[bug] use sytem-wide bitmask-root, if found

we make a distinction between the system-wide bitmask-root, which should
be placed there by the maintainers of whatever packages your
distribution uses, and the bitmask-root that is placed by the bundles
(using polkit).

since the bundles copying over the helper from user-writeable folders
is a potential attack vector, we prefer to use the package's version if
present.

also, if we cannot find either, we abort the launching of the VPN. we've
discussed that this might move to the service initialization instead,
but I think the cases in which this is needed should be rare.

I fix also a corner-case in which we were using getcwd() at import time.
if you execute code and then remove the installation path, this will
raise a traceback in bitmaskctl. I think it's nicer to catch the error
properly when starting.

3 files changed, 24 insertions, 4 deletions

diff --git a/src/leap/bitmask/vpn/fw/firewall.py b/src/leap/bitmask/vpn/fw/firewall.py
index 9cd65ed6..63aac36e 100644
--- a/src/leap/bitmask/vpn/fw/firewall.py
+++ b/src/leap/bitmask/vpn/fw/firewall.py
@@ -44,6 +44,10 @@ def check_root(cmd):
     return cmd
 
 
+class FirewallError(Exception):
+    pass
+
+
 class _OSXFirewallManager(object):
     def __init__(self, remotes):
         self._remotes = list(remotes)
@@ -83,7 +87,11 @@ class _LinuxFirewallManager(object):
     This allows us to achieve fail close on a vpn connection.
     """
 
-    BITMASK_ROOT = "/usr/local/sbin/bitmask-root"
+    _SYSTEM_BITMASK_ROOT = '/usr/sbin/bitmask-root'
+    if os.path.isfile(_SYSTEM_BITMASK_ROOT):
+        BITMASK_ROOT = _SYSTEM_BITMASK_ROOT
+    else:
+        BITMASK_ROOT = "/usr/local/sbin/bitmask-root"
 
     def __init__(self, remotes):
         """
@@ -114,11 +122,16 @@ class _LinuxFirewallManager(object):
         if restart:
             cmd.append("restart")
         result = '<did not run>'
+        if not os.path.isfile(self.BITMASK_ROOT):
+            raise FirewallError('Could not find bitmask-root!')
         try:
             retcode, result = commands.getstatusoutput(
                 ' '.join(cmd + gateways))
         except Exception:
-            log.failure('Error launching the firewall')
+            msg = 'Error launching the firewall'
+            log.failure(msg)
+            if NOT_ROOT:
+                raise FirewallError(msg)
         finally:
             log.debug(result)
         emit_async(catalog.VPN_STATUS_CHANGED)
diff --git a/src/leap/bitmask/vpn/launchers/darwin.py b/src/leap/bitmask/vpn/launchers/darwin.py
index 08772dca..05c3ee22 100644
--- a/src/leap/bitmask/vpn/launchers/darwin.py
+++ b/src/leap/bitmask/vpn/launchers/darwin.py
@@ -74,11 +74,18 @@ class DarwinVPNLauncher(VPNLauncher):
     # Hardcode the installation path for OSX for security, openvpn is
     # run as root
     INSTALL_PATH = "/Applications/Bitmask.app/"
-    INSTALL_PATH_ESCAPED = os.path.realpath(os.getcwd() + "/../../")
     OPENVPN_BIN = 'openvpn.leap'
     OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,)
+    try:
+        INSTALL_PATH_ESCAPED = os.path.realpath(os.getcwd() + "/../../")
+    except OSError as exc:
+        # this might happen if os.getcwd() was deleted under our feet. We do
+        # not want to raise the Exception at import time.
+        logger.error('Error while setting openvpn paths: %r' % exc)
+        INSTALL_PATH_ESCAPED="/Applications/Bitmask.app/"
     OPENVPN_PATH_ESCAPED = "%s/Contents/Resources/openvpn" % (
         INSTALL_PATH_ESCAPED,)
+
     OTHER_FILES = []
 
     _openvpn_bin_path = "%s/Contents/Resources/%s" % (
diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py
index 1a2ddde9..c7296878 100644
--- a/src/leap/bitmask/vpn/privilege.py
+++ b/src/leap/bitmask/vpn/privilege.py
@@ -63,7 +63,7 @@ def _helper_installer(action):
         if retcode != 0:
             log.error('Error installing/uninstalling helpers: %s' % output)
             log.error('Command was: %s' % cmd)
-            raise Exception('Could not install/install helpers')
+            raise Exception('Could not install/uninstall helpers')
     else:
         raise Exception('No install mechanism for this platform')