3 files changed, 32 insertions, 8 deletions

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 48e6e9a7..f82049d3 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -211,7 +211,7 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     # XXX take them from the config object.
 
     ourplatform = platform.system()
-    if ourplatform in ("Linux", "Mac"):
+    if ourplatform in ("Linux", "Darwin"):
         opts.append('--management')
 
         if socket_path is None:
@@ -229,6 +229,7 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     client_cert_path = eipspecs.client_cert_path(provider)
     ca_cert_path = eipspecs.provider_ca_path(provider)
 
+    # XXX FIX paths for MAC
     opts.append('--cert')
     opts.append(client_cert_path)
     opts.append('--key')
@@ -260,9 +261,11 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
     use_pkexec = True
     ovpn = None
 
+    _plat = platform.system()
+
     # XXX get use_pkexec from config instead.
 
-    if platform.system() == "Linux" and use_pkexec and do_pkexec_check:
+    if _plat == "Linux" and use_pkexec and do_pkexec_check:
 
         # check for both pkexec
         # AND a suitable authentication
@@ -282,8 +285,17 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
             raise eip_exceptions.EIPNoPolkitAuthAgentAvailable
 
         command.append('pkexec')
+
+
     if vpnbin is None:
-        ovpn = which('openvpn')
+        if _plat == "Darwin":
+            # XXX Should hardcode our installed path
+            # /Applications/LEAPClient.app/Contents/Resources/openvpn.leap
+            openvpn_bin = "openvpn.leap"
+        else:
+            openvpn_bin = "openvpn"
+        #XXX hardcode for darwin
+        ovpn = which(openvpn_bin)
     else:
         ovpn = vpnbin
     if ovpn:
@@ -299,7 +311,18 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
 
     # XXX check len and raise proper error
 
-    return [command[0], command[1:]]
+    if _plat == "Darwin":
+        OSX_ASADMIN = 'do shell script "%s" with administrator privileges'
+        # XXX fix workaround for Nones
+        _command = [x if x else " " for x in command]
+        # XXX debugging!
+        #import ipdb;ipdb.set_trace() 
+        #XXX get openvpn log path from debug flags 
+        _command.append('--log')
+        _command.append('/tmp/leap_openvpn.log')
+        return ["osascript", ["-e", OSX_ASADMIN % ' '.join(_command)]]
+    else:
+        return [command[0], command[1:]]
 
 
 def check_vpn_keys(provider=None):
diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py
index 27734f80..540e7558 100644
--- a/src/leap/eip/eipconnection.py
+++ b/src/leap/eip/eipconnection.py
@@ -52,7 +52,7 @@ class StatusMixIn(object):
             logger.warning('connection refused')
             return
         if not state:
-            logger.debug('no state')
+            #logger.debug('no state')
             return
         (ts, status_step,
          ok, ip, remote) = state
diff --git a/src/leap/eip/openvpnconnection.py b/src/leap/eip/openvpnconnection.py
index eb3b5ec0..b36b0b16 100644
--- a/src/leap/eip/openvpnconnection.py
+++ b/src/leap/eip/openvpnconnection.py
@@ -83,7 +83,7 @@ class OpenVPNManagement(object):
             try:
                 self._connect_to_management()
             except eip_exceptions.MissingSocketError:
-                logger.warning('missing management socket')
+                #logger.warning('missing management socket')
                 return []
         try:
             if hasattr(self, 'tn'):
@@ -329,11 +329,12 @@ to be triggered for each one of them.
         #use _only_ signal_maps instead
 
         logger.debug('_launch_openvpn called')
+        logger.debug('watcher_cb: %s' % self.watcher_cb)
         if self.watcher_cb is not None:
             linewrite_callback = self.watcher_cb
         else:
             #XXX get logger instead
-            linewrite_callback = lambda line: print('watcher: %s' % line)
+            linewrite_callback = lambda line: logger.debug('watcher: %s' % line)
 
         # the partial is not
         # being applied now because we're not observing the process
@@ -341,7 +342,7 @@ to be triggered for each one of them.
         # here since it will be handy for observing patterns in the
         # thru-the-manager updates (with regex)
         observers = (linewrite_callback,
-                     partial(lambda con_status, line: None, self.status))
+                     partial(lambda con_status, line: linewrite_callback, self.status))
         subp, watcher = spawn_and_watch_process(
             self.command,
             self.args,