From 79e9f3c69b4eb061490d6a12a52888abc429542e Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Mon, 18 Sep 2017 19:53:17 +0200 Subject: [feat] detect if pkexec is present in the system Check it before starting the vpn. - Resolves: #8895 --- src/leap/bitmask/vpn/_checks.py | 11 +++++++++-- src/leap/bitmask/vpn/helpers/__init__.py | 3 ++- src/leap/bitmask/vpn/privilege.py | 20 ++++++++++---------- src/leap/bitmask/vpn/service.py | 4 ++++ 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py index 6c089628..c6117d0d 100644 --- a/src/leap/bitmask/vpn/_checks.py +++ b/src/leap/bitmask/vpn/_checks.py @@ -2,13 +2,14 @@ import os from datetime import datetime from time import mktime +from twisted.logger import Logger +from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable from leap.common.certs import get_cert_time_boundaries from leap.common.config import get_path_prefix +log = Logger() -# TODO use privilege.py module, plenty of checks in there for pkexec and -# friends. class ImproperlyConfigured(Exception): pass @@ -18,6 +19,10 @@ def is_service_ready(provider): if not _has_valid_cert(provider): raise ImproperlyConfigured('Missing VPN certificate') + if not is_pkexec_in_system(): + log.warn('System has no pkexec') + raise NoPkexecAvailable() + return True @@ -40,10 +45,12 @@ def _has_valid_cert(provider): cert_path = get_vpn_cert_path(provider) has_file = os.path.isfile(cert_path) if not has_file: + log.warn("VPN cert not present for %s" % (provider,)) return False expiry = cert_expires(provider) if datetime.now() > expiry: + log.warn("VPN cert expired for %s" % (provider,)) return False return True diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py index e09f406d..57847e16 100644 --- a/src/leap/bitmask/vpn/helpers/__init__.py +++ b/src/leap/bitmask/vpn/helpers/__init__.py @@ -4,6 +4,7 @@ import os.path import sys from leap.bitmask.vpn.constants import IS_LINUX, IS_MAC +from leap.bitmask.vpn.privilege import is_pkexec_in_system from leap.bitmask.vpn import _config from leap.bitmask.util import STANDALONE @@ -38,7 +39,7 @@ if IS_LINUX: polkit = ( os.path.exists(polkit_to) or os.path.exists(deb_polkit_to)) - return helper and polkit + return is_pkexec_in_system() and helper and polkit if IS_MAC: diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 458f690d..dd8d29a9 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -109,7 +109,7 @@ class LinuxPolicyChecker(object): :returns: a list of the paths where pkexec is to be found :rtype: list """ - if not self._is_pkexec_in_system(): + if not is_pkexec_in_system(): log.warn('System has no pkexec') raise NoPkexecAvailable() @@ -181,12 +181,12 @@ class LinuxPolicyChecker(object): return is_running - @classmethod - def _is_pkexec_in_system(self): - """ - Checks the existence of the pkexec binary in system. - """ - pkexec_path = which('pkexec') - if len(pkexec_path) == 0: - return False - return True + +def is_pkexec_in_system(): + """ + Checks the existence of the pkexec binary in system. + """ + pkexec_path = which('pkexec') + if len(pkexec_path) == 0: + return False + return True diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index 1ecfa797..36699712 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -106,6 +106,10 @@ class VPNService(HookableService): exc = Exception("VPN can't start, a provider is needed") exc.expected = True raise exc + if not is_service_ready(domain): + exc = Exception("VPN is not ready") + exc.expected = True + raise exc yield self._setup(domain) -- cgit v1.2.3