diff options
| author | Tomás Touceda <chiiph@leap.se> | 2014-06-04 16:14:42 -0300 | 
|---|---|---|
| committer | Tomás Touceda <chiiph@leap.se> | 2014-06-04 16:14:42 -0300 | 
| commit | 82e1c4b1e3e5dd49b6e868732451a744ba37ba59 (patch) | |
| tree | e16fadc6286fedf1e2ddcd0d4f173a37e7226011 | |
| parent | 5210383ece1dcc4e2150dd1c08cc0ba4106f3b1f (diff) | |
| parent | aba3ea21d83e6e073baf01643b68832530a6f4d0 (diff) | |
Merge remote-tracking branch 'refs/remotes/kali/feature/add-fw-down-button' into develop
| -rwxr-xr-x | pkg/linux/bitmask-root | 26 | ||||
| -rw-r--r-- | src/leap/bitmask/backend.py | 42 | ||||
| -rw-r--r-- | src/leap/bitmask/gui/eip_status.py | 90 | ||||
| -rw-r--r-- | src/leap/bitmask/gui/mainwindow.py | 25 | ||||
| -rw-r--r-- | src/leap/bitmask/gui/ui/eip_status.ui | 27 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/conductor.py | 41 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/vpnprocess.py | 21 | 
7 files changed, 191 insertions, 81 deletions
| diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 82e8799f..d1bf656e 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -22,14 +22,15 @@ It should only be called by the Bitmask application.  USAGE:    bitmask-root firewall stop -  bitmask-root firewall start GATEWAY1 GATEWAY2 ... +  bitmask-root firewall start [restart] GATEWAY1 GATEWAY2 ...    bitmask-root openvpn stop    bitmask-root openvpn start CONFIG1 CONFIG1 ...  All actions return exit code 0 for success, non-zero otherwise.  The `openvpn start` action is special: it calls exec on openvpn and replaces -the current process. +the current process. If the `restart` parameter is passed, the firewall will +not be teared down in the case of an error during launch.  """  # TODO should be tested with python3, which can be the default on some distro.  from __future__ import print_function @@ -38,12 +39,12 @@ import os  import re  import signal  import socket +import syslog  import subprocess  import sys  import time  import traceback -  cmdcheck = subprocess.check_output  ## @@ -129,6 +130,8 @@ if DEBUG:      logger.setLevel(logging.DEBUG)      logger.addHandler(ch) +syslog.openlog(SCRIPT) +  ##  ## UTILITY  ## @@ -413,6 +416,7 @@ def bail(msg=None, exception=None):      """      if msg is not None:          print("%s: %s" % (SCRIPT, msg)) +        syslog.syslog(syslog.LOG_ERR, msg)      if exception is not None:          traceback.print_exc()      exit(1) @@ -614,7 +618,7 @@ def get_default_device():      """      routes = subprocess.check_output([IP, "route", "show"])      match = re.search("^default .*dev ([^\s]*) .*$", routes, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          bail("Could not find default device") @@ -629,7 +633,7 @@ def get_local_network_ipv4(device):      """      addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])      match = re.search("^.*inet ([^ ]*) .*$", addresses, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          return None @@ -644,7 +648,7 @@ def get_local_network_ipv6(device):      """      addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])      match = re.search("^.*inet6 ([^ ]*) .*$", addresses, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          return None @@ -819,6 +823,11 @@ def main():          command = "_".join(sys.argv[1:3])          args = sys.argv[3:] +        is_restart = False +        if args and args[0] == "restart": +            is_restart = True +            args.remove('restart') +          if command == "openvpn_start":              openvpn_start(args) @@ -830,8 +839,9 @@ def main():                  firewall_start(args)                  nameserver_setter.start(NAMESERVER)              except Exception as ex: -                nameserver_restorer.start() -                firewall_stop() +                if not is_restart: +		    nameserver_restorer.start() +		    firewall_stop()                  bail("ERROR: could not start firewall", ex)          elif command == "firewall_stop": diff --git a/src/leap/bitmask/backend.py b/src/leap/bitmask/backend.py index 4ec20be7..3c97c797 100644 --- a/src/leap/bitmask/backend.py +++ b/src/leap/bitmask/backend.py @@ -80,13 +80,13 @@ class ILEAPService(ILEAPComponent):      Interface that every Service needs to implement      """ -    def start(self): +    def start(self, *args, **kwargs):          """          Start the service.          """          pass -    def stop(self): +    def stop(self, *args, **kwargs):          """          Stops the service.          """ @@ -378,9 +378,12 @@ class EIP(object):          if d is not None:              d.cancel() -    def _start_eip(self): +    def _start_eip(self, restart=False):          """          Start EIP + +        :param restart: whether is is a restart. +        :type restart: bool          """          provider_config = self._provider_config          eip_config = eipconfig.EIPConfig() @@ -404,9 +407,10 @@ class EIP(object):          host, port = get_openvpn_management()          self._vpn.start(eipconfig=eip_config,                          providerconfig=provider_config, -                        socket_host=host, socket_port=port) +                        socket_host=host, socket_port=port, +                        restart=restart) -    def start(self): +    def start(self, *args, **kwargs):          """          Start the service.          """ @@ -419,7 +423,7 @@ class EIP(object):              return          try: -            self._start_eip() +            self._start_eip(*args, **kwargs)          except vpnprocess.OpenVPNAlreadyRunning:              signaler.signal(signaler.EIP_OPENVPN_ALREADY_RUNNING)          except vpnprocess.AlienOpenVPNAlreadyRunning: @@ -440,11 +444,6 @@ class EIP(object):              logger.error("Unexpected problem: {0!r}".format(e))          else:              logger.debug('EIP: no errors') -            # TODO: are we connected here? -            # kali -- no, we are not! CONNECTED should be passed only -            # by the vpn observer. Currently handled by the state updater -            # in eip_status -            #signaler.signal(signaler.EIP_CONNECTED)      def _do_stop(self, shutdown=False, restart=False):          """ @@ -539,6 +538,12 @@ class EIP(object):              self._signaler.signal(self._signaler.EIP_GET_INITIALIZED_PROVIDERS,                                    filtered_domains) +    def tear_fw_down(self): +        """ +        Tear the firewall down. +        """ +        self._vpn.tear_down_firewall() +      def get_gateways_list(self, domain):          """          Signal a list of gateways for the given provider. @@ -1181,6 +1186,7 @@ class Signaler(QtCore.QObject):      eip_state_changed = QtCore.Signal(dict)      eip_status_changed = QtCore.Signal(dict)      eip_process_finished = QtCore.Signal(int) +    eip_tear_fw_down = QtCore.Signal(object)      # signals whether the needed files to start EIP exist or not      eip_can_start = QtCore.Signal(object) @@ -1282,6 +1288,7 @@ class Signaler(QtCore.QObject):      EIP_STATE_CHANGED = "eip_state_changed"      EIP_STATUS_CHANGED = "eip_status_changed"      EIP_PROCESS_FINISHED = "eip_process_finished" +    EIP_TEAR_FW_DOWN = "eip_tear_fw_down"      EIP_CAN_START = "eip_can_start"      EIP_CANNOT_START = "eip_cannot_start" @@ -1717,7 +1724,7 @@ class Backend(object):          """          self._call_queue.put(("eip", "cancel_setup_eip", None)) -    def eip_start(self): +    def eip_start(self, restart=False):          """          Start the EIP service. @@ -1738,8 +1745,11 @@ class Backend(object):              eip_state_changed -> str              eip_status_changed -> tuple of str (download, upload)              eip_vpn_launcher_exception + +        :param restart: whether is is a restart. +        :type restart: bool          """ -        self._call_queue.put(("eip", "start", None)) +        self._call_queue.put(("eip", "start", None, restart))      def eip_stop(self, shutdown=False, restart=False, failed=False):          """ @@ -1805,6 +1815,12 @@ class Backend(object):          self._call_queue.put(("eip", "can_start",                                None, domain)) +    def tear_fw_down(self): +        """ +        Signal the need to tear the fw down. +        """ +        self._call_queue.put(("eip", "tear_fw_down", None)) +      def user_login(self, provider, username, password):          """          Execute the whole authentication process for a user diff --git a/src/leap/bitmask/gui/eip_status.py b/src/leap/bitmask/gui/eip_status.py index e7795083..280ce79e 100644 --- a/src/leap/bitmask/gui/eip_status.py +++ b/src/leap/bitmask/gui/eip_status.py @@ -31,6 +31,7 @@ from leap.common.check import leap_assert_type  from ui_eip_status import Ui_EIPStatus +QtDelayedCall = QtCore.QTimer.singleShot  logger = logging.getLogger(__name__) @@ -66,6 +67,9 @@ class EIPStatusWidget(QtGui.QWidget):          self._service_name = get_service_display_name(EIP_SERVICE)          self.ui.eip_bandwidth.hide() +        self.hide_fw_down_button() +        self.ui.btnFwDown.clicked.connect( +            self._on_fw_down_button_clicked)          # Set the EIP status icons          self.CONNECTING_ICON = None @@ -81,6 +85,7 @@ class EIPStatusWidget(QtGui.QWidget):          self._provider = ""          self.is_restart = False +        self.is_cold_start = True          # Action for the systray          self._eip_disabled_action = QtGui.QAction( @@ -109,8 +114,12 @@ class EIPStatusWidget(QtGui.QWidget):          signaler.eip_state_changed.connect(self.update_vpn_state)          signaler.eip_status_changed.connect(self.update_vpn_status) -        signaler.eip_network_unreachable.connect( -            self._on_eip_network_unreachable) + +        # XXX we cannot connect this signal now because +        # it interferes with the proper notifications during restarts +        # without available network. +        #signaler.eip_network_unreachable.connect( +            #self._on_eip_network_unreachable)      def _make_status_clickable(self):          """ @@ -273,6 +282,8 @@ class EIPStatusWidget(QtGui.QWidget):          Disables the start/stop button.          """          self.set_startstop_enabled(False) +        msg = self.tr("Encrypted Internet is starting") +        self.set_eip_message(msg)      @QtCore.Slot()      def disable_eip_start(self): @@ -314,10 +325,19 @@ class EIPStatusWidget(QtGui.QWidget):          if self.isVisible():              self._eip_status_menu.menuAction().setVisible(True) -    # XXX disable (later) -------------------------- +    def set_eip_message(self, message): +        """ +        Set the EIP Widget main message. + +        :param message: the message to set in the widget +        :type message: str or unicode +        """ +        self.ui.lblEIPMessage.setText(message) +        self.ui.lblEIPMessage.show() +      def set_eip_status(self, status, error=False):          """ -        Sets the status label at the VPN stage to status +        Set the status label at the VPN stage to status.          :param status: status message          :type status: str or unicode @@ -362,6 +382,31 @@ class EIPStatusWidget(QtGui.QWidget):          self.ui.btnEipStartStop.clicked.connect(              self.eipconnection.qtsigs.do_connect_signal) +    def hide_fw_down_button(self): +        """ +        Hide firewall-down button. +        """ +        self.ui.btnFwDown.hide() + +    def show_fw_down_button(self): +        """ +        Enable firewall-down button. +        """ +        self.ui.btnFwDown.show() + +    def _on_fw_down_button_clicked(self): +        """ +        Raise a signal for tearing down the firewall, and hide the button +        afterwards. +        """ +        self.eip_conductor._backend.tear_fw_down() +        QtDelayedCall(50, self.hide_fw_down_button) + +        # XXX do actual check +        msg = "Traffic is being routed in the clear." +        self.set_eip_message(msg) +        self.set_eip_status("") +      @QtCore.Slot(dict)      def eip_stopped(self, restart=False, failed=False):          """ @@ -382,7 +427,7 @@ class EIPStatusWidget(QtGui.QWidget):          clear_traffic = self.tr("Traffic is being routed in the clear.")          unreachable_net = self.tr("Network is unreachable.") -        failed_msg = self.tr("Cannot start Encrypted Proxy.") +        failed_msg = self.tr("Cannot start Encrypted Internet")          if restart:              msg = unreachable_net @@ -390,18 +435,19 @@ class EIPStatusWidget(QtGui.QWidget):              msg = failed_msg          else:              msg = clear_traffic -        self.ui.lblEIPMessage.setText(msg) +        self.set_eip_message(msg)          self.ui.lblEIPStatus.show() +        self.show()      def eip_failed_to_restart(self):          """          Update EIP messages.          """ -        msg = self.tr("Could not restart Encrypted Proxy") +        msg = self.tr("Could not restart Encrypted Internet")          self.ui.lblEIPMessage.setText(msg)          self.ui.lblEIPStatus.show() - -        self.set_eip_status(self.tr("You can start the service manually.")) +        self.set_eip_status(self.tr("You can launch the service manually.")) +        self.show_fw_down_button()      @QtCore.Slot(dict)      def update_vpn_status(self, data=None): @@ -462,10 +508,18 @@ class EIPStatusWidget(QtGui.QWidget):              # XXX should be handled by the state machine too.              # --- is this currently being sent?              self.eipconnection.qtsigs.connected_signal.emit() +            self._on_eip_connected() +            self.is_cold_start = False          # XXX should lookup vpn_state map in EIPConnection          elif vpn_state == "AUTH":              self.set_eip_status(self.tr("Authenticating...")) +            # we wipe up any previous error info in the EIP message +            # when we detect vpn authentication is happening +            msg = self.tr("Encrypted Internet is starting") +            self.set_eip_message(msg) +            # on the first-run path, we hadn't showed the button yet. +            self.eip_button.show()          elif vpn_state == "GET_CONFIG":              self.set_eip_status(self.tr("Retrieving configuration..."))          elif vpn_state == "WAIT": @@ -478,10 +532,10 @@ class EIPStatusWidget(QtGui.QWidget):              # Put the following calls in Qt's event queue, otherwise              # the UI won't update properly              #self.send_disconnect_signal() -            QtCore.QTimer.singleShot( +            QtDelayedCall(                  0, self.eipconnection.qtsigns.do_disconnect_signal.emit)              msg = self.tr("Unable to start VPN, it's already running.") -            QtCore.QTimer.singleShot(0, partial(self.set_eip_status, msg)) +            QtDelayedCall(0, partial(self.set_eip_status, msg))          else:              self.set_eip_status(vpn_state) @@ -523,8 +577,10 @@ class EIPStatusWidget(QtGui.QWidget):      def set_provider(self, provider):          self._provider = provider +          self.ui.lblEIPMessage.setText( -            self.tr("Route traffic through: {0}").format(self._provider)) +            self.tr("Routing traffic through: <b>{0}</b>").format( +                provider))      def aborted(self):          """ @@ -544,6 +600,9 @@ class EIPStatusWidget(QtGui.QWidget):          TRIGGERS:              Signaler.eip_connection_aborted          """ +        # TODO this name is very misleading, since there's a generic signal +        # that's called connection_aborted / connection_died... +        # should rename to something more specific about missing config.          logger.error("Tried to start EIP but cannot find any "                       "available provider!") @@ -619,6 +678,13 @@ class EIPStatusWidget(QtGui.QWidget):          self.aborted() +    def _on_eip_connected(self): +        """ +        Reconnect the disconnecting signal when we are just connected, +        so that we restore the disconnecting -> stop behaviour. +        """ +        self.eip_conductor.reconnect_stop_signal() +      @QtCore.Slot()      def _on_eip_network_unreachable(self):          """ diff --git a/src/leap/bitmask/gui/mainwindow.py b/src/leap/bitmask/gui/mainwindow.py index e7406106..a3b81fde 100644 --- a/src/leap/bitmask/gui/mainwindow.py +++ b/src/leap/bitmask/gui/mainwindow.py @@ -158,8 +158,6 @@ class MainWindow(QtGui.QMainWindow):          self._eip_conductor.connect_signals()          self._eip_conductor.qtsigs.connected_signal.connect(              self._on_eip_connection_connected) -        self._eip_conductor.qtsigs.disconnected_signal.connect( -            self._on_eip_connection_disconnected)          self._eip_conductor.qtsigs.connected_signal.connect(              self._maybe_run_soledad_setup_checks) @@ -1448,6 +1446,7 @@ class MainWindow(QtGui.QMainWindow):          Enables the EIP start action in the systray menu.          """          self._action_eip_startstop.setEnabled(True) +        self._eip_status.enable_eip_start()      @QtCore.Slot()      def _on_eip_connection_connected(self): @@ -1468,25 +1467,6 @@ class MainWindow(QtGui.QMainWindow):          # check for connectivity          self._check_name_resolution(domain) -    @QtCore.Slot() -    def _on_eip_connection_disconnected(self): -        """ -        TRIGGERS: -            self._eip_conductor.qtsigs.disconnected_signal - -        Workaround for updating the eip_status widget with -        the provider when the eip connection disconnects. -        """ -        # TODO -        # We should move this to the conductor<->widget interface. -        # To do that, we need to subscribe to logged_user, -        # for example by using the observer pattern or a proxy object. -        user = self._logged_user -        if user: -            domain = self._login_widget.get_selected_provider() -            full_user_id = make_address(user, domain) -            self._eip_status.set_provider(full_user_id) -      def _check_name_resolution(self, domain):          # FIXME this has to be moved to backend !!!          # Should move to netchecks module. @@ -1563,7 +1543,10 @@ class MainWindow(QtGui.QMainWindow):              should_start = self._provides_eip_and_enabled()          if should_start and not self._already_started_eip: +            if self._eip_status.is_cold_start: +                self._backend.tear_fw_down()              # XXX this should be handled by the state machine. +            self._enable_eip_start_action()              self._eip_status.set_eip_status(                  self.tr("Starting..."))              self._eip_status.eip_button.setEnabled(False) diff --git a/src/leap/bitmask/gui/ui/eip_status.ui b/src/leap/bitmask/gui/ui/eip_status.ui index 64821ad6..01d6b371 100644 --- a/src/leap/bitmask/gui/ui/eip_status.ui +++ b/src/leap/bitmask/gui/ui/eip_status.ui @@ -28,7 +28,7 @@       <property name="verticalSpacing">        <number>0</number>       </property> -     <item row="0" column="2"> +     <item row="0" column="3">        <widget class="QPushButton" name="btnEipStartStop">         <property name="text">          <string>Turn On</string> @@ -86,7 +86,7 @@         </property>        </widget>       </item> -     <item row="0" column="3"> +     <item row="0" column="4">        <widget class="QLabel" name="lblVPNStatusIcon">         <property name="maximumSize">          <size> @@ -118,7 +118,7 @@         </property>        </spacer>       </item> -     <item row="2" column="1" colspan="3"> +     <item row="2" column="1" colspan="4">        <widget class="QWidget" name="eip_bandwidth" native="true">         <layout class="QHBoxLayout" name="horizontalLayout">          <property name="spacing"> @@ -161,12 +161,13 @@              <property name="text">               <string>0.0 KB/s</string>              </property> +            <property name="icon"> +             <iconset resource="../../../../../data/resources/mainwindow.qrc"> +              <normaloff>:/images/black/32/arrow-down.png</normaloff>:/images/black/32/arrow-down.png</iconset> +            </property>              <property name="flat">               <bool>true</bool>              </property> -            <property name="icon"> -             <pixmap resource="../../../../../data/resources/icons.qrc">:/images/light/16/down-arrow.png</pixmap> -            </property>             </widget>            </item>            <item> @@ -211,12 +212,13 @@              <property name="text">               <string>0.0 KB/s</string>              </property> +            <property name="icon"> +             <iconset resource="../../../../../data/resources/mainwindow.qrc"> +              <normaloff>:/images/black/32/arrow-up.png</normaloff>:/images/black/32/arrow-up.png</iconset> +            </property>              <property name="flat">               <bool>true</bool>              </property> -            <property name="icon"> -             <pixmap resource="../../../../../data/resources/icons.qrc">:/images/light/16/up-arrow.png</pixmap> -            </property>             </widget>            </item>            <item> @@ -237,6 +239,13 @@         </layout>        </widget>       </item> +     <item row="0" column="2"> +      <widget class="QPushButton" name="btnFwDown"> +       <property name="text"> +        <string>Allow unencrypted traffic</string> +       </property> +      </widget> +     </item>      </layout>     </item>    </layout> diff --git a/src/leap/bitmask/services/eip/conductor.py b/src/leap/bitmask/services/eip/conductor.py index 53b1fde9..cde53631 100644 --- a/src/leap/bitmask/services/eip/conductor.py +++ b/src/leap/bitmask/services/eip/conductor.py @@ -114,13 +114,19 @@ class EIPConductor(object):          """          self.qtsigs.do_connect_signal.emit() +    def tear_fw_down(self): +        """ +        Tear the firewall down. +        """ +        self._backend.tear_fw_down() +      @QtCore.Slot()      def _start_eip(self):          """          Starts EIP.          """ -        # FIXME --- pass is_restart parameter to here ??? -        is_restart = self._eip_status and self._eip_status.is_restart +        st = self._eip_status +        is_restart = st and st.is_restart          def reconnect():              self.qtsigs.disconnecting_signal.connect(self._stop_eip) @@ -130,6 +136,7 @@ class EIPConductor(object):          else:              self._eip_status.eip_pre_up()          self.user_stopped_eip = False +        self._eip_status.hide_fw_down_button()          # Until we set an option in the preferences window, we'll assume that          # by default we try to autostart. If we switch it off manually, it @@ -138,7 +145,19 @@ class EIPConductor(object):          self._eip_status.is_restart = False          # DO the backend call! -        self._backend.eip_start() +        self._backend.eip_start(restart=is_restart) + +    def reconnect_stop_signal(self): +        """ +        Restore the original behaviour associated with the disconnecting +        signal, this is, trigger a normal stop, and not a restart one. +        """ + +        def do_stop(*args): +            self._stop_eip(restart=False) + +        self.qtsigs.disconnecting_signal.disconnect() +        self.qtsigs.disconnecting_signal.connect(do_stop)      @QtCore.Slot()      def _stop_eip(self, restart=False, failed=False): @@ -178,10 +197,6 @@ class EIPConductor(object):          def do_stop(*args):              self._stop_eip(restart=False) -        def reconnect_stop_signal(): -            self.qtsigs.disconnecting_signal.disconnect() -            self.qtsigs.disconnecting_signal.connect(do_stop) -          if restart:              # we bypass the on_eip_disconnected here              plug_restart_on_disconnected() @@ -209,7 +224,7 @@ class EIPConductor(object):          # XXX needed?          if restart: -            QtDelayedCall(3000, reconnect_stop_signal) +            QtDelayedCall(2000, self.reconnect_stop_signal)      @QtCore.Slot()      def _do_eip_restart(self): @@ -282,8 +297,11 @@ class EIPConductor(object):              signal = self.qtsigs.connection_aborted_signal              self._backend.eip_terminate() -        # XXX FIXME --- check exitcode is != 0 really -        if exitCode != 0 and not self.user_stopped_eip: +        # XXX FIXME --- check exitcode is != 0 really. +        # bitmask-root is masking the exitcode, so we might need +        # to fix it on that side. +        #if exitCode != 0 and not self.user_stopped_eip: +        if not self.user_stopped_eip:              eip_status_label = self._eip_status.tr(                  "{0} finished in an unexpected manner!")              eip_status_label = eip_status_label.format(self.eip_name) @@ -292,6 +310,9 @@ class EIPConductor(object):              self._eip_status.set_eip_status(eip_status_label,                                              error=True)              signal = self.qtsigs.connection_died_signal +            self._eip_status.show_fw_down_button() +            msg = self._eip_status.tr("Outgoing traffic is blocked") +            self._eip_status.set_eip_message(msg)          if exitCode == 0 and IS_MAC:              # XXX remove this warning after I fix cocoasudo. diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py index 1de4a851..f56d464e 100644 --- a/src/leap/bitmask/services/eip/vpnprocess.py +++ b/src/leap/bitmask/services/eip/vpnprocess.py @@ -183,6 +183,8 @@ class VPN(object):          kwargs['openvpn_verb'] = self._openvpn_verb          kwargs['signaler'] = self._signaler +        restart = kwargs.pop('restart', False) +          # start the main vpn subprocess          vpnproc = VPNProcess(*args, **kwargs) @@ -193,8 +195,9 @@ class VPN(object):          # we try to bring the firewall up          if IS_LINUX:              gateways = vpnproc.getGateways() -            firewall_up = self._launch_firewall(gateways) -            if not firewall_up: +            firewall_up = self._launch_firewall(gateways, +                                                restart=restart) +            if not restart and not firewall_up:                  logger.error("Could not bring firewall up, "                               "aborting openvpn launch.")                  return @@ -216,7 +219,7 @@ class VPN(object):          self._pollers.extend(poll_list)          self._start_pollers() -    def _launch_firewall(self, gateways): +    def _launch_firewall(self, gateways, restart=False):          """          Launch the firewall using the privileged wrapper. @@ -231,8 +234,10 @@ class VPN(object):          # XXX could check that the iptables rules are in place.          BM_ROOT = linuxvpnlauncher.LinuxVPNLauncher.BITMASK_ROOT -        exitCode = subprocess.call(["pkexec", -                                    BM_ROOT, "firewall", "start"] + gateways) +        cmd = ["pkexec", BM_ROOT, "firewall", "start"] +        if restart: +            cmd.append("restart") +        exitCode = subprocess.call(cmd + gateways)          return True if exitCode is 0 else False      def is_fw_down(self): @@ -246,7 +251,7 @@ class VPN(object):          fw_is_down = lambda: commands.getstatusoutput(fw_up_cmd)[0] == 256          return fw_is_down() -    def _tear_down_firewall(self): +    def tear_down_firewall(self):          """          Tear the firewall down using the privileged wrapper.          """ @@ -270,7 +275,7 @@ class VPN(object):                  # we try to tear the firewall down                  if IS_LINUX and self._user_stopped: -                    firewall_down = self._tear_down_firewall() +                    firewall_down = self.tear_down_firewall()                      if firewall_down:                          logger.debug("Firewall down")                      else: @@ -333,7 +338,7 @@ class VPN(object):                  self.TERMINATE_WAIT, self._kill_if_left_alive)              if IS_LINUX and self._user_stopped: -                firewall_down = self._tear_down_firewall() +                firewall_down = self.tear_down_firewall()                  if firewall_down:                      logger.debug("Firewall down")                  else: | 
