Commit 00fbbfe9 authored by Julien Muchembled's avatar Julien Muchembled

New --is-needed option to test whether re6st should be setup or not

parent 3493e13b
...@@ -17,6 +17,10 @@ def main(): ...@@ -17,6 +17,10 @@ def main():
_ = parser.add_argument _ = parser.add_argument
_('--registry', required=True, metavar='URL', _('--registry', required=True, metavar='URL',
help="HTTP URL of the server delivering certificates.") help="HTTP URL of the server delivering certificates.")
_('--is-needed', action='store_true',
help="Exit immediately after asking the registry CA. Status code is"
" non-zero if we're already part of the network, which means"
" re6st is already running or we're behind a re6st router.")
_('--ca-only', action='store_true', _('--ca-only', action='store_true',
help='Only fetch CA from registry and exit.') help='Only fetch CA from registry and exit.')
_('-d', '--dir', _('-d', '--dir',
...@@ -46,8 +50,16 @@ def main(): ...@@ -46,8 +50,16 @@ def main():
s = xmlrpclib.ServerProxy(config.registry, allow_none=True) s = xmlrpclib.ServerProxy(config.registry, allow_none=True)
# Get CA # Get CA
create(ca_path, s.getCa()) ca = s.getCa()
network = utils.networkFromCa(ca)
if config.is_needed:
route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
utils.ipFromBin(network)),
stdout=subprocess.PIPE).communicate()
sys.exit(err or route and
utils.binFromIp(route.split()[8]).startswith(network))
create(ca_path, ca)
if config.ca_only: if config.ca_only:
sys.exit() sys.exit()
...@@ -145,8 +157,8 @@ dh %s ...@@ -145,8 +157,8 @@ dh %s
""" % (config.registry, ca_path, cert_path, key_path, dh_path)) """ % (config.registry, ca_path, cert_path, key_path, dh_path))
print "Sample configuration file created." print "Sample configuration file created."
cn = utils.subnetFromCert(cert_path) cn = utils.subnetFromCert(cert)
subnet = utils.networkFromCa(ca_path) + utils.binFromSubnet(cn) subnet = network + utils.binFromSubnet(cn)
print "Your subnet: %s/%u (CN=%s)" \ print "Your subnet: %s/%u (CN=%s)" \
% (utils.ipFromBin(subnet), len(subnet), cn) % (utils.ipFromBin(subnet), len(subnet), cn)
......
...@@ -127,16 +127,12 @@ def ipFromBin(ip, suffix=''): ...@@ -127,16 +127,12 @@ def ipFromBin(ip, suffix=''):
return socket.inet_ntop(socket.AF_INET6, return socket.inet_ntop(socket.AF_INET6,
struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2))) struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))
def networkFromCa(ca_path): def networkFromCa(ca):
# Get network prefix from ca.crt ca = crypto.load_certificate(crypto.FILETYPE_PEM, ca)
with open(ca_path, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
return bin(ca.get_serial_number())[3:] return bin(ca.get_serial_number())[3:]
def subnetFromCert(cert_path): def subnetFromCert(cert):
# Get ip from cert.crt cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
with open(cert_path, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
return cert.get_subject().CN return cert.get_subject().CN
def dump_address(address): def dump_address(address):
......
...@@ -111,8 +111,10 @@ def getConfig(): ...@@ -111,8 +111,10 @@ def getConfig():
def main(): def main():
# Get arguments # Get arguments
config = getConfig() config = getConfig()
network = utils.networkFromCa(config.ca) with open(config.ca) as f:
prefix = utils.binFromSubnet(utils.subnetFromCert(config.cert)) network = utils.networkFromCa(f.read())
with open(config.cert) as f:
prefix = utils.binFromSubnet(utils.subnetFromCert(f.read()))
config.openvpn_args += ( config.openvpn_args += (
'--ca', config.ca, '--ca', config.ca,
'--cert', config.cert, '--cert', config.cert,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment