From 8df9f593a4ba98bf22de956b97e01c740ec93482 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Thu, 20 Jun 2013 07:17:59 +0900
Subject: add small img for cocoasudo icon

---
 data/images/leap-client.tiff | Bin 0 -> 3598 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 data/images/leap-client.tiff

diff --git a/data/images/leap-client.tiff b/data/images/leap-client.tiff
new file mode 100644
index 00000000..71c95b0d
Binary files /dev/null and b/data/images/leap-client.tiff differ
-- 
cgit v1.2.3


From 6873b5b5ef4d1e4af44fe41a52f402d3d9a16d5c Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Thu, 20 Jun 2013 07:52:37 +0900
Subject: use cocoasudo instead of osascript Closes:#2925

---
 changes/feature_2925_osx-use-cocoasudo |  1 +
 src/leap/services/eip/vpnlaunchers.py  | 33 +++++++++++++++++++++++----------
 2 files changed, 24 insertions(+), 10 deletions(-)
 create mode 100644 changes/feature_2925_osx-use-cocoasudo

diff --git a/changes/feature_2925_osx-use-cocoasudo b/changes/feature_2925_osx-use-cocoasudo
new file mode 100644
index 00000000..b87a8de1
--- /dev/null
+++ b/changes/feature_2925_osx-use-cocoasudo
@@ -0,0 +1 @@
+  o Use cocoasudo in place of osascript for osx privilege escalation during openvpn launch.
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 56df0b1c..570a7893 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -458,12 +458,12 @@ class DarwinVPNLauncher(VPNLauncher):
     VPN launcher for the Darwin Platform
     """
 
-    OSASCRIPT_BIN = '/usr/bin/osascript'
-    OSX_ASADMIN = "do shell script \"%s\" with administrator privileges"
+    COCOASUDO = "cocoasudo"
+    # XXX need magic translate for this string
+    SUDO_MSG = ("LEAP needs administrative privileges to run "
+                "Encrypted Internet.")
 
     INSTALL_PATH = "/Applications/LEAP\ Client.app"
-    # OPENVPN_BIN = "/%s/Contents/Resources/openvpn.leap" % (
-    #   self.INSTALL_PATH,)
     OPENVPN_BIN = 'openvpn.leap'
     OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,)
 
@@ -481,9 +481,25 @@ class DarwinVPNLauncher(VPNLauncher):
         """
         to = kls.OPENVPN_PATH
         cmd = "#!/bin/sh\nmkdir -p %s\ncp \"%s/\"* %s" % (to, frompath, to)
-        #return kls.OSX_ASADMIN % cmd
         return cmd
 
+    def get_cocoasudo_cmd(self):
+        """
+        Returns a string with the cocoasudo command needed to run openvpn
+        as admin with a nice password prompt. The actual command needs to be
+        appended.
+
+        :rtype: (str, list)
+        """
+        iconpath = os.path.abspath(os.path.join(
+            os.getcwd(),
+            "../../../Resources/leap-client.tiff"))
+        has_icon = os.path.isfile(iconpath)
+        args = ["--icon=%s" % iconpath] if has_icon else []
+        args.append("--prompt=%s" % (self.SUDO_MSG,))
+
+        return self.COCOASUDO, args
+
     def get_vpn_command(self, eipconfig=None, providerconfig=None,
                         socket_host=None, socket_port="unix"):
         """
@@ -597,11 +613,8 @@ class DarwinVPNLauncher(VPNLauncher):
             '--ca', providerconfig.get_ca_cert_path()
         ]
 
-        # We are using osascript until we can write a proper wrapper
-        # for privilege escalation.
-
-        command = self.OSASCRIPT_BIN
-        cmd_args = ["-e", self.OSX_ASADMIN % (' '.join(args),)]
+        command, cargs = self.get_cocoasudo_cmd()
+        cmd_args = cargs + args
 
         logger.debug("Running VPN with command:")
         logger.debug("%s %s" % (command, " ".join(cmd_args)))
-- 
cgit v1.2.3