-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathdomains.py
63 lines (52 loc) · 2.12 KB
/
domains.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"""
srcf.domains: Utilities for verifying domain ownership.
"""
from binascii import hexlify
from contextlib import contextmanager
from http.client import HTTPConnection
import os
import socket
from tempfile import NamedTemporaryFile
HOST_DOMAIN = "srcf.societies.cam.ac.uk"
WELL_KNOWN = "/public/societies/srcf-admin/srcf-well-known"
@contextmanager
def make_challenge(domain):
# Generate a random challenge value to ensure we're talking to ourselves.
challenge = hexlify(os.urandom(32))
proof = NamedTemporaryFile(prefix="domain-{}-".format(domain), dir=WELL_KNOWN)
try:
# Temp files are 0600 by default. As it'll be owned by srcf-admin or
# root, Apache won't have permission to read it as the site user.
os.chmod(proof.name, 0o644)
proof.write(challenge)
proof.flush()
yield challenge, os.path.basename(proof.name)
finally:
proof.close()
def get_server_ips():
server = "{}.{}".format(socket.gethostname(), HOST_DOMAIN)
raw = socket.getaddrinfo(server, "http", proto=socket.IPPROTO_TCP)
for family, *_, (ip, *_) in raw:
yield family, ip
def verify(domain):
"""
Check if the given domain is correctly configured to serve an SRCF website.
A one-off challenge will be created and retrieved via /.well-known/srcf.
Returns a tuple of values, `(IPv4, IPv6)`, where a given value can be
`True` if valid, `False` if not, or `None` if we couldn't connect.
"""
with make_challenge(domain) as (challenge, filename):
# Read the temp file back via the given domain.
path = "/.well-known/srcf/{}".format(filename)
results = {}
for family, source in get_server_ips():
if family in results:
continue
try:
conn = HTTPConnection(domain, timeout=5, source_address=(source, 0))
conn.request("GET", path)
resp = conn.getresponse().read()
results[family] = resp == challenge
except socket.error:
results[family] = None
return results.get(socket.AF_INET), results.get(socket.AF_INET6)