def verify_ip_prefix(context):
def set_err(msg):
context.setvar(error_var, msg)
previp = context.getviewvar('previp')
if not previp:
set_err("missing")
return False
# Is it in the right format?
mo = valid_ipf_re.match(previp)
if not mo:
set_err("format is bad")
return False
# Does the signature match, or has someone been playing monkey
# games?
field = "%s@%s" % (mo.group(1), mo.group(2))
if previp != gen_hash(context, field):
set_err("signature does not verify")
return False
# Since the signature verifies, we know the other fields are good.
pip, when = mo.group(1), int(mo.group(2))
# If either the original address or the current one is an IPv6
# address, give up. (Hey, at least we know the signature is good.)
if pip == "IPV6" or httputil.is_ipv6_addr(context['remote-ip']):
return True
# transmogrify the original IP address into a prefix.
pip = '.'.join(pip.split('.')[:3]) + '.'
# Is it from the right IP?
if not context['remote-ip'].startswith(pip):
set_err("remote IP mismatch")
return False
# Is it too old?
if (when + (2 * 60 * 60)) < time.time():
set_err("is too old")
return False
return True
def verify_ip_prefix(context):
def set_err(msg):
context.setvar(error_var, msg)
previp = context.getviewvar('previp')
if not previp:
set_err("missing")
return False
# Is it in the right format?
mo = valid_ipf_re.match(previp)
if not mo:
set_err("format is bad")
return False
# Does the signature match, or has someone been playing monkey
# games?
field = "%s@%s" % (mo.group(1), mo.group(2))
if previp != gen_hash(context, field):
set_err("signature does not verify")
return False
# Since the signature verifies, we know the other fields are good.
pip, when = mo.group(1), int(mo.group(2))
# If either the original address or the current one is an IPv6
# address, give up. (Hey, at least we know the signature is good.)
if pip == "IPV6" or httputil.is_ipv6_addr(context['remote-ip']):
return True
# transmogrify the original IP address into a prefix.
pip = '.'.join(pip.split('.')[:3]) + '.'
# Is it from the right IP?
if not context['remote-ip'].startswith(pip):
set_err("remote IP mismatch")
return False
# Is it too old?
if (when + (2*60*60)) < time.time():
set_err("is too old")
return False
return True
def make_ip_field(context): rip = context['remote-ip'] if httputil.is_ipv6_addr(rip): rip = 'IPV6' ipf = "%s@%d" % (rip, time.time()) return ipf
def make_ip_field(context):
rip = context['remote-ip']
if httputil.is_ipv6_addr(rip):
rip = 'IPV6'
ipf = "%s@%d" % (rip, time.time())
return ipf
