From 79e9f3c69b4eb061490d6a12a52888abc429542e Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Mon, 18 Sep 2017 19:53:17 +0200
Subject: [feat] detect if pkexec is present in the system

Check it before starting the vpn.

- Resolves: #8895
---
 src/leap/bitmask/vpn/_checks.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/leap/bitmask/vpn/_checks.py')

diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py
index 6c089628..c6117d0d 100644
--- a/src/leap/bitmask/vpn/_checks.py
+++ b/src/leap/bitmask/vpn/_checks.py
@@ -2,13 +2,14 @@ import os
 
 from datetime import datetime
 from time import mktime
+from twisted.logger import Logger
 
+from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable
 from leap.common.certs import get_cert_time_boundaries
 from leap.common.config import get_path_prefix
 
+log = Logger()
 
-# TODO use privilege.py module, plenty of checks in there for pkexec and
-# friends.
 
 class ImproperlyConfigured(Exception):
     pass
@@ -18,6 +19,10 @@ def is_service_ready(provider):
     if not _has_valid_cert(provider):
         raise ImproperlyConfigured('Missing VPN certificate')
 
+    if not is_pkexec_in_system():
+        log.warn('System has no pkexec')
+        raise NoPkexecAvailable()
+
     return True
 
 
@@ -40,10 +45,12 @@ def _has_valid_cert(provider):
     cert_path = get_vpn_cert_path(provider)
     has_file = os.path.isfile(cert_path)
     if not has_file:
+        log.warn("VPN cert not present for %s" % (provider,))
         return False
 
     expiry = cert_expires(provider)
     if datetime.now() > expiry:
+        log.warn("VPN cert expired for %s" % (provider,))
         return False
 
     return True
-- 
cgit v1.2.3