summaryrefslogtreecommitdiff
path: root/src/leap/util/privilege_policies.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/util/privilege_policies.py')
-rw-r--r--src/leap/util/privilege_policies.py169
1 files changed, 0 insertions, 169 deletions
diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py
deleted file mode 100644
index 72442553..00000000
--- a/src/leap/util/privilege_policies.py
+++ /dev/null
@@ -1,169 +0,0 @@
-# -*- coding: utf-8 -*-
-# privilege_policies.py
-# Copyright (C) 2013 LEAP
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-"""
-Helpers to determine if the needed policies for privilege escalation
-are operative under this client run.
-"""
-import logging
-import os
-import platform
-
-from abc import ABCMeta, abstractmethod
-
-logger = logging.getLogger(__name__)
-
-
-POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
-<policyconfig>
-
- <vendor>LEAP Project</vendor>
- <vendor_url>https://leap.se/</vendor_url>
-
- <action id="net.openvpn.gui.leap.run-openvpn">
- <description>Runs the openvpn binary</description>
- <description xml:lang="es">Ejecuta el binario openvpn</description>
- <message>OpenVPN needs that you authenticate to start</message>
- <message xml:lang="es">
- OpenVPN necesita autorizacion para comenzar
- </message>
- <icon_name>package-x-generic</icon_name>
- <defaults>
- <allow_any>yes</allow_any>
- <allow_inactive>yes</allow_inactive>
- <allow_active>yes</allow_active>
- </defaults>
- <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
- <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
- </action>
-</policyconfig>
-"""
-
-
-def is_missing_policy_permissions():
- """
- Returns True if we do not have implemented a policy checker for this
- platform, or if the policy checker exists but it cannot find the
- appropriate policy mechanisms in place.
-
- :rtype: bool
- """
- _system = platform.system()
- platform_checker = _system + "PolicyChecker"
- policy_checker = globals().get(platform_checker, None)
- if not policy_checker:
- # it is true that we miss permission to escalate
- # privileges without asking for password each time.
- logger.debug("we could not find a policy checker implementation "
- "for %s" % (_system,))
- return True
- return policy_checker().is_missing_policy_permissions()
-
-
-def get_policy_contents(openvpn_path):
- """
- Returns the contents that the policy file should have.
-
- :param openvpn_path: the openvpn path to use in the polkit file
- :type openvpn_path: str
- :rtype: str
- """
- return POLICY_TEMPLATE.format(path=openvpn_path)
-
-
-def is_policy_outdated(path):
- """
- Returns if the existing polkit file is outdated, comparing if the path
- is correct.
-
- :param path: the path that should have the polkit file.
- :type path: str.
- :rtype: bool
- """
- _system = platform.system()
- platform_checker = _system + "PolicyChecker"
- policy_checker = globals().get(platform_checker, None)
- if policy_checker is None:
- logger.debug("we could not find a policy checker implementation "
- "for %s" % (_system,))
- return False
- return policy_checker().is_outdated(path)
-
-
-class PolicyChecker:
- """
- Abstract PolicyChecker class
- """
-
- __metaclass__ = ABCMeta
-
- @abstractmethod
- def is_missing_policy_permissions(self):
- """
- Returns True if we could not find any policy mechanisms that
- are defined to be in used for this particular platform.
-
- :rtype: bool
- """
- return True
-
-
-class LinuxPolicyChecker(PolicyChecker):
- """
- PolicyChecker for Linux
- """
- LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/"
- "net.openvpn.gui.leap.policy")
-
- @classmethod
- def get_polkit_path(self):
- """
- Returns the polkit file path.
-
- :rtype: str
- """
- return self.LINUX_POLKIT_FILE
-
- def is_missing_policy_permissions(self):
- """
- Returns True if we could not find the appropriate policykit file
- in place
-
- :rtype: bool
- """
- return not os.path.isfile(self.LINUX_POLKIT_FILE)
-
- def is_outdated(self, path):
- """
- Returns if the existing polkit file is outdated, comparing if the path
- is correct.
-
- :param path: the path that should have the polkit file.
- :type path: str.
- :rtype: bool
- """
- polkit = None
- try:
- with open(self.LINUX_POLKIT_FILE) as f:
- polkit = f.read()
- except IOError, e:
- logger.error("Error reading polkit file(%s): %r" % (
- self.LINUX_POLKIT_FILE, e))
-
- return get_policy_contents(path) != polkit