From 8df9f593a4ba98bf22de956b97e01c740ec93482 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 20 Jun 2013 07:17:59 +0900 Subject: add small img for cocoasudo icon --- data/images/leap-client.tiff | Bin 0 -> 3598 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 data/images/leap-client.tiff diff --git a/data/images/leap-client.tiff b/data/images/leap-client.tiff new file mode 100644 index 00000000..71c95b0d Binary files /dev/null and b/data/images/leap-client.tiff differ -- cgit v1.2.3 From 6873b5b5ef4d1e4af44fe41a52f402d3d9a16d5c Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 20 Jun 2013 07:52:37 +0900 Subject: use cocoasudo instead of osascript Closes:#2925 --- changes/feature_2925_osx-use-cocoasudo | 1 + src/leap/services/eip/vpnlaunchers.py | 33 +++++++++++++++++++++++---------- 2 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 changes/feature_2925_osx-use-cocoasudo diff --git a/changes/feature_2925_osx-use-cocoasudo b/changes/feature_2925_osx-use-cocoasudo new file mode 100644 index 00000000..b87a8de1 --- /dev/null +++ b/changes/feature_2925_osx-use-cocoasudo @@ -0,0 +1 @@ + o Use cocoasudo in place of osascript for osx privilege escalation during openvpn launch. diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py index 56df0b1c..570a7893 100644 --- a/src/leap/services/eip/vpnlaunchers.py +++ b/src/leap/services/eip/vpnlaunchers.py @@ -458,12 +458,12 @@ class DarwinVPNLauncher(VPNLauncher): VPN launcher for the Darwin Platform """ - OSASCRIPT_BIN = '/usr/bin/osascript' - OSX_ASADMIN = "do shell script \"%s\" with administrator privileges" + COCOASUDO = "cocoasudo" + # XXX need magic translate for this string + SUDO_MSG = ("LEAP needs administrative privileges to run " + "Encrypted Internet.") INSTALL_PATH = "/Applications/LEAP\ Client.app" - # OPENVPN_BIN = "/%s/Contents/Resources/openvpn.leap" % ( - # self.INSTALL_PATH,) OPENVPN_BIN = 'openvpn.leap' OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,) @@ -481,9 +481,25 @@ class DarwinVPNLauncher(VPNLauncher): """ to = kls.OPENVPN_PATH cmd = "#!/bin/sh\nmkdir -p %s\ncp \"%s/\"* %s" % (to, frompath, to) - #return kls.OSX_ASADMIN % cmd return cmd + def get_cocoasudo_cmd(self): + """ + Returns a string with the cocoasudo command needed to run openvpn + as admin with a nice password prompt. The actual command needs to be + appended. + + :rtype: (str, list) + """ + iconpath = os.path.abspath(os.path.join( + os.getcwd(), + "../../../Resources/leap-client.tiff")) + has_icon = os.path.isfile(iconpath) + args = ["--icon=%s" % iconpath] if has_icon else [] + args.append("--prompt=%s" % (self.SUDO_MSG,)) + + return self.COCOASUDO, args + def get_vpn_command(self, eipconfig=None, providerconfig=None, socket_host=None, socket_port="unix"): """ @@ -597,11 +613,8 @@ class DarwinVPNLauncher(VPNLauncher): '--ca', providerconfig.get_ca_cert_path() ] - # We are using osascript until we can write a proper wrapper - # for privilege escalation. - - command = self.OSASCRIPT_BIN - cmd_args = ["-e", self.OSX_ASADMIN % (' '.join(args),)] + command, cargs = self.get_cocoasudo_cmd() + cmd_args = cargs + args logger.debug("Running VPN with command:") logger.debug("%s %s" % (command, " ".join(cmd_args))) -- cgit v1.2.3