def dumpIPv6Network(slave_reference, db, network, ipv6_file): email = '%s@slapos' % slave_reference.lower() try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email,)).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) ipv6 = utils.ipFromBin(subnet) writeFile(ipv6_file, ipv6) except Exception: log.debug('XXX for %s... \n %s' % (slave_reference, traceback.format_exc()))
def dumpIPv6Network(slave_reference, db, network, ipv6_file): email = '%s@slapos' % slave_reference.lower() try: cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?", (email, )).next() except StopIteration: # Certificate was not generated yet !!! pass try: if cert_string: cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_string) cn = x509.subnetFromCert(cert) subnet = network + utils.binFromSubnet(cn) ipv6 = utils.ipFromBin(subnet) changed = readFile(ipv6_file) != ipv6 writeFile(ipv6_file, ipv6) return ipv6, utils.binFromSubnet(cn), changed except Exception: log.debug('XXX for %s... \n %s' % (slave_reference, traceback.format_exc()))
if config.fingerprint: try: alg, fingerprint = config.fingerprint.split(':', 1) fingerprint = binascii.a2b_hex(fingerprint) if hashlib.new(alg).digest_size != len(fingerprint): raise ValueError("wrong size") except StandardError, e: parser.error("invalid fingerprint: %s" % e) if x509.fingerprint(ca, alg).digest() != fingerprint: sys.exit("CA fingerprint doesn't match") else: print "WARNING: it is strongly recommended to use --fingerprint option." network = x509.networkFromCa(ca) if config.is_needed: route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get', utils.ipFromBin(network)), stdout=subprocess.PIPE).communicate() sys.exit(err or route and utils.binFromIp(route.split()[8]).startswith(network)) create(ca_path, crypto.dump_certificate(crypto.FILETYPE_PEM, ca)) if config.ca_only: sys.exit() reserved = 'CN', 'serial' req = crypto.X509Req() try: with open(cert_path) as f: cert = loadCert(f.read()) components = dict(cert.get_subject().get_components()) for k in reserved:
if config.fingerprint: try: alg, fingerprint = config.fingerprint.split(':', 1) fingerprint = binascii.a2b_hex(fingerprint) if hashlib.new(alg).digest_size != len(fingerprint): raise ValueError("wrong size") except StandardError, e: parser.error("invalid fingerprint: %s" % e) if x509.fingerprint(ca, alg).digest() != fingerprint: sys.exit("CA fingerprint doesn't match") else: print "WARNING: it is strongly recommended to use --fingerprint option." network = x509.networkFromCa(ca) if config.is_needed: route, err = subprocess.Popen( ('ip', '-6', '-o', 'route', 'get', utils.ipFromBin(network)), stdout=subprocess.PIPE).communicate() sys.exit( err or route and utils.binFromIp(route.split()[8]).startswith(network)) create(ca_path, crypto.dump_certificate(crypto.FILETYPE_PEM, ca)) if config.ca_only: sys.exit() reserved = 'CN', 'serial' req = crypto.X509Req() try: with open(cert_path) as f: cert = loadCert(f.read()) components = dict(cert.get_subject().get_components())
% (' '.join(cmd), p.returncode, stderr)) return stdout def ip4(object, *args): args = ['ip', '-4', object, 'add'] + list(args) call(args) args[3] = 'del' cleanup.append(lambda: subprocess.call(args)) def ip(object, *args): args = ['ip', '-6', object, 'add'] + list(args) call(args) args[3] = 'del' cleanup.append(lambda: subprocess.call(args)) try: subnet = network + cert.prefix my_ip = utils.ipFromBin(subnet, '1') my_subnet = '%s/%u' % (utils.ipFromBin(subnet), len(subnet)) my_network = "%s/%u" % (utils.ipFromBin(network), len(network)) os.environ['re6stnet_ip'] = my_ip os.environ['re6stnet_iface'] = config.main_interface os.environ['re6stnet_subnet'] = my_subnet os.environ['re6stnet_network'] = my_network # Init db and tunnels config.babel_args += server_tunnels timeout = 4 * cache.hello cleanup = [lambda: cache.cacheMinimize(config.client_count), lambda: shutil.rmtree(config.run, True)] utils.makedirs(config.run, 0700) control_socket = os.path.join(config.run, 'babeld.sock') if config.client_count and not config.client:
def ip4(object, *args): args = ["ip", "-4", object, "add"] + list(args) call(args) args[3] = "del" cleanup.append(lambda: subprocess.call(args)) def ip(object, *args): args = ["ip", "-6", object, "add"] + list(args) call(args) args[3] = "del" cleanup.append(lambda: subprocess.call(args)) try: subnet = network + cert.prefix my_ip = utils.ipFromBin(subnet, "1") my_subnet = "%s/%u" % (utils.ipFromBin(subnet), len(subnet)) my_network = "%s/%u" % (utils.ipFromBin(network), len(network)) os.environ["re6stnet_ip"] = my_ip os.environ["re6stnet_iface"] = config.main_interface os.environ["re6stnet_subnet"] = my_subnet os.environ["re6stnet_network"] = my_network # Init db and tunnels config.babel_args += server_tunnels timeout = 4 * cache.hello cleanup = [lambda: cache.cacheMinimize(config.client_count), lambda: shutil.rmtree(config.run, True)] utils.makedirs(config.run, 0700) control_socket = os.path.join(config.run, "babeld.sock") if config.client_count and not config.client: tunnel_manager = tunnel.TunnelManager(