Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
2
Issues
2
List
Boards
Labels
Milestones
Merge Requests
4
Merge Requests
4
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
re6stnet
Commits
46c51621
Commit
46c51621
authored
Jun 21, 2023
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
python2 to python3
parent
af7c4d8d
Changes
19
Show whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
116 additions
and
121 deletions
+116
-121
debian/control
debian/control
+2
-2
demo/demo
demo/demo
+1
-1
re6st/cache.py
re6st/cache.py
+12
-10
re6st/cli/conf.py
re6st/cli/conf.py
+19
-18
re6st/ctl.py
re6st/ctl.py
+6
-21
re6st/ovpn-client
re6st/ovpn-client
+4
-2
re6st/ovpn-server
re6st/ovpn-server
+2
-2
re6st/plib.py
re6st/plib.py
+1
-1
re6st/registry.py
re6st/registry.py
+22
-24
re6st/tests/test_unit/test_conf.py
re6st/tests/test_unit/test_conf.py
+1
-1
re6st/tests/test_unit/test_registry.py
re6st/tests/test_unit/test_registry.py
+4
-4
re6st/tests/test_unit/test_registry_client.py
re6st/tests/test_unit/test_registry_client.py
+2
-2
re6st/tests/tools.py
re6st/tests/tools.py
+4
-4
re6st/tunnel.py
re6st/tunnel.py
+12
-10
re6st/utils.py
re6st/utils.py
+7
-5
re6st/version.py
re6st/version.py
+1
-1
re6st/x509.py
re6st/x509.py
+12
-11
re6stnet.spec
re6stnet.spec
+1
-1
setup.py
setup.py
+3
-1
No files found.
debian/control
View file @
46c51621
...
...
@@ -11,6 +11,6 @@ Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, python-pkg-resources, python-openssl (>= 0.13), openvpn (>= 2.4), openpvn (<< 2.5~), babeld (= v1.12.1-nxd3), iproute2 | iproute, openssl
Recommends: ${python:Recommends}, logrotate
Suggests: ${python:Suggests}, ndisc6
Conflicts: re6st-node
Replaces: re6st-node
Conflicts: re6st-node
-py3
Replaces: re6st-node
-py3
Description: resilient, scalable, IPv6 network application
demo/demo
View file @
46c51621
#!/usr/bin/python
2
#!/usr/bin/python
import argparse, math, nemu, os, re, signal
import socket, sqlite3, subprocess, sys, time, weakref
from collections import defaultdict
...
...
re6st/cache.py
View file @
46c51621
import
json
,
logging
,
os
,
sqlite3
,
socket
,
subprocess
,
sys
,
time
,
zlib
import
base64
,
json
,
logging
,
os
,
sqlite3
,
socket
,
subprocess
,
sys
,
time
,
zlib
from
itertools
import
chain
from
.registry
import
RegistryClient
from
.
import
utils
,
version
,
x509
...
...
@@ -65,7 +65,7 @@ class Cache(object):
@
staticmethod
def
_selectConfig
(
execute
):
# BBB: blob
return
((
k
,
str
(
v
)
if
type
(
v
)
is
buffer
else
v
)
return
((
k
,
str
(
v
)
if
type
(
v
)
is
memoryview
else
v
)
for
k
,
v
in
execute
(
"SELECT * FROM config"
))
def
_loadConfig
(
self
,
config
):
...
...
@@ -91,15 +91,15 @@ class Cache(object):
# TODO: When possible, the registry should be queried via the re6st.
x
=
json
.
loads
(
zlib
.
decompress
(
self
.
_registry
.
getNetworkConfig
(
self
.
_prefix
)))
base64
=
x
.
pop
(
''
,
())
base64
_list
=
x
.
pop
(
''
,
())
config
=
{}
for
k
,
v
in
x
.
items
():
k
=
str
(
k
)
if
k
.
startswith
(
'babel_hmac'
):
if
v
:
v
=
self
.
_decrypt
(
v
.
decode
(
'base64'
))
elif
k
in
base64
:
v
=
v
.
decode
(
'base64'
)
v
=
self
.
_decrypt
(
base64
.
b64decode
(
v
))
elif
k
in
base64
_list
:
v
=
base64
.
b64decode
(
v
)
elif
isinstance
(
v
,
(
list
,
dict
)):
k
+=
':json'
v
=
json
.
dumps
(
v
)
...
...
@@ -131,7 +131,7 @@ class Cache(object):
# BBB: Use buffer because of http://bugs.python.org/issue13676
# on Python 2.6
db
.
executemany
(
"INSERT OR REPLACE INTO config VALUES(?,?)"
,
((
k
,
buffer
(
v
)
if
k
in
base64
or
((
k
,
memoryview
(
v
)
if
k
in
base64_list
or
k
.
startswith
(
'babel_hmac'
)
else
v
)
for
k
,
v
in
config
.
items
()))
self
.
_loadConfig
(
iter
(
config
.
items
()))
...
...
@@ -229,7 +229,9 @@ class Cache(object):
" WHERE prefix=peer AND prefix!=? AND try=?"
def
getPeerList
(
self
,
failed
=
0
,
__sql
=
_get_peer_sql
%
"prefix, address"
+
" ORDER BY RANDOM()"
):
return
self
.
_db
.
execute
(
__sql
,
(
self
.
_prefix
,
failed
))
#return self._db.execute(__sql, (self._prefix, failed))
r
=
self
.
_db
.
execute
(
__sql
,
(
self
.
_prefix
,
failed
))
return
r
def
getPeerCount
(
self
,
failed
=
0
,
__sql
=
_get_peer_sql
%
"COUNT(*)"
):
return
self
.
_db
.
execute
(
__sql
,
(
self
.
_prefix
,
failed
)).
next
()[
0
]
...
...
@@ -237,7 +239,7 @@ class Cache(object):
logging
.
info
(
'Getting Boot peer...'
)
try
:
bootpeer
=
self
.
_registry
.
getBootstrapPeer
(
self
.
_prefix
)
prefix
,
address
=
self
.
_decrypt
(
bootpeer
).
split
()
prefix
,
address
=
self
.
_decrypt
(
bootpeer
).
decode
().
split
()
except
(
socket
.
error
,
subprocess
.
CalledProcessError
,
ValueError
)
as
e
:
logging
.
warning
(
'Failed to bootstrap (%s)'
,
e
if
bootpeer
else
'no peer returned'
)
...
...
@@ -273,6 +275,6 @@ class Cache(object):
def
getCountry
(
self
,
ip
):
try
:
return
self
.
_registry
.
getCountry
(
self
.
_prefix
,
ip
)
return
self
.
_registry
.
getCountry
(
self
.
_prefix
,
ip
)
.
decode
()
except
socket
.
error
as
e
:
logging
.
warning
(
'Failed to get country (%s)'
,
ip
)
re6st/cli/conf.py
View file @
46c51621
...
...
@@ -6,7 +6,7 @@ if 're6st' not in sys.modules:
sys
.
path
[
0
]
=
os
.
path
.
dirname
(
os
.
path
.
dirname
(
sys
.
path
[
0
]))
from
re6st
import
registry
,
utils
,
x509
def
create
(
path
,
text
=
None
,
mode
=
0666
):
def
create
(
path
,
text
=
None
,
mode
=
0
o
666
):
fd
=
os
.
open
(
path
,
os
.
O_CREAT
|
os
.
O_WRONLY
|
os
.
O_TRUNC
,
mode
)
try
:
os
.
write
(
fd
,
text
)
...
...
@@ -68,12 +68,12 @@ def main():
fingerprint
=
binascii
.
a2b_hex
(
fingerprint
)
if
hashlib
.
new
(
alg
).
digest_size
!=
len
(
fingerprint
):
raise
ValueError
(
"wrong size"
)
except
StandardError
,
e
:
except
Exception
as
e
:
parser
.
error
(
"invalid fingerprint: %s"
%
e
)
if
x509
.
fingerprint
(
ca
,
alg
).
digest
()
!=
fingerprint
:
sys
.
exit
(
"CA fingerprint doesn't match"
)
else
:
print
"WARNING: it is strongly recommended to use --fingerprint option."
print
(
"WARNING: it is strongly recommended to use --fingerprint option."
)
network
=
x509
.
networkFromCa
(
ca
)
if
config
.
is_needed
:
route
,
err
=
subprocess
.
Popen
((
'ip'
,
'-6'
,
'-o'
,
'route'
,
'get'
,
...
...
@@ -92,16 +92,17 @@ def main():
with
open
(
cert_path
)
as
f
:
cert
=
loadCert
(
f
.
read
())
components
=
dict
(
cert
.
get_subject
().
get_components
())
components
=
{
k
.
decode
():
v
for
k
,
v
in
components
.
items
()}
for
k
in
reserved
:
components
.
pop
(
k
,
None
)
except
IOError
,
e
:
except
IOError
as
e
:
if
e
.
errno
!=
errno
.
ENOENT
:
raise
components
=
{}
if
config
.
req
:
components
.
update
(
config
.
req
)
subj
=
req
.
get_subject
()
for
k
,
v
in
list
(
components
.
items
()
):
for
k
,
v
in
components
.
items
(
):
if
k
in
reserved
:
sys
.
exit
(
k
+
" field is reserved."
)
if
v
:
...
...
@@ -116,26 +117,26 @@ def main():
token
=
''
elif
not
token
:
if
not
config
.
email
:
config
.
email
=
eval
(
input
(
'Please enter your email address: '
)
)
config
.
email
=
input
(
'Please enter your email address: '
)
s
.
requestToken
(
config
.
email
)
token_advice
=
"Use --token to retry without asking a new token
\
n
"
while
not
token
:
token
=
eval
(
input
(
'Please enter your token: '
)
)
token
=
input
(
'Please enter your token: '
)
try
:
with
open
(
key_path
)
as
f
:
pkey
=
crypto
.
load_privatekey
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
key
=
None
print
"Reusing existing key."
except
IOError
,
e
:
print
(
"Reusing existing key."
)
except
IOError
as
e
:
if
e
.
errno
!=
errno
.
ENOENT
:
raise
bits
=
ca
.
get_pubkey
().
bits
()
print
(
(
"Generating %s-bit key ..."
%
bits
)
)
print
(
"Generating %s-bit key ..."
%
bits
)
pkey
=
crypto
.
PKey
()
pkey
.
generate_key
(
crypto
.
TYPE_RSA
,
bits
)
key
=
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
pkey
)
create
(
key_path
,
key
,
0600
)
create
(
key_path
,
key
,
0
o
600
)
req
.
set_pubkey
(
pkey
)
req
.
sign
(
pkey
,
'sha512'
)
...
...
@@ -143,8 +144,8 @@ def main():
# First make sure we can open certificate file for writing,
# to avoid using our token for nothing.
cert_fd
=
os
.
open
(
cert_path
,
os
.
O_CREAT
|
os
.
O_WRONLY
,
0666
)
print
"Requesting certificate ..."
cert_fd
=
os
.
open
(
cert_path
,
os
.
O_CREAT
|
os
.
O_WRONLY
,
0
o
666
)
print
(
"Requesting certificate ..."
)
if
config
.
location
:
cert
=
s
.
requestCertificate
(
token
,
req
,
location
=
config
.
location
)
else
:
...
...
@@ -173,7 +174,7 @@ def main():
key_path
)))
if
not
os
.
path
.
lexists
(
conf_path
):
create
(
conf_path
,
"""
\
create
(
conf_path
,
(
"""
\
registry %s
ca %s
cert %s
...
...
@@ -188,13 +189,13 @@ key %s
#O3
"""
%
(
config
.
registry
,
ca_path
,
cert_path
,
key_path
,
(
'country '
+
config
.
location
.
split
(
','
,
1
)[
0
])
\
if
config
.
location
else
''
))
print
"Sample configuration file created."
if
config
.
location
else
''
))
.
encode
())
print
(
"Sample configuration file created."
)
cn
=
x509
.
subnetFromCert
(
cert
)
subnet
=
network
+
utils
.
binFromSubnet
(
cn
)
print
(
(
"Your subnet: %s/%u (CN=%s)"
\
%
(
utils
.
ipFromBin
(
subnet
),
len
(
subnet
),
cn
))
)
print
(
"Your subnet: %s/%u (CN=%s)"
\
%
(
utils
.
ipFromBin
(
subnet
),
len
(
subnet
),
cn
))
if
__name__
==
"__main__"
:
main
()
re6st/ctl.py
View file @
46c51621
...
...
@@ -53,11 +53,11 @@ class String(object):
@
staticmethod
def
encode
(
buffer
,
value
):
buffer
+=
value
+
"
\
0
"
buffer
+=
value
+
b'
\
x00
'
@
staticmethod
def
decode
(
buffer
,
offset
=
0
):
i
=
buffer
.
index
(
"
\
0
"
,
offset
)
i
=
buffer
.
index
(
0
,
offset
)
return
i
+
1
,
buffer
[
offset
:
i
]
...
...
@@ -69,7 +69,7 @@ class Buffer(object):
def
__iadd__
(
self
,
value
):
self
.
_buf
+=
value
self
.
_buf
.
extend
(
value
)
return
self
def
__len__
(
self
):
...
...
@@ -104,21 +104,6 @@ class Buffer(object):
self
.
_seek
(
r
)
return
value
try
:
# BBB: Python < 2.7.4 (http://bugs.python.org/issue10212)
uint16
.
unpack_from
(
bytearray
(
uint16
.
size
))
except
TypeError
:
def
unpack_from
(
self
,
struct
):
r
=
self
.
_r
x
=
r
+
struct
.
size
value
=
struct
.
unpack
(
buffer
(
self
.
_buf
)[
r
:
x
])
self
.
_seek
(
x
)
return
value
def
decode
(
self
,
decode
):
r
=
self
.
_r
size
,
value
=
decode
(
buffer
(
self
.
_buf
)[
r
:])
self
.
_seek
(
r
+
size
)
return
value
# writing
def
send
(
self
,
socket
,
*
args
):
...
...
@@ -149,7 +134,7 @@ class Packet(object):
logging
.
trace
(
'send %s%r'
,
self
.
__class__
.
__name__
,
(
self
.
id
,)
+
self
.
args
)
offset
=
len
(
buffer
)
buffer
+=
'
\
0
'
*
header
.
size
buffer
+=
b'
\
x0
0
'
*
header
.
size
r
=
self
.
request
if
isinstance
(
r
,
Struct
):
r
.
encode
(
buffer
,
self
.
args
)
...
...
@@ -209,7 +194,7 @@ class Babel(object):
except
socket
.
error
as
e
:
logging
.
debug
(
"Can't connect to %r (%r)"
,
self
.
socket_path
,
e
)
return
e
s
.
send
(
"
\
1
"
)
s
.
send
(
b'
\
x01
'
)
s
.
setblocking
(
0
)
del
self
.
select
self
.
socket
=
s
...
...
@@ -268,7 +253,7 @@ class Babel(object):
a
=
len
(
self
.
network
)
for
route
in
routes
:
assert
route
.
flags
&
1
,
route
# installed
if
route
.
prefix
.
startswith
(
'
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
xff
\
xff
'
):
if
route
.
prefix
.
startswith
(
b
'
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
0
\
xff
\
xff
'
):
continue
assert
route
.
neigh_address
==
route
.
nexthop
,
route
address
=
route
.
neigh_address
,
route
.
ifindex
...
...
re6st/ovpn-client
View file @
46c51621
#!/usr/bin/python
2
-S
#!/usr/bin/python -S
import
os
,
sys
script_type
=
os
.
environ
[
'script_type'
]
...
...
@@ -13,5 +13,7 @@ if script_type == 'up':
if
script_type
==
'route-up'
:
import
time
with
open
(
'/opt/openvpn_route_up.log'
,
'w+'
)
as
f
:
f
.
write
(
repr
(
sys
.
argv
))
os
.
write
(
int
(
sys
.
argv
[
1
]),
repr
((
os
.
environ
[
'common_name'
],
time
.
time
(),
int
(
os
.
environ
[
'tls_serial_0'
]),
os
.
environ
[
'OPENVPN_external_ip'
])))
int
(
os
.
environ
[
'tls_serial_0'
]),
os
.
environ
[
'OPENVPN_external_ip'
]))
.
encode
()
)
re6st/ovpn-server
View file @
46c51621
#!/usr/bin/python
2
-S
#!/usr/bin/python -S
import
os
,
sys
script_type
=
os
.
environ
[
'script_type'
]
...
...
@@ -10,7 +10,7 @@ os.write(fd, repr((script_type, (os.environ['common_name'], os.environ['dev'],
int
(
os
.
environ
[
'tls_serial_0'
]),
external_ip
))))
if
script_type
==
'client-connect'
:
if
os
.
read
(
fd
,
1
)
==
'
\
0
'
:
if
os
.
read
(
fd
,
1
)
==
b'
\
x0
0
'
:
sys
.
exit
(
1
)
# Send client its external ip address
with
open
(
sys
.
argv
[
2
],
'w'
)
as
f
:
...
...
re6st/plib.py
View file @
46c51621
...
...
@@ -43,7 +43,7 @@ def server(iface, max_clients, dh_path, fd, port, proto, encrypt, *args, **kw):
'--max-clients'
,
str
(
max_clients
),
'--port'
,
str
(
port
),
'--proto'
,
proto
,
*
args
,
**
kw
)
*
args
,
pass_fds
=
[
fd
],
**
kw
)
def
client
(
iface
,
address_list
,
encrypt
,
*
args
,
**
kw
):
...
...
re6st/registry.py
View file @
46c51621
...
...
@@ -27,7 +27,7 @@ from http.server import HTTPServer, BaseHTTPRequestHandler
from
email.mime.text
import
MIMEText
from
operator
import
itemgetter
from
OpenSSL
import
crypto
from
urllib.parse
import
splittype
,
splithost
,
unquote
,
urlencode
from
urllib.parse
import
urlparse
,
unquote
,
urlencode
from
.
import
ctl
,
tunnel
,
utils
,
version
,
x509
HMAC_HEADER
=
"Re6stHMAC"
...
...
@@ -91,7 +91,7 @@ class RegistryServer(object):
"name TEXT PRIMARY KEY NOT NULL"
,
"value"
)
self
.
prefix
=
self
.
getConfig
(
"prefix"
,
None
)
self
.
version
=
str
(
self
.
getConfig
(
"version"
,
"
\
0
"
))
# BBB: blob
self
.
version
=
str
(
self
.
getConfig
(
"version"
,
b'
\
x00
'
))
# BBB: blob
utils
.
sqliteCreateTable
(
self
.
db
,
"token"
,
"token TEXT PRIMARY KEY NOT NULL"
,
"email TEXT NOT NULL"
,
...
...
@@ -184,18 +184,16 @@ class RegistryServer(object):
config
=
json
.
dumps
(
kw
,
sort_keys
=
True
)
if
config
!=
self
.
getConfig
(
'last_config'
,
None
):
self
.
increaseVersion
()
# BBB: Use buffer because of http://bugs.python.org/issue13676
# on Python 2.6
self
.
setConfig
(
'version'
,
buffer
(
self
.
version
))
self
.
setConfig
(
'version'
,
self
.
version
)
self
.
setConfig
(
'last_config'
,
config
)
self
.
sendto
(
self
.
prefix
,
0
)
# The following entry lists values that are base64-encoded.
kw
[
''
]
=
'version'
,
kw
[
'version'
]
=
self
.
version
.
encode
(
'base64'
)
kw
[
'version'
]
=
base64
.
b64encode
(
self
.
version
)
self
.
network_config
=
kw
def
increaseVersion
(
self
):
x
=
utils
.
packInteger
(
1
+
utils
.
unpackInteger
(
self
.
version
)[
0
])
x
=
utils
.
packInteger
(
1
+
utils
.
unpackInteger
(
self
.
version
)[
0
:
1
])
self
.
version
=
x
+
self
.
cert
.
sign
(
x
)
def
sendto
(
self
,
prefix
,
code
):
...
...
@@ -203,12 +201,12 @@ class RegistryServer(object):
def
recv
(
self
,
code
):
try
:
prefix
,
msg
=
self
.
sock
.
recv
(
1
<<
16
).
split
(
'
\
0
'
,
1
)
prefix
,
msg
=
self
.
sock
.
recv
(
1
<<
16
).
split
(
b'
\
x0
0
'
,
1
)
int
(
prefix
,
2
)
except
ValueError
:
pass
else
:
if
msg
and
ord
(
msg
[
0
])
==
code
:
if
msg
and
msg
[
0
:
1
]
==
code
:
return
prefix
,
msg
[
1
:]
return
None
,
None
...
...
@@ -293,7 +291,7 @@ class RegistryServer(object):
with
self
.
lock
:
session
=
self
.
sessions
[
key
]
for
key
,
protocol
in
session
:
if
h
==
hmac
.
HMAC
(
key
,
request
.
path
,
hashlib
.
sha1
).
digest
():
if
h
==
hmac
.
HMAC
(
key
,
request
.
path
.
encode
()
,
hashlib
.
sha1
).
digest
():
break
else
:
raise
Exception
(
"Wrong HMAC"
)
...
...
@@ -349,14 +347,14 @@ class RegistryServer(object):
assert
self
.
lock
.
locked
()
return
self
.
db
.
execute
(
"SELECT cert FROM cert"
" WHERE prefix=? AND cert IS NOT NULL"
,
(
client_prefix
,)).
next
()[
0
]
(
client_prefix
,)).
fetchone
()[
0
]
@
rpc_private
def
isToken
(
self
,
token
):
with
self
.
lock
:
if
self
.
db
.
execute
(
"SELECT 1 FROM token WHERE token = ?"
,
(
token
,)).
fetchone
():
return
"1"
return
b
"1"
@
rpc_private
def
deleteToken
(
self
,
token
):
...
...
@@ -595,7 +593,7 @@ class RegistryServer(object):
hmac
=
[
self
.
getConfig
(
k
,
None
)
for
k
in
BABEL_HMAC
]
for
i
,
v
in
enumerate
(
v
for
v
in
hmac
if
v
is
not
None
):
config
[(
'babel_hmac_sign'
,
'babel_hmac_accept'
)[
i
]]
=
\
v
and
x509
.
encrypt
(
cert
,
v
).
encode
(
'base64'
)
v
and
base64
.
b64encode
(
x509
.
encrypt
(
cert
,
v
)
)
return
zlib
.
compress
(
json
.
dumps
(
config
))
def
_queryAddress
(
self
,
peer
):
...
...
@@ -615,7 +613,7 @@ class RegistryServer(object):
@
rpc
def
getCountry
(
self
,
cn
,
address
):
country
=
self
.
_geoiplookup
(
address
)[
0
]
return
None
if
country
==
'*'
else
country
return
None
if
country
==
'*'
else
country
.
encode
()
@
rpc
def
getBootstrapPeer
(
self
,
cn
):
...
...
@@ -673,7 +671,7 @@ class RegistryServer(object):
def
newHMAC
(
self
,
i
,
key
=
None
):
if
key
is
None
:
key
=
buffer
(
os
.
urandom
(
16
)
)
key
=
os
.
urandom
(
16
)
self
.
setConfig
(
BABEL_HMAC
[
i
],
key
)
def
delHMAC
(
self
,
i
):
...
...
@@ -696,10 +694,10 @@ class RegistryServer(object):
else
:
# Initialization of HMAC on the network
self
.
newHMAC
(
1
)
self
.
newHMAC
(
2
,
''
)
self
.
newHMAC
(
2
,
b
''
)
self
.
increaseVersion
()
self
.
setConfig
(
'version'
,
buffer
(
self
.
version
)
)
self
.
network_config
[
'version'
]
=
self
.
version
.
encode
(
'base64'
)
self
.
setConfig
(
'version'
,
self
.
version
)
self
.
network_config
[
'version'
]
=
base64
.
b64encode
(
self
.
version
)
self
.
sendto
(
self
.
prefix
,
0
)
@
rpc_private
...
...
@@ -736,9 +734,9 @@ class RegistryServer(object):
return
logging
.
info
(
"%s %s"
,
email
,
peer
)
with
self
.
lock
:
msg
=
self
.
_queryAddress
(
peer
)
msg
=
self
.
_queryAddress
(
peer
)
.
decode
()
if
msg
:
return
msg
.
split
(
','
)[
0
]
return
msg
.
split
(
','
)[
0
]
.
encode
()
@
rpc_private
def
versions
(
self
):
...
...
@@ -805,8 +803,8 @@ class RegistryClient(object):
def
__init__
(
self
,
url
,
cert
=
None
,
auto_close
=
True
):
self
.
cert
=
cert
self
.
auto_close
=
auto_close
scheme
,
host
=
splittyp
e
(
url
)
host
,
path
=
splithost
(
host
)
url_parsed
=
urlpars
e
(
url
)
scheme
,
host
,
path
=
url_parsed
.
scheme
,
url_parsed
.
netloc
,
url_parsed
.
path
self
.
_conn
=
dict
(
http
=
http
.
client
.
HTTPConnection
,
https
=
http
.
client
.
HTTPSConnection
,
)[
scheme
](
unquote
(
host
),
timeout
=
60
)
...
...
@@ -834,7 +832,7 @@ class RegistryClient(object):
n
=
len
(
h
)
//
2
self
.
cert
.
verify
(
h
[
n
:],
h
[:
n
])
key
=
self
.
cert
.
decrypt
(
h
[:
n
])
h
=
hmac
.
HMAC
(
key
,
query
,
hashlib
.
sha1
).
digest
()
h
=
hmac
.
HMAC
(
key
,
query
.
encode
()
,
hashlib
.
sha1
).
digest
()
key
=
hashlib
.
sha1
(
key
).
digest
()
self
.
_hmac
=
hashlib
.
sha1
(
key
).
digest
()
else
:
...
...
re6st/tests/test_unit/test_conf.py
View file @
46c51621
...
...
@@ -72,7 +72,7 @@ class TestConf(unittest.TestCase):
# go back to original dir
os
.
chdir
(
self
.
origin_dir
)
@
patch
(
"
__builtin__.raw_
input"
)
@
patch
(
"
builtins.
input"
)
def
test_basic
(
self
,
mock_raw_input
):
""" go through all the step
getCa, requestToken, requestCertificate
...
...
re6st/tests/test_unit/test_registry.py
View file @
46c51621
...
...
@@ -146,13 +146,13 @@ class TestRegistryServer(unittest.TestCase):
params
=
{
"cn"
:
prefix
,
"a"
:
1
,
"b"
:
2
}
func
.
getcallargs
.
return_value
=
params
del
func
.
_private
func
.
return_value
=
result
=
"this_is_a_result"
key
=
"this_is_a_key"
func
.
return_value
=
result
=
b
"this_is_a_result"
key
=
b
"this_is_a_key"
self
.
server
.
sessions
[
prefix
]
=
[(
key
,
protocol
)]
request
=
Mock
()
request
.
path
=
"/func?a=1&b=2&cn=0000000011111111"
request
.
headers
=
{
registry
.
HMAC_HEADER
:
base64
.
b64encode
(
hmac
.
HMAC
(
key
,
request
.
path
,
hashlib
.
sha1
).
digest
())}
hmac
.
HMAC
(
key
,
request
.
path
.
encode
()
,
hashlib
.
sha1
).
digest
())}
self
.
server
.
handle_request
(
request
,
method
,
params
)
...
...
@@ -213,7 +213,7 @@ class TestRegistryServer(unittest.TestCase):
res
=
self
.
server
.
hello
(
prefix
,
protocol
=
protocol
)
# decrypt
length
=
len
(
res
)
/
2
length
=
len
(
res
)
//
2
key
,
sign
=
res
[:
length
],
res
[
length
:]
key
=
decrypt
(
pkey
,
key
)
self
.
assertEqual
(
self
.
server
.
sessions
[
prefix
][
-
1
][
0
],
key
,
...
...
re6st/tests/test_unit/test_registry_client.py
View file @
46c51621
...
...
@@ -57,9 +57,9 @@ class TestRegistryClient(unittest.TestCase):
h
=
hmac
.
HMAC
(
key
,
query
,
hashlib
.
sha1
).
digest
()
key
=
hashlib
.
sha1
(
key
).
digest
()
# response part
body
=
None
body
=
b'this is a body'
response
=
fakeResponse
(
body
,
http
.
client
.
NO_CONTENT
)
response
.
msg
=
dict
(
Re6stHMAC
=
hmac
.
HMAC
(
key
,
body
,
hashlib
.
sha1
).
digest
(
))
response
.
msg
=
dict
(
Re6stHMAC
=
base64
.
b64encode
(
hmac
.
HMAC
(
key
,
body
,
hashlib
.
sha1
).
digest
()
))
self
.
client
.
_conn
.
getresponse
.
return_value
=
response
res
=
self
.
client
.
getNetworkConfig
(
cn
)
...
...
re6st/tests/tools.py
View file @
46c51621
...
...
@@ -40,7 +40,7 @@ def generate_cert(ca, ca_key, csr, prefix, serial, not_after=None):
cert
.
gmtime_adj_notBefore
(
0
)
if
not_after
:
cert
.
set_notAfter
(
time
.
strftime
(
"%Y%m%d%H%M%SZ"
,
time
.
gmtime
(
not_after
)))
time
.
strftime
(
"%Y%m%d%H%M%SZ"
,
time
.
gmtime
(
not_after
))
.
encode
()
)
else
:
cert
.
gmtime_adj_notAfter
(
registry
.
RegistryServer
.
cert_duration
)
subject
=
req
.
get_subject
()
...
...
@@ -57,9 +57,9 @@ def create_cert_file(pkey_file, cert_file, ca, ca_key, prefix, serial):
pkey
,
csr
=
generate_csr
()
cert
=
generate_cert
(
ca
,
ca_key
,
csr
,
prefix
,
serial
)
with
open
(
pkey_file
,
'w'
)
as
f
:
f
.
write
(
pkey
)
f
.
write
(
pkey
.
decode
()
)
with
open
(
cert_file
,
'w'
)
as
f
:
f
.
write
(
cert
)
f
.
write
(
cert
.
decode
()
)
return
pkey
,
cert
...
...
@@ -101,7 +101,7 @@ def serial2prefix(serial):
# pkey: private key
def
decrypt
(
pkey
,
incontent
):
with
open
(
"node.key"
,
'w'
)
as
f
:
f
.
write
(
pkey
)
f
.
write
(
pkey
.
decode
()
)
args
=
"openssl rsautl -decrypt -inkey node.key"
.
split
()
p
=
subprocess
.
Popen
(
args
,
stdin
=
subprocess
.
PIPE
,
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
...
...
re6st/tunnel.py
View file @
46c51621
...
...
@@ -94,7 +94,7 @@ class Connection(object):
'--remap-usr1'
,
'SIGTERM'
,
'--ping-exit'
,
str
(
tm
.
timeout
),
'--route-up'
,
'%s %u'
%
(
plib
.
ovpn_client
,
tm
.
write_sock
.
fileno
()),
*
tm
.
ovpn_args
)
*
tm
.
ovpn_args
,
pass_fds
=
[
tm
.
write_sock
.
fileno
()]
)
tm
.
resetTunnelRefresh
()
self
.
_retry
+=
1
...
...
@@ -169,7 +169,7 @@ class TunnelKiller(object):
if
(
self
.
address
,
self
.
ifindex
)
in
tm
.
ctl
.
locked
:
self
.
state
=
'locked'
self
.
timeout
=
time
.
time
()
+
2
*
tm
.
timeout
tm
.
sendto
(
self
.
peer
,
'
\
2
'
if
self
.
client
else
'
\
3
'
)
tm
.
sendto
(
self
.
peer
,
b'
\
2
'
if
self
.
client
else
b
'
\
3
'
)
else
:
self
.
timeout
=
0
...
...
@@ -359,13 +359,13 @@ class BaseTunnelManager(object):
to
=
address
[:
2
]
if
address
[
0
]
==
'::1'
:
try
:
prefix
,
msg
=
msg
.
split
(
'
\
0
'
,
1
)
prefix
,
msg
=
msg
.
split
(
b
'
\
0
'
,
1
)
int
(
prefix
,
2
)
except
ValueError
:
return
if
msg
:
self
.
_forward
=
to
code
=
ord
(
msg
[
0
])
code
=
msg
[
0
]
if
prefix
==
self
.
_prefix
:
msg
=
self
.
_processPacket
(
msg
)
if
msg
:
...
...
@@ -397,7 +397,7 @@ class BaseTunnelManager(object):
address
,
exc_info
=
1
)
return
peer
.
version
=
self
.
_version
\
if
self
.
_sendto
(
to
,
'
\
0
'
+
self
.
_version
,
peer
)
else
''
if
self
.
_sendto
(
to
,
b'
\
0
'
+
self
.
_version
,
peer
)
else
b
''
return
if
seqno
:
h
=
x509
.
fingerprint
(
self
.
cert
.
cert
).
digest
()
...
...
@@ -444,10 +444,11 @@ class BaseTunnelManager(object):
# We got a valid and non-empty message. Always reply
# something so that the sender knows we're still connected.
answer
=
self
.
_processPacket
(
msg
,
peer
.
prefix
)
self
.
_sendto
(
to
,
msg
[
0
]
+
answer
if
answer
else
""
,
peer
)
self
.
_sendto
(
to
,
msg
[
0
:
1
]
+
answer
.
encode
()
if
answer
else
b''
,
peer
)
def
_processPacket
(
self
,
msg
,
peer
=
None
):
c
=
ord
(
msg
[
0
])
c
=
msg
[
0
]
msg
=
msg
[
1
:]
code
=
c
&
0x7f
if
c
>
0x7f
and
msg
:
...
...
@@ -456,6 +457,7 @@ class BaseTunnelManager(object):
elif
code
==
1
:
# address
if
msg
:
if
peer
:
msg
=
msg
.
decode
()
self
.
cache
.
addPeer
(
peer
,
msg
)
try
:
self
.
_connecting
.
remove
(
peer
)
...
...
@@ -526,7 +528,7 @@ class BaseTunnelManager(object):
if
peer
.
prefix
!=
prefix
:
self
.
sendto
(
prefix
,
None
)
elif
(
peer
.
version
<
self
.
_version
and
self
.
sendto
(
prefix
,
'
\
0
'
+
self
.
_version
)):
self
.
sendto
(
prefix
,
b
'
\
0
'
+
self
.
_version
)):
peer
.
version
=
self
.
_version
def
broadcastNewVersion
(
self
):
...
...
@@ -635,7 +637,7 @@ class BaseTunnelManager(object):
logging
.
error
(
"%s. Flushing..."
,
msg
)
subprocess
.
call
((
"ip"
,
"-6"
,
"route"
,
"flush"
,
"cached"
))
self
.
sendto
(
self
.
cache
.
registry_prefix
,
'
\
7
%s (%s)'
%
(
msg
,
os
.
uname
()[
2
]))
b
'
\
7
%s (%s)'
%
(
msg
,
os
.
uname
()[
2
]))
break
def
_updateCountry
(
self
,
address
):
...
...
@@ -957,7 +959,7 @@ class TunnelManager(BaseTunnelManager):
address
=
self
.
cache
.
getAddress
(
peer
)
if
address
:
count
-=
self
.
_makeTunnel
(
peer
,
address
)
elif
self
.
sendto
(
peer
,
'
\
1
'
):
elif
self
.
sendto
(
peer
,
b
'
\
1
'
):
self
.
_connecting
.
add
(
peer
)
count
-=
1
elif
distant_peers
is
None
:
...
...
re6st/utils.py
View file @
46c51621
...
...
@@ -6,9 +6,9 @@ import sys, textwrap, threading, time, traceback
# and then socket.SOCK_CLOEXEC will be useless.
# (We already follow the good practice that consists in not
# relying on the GC for the closing of file descriptors.)
socket
.
SOCK_CLOEXEC
=
0x80000
#
socket.SOCK_CLOEXEC = 0x80000
HMAC_LEN
=
len
(
hashlib
.
sha1
(
''
).
digest
())
HMAC_LEN
=
len
(
hashlib
.
sha1
(
b
''
).
digest
())
class
ReexecException
(
Exception
):
pass
...
...
@@ -180,8 +180,10 @@ class Popen(subprocess.Popen):
t
=
threading
.
Timer
(
5
,
self
.
kill
)
t
.
start
()
# PY3: use waitid(WNOWAIT) and call self.poll() after t.cancel()
r
=
self
.
wait
()
#r = self.wait()
r
=
self
.
waitid
(
WNOWAIT
)
# PY3
t
.
cancel
()
self
.
poll
()
# PY3
return
r
...
...
@@ -270,9 +272,9 @@ def packInteger(i):
raise
OverflowError
def
unpackInteger
(
x
):
n
=
ord
(
x
[
0
])
>>
5
n
=
x
[
0
]
>>
5
try
:
i
,
=
struct
.
unpack
(
"!Q"
,
'
\
0
'
*
(
7
-
n
)
+
x
[:
n
+
1
])
i
,
=
struct
.
unpack
(
"!Q"
,
b
'
\
0
'
*
(
7
-
n
)
+
x
[:
n
+
1
])
except
struct
.
error
:
return
return
sum
((
32
<<
8
*
i
for
i
in
range
(
n
)),
...
...
re6st/version.py
View file @
46c51621
...
...
@@ -40,4 +40,4 @@ protocol = 8
min_protocol
=
1
if
__name__
==
"__main__"
:
print
version
print
(
version
)
re6st/x509.py
View file @
46c51621
...
...
@@ -14,23 +14,23 @@ def subnetFromCert(cert):
return
cert
.
get_subject
().
CN
def
notBefore
(
cert
):
return
calendar
.
timegm
(
time
.
strptime
(
cert
.
get_notBefore
(),
'%Y%m%d%H%M%SZ'
))
return
calendar
.
timegm
(
time
.
strptime
(
cert
.
get_notBefore
()
.
decode
()
,
'%Y%m%d%H%M%SZ'
))
def
notAfter
(
cert
):
return
calendar
.
timegm
(
time
.
strptime
(
cert
.
get_notAfter
(),
'%Y%m%d%H%M%SZ'
))
return
calendar
.
timegm
(
time
.
strptime
(
cert
.
get_notAfter
()
.
decode
()
,
'%Y%m%d%H%M%SZ'
))
def
openssl
(
*
args
):
def
openssl
(
*
args
,
fds
=
[]
):
return
utils
.
Popen
((
'openssl'
,)
+
args
,
stdin
=
subprocess
.
PIPE
,
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
stderr
=
subprocess
.
PIPE
,
pass_fds
=
fds
)
def
encrypt
(
cert
,
data
):
r
,
w
=
os
.
pipe
()
try
:
threading
.
Thread
(
target
=
os
.
write
,
args
=
(
w
,
cert
)).
start
()
p
=
openssl
(
'rsautl'
,
'-encrypt'
,
'-certin'
,
'-inkey'
,
'/proc/self/fd/%u'
%
r
)
'-inkey'
,
'/proc/self/fd/%u'
%
r
,
fds
=
[
r
]
)
out
,
err
=
p
.
communicate
(
data
)
finally
:
os
.
close
(
r
)
...
...
@@ -96,7 +96,7 @@ class Cert(object):
self
.
key
=
crypto
.
load_privatekey
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
if
cert
:
with
open
(
cert
)
as
f
:
self
.
cert
=
self
.
loadVerify
(
f
.
read
())
self
.
cert
=
self
.
loadVerify
(
f
.
read
()
.
encode
()
)
@
property
def
prefix
(
self
):
...
...
@@ -143,6 +143,7 @@ class Cert(object):
"error running openssl, assuming cert is invalid"
)
# BBB: With old versions of openssl, detailed
# error is printed to standard output.
out
,
err
=
out
.
decode
(),
err
.
decode
()
for
err
in
err
,
out
:
for
x
in
err
.
splitlines
():
if
x
.
startswith
(
'error '
):
...
...
@@ -166,7 +167,7 @@ class Cert(object):
def
verifyVersion
(
self
,
version
):
try
:
n
=
1
+
(
ord
(
version
[
0
])
>>
5
)
n
=
1
+
(
version
[
0
]
>>
5
)
self
.
verify
(
version
[
n
:],
version
[:
n
])
except
(
IndexError
,
crypto
.
Error
):
raise
VerifyError
(
None
,
None
,
'invalid network version'
)
...
...
@@ -206,7 +207,7 @@ class Peer(object):
_key
=
newHmacSecret
()
serial
=
None
stop_date
=
float
(
'inf'
)
version
=
''
version
=
b
''
def
__init__
(
self
,
prefix
):
self
.
prefix
=
prefix
...
...
@@ -229,11 +230,11 @@ class Peer(object):
try
:
# Always assume peer is not old, in case it has just upgraded,
# else we would be stuck with the old protocol.
msg
=
(
'
\
0
\
0
\
0
\
1
'
msg
=
(
b
'
\
0
\
0
\
0
\
1
'
+
PACKED_PROTOCOL
+
fingerprint
(
self
.
cert
).
digest
())
except
AttributeError
:
msg
=
'
\
0
\
0
\
0
\
0
'
msg
=
b
'
\
0
\
0
\
0
\
0
'
return
msg
+
crypto
.
dump_certificate
(
crypto
.
FILETYPE_ASN1
,
cert
)
def
hello0Sent
(
self
):
...
...
@@ -246,7 +247,7 @@ class Peer(object):
self
.
_i
=
self
.
_j
=
2
self
.
_last
=
0
self
.
protocol
=
protocol
return
''
.
join
((
'
\
0
\
0
\
0
\
2
'
,
PACKED_PROTOCOL
if
protocol
else
''
,
return
b''
.
join
((
b'
\
0
\
0
\
0
\
2
'
,
PACKED_PROTOCOL
if
protocol
else
b
''
,
h
,
cert
.
sign
(
h
)))
def
_hmac
(
self
,
msg
):
...
...
re6stnet.spec
View file @
46c51621
...
...
@@ -21,7 +21,7 @@ Requires: python-setuptools
BuildRequires: python3-devel
%endif
Recommends: python-miniupnpc
Conflicts: re6st-node
Conflicts: re6st-node
-py3
%description
...
...
setup.py
View file @
46c51621
...
...
@@ -7,7 +7,9 @@ from setuptools.command import sdist as _sdist, build_py as _build_py
from
distutils
import
log
version
=
{
"__file__"
:
"re6st/version.py"
}
execfile
(
version
[
"__file__"
],
version
)
with
open
(
version
[
"__file__"
])
as
f
:
code
=
compile
(
f
.
read
(),
version
[
"__file__"
],
'exec'
)
exec
(
code
,
version
)
def
copy_file
(
self
,
infile
,
outfile
,
*
args
,
**
kw
):
if
infile
==
version
[
"__file__"
]:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment