From abd476bffb427bd0733dcf87d12fed00d4cf6aaf Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Tue, 19 Aug 2014 11:27:29 -0500
Subject: remove dict comprenhension

---
 src/leap/bitmask/util/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/leap/bitmask/util')

diff --git a/src/leap/bitmask/util/__init__.py b/src/leap/bitmask/util/__init__.py
index caa94ec7..e8eddd64 100644
--- a/src/leap/bitmask/util/__init__.py
+++ b/src/leap/bitmask/util/__init__.py
@@ -151,6 +151,6 @@ def flags_to_dict():
     :rtype: dict.
     """
     items = [i for i in dir(flags) if i[0] != '_']
-    values = {i: getattr(flags, i) for i in items}
+    values = dict((i, getattr(flags, i)) for i in items)
 
     return values
-- 
cgit v1.2.3


From 3d0708ad3e20aa8dddf6894b7536be3cd59cfbca Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Mon, 8 Sep 2014 14:22:29 -0500
Subject: Add email firewall

---
 src/leap/bitmask/util/privilege_policies.py | 98 +++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)

(limited to 'src/leap/bitmask/util')

diff --git a/src/leap/bitmask/util/privilege_policies.py b/src/leap/bitmask/util/privilege_policies.py
index f894d73b..2016e67b 100644
--- a/src/leap/bitmask/util/privilege_policies.py
+++ b/src/leap/bitmask/util/privilege_policies.py
@@ -18,17 +18,30 @@
 Helpers to determine if the needed policies for privilege escalation
 are operative under this client run.
 """
+import commands
 import logging
 import os
+import subprocess
 import platform
+import time
 
 from abc import ABCMeta, abstractmethod
 
 from leap.bitmask.config import flags
+from leap.common.check import leap_assert
+from leap.common.files import which
 
 logger = logging.getLogger(__name__)
 
 
+class NoPolkitAuthAgentAvailable(Exception):
+    pass
+
+
+class NoPkexecAvailable(Exception):
+    pass
+
+
 def is_missing_policy_permissions():
     """
     Returns True if we do not have implemented a policy checker for this
@@ -75,6 +88,7 @@ class LinuxPolicyChecker(PolicyChecker):
                          "se.leap.bitmask.policy")
     LINUX_POLKIT_FILE_BUNDLE = ("/usr/share/polkit-1/actions/"
                                 "se.leap.bitmask.bundle.policy")
+    PKEXEC_BIN = 'pkexec'
 
     @classmethod
     def get_polkit_path(self):
@@ -97,3 +111,87 @@ class LinuxPolicyChecker(PolicyChecker):
         """
         path = self.get_polkit_path()
         return not os.path.isfile(path)
+
+    @classmethod
+    def maybe_pkexec(self):
+        """
+        Checks whether pkexec is available in the system, and
+        returns the path if found.
+
+        Might raise:
+            NoPkexecAvailable,
+            NoPolkitAuthAgentAvailable.
+
+        :returns: a list of the paths where pkexec is to be found
+        :rtype: list
+        """
+        if self._is_pkexec_in_system():
+            if not self.is_up():
+                self.launch()
+                time.sleep(2)
+            if self.is_up():
+                pkexec_possibilities = which(self.PKEXEC_BIN)
+                leap_assert(len(pkexec_possibilities) > 0,
+                            "We couldn't find pkexec")
+                return pkexec_possibilities
+            else:
+                logger.warning("No polkit auth agent found. pkexec " +
+                               "will use its own auth agent.")
+                raise NoPolkitAuthAgentAvailable()
+        else:
+            logger.warning("System has no pkexec")
+            raise NoPkexecAvailable()
+
+    @classmethod
+    def launch(self):
+        """
+        Tries to launch policykit
+        """
+        env = None
+        if flags.STANDALONE:
+            env = {"PYTHONPATH": os.path.abspath('../../../../lib/')}
+        try:
+            # We need to quote the command because subprocess call
+            # will do "sh -c 'foo'", so if we do not quoute it we'll end
+            # up with a invocation to the python interpreter. And that
+            # is bad.
+            logger.debug("Trying to launch polkit agent")
+            subprocess.call(["python -m leap.bitmask.util.polkit_agent"],
+                            shell=True, env=env)
+        except Exception as exc:
+            logger.exception(exc)
+
+    @classmethod
+    def is_up(self):
+        """
+        Checks if a polkit daemon is running.
+
+        :return: True if it's running, False if it's not.
+        :rtype: boolean
+        """
+        # Note that gnome-shell does not uses a separate process for the
+        # polkit-agent, it uses a polkit-agent within its own process so we
+        # can't ps-grep a polkit process, we can ps-grep gnome-shell itself.
+
+        # the [x] thing is to avoid grep match itself
+        polkit_options = [
+            'ps aux | grep "polkit-[g]nome-authentication-agent-1"',
+            'ps aux | grep "polkit-[k]de-authentication-agent-1"',
+            'ps aux | grep "polkit-[m]ate-authentication-agent-1"',
+            'ps aux | grep "[l]xpolkit"',
+            'ps aux | grep "[g]nome-shell"',
+            'ps aux | grep "[f]ingerprint-polkit-agent"',
+        ]
+        is_running = [commands.getoutput(cmd) for cmd in polkit_options]
+
+        return any(is_running)
+
+    @classmethod
+    def _is_pkexec_in_system(self):
+        """
+        Checks the existence of the pkexec binary in system.
+        """
+        pkexec_path = which('pkexec')
+        if len(pkexec_path) == 0:
+            return False
+        return True
-- 
cgit v1.2.3


From 6166ffedcae0763f3c00076c79e74847f5c80823 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 8 Sep 2014 02:01:14 -0700
Subject: single pref win: moved password change UI to a separate window,
 opened from account page in preferences.

---
 src/leap/bitmask/util/credentials.py | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

(limited to 'src/leap/bitmask/util')

diff --git a/src/leap/bitmask/util/credentials.py b/src/leap/bitmask/util/credentials.py
index 757ce10c..dfc78a09 100644
--- a/src/leap/bitmask/util/credentials.py
+++ b/src/leap/bitmask/util/credentials.py
@@ -38,7 +38,7 @@ def username_checks(username):
     valid = USERNAME_VALIDATOR.validate(username, 0)
     valid_username = valid[0] == QtGui.QValidator.State.Acceptable
     if message is None and not valid_username:
-        message = _tr("Invalid username")
+        message = _tr("That username is not allowed. Try another.")
 
     return message is None, message
 
@@ -54,28 +54,34 @@ def password_checks(username, password, password2):
     :param password2: second password from the registration form
     :type password: str
 
-    :returns: True and empty message if all the checks pass,
-              False and an error message otherwise
-    :rtype: tuple(bool, str)
+    :returns: (True, None, None) if all the checks pass,
+              (False, message, field name) otherwise
+    :rtype: tuple(bool, str, str)
     """
     # translation helper
     _tr = QtCore.QObject().tr
 
     message = None
+    field = None
 
     if message is None and password != password2:
         message = _tr("Passwords don't match")
+        field = 'new_password_confirmation'
 
     if message is None and not password:
-        message = _tr("You can't use an empty password")
+        message = _tr("Password is empty")
+        field = 'new_password'
 
     if message is None and len(password) < 8:
-        message = _tr("Password too short")
+        message = _tr("Password is too short")
+        field = 'new_password'
 
     if message is None and password in WEAK_PASSWORDS:
-        message = _tr("Password too easy")
+        message = _tr("Password is too easy")
+        field = 'new_password'
 
     if message is None and username == password:
-        message = _tr("Password equal to username")
+        message = _tr("Password can't be the same as username")
+        field = 'new_password'
 
-    return message is None, message
+    return message is None, message, field
-- 
cgit v1.2.3