Ejemplo n.º 1
0
def dumpIPv6Network(slave_reference, db, network, ipv6_file):
  email = '%s@slapos' % slave_reference.lower()

  try:
    cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
        (email,)).next()
  except StopIteration:
    # Certificate was not generated yet !!!
    pass

  try:
    if cert_string:
      cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
      cn = x509.subnetFromCert(cert)
      subnet = network + utils.binFromSubnet(cn)
      ipv6 = utils.ipFromBin(subnet)
      writeFile(ipv6_file, ipv6)
  except Exception:
    log.debug('XXX for %s... \n %s' % (slave_reference,
              traceback.format_exc()))
Ejemplo n.º 2
0
def dumpIPv6Network(slave_reference, db, network, ipv6_file):
    email = '%s@slapos' % slave_reference.lower()

    try:
        cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
                                  (email, )).next()
    except StopIteration:
        # Certificate was not generated yet !!!
        pass

    try:
        if cert_string:
            cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string)
            cn = x509.subnetFromCert(cert)
            subnet = network + utils.binFromSubnet(cn)
            ipv6 = utils.ipFromBin(subnet)
            changed = readFile(ipv6_file) != ipv6
            writeFile(ipv6_file, ipv6)
            return ipv6, utils.binFromSubnet(cn), changed
    except Exception:
        log.debug('XXX for %s... \n %s' %
                  (slave_reference, traceback.format_exc()))
Ejemplo n.º 3
0
    if config.fingerprint:
        try:
            alg, fingerprint = config.fingerprint.split(':', 1)
            fingerprint = binascii.a2b_hex(fingerprint)
            if hashlib.new(alg).digest_size != len(fingerprint):
                raise ValueError("wrong size")
        except StandardError, e:
            parser.error("invalid fingerprint: %s" % e)
        if x509.fingerprint(ca, alg).digest() != fingerprint:
            sys.exit("CA fingerprint doesn't match")
    else:
        print "WARNING: it is strongly recommended to use --fingerprint option."
    network = x509.networkFromCa(ca)
    if config.is_needed:
        route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
                                       utils.ipFromBin(network)),
                                      stdout=subprocess.PIPE).communicate()
        sys.exit(err or route and
            utils.binFromIp(route.split()[8]).startswith(network))

    create(ca_path, crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
    if config.ca_only:
        sys.exit()

    reserved = 'CN', 'serial'
    req = crypto.X509Req()
    try:
        with open(cert_path) as f:
            cert = loadCert(f.read())
        components = dict(cert.get_subject().get_components())
        for k in reserved:
Ejemplo n.º 4
0
    if config.fingerprint:
        try:
            alg, fingerprint = config.fingerprint.split(':', 1)
            fingerprint = binascii.a2b_hex(fingerprint)
            if hashlib.new(alg).digest_size != len(fingerprint):
                raise ValueError("wrong size")
        except StandardError, e:
            parser.error("invalid fingerprint: %s" % e)
        if x509.fingerprint(ca, alg).digest() != fingerprint:
            sys.exit("CA fingerprint doesn't match")
    else:
        print "WARNING: it is strongly recommended to use --fingerprint option."
    network = x509.networkFromCa(ca)
    if config.is_needed:
        route, err = subprocess.Popen(
            ('ip', '-6', '-o', 'route', 'get', utils.ipFromBin(network)),
            stdout=subprocess.PIPE).communicate()
        sys.exit(
            err
            or route and utils.binFromIp(route.split()[8]).startswith(network))

    create(ca_path, crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
    if config.ca_only:
        sys.exit()

    reserved = 'CN', 'serial'
    req = crypto.X509Req()
    try:
        with open(cert_path) as f:
            cert = loadCert(f.read())
        components = dict(cert.get_subject().get_components())
Ejemplo n.º 5
0
                                   % (' '.join(cmd), p.returncode, stderr))
        return stdout
    def ip4(object, *args):
        args = ['ip', '-4', object, 'add'] + list(args)
        call(args)
        args[3] = 'del'
        cleanup.append(lambda: subprocess.call(args))
    def ip(object, *args):
        args = ['ip', '-6', object, 'add'] + list(args)
        call(args)
        args[3] = 'del'
        cleanup.append(lambda: subprocess.call(args))

    try:
        subnet = network + cert.prefix
        my_ip = utils.ipFromBin(subnet, '1')
        my_subnet = '%s/%u' % (utils.ipFromBin(subnet), len(subnet))
        my_network = "%s/%u" % (utils.ipFromBin(network), len(network))
        os.environ['re6stnet_ip'] = my_ip
        os.environ['re6stnet_iface'] = config.main_interface
        os.environ['re6stnet_subnet'] = my_subnet
        os.environ['re6stnet_network'] = my_network

        # Init db and tunnels
        config.babel_args += server_tunnels
        timeout = 4 * cache.hello
        cleanup = [lambda: cache.cacheMinimize(config.client_count),
                   lambda: shutil.rmtree(config.run, True)]
        utils.makedirs(config.run, 0700)
        control_socket = os.path.join(config.run, 'babeld.sock')
        if config.client_count and not config.client:
Ejemplo n.º 6
0
    def ip4(object, *args):
        args = ["ip", "-4", object, "add"] + list(args)
        call(args)
        args[3] = "del"
        cleanup.append(lambda: subprocess.call(args))

    def ip(object, *args):
        args = ["ip", "-6", object, "add"] + list(args)
        call(args)
        args[3] = "del"
        cleanup.append(lambda: subprocess.call(args))

    try:
        subnet = network + cert.prefix
        my_ip = utils.ipFromBin(subnet, "1")
        my_subnet = "%s/%u" % (utils.ipFromBin(subnet), len(subnet))
        my_network = "%s/%u" % (utils.ipFromBin(network), len(network))
        os.environ["re6stnet_ip"] = my_ip
        os.environ["re6stnet_iface"] = config.main_interface
        os.environ["re6stnet_subnet"] = my_subnet
        os.environ["re6stnet_network"] = my_network

        # Init db and tunnels
        config.babel_args += server_tunnels
        timeout = 4 * cache.hello
        cleanup = [lambda: cache.cacheMinimize(config.client_count), lambda: shutil.rmtree(config.run, True)]
        utils.makedirs(config.run, 0700)
        control_socket = os.path.join(config.run, "babeld.sock")
        if config.client_count and not config.client:
            tunnel_manager = tunnel.TunnelManager(
Ejemplo n.º 7
0
    if config.fingerprint:
        try:
            alg, fingerprint = config.fingerprint.split(':', 1)
            fingerprint = binascii.a2b_hex(fingerprint)
            if hashlib.new(alg).digest_size != len(fingerprint):
                raise ValueError("wrong size")
        except StandardError, e:
            parser.error("invalid fingerprint: %s" % e)
        if x509.fingerprint(ca, alg).digest() != fingerprint:
            sys.exit("CA fingerprint doesn't match")
    else:
        print "WARNING: it is strongly recommended to use --fingerprint option."
    network = x509.networkFromCa(ca)
    if config.is_needed:
        route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
                                       utils.ipFromBin(network)),
                                      stdout=subprocess.PIPE).communicate()
        sys.exit(err or route and
            utils.binFromIp(route.split()[8]).startswith(network))

    create(ca_path, crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
    if config.ca_only:
        sys.exit()

    reserved = 'CN', 'serial'
    req = crypto.X509Req()
    try:
        with open(cert_path) as f:
            cert = loadCert(f.read())
        components = dict(cert.get_subject().get_components())
        for k in reserved: