From 4529924cce8f4f4bb1ee17a901e849845e927cf2 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 2 Mar 2020 16:06:07 -0500 Subject: [PATCH] Fix credserver python3 and LLA support Both client and server had an issue with LLA, along with the usual python3-isms. --- confluent_server/confluent/credserver.py | 90 +++++++++++++----------- confluent_server/confluent/netutil.py | 1 + misc/clortho.c | 7 +- 3 files changed, 52 insertions(+), 46 deletions(-) diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py index ebbd5a2c..e3ba0f55 100644 --- a/confluent_server/confluent/credserver.py +++ b/confluent_server/confluent/credserver.py @@ -16,6 +16,7 @@ import confluent.config.configmanager as cfm import confluent.netutil as netutil +import confluent.util as util import datetime import eventlet import eventlet.green.socket as socket @@ -27,52 +28,55 @@ class CredServer(object): self.cfm = cfm.ConfigManager(None) def handle_client(self, client, peer): - if not netutil.address_is_local(peer[0]): - client.close() - return - client.send('\xc2\xd1-\xa8\x80\xd8j\xba') - tlv = bytearray(client.recv(2)) - if tlv[0] != 1: - client.close() - return - nodename = client.recv(tlv[1]) - tlv = bytearray(client.recv(2)) - apiarmed = self.cfm.get_node_attributes(nodename, 'api.armed') - apiarmed = apiarmed.get(nodename, {}).get('api.armed', {}).get('value', None) - if not apiarmed: - client.close() - return - if apiarmed not in ('once', 'continuous'): - now = datetime.datetime.utcnow() - expiry = datetime.datetime.strptime(apiarmed, "%Y-%m-%dT%H:%M:%SZ") - if now > expiry: - self.cfm.set_node_attributes({nodename: {'api.armed': ''}}) + try: + if not netutil.address_is_local(peer[0]): client.close() return - client.send(b'\x02\x20') - rttoken = os.urandom(32) - client.send(rttoken) - client.send('\x00\x00') - tlv = bytearray(client.recv(2)) - if tlv[0] != 3: + client.send(b'\xc2\xd1-\xa8\x80\xd8j\xba') + tlv = bytearray(client.recv(2)) + if tlv[0] != 1: + client.close() + return + nodename = util.stringify(client.recv(tlv[1])) + tlv = bytearray(client.recv(2)) + apiarmed = self.cfm.get_node_attributes(nodename, 'api.armed') + apiarmed = apiarmed.get(nodename, {}).get('api.armed', {}).get( + 'value', None) + if not apiarmed: + client.close() + return + if apiarmed not in ('once', 'continuous'): + now = datetime.datetime.utcnow() + expiry = datetime.datetime.strptime(apiarmed, "%Y-%m-%dT%H:%M:%SZ") + if now > expiry: + self.cfm.set_node_attributes({nodename: {'api.armed': ''}}) + client.close() + return + client.send(b'\x02\x20') + rttoken = os.urandom(32) + client.send(rttoken) + client.send(b'\x00\x00') + tlv = bytearray(client.recv(2)) + if tlv[0] != 3: + client.close() + return + echotoken = client.recv(tlv[1]) + if echotoken != rttoken: + client.close() + return + tlv = bytearray(client.recv(2)) + if tlv[0] != 4: + client.close() + return + echotoken = client.recv(tlv[1]) + cfgupdate = {nodename: {'api.key': echotoken, 'api.armed': ''}} + if apiarmed == 'continuous': + del cfgupdate[nodename]['api.armed'] + self.cfm.set_node_attributes(cfgupdate) + client.recv(2) # drain end of message + client.send(b'\x05\x00') # report success + finally: client.close() - return - echotoken = client.recv(tlv[1]) - if echotoken != rttoken: - client.close() - return - tlv = bytearray(client.recv(2)) - if tlv[0] != 4: - client.close() - return - echotoken = client.recv(tlv[1]) - cfgupdate = {nodename: {'api.key': echotoken, 'api.armed': ''}} - if apiarmed == 'continuous': - del cfgupdate[nodename]['api.armed'] - self.cfm.set_node_attributes(cfgupdate) - client.recv(2) # drain end of message - client.send('\x05\x00') # report success - client.close() if __name__ == '__main__': a = CredServer() diff --git a/confluent_server/confluent/netutil.py b/confluent_server/confluent/netutil.py index c079614c..a68a0216 100644 --- a/confluent_server/confluent/netutil.py +++ b/confluent_server/confluent/netutil.py @@ -50,6 +50,7 @@ def ip_on_same_subnet(first, second, prefix): addrinf = socket.getaddrinfo(second, None, 0, socket.SOCK_STREAM)[0] if fam != addrinf[0]: return False + txtaddr = addrinf[-1][0].split('%')[0] oip = socket.inet_pton(fam, addrinf[-1][0]) oip = int(codecs.encode(bytes(oip), 'hex'), 16) if fam == socket.AF_INET: diff --git a/misc/clortho.c b/misc/clortho.c index 16780a91..7e2f79a5 100644 --- a/misc/clortho.c +++ b/misc/clortho.c @@ -44,16 +44,17 @@ int main(int argc, char* argv[]) { struct addrinfo *addrs; struct addrinfo *curr; struct sockaddr_in net4bind; - struct sockaddr_in net6bind; + struct sockaddr_in6 net6bind; unsigned char buffer[MAXPACKET]; memset(&hints, 0, sizeof(struct addrinfo)); memset(&net4bind, 0, sizeof(struct sockaddr_in)); - memset(&net6bind, 0, sizeof(struct sockaddr_in)); + memset(&net6bind, 0, sizeof(struct sockaddr_in6)); memset(&buffer, 0, MAXPACKET); memset(&timeout, 0, sizeof(struct timeval)); timeout.tv_sec = 10; net4bind.sin_port = htons(302); - net6bind.sin_port = htons(302); + net6bind.sin6_port = htons(302); + net6bind.sin6_family = AF_INET6; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP;