From d1ebe98239fbc2baffa345558d396fa539e79202 Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 21 Sep 2012 06:32:40 +0900 Subject: added --no-provider-checks and --no-ca-verify for ease of debugging Close #604 --- src/leap/app.py | 1 + src/leap/baseapp/eip.py | 10 ++++++---- src/leap/eip/checks.py | 20 +++++++++++++------- src/leap/eip/eipconnection.py | 4 ++-- src/leap/util/leap_argparse.py | 17 +++++++++++++++-- src/leap/util/tests/test_leap_argparse.py | 2 ++ 6 files changed, 39 insertions(+), 15 deletions(-) diff --git a/src/leap/app.py b/src/leap/app.py index d51ac46d..52ebcaea 100644 --- a/src/leap/app.py +++ b/src/leap/app.py @@ -35,6 +35,7 @@ def main(): console.setFormatter(formatter) logger.addHandler(console) + logger.debug(opts) logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') logger.info('LEAP client version %s', VERSION) logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~') diff --git a/src/leap/baseapp/eip.py b/src/leap/baseapp/eip.py index 98ff7142..b0e14be7 100644 --- a/src/leap/baseapp/eip.py +++ b/src/leap/baseapp/eip.py @@ -1,7 +1,7 @@ from __future__ import print_function import logging import time -import sys +#import sys from PyQt4 import QtCore @@ -40,9 +40,11 @@ class EIPConductorAppMixin(object): debug=self.debugmode, ovpn_verbosity=opts.openvpn_verb) - # XXX get skip_download from cli flag - skip_download = False - self.conductor.run_checks(skip_download=skip_download) + skip_download = opts.no_provider_checks + skip_verify = opts.no_ca_verify + self.conductor.run_checks( + skip_download=skip_download, + skip_verify=skip_verify) self.error_check() # XXX should receive "ready" signal diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index cf758314..ef09a582 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -135,10 +135,12 @@ class ProviderCertChecker(object): self.fetcher = fetcher self.cacert = get_ca_cert() - def run_all(self, checker=None, skip_download=False): + def run_all(self, checker=None, skip_download=False, skip_verify=False): if not checker: checker = self + do_verify = not skip_verify + logger.debug('do_verify: %s', do_verify) # For MVS+ # checker.download_ca_cert() # checker.download_ca_signature() @@ -149,8 +151,8 @@ class ProviderCertChecker(object): checker.is_there_provider_ca() # XXX FAKE IT!!! - checker.is_https_working(verify=False) - checker.check_new_cert_needed(verify=False) + checker.is_https_working(verify=do_verify) + checker.check_new_cert_needed(verify=do_verify) def download_ca_cert(self): # MVS+ @@ -183,17 +185,21 @@ class ProviderCertChecker(object): if uri is None: uri = self._get_root_uri() # XXX raise InsecureURI or something better - logger.debug('is https working?') - logger.debug('uri: %s', uri) assert uri.startswith('https') if verify is True and self.cacert is not None: logger.debug('verify cert: %s', self.cacert) verify = self.cacert + logger.debug('is https working?') + logger.debug('uri: %s (verify:%s)', uri, verify) try: self.fetcher.get(uri, verify=verify) - except requests.exceptions.SSLError: - logger.debug('False!') + except requests.exceptions.SSLError as exc: + logger.warning('False! CERT VERIFICATION FAILED! ' + '(this should be CRITICAL)') + logger.warning('SSLError: %s', exc.message) raise eipexceptions.EIPBadCertError + # XXX get requests.exceptions.ConnectionError Errno 110 + # Connection timed out, and raise ours. else: logger.debug('True') return True diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py index 4e240f16..f0a98d8c 100644 --- a/src/leap/eip/eipconnection.py +++ b/src/leap/eip/eipconnection.py @@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection): def has_errors(self): return True if self.error_queue.qsize() != 0 else False - def run_checks(self, skip_download=False): + def run_checks(self, skip_download=False, skip_verify=False): """ run all eip checks previous to attempting a connection """ @@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection): try: # network (1) - self.provider_cert_checker.run_all() + self.provider_cert_checker.run_all(skip_verify=skip_verify) except Exception as exc: push_err(exc) try: diff --git a/src/leap/util/leap_argparse.py b/src/leap/util/leap_argparse.py index 3b38aa77..2f996a31 100644 --- a/src/leap/util/leap_argparse.py +++ b/src/leap/util/leap_argparse.py @@ -2,12 +2,16 @@ import argparse def build_parser(): + """ + all the options for the leap arg parser + Some of these could be switched on only if debug flag is present! + """ epilog = "Copyright 2012 The Leap Project" parser = argparse.ArgumentParser(description=""" Launches main LEAP Client""", epilog=epilog) - parser.add_argument('--debug', action="store_true", + parser.add_argument('-d', '--debug', action="store_true", help='launches in debug mode') - parser.add_argument('--config', metavar="CONFIG FILE", nargs='?', + parser.add_argument('-c', '--config', metavar="CONFIG FILE", nargs='?', action="store", dest="config_file", type=argparse.FileType('r'), help='optional config file') @@ -19,6 +23,15 @@ Launches main LEAP Client""", epilog=epilog) type=int, action="store", dest="openvpn_verb", help='verbosity level for openvpn logs [1-6]') + parser.add_argument('-l', '--no-provider-checks', + action="store_true", default=False, + help="skips download of provider config files. gets " + "config from local files only. Will fail if cannot " + "find any") + parser.add_argument('-k', '--no-ca-verify', + action="store_true", default=False, + help="(insecure). Skips verification of the server " + "certificate used in TLS handshake.") return parser diff --git a/src/leap/util/tests/test_leap_argparse.py b/src/leap/util/tests/test_leap_argparse.py index 173c87bb..082919b7 100644 --- a/src/leap/util/tests/test_leap_argparse.py +++ b/src/leap/util/tests/test_leap_argparse.py @@ -27,6 +27,8 @@ class LeapArgParseTest(unittest.TestCase): config_file=None, debug=True, log_file=None, + no_provider_checks=False, + no_ca_verify=False, openvpn_verb=None)) if __name__ == "__main__": -- cgit v1.2.3