Skip to content

R
re6stnet
Commit 590a9b79 authored by Rafael Monnerat's avatar Rafael Monnerat 👻
Browse files
Options

WIP: Some work

parent bc2aac6d
Hide whitespace changes
Inline Side-by-side
Showing with 76 additions and 5 deletions
re6st/cli/registry.py
View file @ 590a9b79
......@@ -102,7 +102,7 @@ def main():
" 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log.")
_('--min-protocol', default=version.min_protocol, type=int,
help="Reject nodes that are too old. Current is %s." % version.protocol)
_('--disable-token-by-mail', default=False, type=boolen,
_('--disable-token-by-mail', action='store_false',
help="Disable send new tokens by Mail.")
_ = parser.add_argument_group('routing').add_argument
_('--hello', type=int, default=15,
......
re6st/registry.py
View file @ 590a9b79
......@@ -237,10 +237,14 @@ class RegistryServer(object):
def handle_request(self, request, method, kw,
_localhost=('127.0.0.1', '::1')):
m = getattr(self, method)
authorized_origin = ["10.0.228.20"] + list(_localhost)
if method in ('revoke', 'versions', 'topology', 'requestAddToken'):
x_forwarded_for = request.headers.get('X-Forwarded-For')
if request.client_address[0] not in _localhost or \
x_forwarded_for and x_forwarded_for not in _localhost:
if request.client_address[0] not in authorized_origin or \
x_forwarded_for and x_forwarded_for not in authorized_origin:
logging.warning("X-Forward-For %s " % x_forwarded_for)
logging.warning("request.client_address[0] %s " % request.client_address[0])
return request.send_error(httplib.FORBIDDEN)
key = m.getcallargs(**kw).get('cn')
if key:
......@@ -293,6 +297,7 @@ class RegistryServer(object):
@rpc
def requestAddToken(self, email, token):
prefix_len = self.config.prefix_length
logging.info('requestAddToken %s %s %s' % ( prefix_len, email, token))
if not prefix_len:
raise HTTPError(httplib.FORBIDDEN)
with self.lock:
......@@ -448,6 +453,9 @@ class RegistryServer(object):
def getDh(self, cn):
with open(self.config.dh) as f:
return f.read()
@rpc
def getNetworkBin(self):
return x509.networkFromCa(self.cert.ca)
@rpc
def getNetworkConfig(self, cn):
......@@ -455,6 +463,7 @@ class RegistryServer(object):
@rpc
def getBootstrapPeer(self, cn):
logging.info("Asking for peer")
with self.peers_lock:
age, peers = self.peers
if age < time.time() or not peers:
......@@ -475,7 +484,7 @@ class RegistryServer(object):
with self.lock:
self.sendto(peer, 1)
s = self.sock,
timeout = 3
timeout = 10
end = timeout + time.time()
# Loop because there may be answers from previous requests.
while select.select(s, (), (), timeout)[0]:
......@@ -515,6 +524,55 @@ class RegistryServer(object):
q("INSERT INTO crl VALUES (?,?)", (serial, not_after))
self.updateNetworkConfig()
@rpc
def getIPv6Prefix(self, email):
with self.lock:
with self.db:
q = self.db.execute
try:
cert, = q("SELECT cert FROM cert WHERE email = ?",
(email,)).next()
except StopIteration:
# return HTTPCODE 404 maybe
logging.info("cert not found %s" % email)
cert = None
if cert:
certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
cn = x509.subnetFromCert(certificate)
return utils.binFromSubnet(cn)
@rpc
def getIPv6Address(self, email):
ipv6_prefix = self.getIPv6Prefix(email)
if ipv6_prefix is None:
return
return utils.ipFromBin(self.getNetworkBin() + ipv6_prefix)
@rpc
def getIPv4Information(self, peer):
with self.lock:
self.sendto(peer, 1)
s = self.sock,
timeout = 5
end = timeout + time.time()
while select.select(s, (), (), timeout)[0]:
prefix, msg = self.recv(sock, 1)
if prefix == peer:
break
timeout = max(0, end - time.time())
else:
logging.info("Timeout while querying address for %s/%s",
int(peer, 2), len(peer))
return
if "," in msg:
return msg.split(',')[0]
return ipv4
@rpc
def versions(self):
with self.peers_lock:
......
re6st/utils.py
View file @ 590a9b79
import argparse, errno, hashlib, logging, os, select as _select
import shlex, signal, socket, sqlite3, struct, subprocess
import sys, textwrap, threading, time, traceback
from OpenSSL import crypto
HMAC_LEN = len(hashlib.sha1('').digest())
......@@ -214,6 +215,9 @@ def ipFromBin(ip, suffix=''):
return socket.inet_ntop(socket.AF_INET6,
struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))
def loadCert(pem):
return crypto.load_certificate(crypto.FILETYPE_PEM, pem)
def dump_address(address):
return ';'.join(map(','.join, address))
......@@ -226,7 +230,6 @@ def parse_address(address_list):
except ValueError, e:
logging.warning("Failed to parse node address %r (%s)",
address, e)
def binFromSubnet(subnet):
p, l = subnet.split('/')
return bin(int(p))[2:].rjust(int(l), '0')
......@@ -249,3 +252,13 @@ def sqliteCreateTable(db, name, *columns):
"table %r already exists with unexpected schema" % name)
db.execute(sql)
return True
def searchCertFromEmail(db, email):
try:
cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
(email,)).next()
except StopIteration:
# Certificates not found
return None
return cert_string
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7