Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Joanne Hugé
re6stnet
Commits
5539f577
Commit
5539f577
authored
Feb 03, 2022
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add communities
parent
f1e95660
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
30 additions
and
7 deletions
+30
-7
demo/registry/re6st-registry.conf
demo/registry/re6st-registry.conf
+1
-0
re6st/cli/conf.py
re6st/cli/conf.py
+5
-1
re6st/cli/registry.py
re6st/cli/registry.py
+2
-0
re6st/registry.py
re6st/registry.py
+22
-6
No files found.
demo/registry/re6st-registry.conf
View file @
5539f577
...
...
@@ -7,3 +7,4 @@ hello 4
client
-
count
2
tunnel
-
refresh
100
ipv4
10
.
42
.
0
.
0
/
16
8
community
registry
/
community
.
conf
re6st/cli/conf.py
View file @
5539f577
...
...
@@ -45,6 +45,9 @@ def main():
_
(
'--anonymous'
,
action
=
'store_true'
,
help
=
"Request an anonymous certificate. No email is required but the"
" registry may deliver a longer prefix."
)
_
(
'--country'
,
help
=
"Specify country for the community assignment (default:"
" country is detected based on IP in X-Forwarded-For header"
)
config
=
parser
.
parse_args
()
if
config
.
dir
:
os
.
chdir
(
config
.
dir
)
...
...
@@ -141,7 +144,8 @@ def main():
# to avoid using our token for nothing.
cert_fd
=
os
.
open
(
cert_path
,
os
.
O_CREAT
|
os
.
O_WRONLY
,
0666
)
print
"Requesting certificate ..."
cert
=
s
.
requestCertificate
(
token
,
req
)
cert
=
s
.
requestCertificate
(
token
,
req
,
country
=
config
.
country
)
\
if
config
.
country
else
s
.
requestCertificate
(
token
,
req
)
if
not
cert
:
token_advice
=
None
sys
.
exit
(
"Error: invalid or expired token"
)
...
...
re6st/cli/registry.py
View file @
5539f577
...
...
@@ -110,6 +110,8 @@ def main():
help
=
"Reject nodes that are too old. Current is %s."
%
version
.
protocol
)
_
(
'--authorized-origin'
,
action
=
'append'
,
default
=
[
'127.0.0.1'
,
'::1'
],
help
=
"Authorized IPs to access origin-restricted RPC."
)
_
(
'--community'
,
help
=
"File containing community configuration"
)
_
=
parser
.
add_argument_group
(
'routing'
).
add_argument
_
(
'--hello'
,
type
=
int
,
default
=
15
,
...
...
re6st/registry.py
View file @
5539f577
...
...
@@ -68,6 +68,13 @@ class RegistryServer(object):
self
.
sessions
=
{}
self
.
sock
=
socket
.
socket
(
socket
.
AF_INET6
,
socket
.
SOCK_DGRAM
)
# Community
self
.
community_map
=
{}
if
config
.
community
:
with
open
(
config
.
community
,
'r'
)
as
f
:
self
.
community_map
=
{
country
:
prefix
for
country
,
prefix
in
[
l
[:
-
1
].
split
(
' '
)
for
l
in
f
]}
# Database initializing
db_dir
=
os
.
path
.
dirname
(
self
.
config
.
db
)
db_dir
and
utils
.
makedirs
(
db_dir
)
...
...
@@ -88,7 +95,11 @@ class RegistryServer(object):
"prefix TEXT PRIMARY KEY NOT NULL"
,
"email TEXT"
,
"cert TEXT"
)
self
.
db
.
execute
(
"INSERT OR IGNORE INTO cert VALUES ('',null,null)"
)
for
c
in
self
.
community_map
:
self
.
db
.
execute
(
"INSERT OR IGNORE INTO cert VALUES (?,null,null)"
,
(
self
.
community_map
[
c
],))
if
not
self
.
community_map
:
self
.
db
.
execute
(
"INSERT OR IGNORE INTO cert VALUES ('',null,null)"
)
utils
.
sqliteCreateTable
(
self
.
db
,
"crl"
,
"serial INTEGER PRIMARY KEY NOT NULL"
,
# Expiration date of revoked certificate.
...
...
@@ -279,6 +290,8 @@ class RegistryServer(object):
request
.
headers
.
get
(
"X-Forwarded-For"
)
or
request
.
headers
.
get
(
"host"
),
request
.
headers
.
get
(
"user-agent"
))
if
'ip'
in
kw
:
kw
[
'ip'
]
=
request
.
headers
.
get
(
"X-Forwarded-For"
)
or
request
.
headers
.
get
(
"host"
)
try
:
result
=
m
(
**
kw
)
except
HTTPError
,
e
:
...
...
@@ -385,12 +398,13 @@ class RegistryServer(object):
s
.
sendmail
(
self
.
email
,
email
,
msg
.
as_string
())
s
.
quit
()
def
newPrefix
(
self
,
prefix_len
):
def
newPrefix
(
self
,
prefix_len
,
country
=
''
):
max_len
=
128
-
len
(
self
.
network
)
assert
0
<
prefix_len
<=
max_len
try
:
prefix
,
=
self
.
db
.
execute
(
"""SELECT prefix FROM cert WHERE length(prefix) <= ? AND cert is null
ORDER BY length(prefix) DESC"""
,
(
prefix_len
,)).
next
()
AND prefix LIKE ? ORDER BY length(prefix) DESC"""
,
(
prefix_len
,
self
.
community_map
.
get
(
country
,
''
)
+
'%'
)).
next
()
except
StopIteration
:
logging
.
error
(
'No more free /%u prefix available'
,
prefix_len
)
raise
...
...
@@ -401,10 +415,10 @@ class RegistryServer(object):
if
len
(
prefix
)
<
max_len
or
'1'
in
prefix
:
return
prefix
self
.
db
.
execute
(
"UPDATE cert SET cert = 'reserved' WHERE prefix = ?"
,
(
prefix
,))
return
self
.
newPrefix
(
prefix_len
)
return
self
.
newPrefix
(
prefix_len
,
country
)
@
rpc
def
requestCertificate
(
self
,
token
,
req
):
def
requestCertificate
(
self
,
token
,
req
,
country
=
''
,
ip
=
''
):
req
=
crypto
.
load_certificate_request
(
crypto
.
FILETYPE_PEM
,
req
)
with
self
.
lock
:
with
self
.
db
:
...
...
@@ -424,7 +438,9 @@ class RegistryServer(object):
if
not
prefix_len
:
raise
HTTPError
(
httplib
.
FORBIDDEN
)
email
=
None
prefix
=
self
.
newPrefix
(
prefix_len
)
country
=
country
if
country
else
self
.
_geoiplookup
(
ip
)
prefix
=
self
.
newPrefix
(
prefix_len
,
country
if
country
in
self
.
community_map
else
'_'
)
self
.
db
.
execute
(
"UPDATE cert SET email = ? WHERE prefix = ?"
,
(
email
,
prefix
))
if
self
.
prefix
is
None
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment