summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2017-09-18 19:53:17 +0200
committerKali Kaneko <kali@leap.se>2017-09-20 17:56:49 +0200
commit79e9f3c69b4eb061490d6a12a52888abc429542e (patch)
treebab13194d73dc75218a1575d52888c0f563e508c
parentd0e4444555df79978aed5cd6c9548e2fd1c63936 (diff)
[feat] detect if pkexec is present in the system
Check it before starting the vpn. - Resolves: #8895
-rw-r--r--src/leap/bitmask/vpn/_checks.py11
-rw-r--r--src/leap/bitmask/vpn/helpers/__init__.py3
-rw-r--r--src/leap/bitmask/vpn/privilege.py20
-rw-r--r--src/leap/bitmask/vpn/service.py4
4 files changed, 25 insertions, 13 deletions
diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py
index 6c089628..c6117d0d 100644
--- a/src/leap/bitmask/vpn/_checks.py
+++ b/src/leap/bitmask/vpn/_checks.py
@@ -2,13 +2,14 @@ import os
from datetime import datetime
from time import mktime
+from twisted.logger import Logger
+from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable
from leap.common.certs import get_cert_time_boundaries
from leap.common.config import get_path_prefix
+log = Logger()
-# TODO use privilege.py module, plenty of checks in there for pkexec and
-# friends.
class ImproperlyConfigured(Exception):
pass
@@ -18,6 +19,10 @@ def is_service_ready(provider):
if not _has_valid_cert(provider):
raise ImproperlyConfigured('Missing VPN certificate')
+ if not is_pkexec_in_system():
+ log.warn('System has no pkexec')
+ raise NoPkexecAvailable()
+
return True
@@ -40,10 +45,12 @@ def _has_valid_cert(provider):
cert_path = get_vpn_cert_path(provider)
has_file = os.path.isfile(cert_path)
if not has_file:
+ log.warn("VPN cert not present for %s" % (provider,))
return False
expiry = cert_expires(provider)
if datetime.now() > expiry:
+ log.warn("VPN cert expired for %s" % (provider,))
return False
return True
diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py
index e09f406d..57847e16 100644
--- a/src/leap/bitmask/vpn/helpers/__init__.py
+++ b/src/leap/bitmask/vpn/helpers/__init__.py
@@ -4,6 +4,7 @@ import os.path
import sys
from leap.bitmask.vpn.constants import IS_LINUX, IS_MAC
+from leap.bitmask.vpn.privilege import is_pkexec_in_system
from leap.bitmask.vpn import _config
from leap.bitmask.util import STANDALONE
@@ -38,7 +39,7 @@ if IS_LINUX:
polkit = (
os.path.exists(polkit_to) or
os.path.exists(deb_polkit_to))
- return helper and polkit
+ return is_pkexec_in_system() and helper and polkit
if IS_MAC:
diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py
index 458f690d..dd8d29a9 100644
--- a/src/leap/bitmask/vpn/privilege.py
+++ b/src/leap/bitmask/vpn/privilege.py
@@ -109,7 +109,7 @@ class LinuxPolicyChecker(object):
:returns: a list of the paths where pkexec is to be found
:rtype: list
"""
- if not self._is_pkexec_in_system():
+ if not is_pkexec_in_system():
log.warn('System has no pkexec')
raise NoPkexecAvailable()
@@ -181,12 +181,12 @@ class LinuxPolicyChecker(object):
return is_running
- @classmethod
- def _is_pkexec_in_system(self):
- """
- Checks the existence of the pkexec binary in system.
- """
- pkexec_path = which('pkexec')
- if len(pkexec_path) == 0:
- return False
- return True
+
+def is_pkexec_in_system():
+ """
+ Checks the existence of the pkexec binary in system.
+ """
+ pkexec_path = which('pkexec')
+ if len(pkexec_path) == 0:
+ return False
+ return True
diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py
index 1ecfa797..36699712 100644
--- a/src/leap/bitmask/vpn/service.py
+++ b/src/leap/bitmask/vpn/service.py
@@ -106,6 +106,10 @@ class VPNService(HookableService):
exc = Exception("VPN can't start, a provider is needed")
exc.expected = True
raise exc
+ if not is_service_ready(domain):
+ exc = Exception("VPN is not ready")
+ exc.expected = True
+ raise exc
yield self._setup(domain)