New --is-needed option to test whether re6st should be setup or not

00fbbfe9 · Julien Muchembled · 3493e13b · 00fbbfe9 · 00fbbfe9 · 00fbbfe9
Commit 00fbbfe9 authored Mar 12, 2013 by Julien Muchembled
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 16 deletions

re6st-conf re6st-conf +15 -3

re6st/utils.py re6st/utils.py +7 -11

re6stnet re6stnet +4 -2

No files found.
--- a/re6st-conf
+++ b/re6st-conf
@@ -17,6 +17,10 @@ def main():
    _ = parser.add_argument
    _('--registry', required=True, metavar='URL',
        help="HTTP URL of the server delivering certificates.")
+    _('--is-needed', action='store_true',
+        help="Exit immediately after asking the registry CA. Status code is"
+             " non-zero if we're already part of the network, which means"
+             " re6st is already running or we're behind a re6st router.")
    _('--ca-only', action='store_true',
        help='Only fetch CA from registry and exit.')
    _('-d', '--dir',
@@ -46,8 +50,16 @@ def main():
    s = xmlrpclib.ServerProxy(config.registry, allow_none=True)

    # Get CA
-    create(ca_path, s.getCa())
+    ca = s.getCa()
+    network = utils.networkFromCa(ca)
+    if config.is_needed:
+        route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
+                                       utils.ipFromBin(network)),
+                                      stdout=subprocess.PIPE).communicate()
+        sys.exit(err or route and
+            utils.binFromIp(route.split()[8]).startswith(network))

+    create(ca_path, ca)
    if config.ca_only:
        sys.exit()

@@ -145,8 +157,8 @@ dh %s
 """ % (config.registry, ca_path, cert_path, key_path, dh_path))
        print "Sample configuration file created."

-    cn = utils.subnetFromCert(cert_path)
-    subnet = utils.networkFromCa(ca_path) + utils.binFromSubnet(cn)
+    cn = utils.subnetFromCert(cert)
+    subnet = network + utils.binFromSubnet(cn)
    print "Your subnet: %s/%u (CN=%s)" \
        % (utils.ipFromBin(subnet), len(subnet), cn)


--- a/re6st/utils.py
+++ b/re6st/utils.py
@@ -127,17 +127,13 @@ def ipFromBin(ip, suffix=''):
    return socket.inet_ntop(socket.AF_INET6,
        struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))

-def networkFromCa(ca_path):
-    # Get network prefix from ca.crt
-    with open(ca_path, 'r') as f:
-        ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
-        return bin(ca.get_serial_number())[3:]
-
-def subnetFromCert(cert_path):
-    # Get ip from cert.crt
-    with open(cert_path, 'r') as f:
-        cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
-        return cert.get_subject().CN
+def networkFromCa(ca):
+    ca = crypto.load_certificate(crypto.FILETYPE_PEM, ca)
+    return bin(ca.get_serial_number())[3:]
+
+def subnetFromCert(cert):
+    cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+    return cert.get_subject().CN

 def dump_address(address):
    return ';'.join(map(','.join, address))

--- a/re6stnet
+++ b/re6stnet
@@ -111,8 +111,10 @@ def getConfig():
 def main():
    # Get arguments
    config = getConfig()
-    network = utils.networkFromCa(config.ca)
-    prefix = utils.binFromSubnet(utils.subnetFromCert(config.cert))
+    with open(config.ca) as f:
+        network = utils.networkFromCa(f.read())
+    with open(config.cert) as f:
+        prefix = utils.binFromSubnet(utils.subnetFromCert(f.read()))
    config.openvpn_args += (
        '--ca', config.ca,
        '--cert', config.cert,