diff options
author | Ruben Pollan <meskio@sindominio.net> | 2017-11-29 11:42:42 +0100 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2017-12-07 21:17:52 +0100 |
commit | 3fae5a6fdaad3e06770797e6cf8c21d1804ddc22 (patch) | |
tree | 5a018d90c0e4cd1e1a2c59c4ede37c697f87d923 /src/leap/bitmask/vpn/helpers | |
parent | 90e72e19989f9ccb5e3109e16459865b8075c009 (diff) |
[feat] update bitmask-root if needed
Chech the hash of the installed bitmask root and sign as not installed
if doesn't match the one we have in the bundle. Also for running
bitmask-root, if there is more than one (in /usr/local/sbin and
/usr/sbin) run the one with higher version number.
- Resolves: #9020
Diffstat (limited to 'src/leap/bitmask/vpn/helpers')
-rw-r--r-- | src/leap/bitmask/vpn/helpers/__init__.py | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py index 0378448d..8f8c1227 100644 --- a/src/leap/bitmask/vpn/helpers/__init__.py +++ b/src/leap/bitmask/vpn/helpers/__init__.py @@ -1,5 +1,6 @@ -from os import remove, chmod +from os import remove, chmod, access, R_OK from shutil import copyfile +from hashlib import sha512 import os.path import sys @@ -32,32 +33,52 @@ if IS_LINUX: if STANDALONE: copyfile(openvpn_from, OPENVPN_LOCAL) - chmod(OPENVPN_LOCAL, 0700) + chmod(OPENVPN_LOCAL, 0744) def uninstall(): remove(BITMASK_ROOT_LOCAL) remove(POLKIT_LOCAL) + remove(OPENVPN_LOCAL) def check(): - helper = ( - os.path.exists(BITMASK_ROOT_LOCAL) or - os.path.isfile(BITMASK_ROOT_SYSTEM)) - polkit = ( - os.path.exists(POLKIT_LOCAL) or - os.path.exists(POLKIT_SYSTEM)) - openvpn = ( - os.path.exists(OPENVPN_LOCAL) or - os.path.exists(OPENVPN_SYSTEM)) + helper = _is_up_to_date(_config.get_bitmask_helper_path(), + BITMASK_ROOT_LOCAL, + BITMASK_ROOT_SYSTEM) + polkit = _is_up_to_date(_config.get_bitmask_polkit_policy_path(), + POLKIT_LOCAL, + POLKIT_SYSTEM) + openvpn = (os.path.exists(OPENVPN_SYSTEM) or + _is_up_to_date(_config.get_bitmask_openvpn_path(), + OPENVPN_LOCAL, "")) return is_pkexec_in_system() and helper and polkit and openvpn -if IS_MAC: + def _is_up_to_date(src, local, system): + if src is None or not access(src, R_OK): + return True + + src_digest = digest(src) + if access(system, R_OK) and src_digest == digest(system): + return True + if access(local, R_OK) and src_digest == digest(local): + return True + + return False + + +elif IS_MAC: def check(): # XXX check if bitmask-helper is running return True +def digest(path): + with open(path, 'r') as f: + s = f.read() + return sha512(s).digest() + + def main(): if sys.argv[-1] == 'install': install() |