diff options
| -rw-r--r-- | changes/feature-3209_check-outdated-polkit-file | 1 | ||||
| -rw-r--r-- | src/leap/platform_init/initializers.py | 2 | ||||
| -rw-r--r-- | src/leap/services/eip/vpnlaunchers.py | 14 | ||||
| -rw-r--r-- | src/leap/util/privilege_policies.py | 38 | 
4 files changed, 50 insertions, 5 deletions
| diff --git a/changes/feature-3209_check-outdated-polkit-file b/changes/feature-3209_check-outdated-polkit-file new file mode 100644 index 00000000..8cb7c35c --- /dev/null +++ b/changes/feature-3209_check-outdated-polkit-file @@ -0,0 +1 @@ +  o Add check for outdated polkit file. Closes #3209. diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py index bbdc7f29..3523c117 100644 --- a/src/leap/platform_init/initializers.py +++ b/src/leap/platform_init/initializers.py @@ -351,7 +351,7 @@ def _linux_install_missing_scripts(badexec, notfound):          fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")          polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")          try: -            path = launcher.get_path_prefix() +            path = launcher.OPENVPN_BIN_PATH              policy_contents = privilege_policies.get_policy_contents(path)              with os.fdopen(polfd, 'w') as f: diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py index 992f0c50..7f66275d 100644 --- a/src/leap/services/eip/vpnlaunchers.py +++ b/src/leap/services/eip/vpnlaunchers.py @@ -39,6 +39,7 @@ from leap.config.providerconfig import ProviderConfig  from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector  from leap.util import first  from leap.util.privilege_policies import LinuxPolicyChecker +from leap.util import privilege_policies  logger = logging.getLogger(__name__) @@ -238,6 +239,10 @@ class LinuxVPNLauncher(VPNLauncher):      PKEXEC_BIN = 'pkexec'      OPENVPN_BIN = 'openvpn' +    OPENVPN_BIN_PATH = os.path.join( +        ProviderConfig().get_path_prefix(), +        "..", "apps", "eip", OPENVPN_BIN) +      SYSTEM_CONFIG = "/etc/leap"      UP_DOWN_FILE = "resolv-update"      UP_DOWN_PATH = "%s/%s" % (SYSTEM_CONFIG, UP_DOWN_FILE) @@ -258,13 +263,14 @@ class LinuxVPNLauncher(VPNLauncher):      def missing_other_files(self):          """          'Extend' the VPNLauncher's missing_other_files to check if the polkit -        files is outdated. If the polkit file is in OTHER_FILES, exists, but is -        not up to date, it is added to the missing list. +        files is outdated. If the polkit file that is in OTHER_FILES exists but +        is not up to date, it is added to the missing list. -        :rtype: list +        :returns: a list of missing files +        :rtype: list of str          """          missing = VPNLauncher.missing_other_files.im_func(self) -        polkit_file = LinuxPolicyChecker().get_polkit_path() +        polkit_file = LinuxPolicyChecker.get_polkit_path()          if polkit_file not in missing:              if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH):                  missing.append(polkit_file) diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py index 05ae60e0..72442553 100644 --- a/src/leap/util/privilege_policies.py +++ b/src/leap/util/privilege_policies.py @@ -87,6 +87,25 @@ def get_policy_contents(openvpn_path):      return POLICY_TEMPLATE.format(path=openvpn_path) +def is_policy_outdated(path): +    """ +    Returns if the existing polkit file is outdated, comparing if the path +    is correct. + +    :param path: the path that should have the polkit file. +    :type path: str. +    :rtype: bool +    """ +    _system = platform.system() +    platform_checker = _system + "PolicyChecker" +    policy_checker = globals().get(platform_checker, None) +    if policy_checker is None: +        logger.debug("we could not find a policy checker implementation " +                     "for %s" % (_system,)) +        return False +    return policy_checker().is_outdated(path) + +  class PolicyChecker:      """      Abstract PolicyChecker class @@ -129,3 +148,22 @@ class LinuxPolicyChecker(PolicyChecker):          :rtype: bool          """          return not os.path.isfile(self.LINUX_POLKIT_FILE) + +    def is_outdated(self, path): +        """ +        Returns if the existing polkit file is outdated, comparing if the path +        is correct. + +        :param path: the path that should have the polkit file. +        :type path: str. +        :rtype: bool +        """ +        polkit = None +        try: +            with open(self.LINUX_POLKIT_FILE) as f: +                polkit = f.read() +        except IOError, e: +            logger.error("Error reading polkit file(%s): %r" % ( +                self.LINUX_POLKIT_FILE, e)) + +        return get_policy_contents(path) != polkit | 
