diff options
author | Kali Kaneko <kali@leap.se> | 2014-05-07 09:18:23 -0500 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2014-05-12 11:25:11 -0500 |
commit | 2f47053b631df231e4fcceafef227cf905b660cc (patch) | |
tree | ae804168242ae1156adcbe2633f21ad62de51cd3 | |
parent | d8d7d2b781aea558d7e39d397a85c15ac9839abb (diff) |
only switch the fw down if user asked for eip down
-rwxr-xr-x | pkg/linux/bitmask-root | 5 | ||||
-rw-r--r-- | src/leap/bitmask/backend.py | 3 | ||||
-rw-r--r-- | src/leap/bitmask/services/eip/vpnlauncher.py | 2 | ||||
-rw-r--r-- | src/leap/bitmask/services/eip/vpnprocess.py | 8 |
4 files changed, 10 insertions, 8 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index a583c94c..bfb92421 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -83,14 +83,11 @@ FIXED_FLAGS = [ "--tls-client", "--remote-cert-tls", "server", "--management-signal", - "--management", MANAGEMENT_SOCKET, "unix", - "--script-security", "1" + "--script-security", "1", "--user", "nobody", "--group", "nogroup", ] -# "--management", MANAGEMENT_SOCKET, "unix", - ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], diff --git a/src/leap/bitmask/backend.py b/src/leap/bitmask/backend.py index 2bfcbfa0..bd26bb1c 100644 --- a/src/leap/bitmask/backend.py +++ b/src/leap/bitmask/backend.py @@ -1048,6 +1048,9 @@ class Backend(object): def stop_eip(self, shutdown=False): """ Stop the EIP service. + + :param shutdown: + :type shutdown: bool """ self._call_queue.put(("eip", "stop", None, shutdown)) diff --git a/src/leap/bitmask/services/eip/vpnlauncher.py b/src/leap/bitmask/services/eip/vpnlauncher.py index 20b4d87d..af3116f2 100644 --- a/src/leap/bitmask/services/eip/vpnlauncher.py +++ b/src/leap/bitmask/services/eip/vpnlauncher.py @@ -125,8 +125,6 @@ class VPNLauncher(object): domain = providerconfig.get_domain() gateway_conf = leap_settings.get_selected_gateway(domain) - print "GETTING GATEWAYS -----" - if gateway_conf == leap_settings.GATEWAY_AUTOMATIC: gateway_selector = VPNGatewaySelector(eipconfig) print "auto: getting from selector" diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py index c09daf78..a8b833d0 100644 --- a/src/leap/bitmask/services/eip/vpnprocess.py +++ b/src/leap/bitmask/services/eip/vpnprocess.py @@ -161,6 +161,8 @@ class VPN(object): self._signaler = kwargs['signaler'] self._openvpn_verb = flags.OPENVPN_VERBOSITY + self._user_stopped = False + def start(self, *args, **kwargs): """ Starts the openvpn subprocess. @@ -172,6 +174,7 @@ class VPN(object): :type kwargs: dict """ logger.debug('VPN: start') + self._user_stopped = False self._stop_pollers() kwargs['openvpn_verb'] = self._openvpn_verb kwargs['signaler'] = self._signaler @@ -242,7 +245,7 @@ class VPN(object): def _kill_if_left_alive(self, tries=0): """ - Check if the process is still alive, and sends a + Check if the process is still alive, and send a SIGKILL after a timeout period. :param tries: counter of tries, used in recursion @@ -256,7 +259,7 @@ class VPN(object): # we try to bring the firewall up # XXX We could keep some state to be sure it was the # user who did turn EIP off. - if IS_LINUX: + if IS_LINUX and self._user_stopped: firewall_down = self._tear_down_firewall() if firewall_down: logger.debug("Firewall down") @@ -298,6 +301,7 @@ class VPN(object): """ from twisted.internet import reactor self._stop_pollers() + self._user_stopped = True # First we try to be polite and send a SIGTERM... if self._vpnproc: |