From 35d2f5662c6f03480f3f6f9ef9092757447361ed Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Fri, 19 May 2017 14:54:51 +0200 Subject: [feat] port the polkit agent launcher this commit is porting the polkit launcher from the legacy bitmask client. if no polkit authentication agent is running, it will try to run one that is found in the system. - Resolves: #8836 --- pkg/requirements.pip | 1 + setup.py | 1 + src/leap/bitmask/vpn/helpers/linux/polkit_agent.py | 82 ++++++++++++++++++++++ src/leap/bitmask/vpn/launchers/linux.py | 5 -- src/leap/bitmask/vpn/privilege.py | 32 ++++----- 5 files changed, 97 insertions(+), 24 deletions(-) create mode 100644 src/leap/bitmask/vpn/helpers/linux/polkit_agent.py diff --git a/pkg/requirements.pip b/pkg/requirements.pip index a34f8295..80dca0bf 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -2,6 +2,7 @@ twisted colorama zope.interface service-identity +python-daemon gnupg leap.common>=0.5.5 leap.soledad.client>=0.9.5 diff --git a/setup.py b/setup.py index c4ddb4dc..76fb4a55 100644 --- a/setup.py +++ b/setup.py @@ -18,6 +18,7 @@ required = [ 'service-identity', 'colorama', 'srp', + 'python-daemon', 'leap.common', ] diff --git a/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py new file mode 100644 index 00000000..10bf7db1 --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# polkit_agent.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +""" +Daemonizes polkit authentication agent. +""" + +import os +import subprocess + +import daemon + + +POLKIT_PATHS = ( + '/usr/lib/lxpolkit/lxpolkit', + '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1', + '/usr/lib/mate-polkit/polkit-mate-authentication-agent-1', + '/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1', +) + + +# TODO write tests for this piece. +def _get_polkit_agent(): + """ + Return a valid polkit agent to use. + + :rtype: str or None + """ + # TODO: in caso of having more than one polkit agent we may want to + # stablish priorities. E.g.: lxpolkit over gnome-polkit for minimalistic + # desktops. + for polkit in POLKIT_PATHS: + if os.path.isfile(polkit): + return polkit + + return None + + +def _launch_agent(): + """ + Launch a polkit authentication agent on a subprocess. + """ + polkit_agent = _get_polkit_agent() + + if polkit_agent is None: + print("No usable polkit was found.") + return + + print('Launching polkit auth agent') + try: + # XXX fix KDE launch. See: #3755 + subprocess.call(polkit_agent) + except Exception as e: + print('Error launching polkit authentication agent %r' % (e, )) + + +def launch(): + """ + Launch a polkit authentication agent as a daemon. + """ + with daemon.DaemonContext(): + _launch_agent() + + +if __name__ == "__main__": + # TODO pass a --nodaemon flag so that we can launch this in the foreground + # and debug this module, getting errors to stderr. + launch() diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py index 5852d1e5..d68d6ef1 100644 --- a/src/leap/bitmask/vpn/launchers/linux.py +++ b/src/leap/bitmask/vpn/launchers/linux.py @@ -21,18 +21,13 @@ Linux VPN launcher implementation. import commands import os -import sys from twisted.logger import Logger from leap.bitmask.util import STANDALONE from leap.bitmask.vpn.utils import first, force_eval from leap.bitmask.vpn.privilege import LinuxPolicyChecker -from leap.bitmask.vpn.privilege import NoPkexecAvailable -from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable from leap.bitmask.vpn.launcher import VPNLauncher -from leap.bitmask.vpn.launcher import VPNLauncherException -from leap.common.config import get_path_prefix logger = Logger() COM = commands diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 2576877a..4617aedf 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -169,26 +169,20 @@ class LinuxPolicyChecker(PolicyChecker): @classmethod def launch(self): """ - Tries to launch policykit + Tries to launch policykit. """ - env = None - if STANDALONE: - # This allows us to send to subprocess the environment configs that - # works for the standalone bundle (like the PYTHONPATH) - env = dict(os.environ) - # The LD_LIBRARY_PATH is set on the launcher but not forwarded to - # subprocess unless we do so explicitly. - env["LD_LIBRARY_PATH"] = os.path.abspath("./lib/") - try: - # We need to quote the command because subprocess call - # will do "sh -c 'foo'", so if we do not quoute it we'll end - # up with a invocation to the python interpreter. And that - # is bad. - log.debug('Trying to launch polkit agent') - subprocess.call(["python -m leap.bitmask.util.polkit_agent"], - shell=True, env=env) - except Exception: - log.failure('Error while launching vpn') + if not self.is_up(): + try: + # We need to quote the command because subprocess call + # will do "sh -c 'foo'", so if we do not quoute it we'll end + # up with a invocation to the python interpreter. And that + # is bad. + log.debug('Trying to launch polkit agent') + subprocess.call( + ["python -m leap.bitmask.vpn.helpers.linux.polkit_agent"], + shell=True) + except Exception: + log.failure('Error while launching vpn') @classmethod def is_up(self): -- cgit v1.2.3