summaryrefslogtreecommitdiff
path: root/src/leap
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-12-10 23:20:09 +0900
committerkali <kali@leap.se>2012-12-10 23:20:09 +0900
commit53fa2c134ab2c96376276aa1c0ed74db0aaba218 (patch)
tree16283d3f6a9fb563e01fc475415865b4d532177b /src/leap
parent38cc1758240a3c64db387b0437dcf1517b52da15 (diff)
get cipher config from eip-service
Diffstat (limited to 'src/leap')
-rw-r--r--src/leap/base/auth.py16
-rw-r--r--src/leap/base/network.py20
-rw-r--r--src/leap/baseapp/mainwindow.py9
-rw-r--r--src/leap/baseapp/network.py7
-rw-r--r--src/leap/eip/checks.py7
-rw-r--r--src/leap/eip/config.py57
-rw-r--r--src/leap/util/misc.py16
7 files changed, 97 insertions, 35 deletions
diff --git a/src/leap/base/auth.py b/src/leap/base/auth.py
index 50533278..73856bb0 100644
--- a/src/leap/base/auth.py
+++ b/src/leap/base/auth.py
@@ -10,6 +10,7 @@ from PyQt4 import QtCore
from leap.base import constants as baseconstants
from leap.crypto import leapkeyring
+from leap.util.misc import null_check
from leap.util.web import get_https_domain_and_port
logger = logging.getLogger(__name__)
@@ -26,11 +27,6 @@ one if not.
"""
-class ImproperlyConfigured(Exception):
- """
- """
-
-
class SRPAuthenticationError(Exception):
"""
exception raised
@@ -38,14 +34,6 @@ class SRPAuthenticationError(Exception):
"""
-def null_check(value, value_name):
- try:
- assert value is not None
- except AssertionError:
- raise ImproperlyConfigured(
- "%s parameter cannot be None" % value_name)
-
-
safe_unhexlify = lambda x: binascii.unhexlify(x) \
if (len(x) % 2 == 0) else binascii.unhexlify('0' + x)
@@ -64,7 +52,7 @@ class LeapSRPRegister(object):
hashfun=srp.SHA256,
ng_constant=srp.NG_1024):
- null_check(provider, provider)
+ null_check(provider, "provider")
self.schema = schema
diff --git a/src/leap/base/network.py b/src/leap/base/network.py
index 3aba3f61..765d8ea0 100644
--- a/src/leap/base/network.py
+++ b/src/leap/base/network.py
@@ -3,10 +3,11 @@ from __future__ import (print_function)
import logging
import threading
-from leap.eip.config import get_eip_gateway
+from leap.eip import config as eipconfig
from leap.base.checks import LeapNetworkChecker
from leap.base.constants import ROUTE_CHECK_INTERVAL
from leap.base.exceptions import TunnelNotDefaultRouteError
+from leap.util.misc import null_check
from leap.util.coroutines import (launch_thread, process_events)
from time import sleep
@@ -27,11 +28,20 @@ class NetworkCheckerThread(object):
lambda exc: logger.error("%s", exc.message))
self.shutdown = threading.Event()
- # XXX get provider_gateway and pass it to checker
- # see in eip.config for function
- # #718
+ # XXX get provider passed here
+ provider = kwargs.pop('provider', None)
+ null_check(provider, 'provider')
+
+ eipconf = eipconfig.EIPConfig(domain=provider)
+ eipconf.load()
+ eipserviceconf = eipconfig.EIPServiceConfig(domain=provider)
+ eipserviceconf.load()
+
+ gw = eipconfig.get_eip_gateway(
+ eipconfig=eipconf,
+ eipserviceconfig=eipserviceconf)
self.checker = LeapNetworkChecker(
- provider_gw=get_eip_gateway())
+ provider_gw=gw)
def start(self):
self.process_handle = self._launch_recurrent_network_checks(
diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py
index 8d61bf5c..65c30bff 100644
--- a/src/leap/baseapp/mainwindow.py
+++ b/src/leap/baseapp/mainwindow.py
@@ -61,10 +61,15 @@ class LeapWindow(QtGui.QMainWindow,
logger.debug('provider: %s', self.provider_domain)
logger.debug('eip_username: %s', self.eip_username)
+ provider = self.provider_domain
EIPConductorAppMixin.__init__(
- self, opts=opts, provider=self.provider_domain)
+ self, opts=opts, provider=provider)
StatusAwareTrayIconMixin.__init__(self)
- NetworkCheckerAppMixin.__init__(self)
+
+ # XXX network checker should probably not
+ # trigger run_checks on init... but wait
+ # for ready signal instead...
+ NetworkCheckerAppMixin.__init__(self, provider=provider)
MainWindowMixin.__init__(self)
geom_key = "DebugGeometry" if self.debugmode else "Geometry"
diff --git a/src/leap/baseapp/network.py b/src/leap/baseapp/network.py
index 077d5164..3e57490d 100644
--- a/src/leap/baseapp/network.py
+++ b/src/leap/baseapp/network.py
@@ -17,11 +17,14 @@ class NetworkCheckerAppMixin(object):
"""
def __init__(self, *args, **kwargs):
+ provider = kwargs.pop('provider', None)
self.network_checker = NetworkCheckerThread(
error_cb=self.networkError.emit,
- debug=self.debugmode)
+ debug=self.debugmode,
+ provider=provider)
- # XXX move run_checks to slot
+ # XXX move run_checks to slot -- this definitely
+ # cannot start on init!!!
self.network_checker.run_checks()
@QtCore.pyqtSlot(object)
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 116c535e..a876eea1 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -427,6 +427,7 @@ class EIPConfigChecker(object):
return True
def fetch_definition(self, skip_download=False,
+ force_download=False,
config=None, uri=None,
domain=None):
"""
@@ -459,6 +460,7 @@ class EIPConfigChecker(object):
self.defaultprovider.save()
def fetch_eip_service_config(self, skip_download=False,
+ force_download=False,
config=None, uri=None, domain=None):
if skip_download:
return True
@@ -469,7 +471,10 @@ class EIPConfigChecker(object):
domain = self.domain or config.get('provider', None)
uri = self._get_eip_service_uri(domain=domain)
- self.eipserviceconfig.load(from_uri=uri, fetcher=self.fetcher)
+ self.eipserviceconfig.load(
+ from_uri=uri,
+ fetcher=self.fetcher,
+ force_download=force_download)
self.eipserviceconfig.save()
def check_complete_eip_config(self, config=None):
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 8e687bda..1fe0530a 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -5,6 +5,7 @@ import tempfile
from leap import __branding as BRANDING
from leap import certs
+from leap.util.misc import null_check
from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only)
from leap.base import config as baseconfig
@@ -57,30 +58,30 @@ def get_socket_path():
return socket_path
-def get_eip_gateway(provider=None):
+def get_eip_gateway(eipconfig=None, eipserviceconfig=None):
"""
return the first host in eip service config
that matches the name defined in the eip.json config
file.
"""
- placeholder = "testprovider.example.org"
- # XXX check for null on provider??
+ null_check(eipconfig, "eipconfig")
+ null_check(eipserviceconfig, "eipserviceconfig")
+
+ PLACEHOLDER = "testprovider.example.org"
- eipconfig = EIPConfig(domain=provider)
- eipconfig.load()
conf = eipconfig.config
+ eipsconf = eipserviceconfig.config
primary_gateway = conf.get('primary_gateway', None)
if not primary_gateway:
- return placeholder
+ return PLACEHOLDER
- eipserviceconfig = EIPServiceConfig(domain=provider)
- eipserviceconfig.load()
- eipsconf = eipserviceconfig.get_config()
gateways = eipsconf.get('gateways', None)
+
if not gateways:
logger.error('missing gateways in eip service config')
- return placeholder
+ return PLACEHOLDER
+
if len(gateways) > 0:
for gw in gateways:
name = gw.get('name', None)
@@ -100,6 +101,26 @@ def get_eip_gateway(provider=None):
'gateway list')
+def get_cipher_options(eipserviceconfig=None):
+ """
+ gathers optional cipher options from eip-service config.
+ :param eipserviceconfig: EIPServiceConfig instance
+ """
+ null_check(eipserviceconfig, 'eipserviceconfig')
+ eipsconf = eipserviceconfig.get_config()
+
+ ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
+ opts = []
+ if 'openvpn_configuration' in eipsconf:
+ config = eipserviceconfig.openvpn_configuration
+ for key, value in config.items():
+ if key in ALLOWED_KEYS and value is not None:
+ # I humbly think we should sanitize this
+ # input against `valid` openvpn settings. -- kali.
+ opts.append(['--%s' % key, value])
+ return opts
+
+
def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
"""
build a list of options
@@ -116,6 +137,10 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
# things from there if present.
provider = kwargs.pop('provider', None)
+ eipconfig = EIPConfig(domain=provider)
+ eipconfig.load()
+ eipserviceconfig = EIPServiceConfig(domain=provider)
+ eipserviceconfig.load()
# get user/group name
# also from config.
@@ -139,9 +164,19 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
# remote
opts.append('--remote')
- gw = get_eip_gateway(provider=provider)
+
+ gw = get_eip_gateway(eipconfig=eipconfig,
+ eipserviceconfig=eipserviceconfig)
logger.debug('setting eip gateway to %s', gw)
opts.append(str(gw))
+
+ # get ciphers
+ ciphers = get_cipher_options(
+ eipserviceconfig=eipserviceconfig)
+ for cipheropt in ciphers:
+ opts.append(str(cipheropt))
+
+ # get port/protocol from eipservice too
opts.append('1194')
#opts.append('80')
opts.append('udp')
diff --git a/src/leap/util/misc.py b/src/leap/util/misc.py
new file mode 100644
index 00000000..3c26892b
--- /dev/null
+++ b/src/leap/util/misc.py
@@ -0,0 +1,16 @@
+"""
+misc utils
+"""
+
+
+class ImproperlyConfigured(Exception):
+ """
+ """
+
+
+def null_check(value, value_name):
+ try:
+ assert value is not None
+ except AssertionError:
+ raise ImproperlyConfigured(
+ "%s parameter cannot be None" % value_name)