diff options
Diffstat (limited to 'src/leap/bitmask/vpn')
-rw-r--r-- | src/leap/bitmask/vpn/README.rst | 6 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/_checks.py | 9 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/_config.py | 14 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/__init__.py | 35 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/linux/__init__.py | 0 | ||||
-rwxr-xr-x | src/leap/bitmask/vpn/helpers/linux/bitmask-root (renamed from src/leap/bitmask/vpn/fw/bitmask-root) | 0 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.bundle.policy | 23 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.policy | 23 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/privilege.py | 8 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/process.py | 2 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/service.py | 19 |
11 files changed, 126 insertions, 13 deletions
diff --git a/src/leap/bitmask/vpn/README.rst b/src/leap/bitmask/vpn/README.rst deleted file mode 100644 index 50310c0b..00000000 --- a/src/leap/bitmask/vpn/README.rst +++ /dev/null @@ -1,6 +0,0 @@ -To be migrated --------------- -Here we should expect the vpn parts under the legacy bitmask_client project. -However, it would be nice to move all the fail-close boilerplate to an -independent project (leap.fw), and declare that as an extra dependency in the -setup.py diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py index 3a1914f1..f4d4ed3d 100644 --- a/src/leap/bitmask/vpn/_checks.py +++ b/src/leap/bitmask/vpn/_checks.py @@ -3,18 +3,21 @@ import os from leap.common.config import get_path_prefix +# TODO use privilege.py module, plenty of checks in there for pkexec and +# friends. + class ImproperlyConfigured(Exception): pass def is_service_ready(provider): - valid_cert = _has_valid_cert(provider) + _has_valid_cert(provider) return True def get_eip_cert_path(provider): return os.path.join(get_path_prefix(), - 'leap', 'providers', provider, + 'leap', 'providers', provider, 'keys', 'client', 'openvpn.pem') @@ -23,5 +26,3 @@ def _has_valid_cert(provider): has_file = os.path.isfile(cert_path) if not has_file: raise ImproperlyConfigured('Missing EIP certificate') - - diff --git a/src/leap/bitmask/vpn/_config.py b/src/leap/bitmask/vpn/_config.py index 7dfabf7d..267f61eb 100644 --- a/src/leap/bitmask/vpn/_config.py +++ b/src/leap/bitmask/vpn/_config.py @@ -1,3 +1,17 @@ +import pkg_resources +from .constants import IS_LINUX + + +if IS_LINUX: + + def get_bitmask_helper_path(): + return pkg_resources.resource_filename( + 'leap.bitmask.vpn.helpers.linux', 'bitmask-root') + + def get_bitmask_polkit_policy_path(): + return pkg_resources.resource_filename( + 'leap.bitmask.vpn.helpers.linux', 'se.leap.bitmask.bundle.policy') + class _TempEIPConfig(object): """Current EIP code on bitmask depends on EIPConfig object, this temporary diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py new file mode 100644 index 00000000..1f46fd79 --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/__init__.py @@ -0,0 +1,35 @@ +from os import remove +from shutil import copyfile +import sys + +from leap.bitmask.vpn.constants import IS_LINUX +from leap.bitmask.vpn import _config + +if IS_LINUX: + + helper_to = '/usr/local/sbin/bitmask-root' + polkit_to = '/usr/share/polkit-1/actions/se.bitmask.bundle.policy' + + def install(): + helper_from = _config.get_bitmask_helper_path() + polkit_from = _config.get_bitmask_polkit_policy_path() + copyfile(helper_from, helper_to) + copyfile(polkit_from, polkit_to) + + def uninstall(): + try: + remove(helper_to) + remove(polkit_to) + except: + raise + + +def main(): + if sys.argv[-1] == 'install': + install() + if sys.argv[-1] == 'uninstall': + uninstall() + + +if __name__ == "__main__": + main() diff --git a/src/leap/bitmask/vpn/helpers/linux/__init__.py b/src/leap/bitmask/vpn/helpers/linux/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/__init__.py diff --git a/src/leap/bitmask/vpn/fw/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root index 80ac12e8..80ac12e8 100755 --- a/src/leap/bitmask/vpn/fw/bitmask-root +++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root diff --git a/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.bundle.policy b/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.bundle.policy new file mode 100644 index 00000000..58fcaaa8 --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.bundle.policy @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>LEAP Project</vendor> + <vendor_url>http://leap.se/</vendor_url> + + <action id="se.leap.bitmask.bundle.policy"> + <description>Runs bitmask helper to launch firewall and openvpn (bundle version)</description> + <description xml:lang="es">Ejecuta el asistente de bitmask para lanzar el firewall y openvpn (version bundle)</description> + <message>Bitmask needs that you authenticate to start</message> + <message xml:lang="es">Bitmask necesita autorizacion para comenzar</message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/local/sbin/bitmask-root</annotate> + </action> +</policyconfig> diff --git a/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.policy b/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.policy new file mode 100644 index 00000000..c66f4701 --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/se.leap.bitmask.policy @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>LEAP Project</vendor> + <vendor_url>http://leap.se/</vendor_url> + + <action id="se.leap.bitmask.policy"> + <description>Runs bitmask helper to launch firewall and openvpn</description> + <description xml:lang="es">Ejecuta el asistente de bitmask para lanzar el firewall y openvpn</description> + <message>Bitmask needs that you authenticate to start</message> + <message xml:lang="es">Bitmask necesita autorizacion para comenzar</message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>yes</allow_any> + <allow_inactive>yes</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/bitmask-root</annotate> + </action> +</policyconfig> diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index e8ed5576..097f5f8a 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -37,6 +37,14 @@ logger = Logger() flags_STANDALONE = False +def install_helpers(): + commands.getoutput('pkexec bitmask_helpers install') + + +def uninstall_helpers(): + commands.getoutput('pkexec bitmask_helpers uninstall') + + class NoPolkitAuthAgentAvailable(Exception): pass diff --git a/src/leap/bitmask/vpn/process.py b/src/leap/bitmask/vpn/process.py index ef5ee37f..813025d7 100644 --- a/src/leap/bitmask/vpn/process.py +++ b/src/leap/bitmask/vpn/process.py @@ -38,7 +38,7 @@ from leap.bitmask.vpn.constants import IS_MAC from leap.bitmask.vpn.utils import first, force_eval from leap.bitmask.vpn.utils import get_vpn_launcher from leap.bitmask.vpn.launchers import linux -from leap.bitmask.vpn.udstelnet import UDSTelnet +from leap.bitmask.vpn._telnet import UDSTelnet from leap.bitmask.vpn import _observer from leap.bitmask.vpn import _management diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index 3550b4b7..72fd2bbf 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -27,6 +27,9 @@ from twisted.internet import defer from leap.bitmask.hooks import HookableService from leap.bitmask.vpn.eip import EIPManager from leap.bitmask.vpn._checks import is_service_ready, get_eip_cert_path +from leap.bitmask.vpn._config import get_bitmask_helper_path +from leap.bitmask.vpn._config import get_bitmask_polkit_policy_path +from leap.bitmask.vpn import privilege from leap.common.config import get_path_prefix from leap.common.files import check_and_fix_urw_only @@ -81,7 +84,11 @@ class EIPService(HookableService): and can be started""" # TODO either pass a provider, or set a given provider _ready = is_service_ready('demo.bitmask.net') - return {'eip_ready': 'ok'} + if _ready: + result = 'ok' + else: + result = 'no' + return {'eip_ready': result} @defer.inlineCallbacks def do_get_cert(self, provider): @@ -98,13 +105,21 @@ class EIPService(HookableService): check_and_fix_urw_only(cert_path) defer.returnValue({'get_cert': 'ok'}) + def do_install(self): + ask = privilege.install_helpers() + return {'install': 'ok'} + + def do_uninstall(self): + ask = privilege.uninstall_helpers() + return {'uninstall': 'ok'} + def _setup(self, provider): """Set up EIPManager for a specified provider. :param provider: the provider to use, e.g. 'demo.bitmask.net' :type provider: str""" - # FIXME + # FIXME --------------------------------------------------------- # XXX picked manually from eip-service.json remotes = ( ("198.252.153.84", "1194"), |