summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn/helpers
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2017-11-29 11:42:42 +0100
committerRuben Pollan <meskio@sindominio.net>2017-12-07 21:17:52 +0100
commit3fae5a6fdaad3e06770797e6cf8c21d1804ddc22 (patch)
tree5a018d90c0e4cd1e1a2c59c4ede37c697f87d923 /src/leap/bitmask/vpn/helpers
parent90e72e19989f9ccb5e3109e16459865b8075c009 (diff)
[feat] update bitmask-root if needed
Chech the hash of the installed bitmask root and sign as not installed if doesn't match the one we have in the bundle. Also for running bitmask-root, if there is more than one (in /usr/local/sbin and /usr/sbin) run the one with higher version number. - Resolves: #9020
Diffstat (limited to 'src/leap/bitmask/vpn/helpers')
-rw-r--r--src/leap/bitmask/vpn/helpers/__init__.py45
1 files changed, 33 insertions, 12 deletions
diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py
index 0378448d..8f8c1227 100644
--- a/src/leap/bitmask/vpn/helpers/__init__.py
+++ b/src/leap/bitmask/vpn/helpers/__init__.py
@@ -1,5 +1,6 @@
-from os import remove, chmod
+from os import remove, chmod, access, R_OK
from shutil import copyfile
+from hashlib import sha512
import os.path
import sys
@@ -32,32 +33,52 @@ if IS_LINUX:
if STANDALONE:
copyfile(openvpn_from, OPENVPN_LOCAL)
- chmod(OPENVPN_LOCAL, 0700)
+ chmod(OPENVPN_LOCAL, 0744)
def uninstall():
remove(BITMASK_ROOT_LOCAL)
remove(POLKIT_LOCAL)
+ remove(OPENVPN_LOCAL)
def check():
- helper = (
- os.path.exists(BITMASK_ROOT_LOCAL) or
- os.path.isfile(BITMASK_ROOT_SYSTEM))
- polkit = (
- os.path.exists(POLKIT_LOCAL) or
- os.path.exists(POLKIT_SYSTEM))
- openvpn = (
- os.path.exists(OPENVPN_LOCAL) or
- os.path.exists(OPENVPN_SYSTEM))
+ helper = _is_up_to_date(_config.get_bitmask_helper_path(),
+ BITMASK_ROOT_LOCAL,
+ BITMASK_ROOT_SYSTEM)
+ polkit = _is_up_to_date(_config.get_bitmask_polkit_policy_path(),
+ POLKIT_LOCAL,
+ POLKIT_SYSTEM)
+ openvpn = (os.path.exists(OPENVPN_SYSTEM) or
+ _is_up_to_date(_config.get_bitmask_openvpn_path(),
+ OPENVPN_LOCAL, ""))
return is_pkexec_in_system() and helper and polkit and openvpn
-if IS_MAC:
+ def _is_up_to_date(src, local, system):
+ if src is None or not access(src, R_OK):
+ return True
+
+ src_digest = digest(src)
+ if access(system, R_OK) and src_digest == digest(system):
+ return True
+ if access(local, R_OK) and src_digest == digest(local):
+ return True
+
+ return False
+
+
+elif IS_MAC:
def check():
# XXX check if bitmask-helper is running
return True
+def digest(path):
+ with open(path, 'r') as f:
+ s = f.read()
+ return sha512(s).digest()
+
+
def main():
if sys.argv[-1] == 'install':
install()