPrefix(prefix, int(prefix_len))
log.log('Intranet ip : %s' % (config.ip,), 3) log.log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments # Treat openvpn arguments
if config.openvpn_args[0] == "--": if config.openvpn_args[0] == "--":
del config.openvpn_args[0] del config.openvpn_args[0]
...@@ -230,13 +230,14 @@ def main(): ...@@ -230,13 +230,14 @@ def main():
# Establish connections # Establish connections
log.log('Starting openvpn server', 3) log.log('Starting openvpn server', 3)
serverProcess = openvpn.server(config.ip, write_pipe, '--dev', 'vifibnet', serverProcess = openvpn.server(config.internal_ip, write_pipe, '--dev', 'vifibnet',
stdout=os.open(os.path.join(config.log, 'vifibnet.server.log'), os.O_WRONLY | os.O_CREAT | os.O_TRUNC)) stdout=os.open(os.path.join(config.log, 'vifibnet.server.log'), os.O_WRONLY | os.O_CREAT | os.O_TRUNC))
startNewConnection(config.client_count, write_pipe) startNewConnection(config.client_count, write_pipe)
# Timed refresh initializing # Timed refresh initializing
next_refresh = time.time() + config.refresh_time next_refresh = time.time() + config.refresh_time
# TODO: use peers_db.populate(100) every once in a while ?
# main loop # main loop
try: try:
while True: while True:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment