[svn] commit: r2167 - in /branches/trac127/src/bin/bindctl: Makefile.am bindcmd.py bindctl-source.py.in bindctl.pem
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Jun 18 11:28:49 UTC 2010
Author: zhanglikun
Date: Fri Jun 18 11:28:49 2010
New Revision: 2167
Log:
1. Remove certificate file 'bindctl.pem'. 2. Add options -c(--certificate-chain) to bindctl. 3. Override class HTTPSConnection to support server certificate validation.
Removed:
branches/trac127/src/bin/bindctl/bindctl.pem
Modified:
branches/trac127/src/bin/bindctl/Makefile.am
branches/trac127/src/bin/bindctl/bindcmd.py
branches/trac127/src/bin/bindctl/bindctl-source.py.in
Modified: branches/trac127/src/bin/bindctl/Makefile.am
==============================================================================
--- branches/trac127/src/bin/bindctl/Makefile.am (original)
+++ branches/trac127/src/bin/bindctl/Makefile.am Fri Jun 18 11:28:49 2010
@@ -9,8 +9,6 @@
pythondir = $(pyexecdir)/bindctl
bindctldir = $(DESTDIR)$(pkgdatadir)
-bindctl_DATA = bindctl.pem
-EXTRA_DIST += bindctl.pem
CLEANFILES = bindctl
@@ -26,14 +24,3 @@
-e "s|@@SYSCONFDIR@@|@sysconfdir@|" \
-e "s|@@LIBEXECDIR@@|$(pkglibexecdir)|" bindctl-source.py >$@
chmod a+x $@
-
-if INSTALL_CONFIGURATIONS
-
-# TODO: permissions handled later
-install-data-local:
- $(mkinstalldirs) $(DESTDIR)/@sysconfdir@/@PACKAGE@
- if test ! -f $(DESTDIR)$(sysconfdir)/@PACKAGE@/bindctl.pem; then \
- $(INSTALL_DATA) $(srcdir)/bindctl.pem $(DESTDIR)$(sysconfdir)/@PACKAGE@/ ; \
- fi
-
-endif
Modified: branches/trac127/src/bin/bindctl/bindcmd.py
==============================================================================
--- branches/trac127/src/bin/bindctl/bindcmd.py (original)
+++ branches/trac127/src/bin/bindctl/bindcmd.py Fri Jun 18 11:28:49 2010
@@ -58,10 +58,34 @@
Type \"<module_name> <command_name> help\" for help on the specific command.
\nAvailable module names: """
+class ValidatedHTTPSConnection(http.client.HTTPSConnection):
+ '''Overrides HTTPSConnection to support certification
+ validation. '''
+ def __init__(self, host, ca_certs):
+ http.client.HTTPSConnection.__init__(self, host)
+ self.ca_certs = ca_certs
+
+ def connect(self):
+ ''' Overrides the connect() so that we do
+ certificate validation. '''
+ sock = socket.create_connection((self.host, self.port),
+ self.timeout)
+ if self._tunnel_host:
+ self.sock = sock
+ self._tunnel()
+
+ req_cert = ssl.CERT_NONE
+ if self.ca_certs:
+ req_cert = ssl.CERT_REQUIRED
+ self.sock = ssl.wrap_socket(sock, self.key_file,
+ self.cert_file,
+ cert_reqs=req_cert,
+ ca_certs=self.ca_certs)
+
class BindCmdInterpreter(Cmd):
"""simple bindctl example."""
- def __init__(self, server_port = 'localhost:8080', pem_file = "bindctl.pem"):
+ def __init__(self, server_port = 'localhost:8080', pem_file = None):
Cmd.__init__(self)
self.location = ""
self.prompt_end = '> '
@@ -70,18 +94,9 @@
self.modules = OrderedDict()
self.add_module_info(ModuleInfo("help", desc = "Get help for bindctl"))
self.server_port = server_port
- self.pem_file = pem_file
- self._connect_to_cmd_ctrld()
+ self.conn = ValidatedHTTPSConnection(self.server_port,
+ ca_certs=pem_file)
self.session_id = self._get_session_id()
-
- def _connect_to_cmd_ctrld(self):
- '''Connect to cmdctl in SSL context. '''
- try:
- self.conn = http.client.HTTPSConnection(self.server_port,
- cert_file=self.pem_file)
- except Exception as e:
- print(e, "can't connect to %s, please make sure cmd-ctrld is running" %
- self.server_port)
def _get_session_id(self):
'''Generate one session id for the connection. '''
Modified: branches/trac127/src/bin/bindctl/bindctl-source.py.in
==============================================================================
--- branches/trac127/src/bin/bindctl/bindctl-source.py.in (original)
+++ branches/trac127/src/bin/bindctl/bindctl-source.py.in Fri Jun 18 11:28:49 2010
@@ -97,13 +97,16 @@
def set_bindctl_options(parser):
parser.add_option('-p', '--port', dest = 'port', type = 'int',
- action = 'callback', callback=check_port,
- default = '8080', help = 'port for cmdctl of bind10')
+ action = 'callback', callback=check_port,
+ default = '8080', help = 'port for cmdctl of bind10')
parser.add_option('-a', '--address', dest = 'addr', type = 'string',
- action = 'callback', callback=check_addr,
- default = '127.0.0.1', help = 'IP address for cmdctl of bind10')
+ action = 'callback', callback=check_addr,
+ default = '127.0.0.1', help = 'IP address for cmdctl of bind10')
+ parser.add_option('-c', '--certificate-chain', dest = 'cert_chain',
+ type = 'string', action = 'store',
+ help = 'PEM formatted server certificate validation chain file')
if __name__ == '__main__':
try:
@@ -111,14 +114,7 @@
set_bindctl_options(parser)
(options, args) = parser.parse_args()
server_addr = options.addr + ':' + str(options.port)
- # If B10_FROM_SOURCE is set in the environment, we use PEM file
- # from a directory relative to that, otherwise we use the one
- # installed on the system
- if "B10_FROM_SOURCE" in os.environ:
- SYSCONF_PATH = os.environ["B10_FROM_SOURCE"] + "/src/bin/bindctl"
- else:
- SYSCONF_PATH = "@@SYSCONFDIR@@/@PACKAGE@"
- tool = BindCmdInterpreter(server_addr, pem_file = SYSCONF_PATH + "/bindctl.pem")
+ tool = BindCmdInterpreter(server_addr, pem_file=options.cert_chain)
prepare_config_commands(tool)
tool.run()
except Exception as e:
More information about the bind10-changes
mailing list