diff options
author | Ivan Alejandro <ivanalejandro0@gmail.com> | 2013-07-29 12:17:40 -0300 |
---|---|---|
committer | Ivan Alejandro <ivanalejandro0@gmail.com> | 2013-07-30 10:18:40 -0300 |
commit | df200f6379608b379c5fec47ddb030b6d72ce93a (patch) | |
tree | b4e6cb37cb3d10ecc92b8a3ac7c15d5c7478839e | |
parent | b39584175fda25d812dbb90d3fa171f7a50e3914 (diff) |
Refactor policies to the policies module.
-rw-r--r-- | src/leap/platform_init/initializers.py | 42 | ||||
-rw-r--r-- | src/leap/services/eip/vpnlaunchers.py | 26 | ||||
-rw-r--r-- | src/leap/util/privilege_policies.py | 49 |
3 files changed, 72 insertions, 45 deletions
diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py index d04daca6..bbdc7f29 100644 --- a/src/leap/platform_init/initializers.py +++ b/src/leap/platform_init/initializers.py @@ -31,7 +31,7 @@ from PySide import QtGui from leap.config.leapsettings import LeapSettings from leap.services.eip import vpnlaunchers from leap.util import first -from leap.config.providerconfig import ProviderConfig +from leap.util import privilege_policies logger = logging.getLogger(__name__) @@ -331,36 +331,6 @@ def DarwinInitializer(): # # Linux initializers # - -POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> -<policyconfig> - - <vendor>LEAP Project</vendor> - <vendor_url>http://leap.se/</vendor_url> - - <action id="net.openvpn.gui.leap.run-openvpn"> - <description>Runs the openvpn binary</description> - <description xml:lang="es">Ejecuta el binario openvpn</description> - <message>OpenVPN needs that you authenticate to start</message> - <message xml:lang="es"> - OpenVPN necesita autorizacion para comenzar - </message> - <icon_name>package-x-generic</icon_name> - <defaults> - <allow_any>yes</allow_any> - <allow_inactive>yes</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate> - <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> - </action> -</policyconfig> -""" - - def _linux_install_missing_scripts(badexec, notfound): """ Tries to install the missing up/down scripts. @@ -381,14 +351,8 @@ def _linux_install_missing_scripts(badexec, notfound): fd, tempscript = tempfile.mkstemp(prefix="leap_installer-") polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-") try: - # We need to do the config/../apps/openvpn otherwise the - # policy file won't work - openvpn_path = os.path.join( - ProviderConfig().get_path_prefix(), - "..", "apps", "eip", - launcher.OPENVPN_BIN) - - policy_contents = POLICY_TEMPLATE.format(path=openvpn_path) + path = launcher.get_path_prefix() + policy_contents = privilege_policies.get_policy_contents(path) with os.fdopen(polfd, 'w') as f: f.write(policy_contents) diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py index 8522d1df..992f0c50 100644 --- a/src/leap/services/eip/vpnlaunchers.py +++ b/src/leap/services/eip/vpnlaunchers.py @@ -38,6 +38,7 @@ from leap.common.files import which from leap.config.providerconfig import ProviderConfig from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector from leap.util import first +from leap.util.privilege_policies import LinuxPolicyChecker logger = logging.getLogger(__name__) @@ -62,7 +63,7 @@ class EIPNoTunKextLoaded(VPNLauncherException): pass -class VPNLauncher: +class VPNLauncher(object): """ Abstract launcher class """ @@ -250,12 +251,25 @@ class LinuxVPNLauncher(VPNLauncher): OPENVPN_DOWN_ROOT_BASE, OPENVPN_DOWN_ROOT_FILE) - POLKIT_BASE = "/usr/share/polkit-1/actions" - POLKIT_FILE = "net.openvpn.gui.leap.policy" - POLKIT_PATH = "%s/%s" % (POLKIT_BASE, POLKIT_FILE) - UPDOWN_FILES = (UP_DOWN_PATH,) - OTHER_FILES = (POLKIT_PATH,) + POLKIT_PATH = LinuxPolicyChecker.get_polkit_path() + OTHER_FILES = (POLKIT_PATH, ) + + def missing_other_files(self): + """ + 'Extend' the VPNLauncher's missing_other_files to check if the polkit + files is outdated. If the polkit file is in OTHER_FILES, exists, but is + not up to date, it is added to the missing list. + + :rtype: list + """ + missing = VPNLauncher.missing_other_files.im_func(self) + polkit_file = LinuxPolicyChecker().get_polkit_path() + if polkit_file not in missing: + if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH): + missing.append(polkit_file) + + return missing @classmethod def cmd_for_missing_scripts(kls, frompath, pol_file): diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py index 10224bcd..05ae60e0 100644 --- a/src/leap/util/privilege_policies.py +++ b/src/leap/util/privilege_policies.py @@ -27,6 +27,35 @@ from abc import ABCMeta, abstractmethod logger = logging.getLogger(__name__) +POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>LEAP Project</vendor> + <vendor_url>https://leap.se/</vendor_url> + + <action id="net.openvpn.gui.leap.run-openvpn"> + <description>Runs the openvpn binary</description> + <description xml:lang="es">Ejecuta el binario openvpn</description> + <message>OpenVPN needs that you authenticate to start</message> + <message xml:lang="es"> + OpenVPN necesita autorizacion para comenzar + </message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> +""" + + def is_missing_policy_permissions(): """ Returns True if we do not have implemented a policy checker for this @@ -47,6 +76,17 @@ def is_missing_policy_permissions(): return policy_checker().is_missing_policy_permissions() +def get_policy_contents(openvpn_path): + """ + Returns the contents that the policy file should have. + + :param openvpn_path: the openvpn path to use in the polkit file + :type openvpn_path: str + :rtype: str + """ + return POLICY_TEMPLATE.format(path=openvpn_path) + + class PolicyChecker: """ Abstract PolicyChecker class @@ -72,6 +112,15 @@ class LinuxPolicyChecker(PolicyChecker): LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/" "net.openvpn.gui.leap.policy") + @classmethod + def get_polkit_path(self): + """ + Returns the polkit file path. + + :rtype: str + """ + return self.LINUX_POLKIT_FILE + def is_missing_policy_permissions(self): """ Returns True if we could not find the appropriate policykit file |