Commit 483e034f authored by Guillaume Bury's avatar Guillaume Bury

Added registry ca and key files

parent 6452f083
......@@ -37,5 +37,5 @@ import os, sys
'untrusted_port': '59345',
'verb': '3'}
open(sys.argv[2], 'w').write('push "setenv external_ip %s"\n' % os.environ[trusted_ip])
open(sys.argv[2], 'w').write('push "setenv external_ip %s"\n' % os.environ['trusted_ip'])
os.write(int(sys.argv[1]), '%(script_type)s %(common_name)s\n' % os.environ)
......@@ -20,6 +20,8 @@ class main(object):
parser = argparse.ArgumentParser(
description='Peer discovery http server for vifibnet')
_ = parser.add_argument
_('host', help='Address of the host server')
_('port', type=int, help='Port of the host server')
_('--db', required=True,
help='Path to database file')
_('--ca', required=True,
......@@ -64,7 +66,7 @@ class main(object):
print "Network prefix : %s/%u" % (self.network, len(self.network))
# Starting server
server = SimpleXMLRPCServer(("localhost", 8000), requestHandler=RequestHandler, allow_none=True)
server = SimpleXMLRPCServer((self.config.host, self.config.port), requestHandler=RequestHandler, allow_none=True)
server.register_instance(self)
server.serve_forever()
......@@ -138,20 +140,24 @@ class main(object):
def getCa(self, handler):
return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca)
def getBootstrapPeer(self, handler):
# TODO: Insert a flag column for bootstrap ready servers in peers
# ( servers which shouldn't go down or change ip and port as opposed to servers owned by particulars )
return self.db.execute("SELECT ip, port proto FROM peers ORDER BY random() LIMIT 1").next()
def declare(self, handler, address):
ip, port, proto = address
client_address, _ = handler.client_address
# For Testing purposes only
client_address = "2001:db8:42::"
ip1, ip2 = struct.unpack('>QQ', socket.inet_pton(socket.AF_INET6, client_address))
ip = bin(ip1)[2:].rjust(64, '0') + bin(ip2)[2:].rjust(64, '0')
if ip.startswith(self.network):
prefix = ip[len(self.network):]
prefix, = self.db.execute("SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC", (prefix,)).next()
ip, port, proto = address
client_ip1, client_ip2 = struct.unpack('>QQ', socket.inet_pton(socket.AF_INET6, client_address))
client_ip = bin(client_ip1)[2:].rjust(64, '0') + bin(client_ip2)[2:].rjust(64, '0')
if client_ip.startswith(self.network):
prefix = client_ip[len(self.network):]
prefix, = self.db.execute("SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC LIMIT 1", (prefix,)).next()
self.db.execute("INSERT OR REPLACE INTO peers VALUES (?,?,?,?)", (prefix, ip, port, proto))
return True
else:
print "Unauthorized connection from %s which does not start with %s" % (ip, self.network)
# TODO: use log + DO NOT PRINT BINARY IP
print "Unauthorized connection from %s which does not start with %s" % (client_ip, self.network)
return False
def getPeerList(self, handler, n, address):
......
-----BEGIN CERTIFICATE-----
MIIBejBkAgcBIAENuABCMA0GCSqGSIb3DQEBBQUAMAAwHhcNMTIwNzEyMTE1OTQz
WhcNMTMwNzA0MjEyOTQ4WjAeMQswCQYDVQQGEwJGUjEPMA0GA1UEChMGVlBOIEFD
MAgwAwYBAAMBADANBgkqhkiG9w0BAQUFAAOCAQEAFYuU4QGUcs60LlThDqQhhyN8
ZFAaHcPROkUkHE5HNqQ1kOjApzneA7lcEV2gO6vO0qmHW5aBfUYQKGxosqiiCtaT
SD6IltD7qMxx0dtXH0W/SSo7d0JifnZh15isjHi0jEv5Cq3NOKlX0115+HrS/uS2
scI1ujV9PHUUJiwigb2AZ7gHZP/Ug54yYY+w6Ail85CmZ6txmZvC16obqeRmRZyv
g7fvNEg9dmuG8Lj/eXZZTZlrRA5jv2NdWjFl09469t3rGFDFFLop+76H10qR3U/F
Fn8h12o4qLJhIaDV0vRZh9/tg18N0BrBTkX4BET5AD3mqZ6w8xkrs4pVqHM9/A==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzKdaI1gddt8iN
5MTNMe+bKuVt0Cfq34OUh0y73NQm1HjUMDHiU/5djkBuw+Y8q8OMIwCuN8Pgyp6C
fFivLH3a42ebgxJn2kfU7078gibCEuIPWD9GXQjSgP+7MJVv3q24g4YZTsa6lKJ8
Y1OfP2i2uNR3v7/3BBIsob8pial2kbLgz96L+czDjPOVsV+VH91Mkq6kO7jfNpNo
BHVSXzkQpVupxi86wEFIrkzlAYZRmY0fRcprhovI1iDLpdsJsY/yyPgfXNJk9xhT
lPUoNxyH0EPhGv0KArJZkwlzdDj5RVYYcLTEge374gr1EIMyzex/kN5y1as2tX9l
wXTROc5pAgMBAAECggEAE6L/R4olzojJK3wqcc8KUvh1ov6QkXakBlB6AZEnk4Xw
JFmP7h2EoJ5pw3onLvkoeqCPf4jPKEEs9GJKmhCHTslj3rCUANv0yYrdHmHpe5X0
PvhOHxktUV0gKlUd2+ANLE8GEJoIwARwdq+wR6D8iiJh7yoOETXaBBhKSnQzJbKN
NoIm7SNnRSZhGSd+cECFFVdhkSrUApL5CodhHaEVZchrO8rbUeHoa5QTAe14lkO/
7UezQHw6/Ma8YfXSsCTgngoM/gvZRR9iHK6Kj/oL/JWZ939wKeLrdnWSflEHtOyv
9XYODYcY0PQfGCOh3gWWllhe0SX5jZFsklxTnq9x7QKBgQDtM0kZOEATB29bDuA9
mhvOluQYcSRtNa6scMJbY4kkGY2fbHZQHqse2iL+6DjnYO2oxnWZSySfk1JCSyA3
F845LLnPVNvvoT0bUAGlsWfg4+k57uthi5jg15JSGqmCuO3zfYRPje2O5ZrZJRKe
hhsAPLOkfastXzlpOBQkaLeAbwKBgQDBXQDbYK/EenGyWK2ULeAMpcUmYNaaaWFI
UM5I8QDQHTK2x3LCQDaNwuK+W/7z/GKJ5G1hMqYDaQY7yC+ngpCp0TDNVgnfoRja
VY8hwWrWVGettPpozXWRKiZRWZfILgIsv49//lW0Xvw+GU/4pSmnFj6o2ZaY8bdi
2NuumoJapwKBgGqfOgWHHm4vUmPZDP1Dz6oOc5t1CE266riCuyq/VD8Q6XM3Gvuq
vXrRzRdOJX4EOPA7vVLZzy2X2EsKYAHDxqQ2sZM77t0JWmFzljn3w9z4Nbcf6Vhg
mqi+3fvgFkA3hmaEDjyAbL9mADQJkRQG7g4uOwX+ozpy6micl5lCJPIrAoGAAKYr
RpFAhcxTbWHW01SEGAbGbqaMkeAgr3l199C3S/uNHAf3XqeQh1FMKY9tf6wtOIFH
zLe6zvAfUTwOzOUnTyqgm0/aoKGNz83RuS9JCIcoAfFFlex6pI4bqtI+LDHbWAMc
nDViXESlXCABoLgNN75fX3m7g6/sCazor+Fc5qkCgYEAjWm1mwj+qaL31/nLZ2eE
PbV6paORRRvKDA2I7qb/FGEQmselhdI/2V5felyuJ1yNfFEwpY9A0n93Bj77DmjM
SVALmLZgnks0OZ6ZXZ5SpO7P48k5m00+ikec/Eojfy0TrxeCMxk+kC1qv7g0lpMP
n6LSHs8XW5znCNoS86UTVcc=
-----END PRIVATE KEY-----
......@@ -18,7 +18,7 @@ def main():
config = parser.parse_args()
if config.req and len(config.req) % 2 == 1:
print "Sorry, request argument was incorrect, there must be an even number of request arguments"
exit(1)
sys.exit(1)
# Get token
email = raw_input('Please enter your email address : ')
......
......@@ -7,7 +7,6 @@ import openvpn
import random
import log
VIFIB_NET = ''
connection_dict = {} # to remember current connections we made
free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5',
'client6', 'client7', 'client8', 'client9', 'client10'))
......@@ -34,15 +33,14 @@ class PeersDB:
except sqlite3.OperationalError, e:
if e.args[0] != 'table peers already exists':
raise RuntimeError
else:
self.populateDB(100)
def populateDB(self, n):
log.log('Populating Peers DB', 2)
(ip, port) = upnpigd.GetExternalInfo(1194)
port = 1194
proto = 'udp'
new_peer_list = self.proxy.getPeerList(n, (ip, port, proto))
self.db.executemany("INSERT INTO peers (ip, port, proto) VALUES (?,?,?)", new_peer_list)
new_peer_list = self.proxy.getPeerList(n, (config.external_ip, port, proto))
self.db.executemany("INSERT OR REPLACE INTO peers (ip, port, proto) VALUES (?,?,?)", new_peer_list)
self.db.execute("DELETE FROM peers WHERE ip = ?", (config.external_ip,))
def getUnusedPeers(self, nPeers):
return self.db.execute("SELECT id, ip, port, proto FROM peers WHERE used = 0 "
......@@ -70,13 +68,13 @@ def ipFromPrefix(prefix, prefix_len):
def startBabel(**kw):
args = ['babeld',
'-C', 'redistribute local ip %s' % (config.ip),
'-C', 'redistribute local ip %s' % (config.internal_ip),
'-C', 'redistribute local deny',
# Route VIFIB ip adresses
'-C', 'in ip %s::/%u' % (ipFromBin(config.vifibnet), len(config.vifibnet)),
# Route only addresse in the 'local' network,
# or other entire networks
#'-C', 'in ip %s' % (config.ip),
#'-C', 'in ip %s' % (config.internal_ip),
#'-C', 'in ip ::/0 le %s' % network_mask,
# Don't route other addresses
'-C', 'in deny',
......@@ -119,6 +117,8 @@ def getConfig():
help='Path to the certificate authority file')
_('--cert', required=True,
help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)")
......@@ -133,8 +133,8 @@ def getConfig():
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject()
prefix, prefix_len = subject.serialNumber.split('/')
config.ip = ipFromPrefix(prefix, int(prefix_len))
log.log('Intranet ip : %s' % (config.ip,), 3)
config.internal_ip = ipFromPrefix(prefix, int(prefix_len))
log.log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
......@@ -230,13 +230,14 @@ def main():
# Establish connections
log.log('Starting openvpn server', 3)
serverProcess = openvpn.server(config.ip, write_pipe, '--dev', 'vifibnet',
serverProcess = openvpn.server(config.internal_ip, write_pipe, '--dev', 'vifibnet',
stdout=os.open(os.path.join(config.log, 'vifibnet.server.log'), os.O_WRONLY | os.O_CREAT | os.O_TRUNC))
startNewConnection(config.client_count, write_pipe)
# Timed refresh initializing
next_refresh = time.time() + config.refresh_time
# TODO: use peers_db.populate(100) every once in a while ?
# main loop
try:
while True:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment