Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Kirill Smelkov
re6stnet
Commits
39926c6c
Commit
39926c6c
authored
Jul 16, 2012
by
Guillaume Bury
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed certificates CN
parent
8e0a7ede
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
32 additions
and
16 deletions
+32
-16
openvpn.py
openvpn.py
+0
-1
registry.py
registry.py
+5
-2
server/ca.crt
server/ca.crt
+17
-8
setup.py
setup.py
+5
-2
vifibnet.py
vifibnet.py
+5
-3
No files found.
openvpn.py
View file @
39926c6c
...
@@ -28,7 +28,6 @@ def server(ip, pipe_fd, *args, **kw):
...
@@ -28,7 +28,6 @@ def server(ip, pipe_fd, *args, **kw):
return
openvpn
(
return
openvpn
(
'--tls-server'
,
'--tls-server'
,
'--mode'
,
'server'
,
'--mode'
,
'server'
,
'--duplicate-cn'
,
# XXX : to be removed
'--up'
,
'up-server %s/%u'
%
(
ip
,
len
(
config
.
vifibnet
)),
'--up'
,
'up-server %s/%u'
%
(
ip
,
len
(
config
.
vifibnet
)),
'--client-connect'
,
'client-connect '
+
str
(
pipe_fd
),
'--client-connect'
,
'client-connect '
+
str
(
pipe_fd
),
'--client-disconnect'
,
'client-connect '
+
str
(
pipe_fd
),
'--client-disconnect'
,
'client-connect '
+
str
(
pipe_fd
),
...
...
registry.py
View file @
39926c6c
...
@@ -6,6 +6,9 @@ from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
...
@@ -6,6 +6,9 @@ from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
from
OpenSSL
import
crypto
from
OpenSSL
import
crypto
import
traceback
import
traceback
# To generate server ca and key with correct serial
# openssl req -nodes -new -x509 -key ca.key -set_serial 0x120010db80042 -days 365 -out ca.crt
IPV6_V6ONLY
=
26
IPV6_V6ONLY
=
26
SOL_IPV6
=
41
SOL_IPV6
=
41
...
@@ -148,7 +151,7 @@ class main(object):
...
@@ -148,7 +151,7 @@ class main(object):
cert
.
gmtime_adj_notAfter
(
self
.
cert_duration
)
cert
.
gmtime_adj_notAfter
(
self
.
cert_duration
)
cert
.
set_issuer
(
self
.
ca
.
get_subject
())
cert
.
set_issuer
(
self
.
ca
.
get_subject
())
subject
=
req
.
get_subject
()
subject
=
req
.
get_subject
()
subject
.
serialNumber
=
"%u/%u"
%
(
int
(
prefix
,
2
),
prefix_len
)
subject
.
CN
=
"%u/%u"
%
(
int
(
prefix
,
2
),
prefix_len
)
cert
.
set_subject
(
subject
)
cert
.
set_subject
(
subject
)
cert
.
set_pubkey
(
req
.
get_pubkey
())
cert
.
set_pubkey
(
req
.
get_pubkey
())
cert
.
sign
(
self
.
key
,
'sha1'
)
cert
.
sign
(
self
.
key
,
'sha1'
)
...
@@ -181,7 +184,7 @@ class main(object):
...
@@ -181,7 +184,7 @@ class main(object):
if
client_ip
.
startswith
(
self
.
network
):
if
client_ip
.
startswith
(
self
.
network
):
prefix
=
client_ip
[
len
(
self
.
network
):]
prefix
=
client_ip
[
len
(
self
.
network
):]
prefix
,
=
self
.
db
.
execute
(
"SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC LIMIT 1"
,
(
prefix
,)).
next
()
prefix
,
=
self
.
db
.
execute
(
"SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC LIMIT 1"
,
(
prefix
,)).
next
()
self
.
db
.
execute
(
"INSERT OR REPLACE INTO peers VALUES (?,?,?,?)"
,
(
prefix
,
ip
,
port
,
proto
))
self
.
db
.
execute
(
"INSERT OR REPLACE INTO peers
(prefix, ip, port, proto)
VALUES (?,?,?,?)"
,
(
prefix
,
ip
,
port
,
proto
))
return
True
return
True
else
:
else
:
# TODO: use log + DO NOT PRINT BINARY IP
# TODO: use log + DO NOT PRINT BINARY IP
...
...
server/ca.crt
View file @
39926c6c
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBejBkAgcBIAENuABCMA0GCSqGSIb3DQEBBQUAMAAwHhcNMTIwNzEyMTE1OTQz
MIIDDTCCAfWgAwIBAgIHASABDbgAQjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQG
WhcNMTMwNzA0MjEyOTQ4WjAeMQswCQYDVQQGEwJGUjEPMA0GA1UEChMGVlBOIEFD
EwJGUjEPMA0GA1UEAwwGVlBOIENBMB4XDTEyMDcxNjExNTMwNVoXDTEzMDcxNjEx
MAgwAwYBAAMBADANBgkqhkiG9w0BAQUFAAOCAQEAFYuU4QGUcs60LlThDqQhhyN8
NTMwNVowHjELMAkGA1UEBhMCRlIxDzANBgNVBAMMBlZQTiBDQTCCASIwDQYJKoZI
ZFAaHcPROkUkHE5HNqQ1kOjApzneA7lcEV2gO6vO0qmHW5aBfUYQKGxosqiiCtaT
hvcNAQEBBQADggEPADCCAQoCggEBALMp1ojWB123yI3kxM0x75sq5W3QJ+rfg5SH
SD6IltD7qMxx0dtXH0W/SSo7d0JifnZh15isjHi0jEv5Cq3NOKlX0115+HrS/uS2
TLvc1CbUeNQwMeJT/l2OQG7D5jyrw4wjAK43w+DKnoJ8WK8sfdrjZ5uDEmfaR9Tv
scI1ujV9PHUUJiwigb2AZ7gHZP/Ug54yYY+w6Ail85CmZ6txmZvC16obqeRmRZyv
TvyCJsIS4g9YP0ZdCNKA/7swlW/erbiDhhlOxrqUonxjU58/aLa41He/v/cEEiyh
g7fvNEg9dmuG8Lj/eXZZTZlrRA5jv2NdWjFl09469t3rGFDFFLop+76H10qR3U/F
vymJqXaRsuDP3ov5zMOM85WxX5Uf3UySrqQ7uN82k2gEdVJfORClW6nGLzrAQUiu
Fn8h12o4qLJhIaDV0vRZh9/tg18N0BrBTkX4BET5AD3mqZ6w8xkrs4pVqHM9/A==
TOUBhlGZjR9FymuGi8jWIMul2wmxj/LI+B9c0mT3GFOU9Sg3HIfQQ+Ea/QoCslmT
CXN0OPlFVhhwtMSB7fviCvUQgzLN7H+Q3nLVqza1f2XBdNE5zmkCAwEAAaNQME4w
HQYDVR0OBBYEFKAM2cc4IXnFIZuYD1IK6MItGzSdMB8GA1UdIwQYMBaAFKAM2cc4
IXnFIZuYD1IK6MItGzSdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
AFIqN4FoxebGAd2f60J9s60a7IExmrrGOCEL+x74XCV+4QBI4UQ27KYzGltXgBO6
eyY2urg2b8MyCjU/U/N5iK6QhzIUw9oGY927V/6WxlMX/DzKAx9VQg2oIxDrj+tA
TpUw9MxlhL/VBJDxuJe6tjM0zdevTVeDgQAJa0UGMTqfMDFjN53WY+ZUyI/0TXwg
tDmEguWFuE/1O1lzZIq9Bv+5lsIsXynzshDLX8t5VGHrPQ8kBs6v7wTLfdtJyDZz
/jLm5Us3/tUB71aMUa3+7bJEFdqtdasbhBAJAgI4hKszmZfsI9H4NHKWQ51cQKNh
P7R0fzBg1J/ueLW5vuPCkXE=
-----END CERTIFICATE-----
-----END CERTIFICATE-----
setup.py
View file @
39926c6c
...
@@ -10,6 +10,8 @@ def main():
...
@@ -10,6 +10,8 @@ def main():
help
=
'To only get CA form server'
)
help
=
'To only get CA form server'
)
_
(
'--db-only'
,
action
=
'store_true'
,
_
(
'--db-only'
,
action
=
'store_true'
,
help
=
'To only get CA and setup peer db with bootstrap peer'
)
help
=
'To only get CA and setup peer db with bootstrap peer'
)
_
(
'--no-boot'
,
action
=
'store_true'
,
help
=
'Enable to skip getting bootstrap peer'
)
_
(
'--server'
,
required
=
True
,
_
(
'--server'
,
required
=
True
,
help
=
'Address of the server delivering certifiactes'
)
help
=
'Address of the server delivering certifiactes'
)
_
(
'--port'
,
required
=
True
,
type
=
int
,
_
(
'--port'
,
required
=
True
,
type
=
int
,
...
@@ -36,7 +38,6 @@ def main():
...
@@ -36,7 +38,6 @@ def main():
sys
.
exit
(
0
)
sys
.
exit
(
0
)
# Create and initialize peers DB
# Create and initialize peers DB
boot_ip
,
boot_port
,
boot_proto
=
s
.
getBootstrapPeer
()
db
=
sqlite3
.
connect
(
os
.
path
.
join
(
config
.
dir
,
'peers.db'
),
isolation_level
=
None
)
db
=
sqlite3
.
connect
(
os
.
path
.
join
(
config
.
dir
,
'peers.db'
),
isolation_level
=
None
)
try
:
try
:
db
.
execute
(
"""CREATE TABLE peers (
db
.
execute
(
"""CREATE TABLE peers (
...
@@ -48,7 +49,9 @@ def main():
...
@@ -48,7 +49,9 @@ def main():
date INTEGER DEFAULT (strftime('%s', 'now')))"""
)
date INTEGER DEFAULT (strftime('%s', 'now')))"""
)
db
.
execute
(
"CREATE INDEX _peers_used ON peers(used)"
)
db
.
execute
(
"CREATE INDEX _peers_used ON peers(used)"
)
db
.
execute
(
"CREATE UNIQUE INDEX _peers_address ON peers(ip, port, proto)"
)
db
.
execute
(
"CREATE UNIQUE INDEX _peers_address ON peers(ip, port, proto)"
)
db
.
execute
(
"INSERT INTO peers (ip, port, proto) VALUES (?,?,?)"
,
(
boot_ip
,
boot_port
,
boot_proto
))
if
not
config
.
no_boot
:
boot_ip
,
boot_port
,
boot_proto
=
s
.
getBootstrapPeer
()
db
.
execute
(
"INSERT INTO peers (ip, port, proto) VALUES (?,?,?)"
,
(
boot_ip
,
boot_port
,
boot_proto
))
except
sqlite3
.
OperationalError
,
e
:
except
sqlite3
.
OperationalError
,
e
:
if
e
.
args
[
0
]
==
'table peers already exists'
:
if
e
.
args
[
0
]
==
'table peers already exists'
:
print
"Table peers already exists, leaving it as it is"
print
"Table peers already exists, leaving it as it is"
...
...
vifibnet.py
View file @
39926c6c
...
@@ -124,17 +124,20 @@ def getConfig():
...
@@ -124,17 +124,20 @@ def getConfig():
help
=
"Common OpenVPN options (e.g. certificates)"
)
help
=
"Common OpenVPN options (e.g. certificates)"
)
openvpn
.
config
=
config
=
parser
.
parse_args
()
openvpn
.
config
=
config
=
parser
.
parse_args
()
log
.
verbose
=
config
.
verbose
log
.
verbose
=
config
.
verbose
# Get network prefix from ca.crt
# Get network prefix from ca.crt
with
open
(
config
.
ca
,
'r'
)
as
f
:
with
open
(
config
.
ca
,
'r'
)
as
f
:
ca
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
ca
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
config
.
vifibnet
=
bin
(
ca
.
get_serial_number
())[
3
:]
config
.
vifibnet
=
bin
(
ca
.
get_serial_number
())[
3
:]
# Get ip from cert.crt
# Get ip from cert.crt
with
open
(
config
.
cert
,
'r'
)
as
f
:
with
open
(
config
.
cert
,
'r'
)
as
f
:
cert
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
cert
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
subject
=
cert
.
get_subject
()
subject
=
cert
.
get_subject
()
prefix
,
prefix_len
=
subject
.
serialNumber
.
split
(
'/'
)
prefix
,
prefix_len
=
subject
.
CN
.
split
(
'/'
)
config
.
internal_ip
=
ipFromPrefix
(
prefix
,
int
(
prefix_len
))
config
.
internal_ip
=
ipFromPrefix
(
prefix
,
int
(
prefix_len
))
log
.
log
(
'Intranet ip : %s'
%
(
config
.
internal_ip
,),
3
)
log
.
log
(
'Intranet ip : %s'
%
(
config
.
internal_ip
,),
3
)
# Treat openvpn arguments
# Treat openvpn arguments
if
config
.
openvpn_args
[
0
]
==
"--"
:
if
config
.
openvpn_args
[
0
]
==
"--"
:
del
config
.
openvpn_args
[
0
]
del
config
.
openvpn_args
[
0
]
...
@@ -234,8 +237,6 @@ def main():
...
@@ -234,8 +237,6 @@ def main():
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.server.log'
),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
))
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.server.log'
),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
))
startNewConnection
(
config
.
client_count
,
write_pipe
)
startNewConnection
(
config
.
client_count
,
write_pipe
)
peers_db
.
populate
(
10
)
# Timed refresh initializing
# Timed refresh initializing
next_refresh
=
time
.
time
()
+
config
.
refresh_time
next_refresh
=
time
.
time
()
+
config
.
refresh_time
...
@@ -248,6 +249,7 @@ def main():
...
@@ -248,6 +249,7 @@ def main():
if
ready
:
if
ready
:
handle_message
(
read_pipe
.
readline
())
handle_message
(
read_pipe
.
readline
())
if
time
.
time
()
>=
next_refresh
:
if
time
.
time
()
>=
next_refresh
:
peers_db
.
populate
(
10
)
refreshConnections
(
write_pipe
)
refreshConnections
(
write_pipe
)
next_refresh
=
time
.
time
()
+
config
.
refresh_time
next_refresh
=
time
.
time
()
+
config
.
refresh_time
except
KeyboardInterrupt
:
except
KeyboardInterrupt
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment