diff options
author | kali <kali@leap.se> | 2012-08-30 06:06:36 +0900 |
---|---|---|
committer | kali <kali@leap.se> | 2012-08-30 06:06:36 +0900 |
commit | 3c59f021dde265bc314cd6b52d3aafbb8532b1ec (patch) | |
tree | dba7f051a2de2207909dfb163fea75e07596fe5b /src | |
parent | 5e77b77765154850fb708e6ea188fcf7ba99fdce (diff) | |
parent | d4de193b52881590c07468bdfece5f82fa48840d (diff) |
Merge branch 'feature/ovpn-no-config' into develop
closes #447
deprecates the use of config files; all options are passed
to openvpn as command line arguments.
Diffstat (limited to 'src')
-rw-r--r-- | src/leap/baseapp/mainwindow.py | 2 | ||||
-rw-r--r-- | src/leap/eip/checks.py | 2 | ||||
-rw-r--r-- | src/leap/eip/config.py | 136 | ||||
-rw-r--r-- | src/leap/eip/openvpnconnection.py | 18 | ||||
-rw-r--r-- | src/leap/eip/tests/test_config.py | 46 |
5 files changed, 70 insertions, 134 deletions
diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py index d7f4ecac..2f7a14dd 100644 --- a/src/leap/baseapp/mainwindow.py +++ b/src/leap/baseapp/mainwindow.py @@ -431,7 +431,7 @@ technolust</i>") if self.conductor.with_errors: #XXX how to wait on pkexec??? #something better that this workaround, plz!! - time.sleep(10) + time.sleep(5) print('errors. disconnect.') self.start_or_stopVPN() # is stop diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index 1db7158f..c6a7ca72 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -160,7 +160,7 @@ class EIPConfigChecker(object): def check_complete_eip_config(self, config=None): # TODO check for gateway if config is None: - config = self.config + config = self.eipconfig.get_config() try: 'trying assertions' assert 'provider' in config diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index b6c38a77..c0819628 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -19,23 +19,6 @@ logging.basicConfig() logger = logging.getLogger(name=__name__) logger.setLevel('DEBUG') -# XXX deprecate per #447 -OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard -remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT} - -client -dev tun -persist-tun -persist-key -proto udp -tls-client -remote-cert-tls server - -cert {LEAP_EIP_KEYS} -key {LEAP_EIP_KEYS} -ca {LEAP_EIP_KEYS} -""" - class EIPConfig(baseconfig.JSONLeapConfig): spec = eipspecs.eipconfig_spec @@ -63,83 +46,6 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig): slug = property(_get_slug, _set_slug) -def check_or_create_default_vpnconf(config): - """ - checks that a vpn config file - exists for a default provider, - or creates one if it does not. - ATM REQURES A [provider] section in - eip.cfg with _at least_ a remote_ip value - """ - default_provider_path = baseconfig.get_default_provider_path() - - if not os.path.isdir(default_provider_path): - mkdir_p(default_provider_path) - - conf_file = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - - if os.path.isfile(conf_file): - return - else: - logger.debug( - 'missing default openvpn config\n' - 'creating one...') - - # We're getting provider from eip.cfg - # by now. Get it from a list of gateways - # instead. - - try: - # XXX by now, we're expecting - # only IP format for remote. - # We should allow also domain names, - # and make a reverse resolv. - remote_ip = config.get('provider', - 'remote_ip') - baseconfig.validate_ip(remote_ip) - - except ConfigParser.NoSectionError: - raise eip_exceptions.EIPInitNoProviderError - - except socket.error: - # this does not look like an ip, dave - raise eip_exceptions.EIPInitBadProviderError - - if config.has_option('provider', 'remote_port'): - remote_port = config.get('provider', - 'remote_port') - else: - remote_port = 1194 - - default_subpath = os.path.join("providers", - "default") - default_provider_path = baseconfig.get_config_file( - '', - folder=default_subpath) - - if not os.path.isdir(default_provider_path): - mkdir_p(default_provider_path) - - conf_file = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - - # XXX keys have to be manually placed by now - keys_file = baseconfig.get_config_file( - 'openvpn.keys', - folder=default_provider_path) - - ovpn_config = OPENVPN_CONFIG_TEMPLATE.format( - VPN_REMOTE_HOST=remote_ip, - VPN_REMOTE_PORT=remote_port, - LEAP_EIP_KEYS=keys_file) - - with open(conf_file, 'wb') as f: - f.write(ovpn_config) - - def build_ovpn_options(daemon=False): """ build a list of options @@ -162,6 +68,25 @@ def build_ovpn_options(daemon=False): opts = [] + opts.append('--client') + + opts.append('--dev') + # XXX same in win? + opts.append('tun') + opts.append('--persist-tun') + opts.append('--persist-key') + + # remote + # XXX get remote from eip.json + opts.append('--remote') + opts.append('testprovider.example.org') + opts.append('1194') + opts.append('udp') + + opts.append('--tls-client') + opts.append('--remote-cert-tls') + opts.append('server') + # set user and group opts.append('--user') opts.append('%s' % user) @@ -179,6 +104,7 @@ def build_ovpn_options(daemon=False): ourplatform = platform.system() if ourplatform in ("Linux", "Mac"): opts.append('--management') + # XXX get a different sock each time ... opts.append('/tmp/.eip.sock') opts.append('unix') if ourplatform == "Windows": @@ -187,21 +113,13 @@ def build_ovpn_options(daemon=False): # XXX which is a good choice? opts.append('7777') - # remaining config options will go in a file - - # NOTE: we will build this file from - # the service definition file. - # XXX override from --with-openvpn-config - - opts.append('--config') - - default_provider_path = baseconfig.get_default_provider_path() - - # XXX get rid of config_file at all - ovpncnf = baseconfig.get_config_file( - 'openvpn.conf', - folder=default_provider_path) - opts.append(ovpncnf) + # certs + opts.append('--cert') + opts.append(eipspecs.client_cert_path()) + opts.append('--key') + opts.append(eipspecs.client_cert_path()) + opts.append('--ca') + opts.append(eipspecs.provider_ca_path()) # we cannot run in daemon mode # with the current subp setting. diff --git a/src/leap/eip/openvpnconnection.py b/src/leap/eip/openvpnconnection.py index 5f67d27a..1f2f6d8c 100644 --- a/src/leap/eip/openvpnconnection.py +++ b/src/leap/eip/openvpnconnection.py @@ -139,23 +139,6 @@ to be triggered for each one of them. self.command = command self.args = args - def _check_ovpn_config(self): - """ - checks if there is a default openvpn config. - if not, it writes one with info from the provider - definition file - """ - # TODO - # - get --with-openvpn-config from opts - try: - eip_config.check_or_create_default_vpnconf(self.config) - except eip_exceptions.EIPInitNoProviderError: - logger.error('missing default provider definition') - self.missing_provider = True - except eip_exceptions.EIPInitBadProviderError: - logger.error('bad provider definition') - self.bad_provider = True - def _get_or_create_config(self): """ retrieves the config options from defaults or @@ -168,7 +151,6 @@ to be triggered for each one of them. self._set_autostart() self._set_ovpn_command() - self._check_ovpn_config() def _check_vpn_keys(self): """ diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py index 16219648..87ef33ef 100644 --- a/src/leap/eip/tests/test_config.py +++ b/src/leap/eip/tests/test_config.py @@ -48,6 +48,22 @@ class EIPConfigTest(BaseLeapTest): username = self.get_username() groupname = self.get_groupname() + args.append('--client') + args.append('--dev') + #does this have to be tap for win?? + args.append('tun') + args.append('--persist-tun') + args.append('--persist-key') + args.append('--remote') + args.append('testprovider.example.org') + # XXX get port!? + args.append('1194') + # XXX get proto + args.append('udp') + args.append('--tls-client') + args.append('--remote-cert-tls') + args.append('server') + args.append('--user') args.append(username) args.append('--group') @@ -55,16 +71,36 @@ class EIPConfigTest(BaseLeapTest): args.append('--management-client-user') args.append(username) args.append('--management-signal') - args.append('--management') + args.append('--management') #XXX hey! #get platform switches here! args.append('/tmp/.eip.sock') args.append('unix') - args.append('--config') - args.append(os.path.expanduser( - '~/.config/leap/providers/%s/openvpn.conf' - % constants.DEFAULT_TEST_PROVIDER)) + + # certs + # XXX get values from specs? + args.append('--cert') + args.append(os.path.join( + self.home, + '.config', 'leap', 'providers', + 'testprovider.example.org', + 'keys', 'client', + 'openvpn.pem')) + args.append('--key') + args.append(os.path.join( + self.home, + '.config', 'leap', 'providers', + 'testprovider.example.org', + 'keys', 'client', + 'openvpn.pem')) + args.append('--ca') + args.append(os.path.join( + self.home, + '.config', 'leap', 'providers', + 'testprovider.example.org', + 'keys', 'ca', + 'testprovider-ca-cert.pem')) return args # build command string |