api: Submit inner and outer IP address when updating lease

2026-01-12 17:06:59 +00:00 · 2017-05-08 20:33:20 +00:00
parent dfb90689db
commit b77a427949
5 changed files with 18 additions and 10 deletions
--- a/certidude/api/init.py
+++ b/certidude/api/init.py
@@ -63,7 +63,8 @@ class SessionResource(object):
                try:
                    last_seen = datetime.strptime(xattr.getxattr(path, "user.lease.last_seen"), "%Y-%m-%dT%H:%M:%S.%fZ")
                    lease = dict(
-                        address = xattr.getxattr(path, "user.lease.address"),
+                        inner_address = xattr.getxattr(path, "user.lease.inner_address"),
+                        outer_address = xattr.getxattr(path, "user.lease.outer_address"),
                        last_seen = last_seen,
                        age = datetime.utcnow() - last_seen
                    )
--- a/certidude/api/attrib.py
+++ b/certidude/api/attrib.py
@@ -22,7 +22,7 @@ class AttributeResource(object):
            raise falcon.HTTPNotFound()
        else:
            try:
-                whitelist = ip_address(attribs.get("user").get("lease").get("address").decode("ascii"))
+                whitelist = ip_address(attribs.get("user").get("lease").get("inner_address").decode("ascii"))
            except AttributeError: # TODO: probably race condition
                raise falcon.HTTPForbidden("Forbidden",
                    "Attributes only accessible to the machine")
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@@ -20,8 +20,9 @@ class LeaseDetailResource(object):
        try:
            path, buf, cert = authority.get_signed(cn)
            return dict(
-                last_seen = xattr.getxattr(path, "user.lease.last_seen"),
-                address = xattr.getxattr(path, "user.lease.address").decode("ascii")
+                last_seen =     xattr.getxattr(path, "user.lease.last_seen"),
+                inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
+                outer_address = xattr.getxattr(path, "user.lease.outer_address").decode("ascii")
            )
        except EnvironmentError: # Certificate or attribute not found
            raise falcon.HTTPNotFound()
@@ -35,7 +36,8 @@ class LeaseResource(object):
        if req.get_param("serial") and cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
            raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")

-        xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii"))
+        xattr.setxattr(path, "user.lease.outer_address", req.get_param("outer_address", required=True).encode("ascii"))
+        xattr.setxattr(path, "user.lease.inner_address", req.get_param("inner_address", required=True).encode("ascii"))
        xattr.setxattr(path, "user.lease.last_seen", datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z")
        push.publish("lease-update", common_name)