add darwin prefixer and launcher

2 files changed, 132 insertions, 0 deletions

diff --git a/src/leap/config/prefixers.py b/src/leap/config/prefixers.py
index c65d8f53..ebcd49e7 100644
--- a/src/leap/config/prefixers.py
+++ b/src/leap/config/prefixers.py
@@ -77,6 +77,28 @@ class LinuxPrefixer(Prefixer):
         return os.getenv("LEAP_CLIENT_PATH", config_dir)
 
 
+class DarwinPrefixer(Prefixer):
+    """
+    Config prefixer for the Darwin platform
+    """
+
+    def get_path_prefix(self, standalone=False):
+        """
+        Returns the platform dependant path prefixer.
+        This method expects an env variable named LEAP_CLIENT_PATH if
+        standalone is used.
+
+        @param standalone: if True it will return the prefix for a
+        standalone application. Otherwise, it will return the system
+        default for configuration storage.
+        @type standalone: bool
+        """
+        config_dir = BaseDirectory.xdg_config_home
+        if not standalone:
+            return config_dir
+        return os.getenv("LEAP_CLIENT_PATH", config_dir)
+
+
 if __name__ == "__main__":
     try:
         abs_prefixer = Prefixer()
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index f9e8e366..44dff4d0 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -189,6 +189,115 @@ class LinuxVPNLauncher(VPNLauncher):
         ]
 
         openvpn_configuration = eipconfig.get_openvpn_configuration()
+
+        # FIXME: sanitize this! --
+        for key, value in openvpn_configuration.items():
+            args += ['--%s' % (key,), value]
+
+        args += [
+            '--user', getpass.getuser(),
+            '--group', grp.getgrgid(os.getgroups()[-1]).gr_name
+        ]
+
+        if socket_port == "unix":
+            args += [
+                '--management-client-user', getpass.getuser()
+            ]
+
+        args += [
+            '--management-signal',
+            '--management', socket_host, socket_port,
+            '--script-security', '2'
+        ]
+
+        if _has_updown_scripts(self.UP_DOWN_SCRIPT):
+            args += [
+                '--up', self.UP_DOWN_SCRIPT,
+                '--down', self.UP_DOWN_SCRIPT,
+                '--plugin', self.OPENVPN_DOWN_ROOT,
+                '\'script_type=down %s\'' % self.UP_DOWN_SCRIPT
+            ]
+
+        args += [
+            '--cert', eipconfig.get_client_cert_path(providerconfig),
+            '--key', eipconfig.get_client_cert_path(providerconfig),
+            '--ca', providerconfig.get_ca_cert_path()
+        ]
+
+        logger.debug("Running VPN with command:")
+        logger.debug("%s %s" % (openvpn, " ".join(args)))
+
+        return [openvpn] + args
+
+
+class DarwinVPNLauncher(VPNLauncher):
+    """
+    VPN launcher for the Darwin Platform
+    """
+
+    OSASCRIPT_BIN = 'osascript'
+    OSX_ASADMIN = 'do shell script "%s" with administrator privileges'
+    OPENVPN_BIN = 'openvpn.leap'
+    INSTALL_PATH = "/Applications/LEAPClient.app/"
+    # OPENVPN_BIN = "/%s/Contents/Resources/openvpn.leap" % (
+    #   self.INSTALL_PATH,)
+    UP_DOWN_SCRIPT = "/etc/leap/resolv-update"
+    OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-down-root.so"
+
+    def get_vpn_command(self, eipconfig=None, providerconfig=None,
+                        socket_host=None, socket_port="unix"):
+        """
+        Returns the platform dependant vpn launching command
+
+        Might raise VPNException.
+
+        @param eipconfig: eip configuration object
+        @type eipconfig: EIPConfig
+        @param providerconfig: provider specific configuration
+        @type providerconfig: ProviderConfig
+        @param socket_host: either socket path (unix) or socket IP
+        @type socket_host: str
+        @param socket_port: either string "unix" if it's a unix
+        socket, or port otherwise
+        @type socket_port: str
+
+        @return: A VPN command ready to be launched
+        @rtype: list
+        """
+        leap_assert(eipconfig, "We need an eip config")
+        leap_assert_type(eipconfig, EIPConfig)
+        leap_assert(providerconfig, "We need a provider config")
+        leap_assert_type(providerconfig, ProviderConfig)
+        leap_assert(socket_host, "We need a socket host!")
+        leap_assert(socket_port, "We need a socket port!")
+
+        openvpn_possibilities = which(self.OPENVPN_BIN)
+        if len(openvpn_possibilities) == 0:
+            raise OpenVPNNotFoundException()
+
+        openvpn = openvpn_possibilities[0]
+        args = []
+
+        # TODO: handle verbosity
+
+        gateway_ip = str(eipconfig.get_gateway_ip(0))
+
+        logger.debug("Using gateway ip %s" % (gateway_ip,))
+
+        args += [
+            '--client',
+            '--dev', 'tun',
+            '--persist-tun',
+            '--persist-key',
+            '--remote', gateway_ip, '1194', 'udp',
+            '--tls-client',
+            '--remote-cert-tls',
+            'server'
+        ]
+
+        # FIXME: sanitize this! --
+
+        openvpn_configuration = eipconfig.get_openvpn_configuration()
         for key, value in openvpn_configuration.items():
             args += ['--%s' % (key,), value]
 
@@ -225,6 +334,7 @@ class LinuxVPNLauncher(VPNLauncher):
         logger.debug("Running VPN with command:")
         logger.debug("%s %s" % (openvpn, " ".join(args)))
 
+        # return [self.OSASCRIPT_BIN, ["-e", self.OSX_ASADMIN % ' '.join(args)]]
         return [openvpn] + args