WIP: Some work

re6st/cli/registry.py

@@ -102,7 +102,7 @@ def main():
                  " 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log.")
     _('--min-protocol', default=version.min_protocol, type=int,
         help="Reject nodes that are too old. Current is %s." % version.protocol)
-    _('--disable-token-by-mail', default=False, type=boolen,
+    _('--disable-token-by-mail', action='store_false',
          help="Disable send new tokens by Mail.")
     _ = parser.add_argument_group('routing').add_argument
     _('--hello', type=int, default=15,

re6st/registry.py

@@ -237,10 +237,14 @@ class RegistryServer(object):
     def handle_request(self, request, method, kw,
                        _localhost=('127.0.0.1', '::1')):
         m = getattr(self, method)
+        authorized_origin = ["10.0.228.20"] + list(_localhost)
         if method in ('revoke', 'versions', 'topology', 'requestAddToken'):
             x_forwarded_for = request.headers.get('X-Forwarded-For')
-            if request.client_address[0] not in _localhost or \
-               x_forwarded_for and x_forwarded_for not in _localhost:
+            if request.client_address[0] not in authorized_origin or \
+               x_forwarded_for and x_forwarded_for not in authorized_origin:
+                logging.warning("X-Forward-For %s " % x_forwarded_for)
+                logging.warning("request.client_address[0] %s " % request.client_address[0])
+
                 return request.send_error(httplib.FORBIDDEN)
         key = m.getcallargs(**kw).get('cn')
         if key:
@@ -293,6 +297,7 @@ class RegistryServer(object):
     @rpc
     def requestAddToken(self, email, token):
         prefix_len = self.config.prefix_length
+        logging.info('requestAddToken %s %s %s' % ( prefix_len, email, token))
         if not prefix_len:
             raise HTTPError(httplib.FORBIDDEN)
         with self.lock:
@@ -448,6 +453,9 @@ class RegistryServer(object):
     def getDh(self, cn):
         with open(self.config.dh) as f:
             return f.read()
+    @rpc
+    def getNetworkBin(self):
+        return x509.networkFromCa(self.cert.ca)
 
     @rpc
     def getNetworkConfig(self, cn):
@@ -455,6 +463,7 @@ class RegistryServer(object):
 
     @rpc
     def getBootstrapPeer(self, cn):
+        logging.info("Asking for peer") 
         with self.peers_lock:
             age, peers = self.peers
             if age < time.time() or not peers:
@@ -475,7 +484,7 @@ class RegistryServer(object):
         with self.lock:
             self.sendto(peer, 1)
             s = self.sock,
-            timeout = 3
+            timeout = 10
             end = timeout + time.time()
             # Loop because there may be answers from previous requests.
             while select.select(s, (), (), timeout)[0]:
@@ -515,6 +524,55 @@ class RegistryServer(object):
                 q("INSERT INTO crl VALUES (?,?)", (serial, not_after))
                 self.updateNetworkConfig()
 
+    @rpc
+    def getIPv6Prefix(self, email):
+        with self.lock:
+          with self.db:
+            q = self.db.execute
+            try:
+              cert, = q("SELECT cert FROM cert WHERE email = ?",
+                                                         (email,)).next()
+            except StopIteration:
+              # return HTTPCODE 404 maybe
+              logging.info("cert not found %s" % email)
+              cert = None
+
+        if cert:
+          certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
+          cn = x509.subnetFromCert(certificate) 
+          return utils.binFromSubnet(cn)
+
+    @rpc
+    def getIPv6Address(self, email):
+        ipv6_prefix = self.getIPv6Prefix(email)
+        if ipv6_prefix is None:
+          return
+        return utils.ipFromBin(self.getNetworkBin() + ipv6_prefix)
+
+
+    @rpc
+    def getIPv4Information(self, peer):
+        with self.lock:
+            self.sendto(peer, 1)
+            s = self.sock, 
+            timeout = 5
+            end = timeout + time.time()
+
+            while select.select(s, (), (), timeout)[0]:
+                prefix, msg = self.recv(sock, 1)
+                if prefix == peer:
+                    break
+                timeout = max(0, end - time.time())
+            else:
+                logging.info("Timeout while querying address for %s/%s", 
+                                                int(peer, 2), len(peer))
+                return 
+
+            if "," in msg:
+                return msg.split(',')[0]
+
+        return ipv4
+
     @rpc
     def versions(self):
         with self.peers_lock:

re6st/utils.py

 import argparse, errno, hashlib, logging, os, select as _select
 import shlex, signal, socket, sqlite3, struct, subprocess
 import sys, textwrap, threading, time, traceback
+from OpenSSL import crypto
 
 HMAC_LEN = len(hashlib.sha1('').digest())
 
@@ -214,6 +215,9 @@ def ipFromBin(ip, suffix=''):
     return socket.inet_ntop(socket.AF_INET6,
         struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))
 
+def loadCert(pem):
+    return crypto.load_certificate(crypto.FILETYPE_PEM, pem)
+
 def dump_address(address):
     return ';'.join(map(','.join, address))
 
@@ -226,7 +230,6 @@ def parse_address(address_list):
         except ValueError, e:
             logging.warning("Failed to parse node address %r (%s)",
                             address, e)
-
 def binFromSubnet(subnet):
     p, l = subnet.split('/')
     return bin(int(p))[2:].rjust(int(l), '0')
@@ -249,3 +252,13 @@ def sqliteCreateTable(db, name, *columns):
             "table %r already exists with unexpected schema" % name)
     db.execute(sql)
     return True
+
+def searchCertFromEmail(db, email):
+    try:
+        cert_string, = db.execute("SELECT cert FROM cert WHERE email = ?",
+                                                         (email,)).next()
+    except StopIteration:
+        # Certificates not found
+        return None
+    
+    return cert_string