wip: fix restarting machines with wrong HMAC settings

0cd2cdcb · Killian Lufau · 937856a8 · 0cd2cdcb · 0cd2cdcb · 0cd2cdcb
Commit 0cd2cdcb authored Jun 06, 2019 by Killian Lufau
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 8 deletions

re6st/cache.py re6st/cache.py +7 -3

re6st/registry.py re6st/registry.py +1 -1

re6st/tunnel.py re6st/tunnel.py +13 -4

re6st/x509.py re6st/x509.py +3 -0

No files found.
--- a/re6st/cache.py
+++ b/re6st/cache.py
@@ -8,6 +8,7 @@ class Cache(object):
    def __init__(self, db_path, registry, cert, db_size=200):
        self._prefix = cert.prefix
        self._db_size = db_size
+        self._crypt_size = len(cert)
        self._decrypt = cert.decrypt
        self._registry = RegistryClient(registry, cert)

@@ -138,7 +139,6 @@ class Cache(object):
        self._loadConfig(config.iteritems())
        return [k.rstrip(':json') for k, v in config.iteritems()
                                  if k not in old or old[k] != v]
-
    def warnProtocol(self):
        if version.protocol < self.protocol:
            logging.warning("There's a new version of re6stnet:"
@@ -236,14 +236,18 @@ class Cache(object):
        logging.info('Getting Boot peer...')
        try:
            bootpeer = self._registry.getBootstrapPeer(self._prefix)
-            prefix, address = self._decrypt(bootpeer).split()
+            n = self._crypt_size
+            prefix, address = self._decrypt(bootpeer[:n]).split()
        except (socket.error, subprocess.CalledProcessError, ValueError), e:
            logging.warning('Failed to bootstrap (%s)',
                            e if bootpeer else 'no peer returned')
        else:
+            version = bootpeer[n:]
+            if self.version == version:
+                version = None
            if prefix != self._prefix:
                self.addPeer(prefix, address)
-                return prefix, address
+                return prefix, address, version
            logging.warning('Buggy registry sent us our own address')

    def addPeer(self, prefix, address, set_preferred=False):

--- a/re6st/registry.py
+++ b/re6st/registry.py
@@ -534,7 +534,7 @@ class RegistryServer(object):
            cert = self.getCert(cn)
        msg = "%s %s" % (peer, msg)
        logging.info("Sending bootstrap peer: %s", msg)
-        return x509.encrypt(cert, msg)
+        return x509.encrypt(cert, msg) + self.version

    @rpc_private
    def revoke(self, cn_or_serial):

--- a/re6st/tunnel.py
+++ b/re6st/tunnel.py
@@ -302,8 +302,9 @@ class BaseTunnelManager(object):
                    logging.debug("timeout: updating %r (%s)", callback.__name__, next)
                    t[i] = next, callback
                return
-        logging.debug("timeout: adding %r (%s)", callback.__name__, next)
-        t.append((next, callback))
+        if next:
+            logging.debug("timeout: adding %r (%s)", callback.__name__, next)
+            t.append((next, callback))

    def invalidatePeers(self):
        next = float('inf')
@@ -538,6 +539,7 @@ class BaseTunnelManager(object):
            logging.info("will retry to update network parameters in 5 minutes")
            self.selectTimeout(time.time() + 300, self.newVersion)
            return
+        assert changed
        logging.info("changed: %r", changed)
        self.selectTimeout(None, self.newVersion)
        self._version = self.cache.version
@@ -919,7 +921,7 @@ class TunnelManager(BaseTunnelManager):
                if peers:
                    # We aren't the only disconnected node
                    # so force rebootstrapping.
-                    peer = self.cache.getBootstrapPeer()
+                    peer = self.getBootstrapPeer()
                    if not peer:
                        # Registry dead ? Assume we're connected after all.
                        distant_peers = self._distant_peers
@@ -964,7 +966,7 @@ class TunnelManager(BaseTunnelManager):
            if not (new or peers):
                if bootstrap and registry != self._prefix:
                    # Startup without any good address in the cache.
-                    peer = self.cache.getBootstrapPeer()
+                    peer = self.getBootstrapPeer()
                    if peer and self._makeTunnel(*peer):
                        return
                # Failed to bootstrap ! Last chance to connect is to
@@ -973,6 +975,13 @@ class TunnelManager(BaseTunnelManager):
                    if self._makeTunnel(*peer):
                        break

+    def getBootstrapPeer(self):
+        peer, prefix, version = self.cache.getBootstrapPeer()
+        if version:
+            self._version = version
+            self.newVersion()
+        return peer, prefix
+
    def killAll(self):
        for prefix in self._connection_dict.keys():
            self._kill(prefix)

--- a/re6st/x509.py
+++ b/re6st/x509.py
@@ -94,6 +94,9 @@ class Cert(object):
            with open(cert) as f:
                self.cert = self.loadVerify(f.read())

+    def __len__(self):
+        return self.key.bits() // 8
+
    @property
    def prefix(self):
        return utils.binFromSubnet(subnetFromCert(self.cert))