summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-05-07 09:18:23 -0500
committerKali Kaneko <kali@leap.se>2014-05-12 11:25:11 -0500
commit2f47053b631df231e4fcceafef227cf905b660cc (patch)
treeae804168242ae1156adcbe2633f21ad62de51cd3
parentd8d7d2b781aea558d7e39d397a85c15ac9839abb (diff)
only switch the fw down if user asked for eip down
-rwxr-xr-xpkg/linux/bitmask-root5
-rw-r--r--src/leap/bitmask/backend.py3
-rw-r--r--src/leap/bitmask/services/eip/vpnlauncher.py2
-rw-r--r--src/leap/bitmask/services/eip/vpnprocess.py8
4 files changed, 10 insertions, 8 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index a583c94c..bfb92421 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -83,14 +83,11 @@ FIXED_FLAGS = [
"--tls-client",
"--remote-cert-tls", "server",
"--management-signal",
- "--management", MANAGEMENT_SOCKET, "unix",
- "--script-security", "1"
+ "--script-security", "1",
"--user", "nobody",
"--group", "nogroup",
]
-# "--management", MANAGEMENT_SOCKET, "unix",
-
ALLOWED_FLAGS = {
"--remote": ["IP", "NUMBER", "PROTO"],
"--tls-cipher": ["CIPHER"],
diff --git a/src/leap/bitmask/backend.py b/src/leap/bitmask/backend.py
index 2bfcbfa0..bd26bb1c 100644
--- a/src/leap/bitmask/backend.py
+++ b/src/leap/bitmask/backend.py
@@ -1048,6 +1048,9 @@ class Backend(object):
def stop_eip(self, shutdown=False):
"""
Stop the EIP service.
+
+ :param shutdown:
+ :type shutdown: bool
"""
self._call_queue.put(("eip", "stop", None, shutdown))
diff --git a/src/leap/bitmask/services/eip/vpnlauncher.py b/src/leap/bitmask/services/eip/vpnlauncher.py
index 20b4d87d..af3116f2 100644
--- a/src/leap/bitmask/services/eip/vpnlauncher.py
+++ b/src/leap/bitmask/services/eip/vpnlauncher.py
@@ -125,8 +125,6 @@ class VPNLauncher(object):
domain = providerconfig.get_domain()
gateway_conf = leap_settings.get_selected_gateway(domain)
- print "GETTING GATEWAYS -----"
-
if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
gateway_selector = VPNGatewaySelector(eipconfig)
print "auto: getting from selector"
diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py
index c09daf78..a8b833d0 100644
--- a/src/leap/bitmask/services/eip/vpnprocess.py
+++ b/src/leap/bitmask/services/eip/vpnprocess.py
@@ -161,6 +161,8 @@ class VPN(object):
self._signaler = kwargs['signaler']
self._openvpn_verb = flags.OPENVPN_VERBOSITY
+ self._user_stopped = False
+
def start(self, *args, **kwargs):
"""
Starts the openvpn subprocess.
@@ -172,6 +174,7 @@ class VPN(object):
:type kwargs: dict
"""
logger.debug('VPN: start')
+ self._user_stopped = False
self._stop_pollers()
kwargs['openvpn_verb'] = self._openvpn_verb
kwargs['signaler'] = self._signaler
@@ -242,7 +245,7 @@ class VPN(object):
def _kill_if_left_alive(self, tries=0):
"""
- Check if the process is still alive, and sends a
+ Check if the process is still alive, and send a
SIGKILL after a timeout period.
:param tries: counter of tries, used in recursion
@@ -256,7 +259,7 @@ class VPN(object):
# we try to bring the firewall up
# XXX We could keep some state to be sure it was the
# user who did turn EIP off.
- if IS_LINUX:
+ if IS_LINUX and self._user_stopped:
firewall_down = self._tear_down_firewall()
if firewall_down:
logger.debug("Firewall down")
@@ -298,6 +301,7 @@ class VPN(object):
"""
from twisted.internet import reactor
self._stop_pollers()
+ self._user_stopped = True
# First we try to be polite and send a SIGTERM...
if self._vpnproc: