From 25ad6f18057ad7951f74eff35afe25d220952efa Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Mon, 20 Feb 2017 20:39:43 +0100 Subject: [refactor] rename eip to vpn --- src/leap/bitmask/cli/bitmask_cli.py | 20 +++++--- src/leap/bitmask/cli/eip.py | 44 ---------------- src/leap/bitmask/cli/vpn.py | 44 ++++++++++++++++ src/leap/bitmask/core/dispatcher.py | 10 ++-- src/leap/bitmask/vpn/README.rst | 20 ++++---- src/leap/bitmask/vpn/_checks.py | 6 +-- src/leap/bitmask/vpn/_config.py | 6 +-- src/leap/bitmask/vpn/_control.py | 6 +-- src/leap/bitmask/vpn/eip.py | 85 ------------------------------- src/leap/bitmask/vpn/errors.py | 8 +-- src/leap/bitmask/vpn/helpers/__init__.py | 11 ++-- src/leap/bitmask/vpn/launcher.py | 28 +++++----- src/leap/bitmask/vpn/launchers/darwin.py | 14 ++--- src/leap/bitmask/vpn/launchers/linux.py | 23 ++++----- src/leap/bitmask/vpn/launchers/windows.py | 8 +-- src/leap/bitmask/vpn/manager.py | 6 +-- src/leap/bitmask/vpn/privilege.py | 10 ++-- src/leap/bitmask/vpn/process.py | 14 ++--- src/leap/bitmask/vpn/service.py | 50 +++++++++--------- src/leap/bitmask/vpn/vpn.py | 81 +++++++++++++++++++++++++++++ 20 files changed, 248 insertions(+), 246 deletions(-) delete mode 100644 src/leap/bitmask/cli/eip.py create mode 100644 src/leap/bitmask/cli/vpn.py delete mode 100644 src/leap/bitmask/vpn/eip.py create mode 100644 src/leap/bitmask/vpn/vpn.py (limited to 'src/leap/bitmask') diff --git a/src/leap/bitmask/cli/bitmask_cli.py b/src/leap/bitmask/cli/bitmask_cli.py index 933b8240..0c037b25 100755 --- a/src/leap/bitmask/cli/bitmask_cli.py +++ b/src/leap/bitmask/cli/bitmask_cli.py @@ -25,14 +25,14 @@ import signal from colorama import Fore from twisted.internet import reactor, defer -from leap.bitmask.config import Configuration -from leap.bitmask.cli.eip import Eip +from leap.bitmask.cli import command from leap.bitmask.cli.keys import Keys +from leap.bitmask.cli.logs import Logs from leap.bitmask.cli.mail import Mail -from leap.bitmask.cli.webui import WebUI -from leap.bitmask.cli import command from leap.bitmask.cli.user import User -from leap.bitmask.cli.logs import Logs +from leap.bitmask.cli.vpn import VPN +from leap.bitmask.cli.webui import WebUI +from leap.bitmask.config import Configuration class BitmaskCLI(command.Command): @@ -44,10 +44,10 @@ SERVICE COMMANDS: user Handles Bitmask accounts mail Bitmask Encrypted Mail - eip Encrypted Internet Proxy + vpn Bitmask VPN keys Bitmask Keymanager ui Bitmask User Interface - logs Manages bitmask daemon logs + logs Manages the Bitmask daemon logs GENERAL COMMANDS: @@ -74,9 +74,15 @@ OPTIONAL ARGUMENTS: mail = Mail(self.cfg, self.print_json) return mail.execute(raw_args) +<<<<<<< HEAD def eip(self, raw_args): eip = Eip(self.cfg, self.print_json) return eip.execute(raw_args) +======= + def vpn(self, raw_args): + vpn = VPN() + return vpn.execute(raw_args) +>>>>>>> [refactor] rename eip to vpn def keys(self, raw_args): keys = Keys(self.cfg, self.print_json) diff --git a/src/leap/bitmask/cli/eip.py b/src/leap/bitmask/cli/eip.py deleted file mode 100644 index f5c97955..00000000 --- a/src/leap/bitmask/cli/eip.py +++ /dev/null @@ -1,44 +0,0 @@ -# -*- coding: utf-8 -*- -# eip -# Copyright (C) 2016-2017 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -""" -Bitmask Command Line interface: eip -""" -from leap.bitmask.cli import command - - -class Eip(command.Command): - service = 'eip' - usage = '''{name} eip - -Bitmask Encrypted Internet Proxy Service - -SUBCOMMANDS: - - enable Enable EIP Service - disable Disable EIP Service - start Start EIP - stop Stop EIP - status Display status about service - check Check whether EIP service is properly configured - get_cert Get EIP Certificate from provider - install Install helpers (needs root) - uninstall Uninstall helpers (needs root) - -'''.format(name=command.appname) - - commands = ['start', 'stop', 'status', 'check', - 'get_cert', 'install', 'uninstall'] diff --git a/src/leap/bitmask/cli/vpn.py b/src/leap/bitmask/cli/vpn.py new file mode 100644 index 00000000..ace86777 --- /dev/null +++ b/src/leap/bitmask/cli/vpn.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# vpn +# Copyright (C) 2016-2017 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +""" +Bitmask Command Line interface: vpn module +""" +from leap.bitmask.cli import command + + +class VPN(command.Command): + service = 'vpn' + usage = '''{name} vpn + +Bitmask VPN Service + +SUBCOMMANDS: + + enable Enable VPN Service + disable Disable VPN Service + start Start VPN + stop Stop VPN + status Display status about the VPN + check Check whether VPN service is properly configured + get_cert Get VPN Certificate from provider + install Install helpers (needs root) + uninstall Uninstall helpers (needs root) + +'''.format(name=command.appname) + + commands = ['start', 'stop', 'status', 'check', + 'get_cert', 'install', 'uninstall'] diff --git a/src/leap/bitmask/core/dispatcher.py b/src/leap/bitmask/core/dispatcher.py index 36ae1b28..c99bcde0 100644 --- a/src/leap/bitmask/core/dispatcher.py +++ b/src/leap/bitmask/core/dispatcher.py @@ -212,24 +212,24 @@ class EIPCmd(SubCommand): d = eip.stop_vpn() return d - @register_method('check') + @register_method('dict') def do_CHECK(self, eip, *parts): d = eip.do_check() return d - @register_method('get_cert') + @register_method('dict') def do_GET_CERT(self, eip, *parts): # TODO -- attempt to get active provider provider = parts[2] d = eip.do_get_cert(provider) return d - @register_method('install') + @register_method('dict') def do_INSTALL(self, eip, *parts): d = eip.do_install() return d - @register_method('install') + @register_method('dict') def do_UNINSTALL(self, eip, *parts): d = eip.do_uninstall() return d @@ -538,7 +538,7 @@ def _format_error(failure): logger.failure('[DISPATCHER] Unexpected error:') except: logger.debug('[DISPATCHER] Unexpected error: %r' % failure.value) - print failure.getTraceback() + logger.warn(failure.getTraceback()) # if needed, we could add here the exception type as an extra field return json.dumps({'error': failure.value.message, 'result': None}) diff --git a/src/leap/bitmask/vpn/README.rst b/src/leap/bitmask/vpn/README.rst index f08d7abc..eff62ab4 100644 --- a/src/leap/bitmask/vpn/README.rst +++ b/src/leap/bitmask/vpn/README.rst @@ -1,7 +1,7 @@ VPN port -------- What's here is a quick port of the legacy bitmask_client vpn code. -It only work through the cli right now:: +It only works through the cli right now:: bitmaskctl user create tmp_user_baz002@demo.bitmask.net --pass 1234 signup ok @@ -11,32 +11,32 @@ It only work through the cli right now:: srp_token iye7s1J7M3_iCdB4gXEAhxs-if3XOCwpKNPnvTC8ycE uuid b63ac83826c7e1e903ed18f6f7780491 - bitmaskctl eip get_cert demo.bitmask.net + bitmaskctl vpn get_cert demo.bitmask.net get_cert ok - bitmaskctl eip check - eip_ready ok + bitmaskctl vpn check + vpn_ready ok You also might want to install the helpers (a pop-up should appear, asking for authentication):: - bitmaskctl eip install + bitmaskctl vpn install install ok And finally you should be able to launch the VPN:: - bitmaskctl eip start demo.bitmask.net + bitmaskctl vpn start demo.bitmask.net start ok result started - bitmaskctl eip status + bitmaskctl vpn status firewall ON - EIP AUTH + vpn AUTH - bitmaskctl eip status + bitmaskctl vpn status firewall ON - EIP CONNECTED + vpn CONNECTED ↑↑↑ 11.3 K ↓↓↓ 3.9 K diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py index f4d4ed3d..3921d03b 100644 --- a/src/leap/bitmask/vpn/_checks.py +++ b/src/leap/bitmask/vpn/_checks.py @@ -15,14 +15,14 @@ def is_service_ready(provider): return True -def get_eip_cert_path(provider): +def get_vpn_cert_path(provider): return os.path.join(get_path_prefix(), 'leap', 'providers', provider, 'keys', 'client', 'openvpn.pem') def _has_valid_cert(provider): - cert_path = get_eip_cert_path(provider) + cert_path = get_vpn_cert_path(provider) has_file = os.path.isfile(cert_path) if not has_file: - raise ImproperlyConfigured('Missing EIP certificate') + raise ImproperlyConfigured('Missing VPN certificate') diff --git a/src/leap/bitmask/vpn/_config.py b/src/leap/bitmask/vpn/_config.py index 8ae266a1..5f10734d 100644 --- a/src/leap/bitmask/vpn/_config.py +++ b/src/leap/bitmask/vpn/_config.py @@ -13,8 +13,8 @@ if IS_LINUX: 'leap.bitmask.vpn.helpers.linux', 'se.leap.bitmask.bundle.policy') -class _TempEIPConfig(object): - """Current EIP code on bitmask depends on EIPConfig object, this temporary +class _TempVPNConfig(object): + """Current VPN code on bitmask depends on VPNConfig object, this temporary implementation helps on the transition.""" def __init__(self, flags, path, ports): @@ -33,7 +33,7 @@ class _TempEIPConfig(object): class _TempProviderConfig(object): - """Current EIP code on bitmask depends on ProviderConfig object, this + """Current VPN code on bitmask depends on ProviderConfig object, this temporary implementation helps on the transition.""" def __init__(self, domain, path): diff --git a/src/leap/bitmask/vpn/_control.py b/src/leap/bitmask/vpn/_control.py index bff5c098..8dfe4c64 100644 --- a/src/leap/bitmask/vpn/_control.py +++ b/src/leap/bitmask/vpn/_control.py @@ -32,7 +32,7 @@ class VPNControl(object): OPENVPN_VERB = "openvpn_verb" - def __init__(self, remotes, eipconfig, + def __init__(self, remotes, vpnconfig, providerconfig, socket_host, socket_port): self._vpnproc = None self._pollers = [] @@ -41,7 +41,7 @@ class VPNControl(object): self._user_stopped = False self._remotes = remotes - self._eipconfig = eipconfig + self._vpnconfig = vpnconfig self._providerconfig = providerconfig self._host = socket_host self._port = socket_port @@ -53,7 +53,7 @@ class VPNControl(object): self._stop_pollers() vpnproc = VPNProcess( - self._eipconfig, self._providerconfig, self._host, + self._vpnconfig, self._providerconfig, self._host, self._port, openvpn_verb=7, remotes=self._remotes, restartfun=self.restart) diff --git a/src/leap/bitmask/vpn/eip.py b/src/leap/bitmask/vpn/eip.py deleted file mode 100644 index 0c47cc32..00000000 --- a/src/leap/bitmask/vpn/eip.py +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -# cli.py -# Copyright (C) 2015 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -from colorama import Fore - -from leap.bitmask.vpn.manager import VPNManager -from leap.bitmask.vpn.fw.firewall import FirewallManager - - -class EIPManager(object): - - def __init__(self, remotes, cert, key, ca, flags): - - self._vpn = VPNManager( - remotes, cert, key, ca, flags) - self._firewall = FirewallManager(remotes) - - def start(self): - """ - Start EIP service (firewall and vpn) - - This may raise exceptions, see errors.py - """ - print(Fore.BLUE + "Firewall: starting..." + Fore.RESET) - fw_ok = self._firewall.start() - if not fw_ok: - print(Fore.RED + "Firewall: problem!") - return False - - print(Fore.GREEN + "Firewall: started" + Fore.RESET) - - vpn_ok = self._vpn.start() - if not vpn_ok: - print (Fore.RED + "VPN: Error starting." + Fore.RESET) - self._firewall.stop() - print(Fore.GREEN + "Firewall: stopped." + Fore.RESET) - return False - - print(Fore.GREEN + "VPN: started" + Fore.RESET) - - def stop(self): - print(Fore.BLUE + "Firewall: stopping..." + Fore.RESET) - fw_ok = self._firewall.stop() - - if not fw_ok: - print (Fore.RED + "Firewall: Error stopping." + Fore.RESET) - return False - - print(Fore.GREEN + "Firewall: stopped." + Fore.RESET) - print(Fore.BLUE + "VPN: stopping..." + Fore.RESET) - - vpn_ok = self._vpn.stop() - if not vpn_ok: - print (Fore.RED + "VPN: Error stopping." + Fore.RESET) - return False - - print(Fore.GREEN + "VPN: stopped." + Fore.RESET) - return True - - def get_status(self): - vpn_status = self._vpn.status - fw_status = self._firewall.status - - result = {'EIP': vpn_status, - 'firewall': fw_status} - if vpn_status == 'CONNECTED': - traffic = self._vpn.traffic_status - result['↑↑↑'] = traffic['up'] - result['↓↓↓'] = traffic['down'] - return result diff --git a/src/leap/bitmask/vpn/errors.py b/src/leap/bitmask/vpn/errors.py index 239ea352..a6c55001 100644 --- a/src/leap/bitmask/vpn/errors.py +++ b/src/leap/bitmask/vpn/errors.py @@ -4,11 +4,11 @@ from ._management import OpenVPNAlreadyRunning, AlienOpenVPNAlreadyRunning from .launcher import OpenVPNNotFoundException, VPNLauncherException from leap.bitmask.vpn.launchers.linux import ( - EIPNoPolkitAuthAgentAvailable, EIPNoPkexecAvailable) -from leap.bitmask.vpn.launchers.darwin import EIPNoTunKextLoaded + NoPolkitAuthAgentAvailable, NoPkexecAvailable) +from leap.bitmask.vpn.launchers.darwin import NoTunKextLoaded __all__ = ["OpenVPNAlreadyRunning", "AlienOpenVPNAlreadyRunning", "OpenVPNNotFoundException", "VPNLauncherException", - "EIPNoPolkitAuthAgentAvailable", "EIPNoPkexecAvailable", - "EIPNoTunKextLoaded"] + "NoPolkitAuthAgentAvailable", "NoPkexecAvailable", + "NoTunKextLoaded"] diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py index dc249286..8905adfd 100644 --- a/src/leap/bitmask/vpn/helpers/__init__.py +++ b/src/leap/bitmask/vpn/helpers/__init__.py @@ -1,4 +1,4 @@ -from os import remove +from os import remove, chmod from shutil import copyfile import sys @@ -14,15 +14,12 @@ if IS_LINUX: helper_from = _config.get_bitmask_helper_path() polkit_from = _config.get_bitmask_polkit_policy_path() copyfile(helper_from, helper_to) - os.chmod(helper_to, 0744) + chmod(helper_to, 0744) copyfile(polkit_from, polkit_to) def uninstall(): - try: - remove(helper_to) - remove(polkit_to) - except: - raise + remove(helper_to) + remove(polkit_to) def main(): diff --git a/src/leap/bitmask/vpn/launcher.py b/src/leap/bitmask/vpn/launcher.py index 84f5f662..28910fa7 100644 --- a/src/leap/bitmask/vpn/launcher.py +++ b/src/leap/bitmask/vpn/launcher.py @@ -111,14 +111,14 @@ class VPNLauncher(object): @classmethod @abstractmethod - def get_gateways(kls, eipconfig, providerconfig): + def get_gateways(kls, vpnconfig, providerconfig): """ Return a list with the selected gateways for a given provider, looking - at the EIP config file. + at the VPN config file. Each item of the list is a tuple containing (gateway, port). - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig @@ -130,7 +130,7 @@ class VPNLauncher(object): settings = Settings() domain = providerconfig.get_domain() gateway_conf = settings.get_selected_gateway(domain) - gateway_selector = VPNGatewaySelector(eipconfig) + gateway_selector = VPNGatewaySelector(vpnconfig) if gateway_conf == GATEWAY_AUTOMATIC: gws = gateway_selector.get_gateways() @@ -142,7 +142,7 @@ class VPNLauncher(object): raise VPNLauncherException('No gateway was found!') for idx, gw in enumerate(gws): - ports = eipconfig.get_gateway_ports(idx) + ports = vpnconfig.get_gateway_ports(idx) the_port = "1194" # default port @@ -161,7 +161,7 @@ class VPNLauncher(object): @classmethod @abstractmethod - def get_vpn_command(kls, eipconfig, providerconfig, + def get_vpn_command(kls, vpnconfig, providerconfig, socket_host, socket_port, remotes, openvpn_verb=1): """ Return the platform-dependant vpn command for launching openvpn. @@ -170,8 +170,8 @@ class VPNLauncher(object): OpenVPNNotFoundException, VPNLauncherException. - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig :param socket_host: either socket path (unix) or socket IP @@ -185,7 +185,7 @@ class VPNLauncher(object): :return: A VPN command ready to be launched. :rtype: list """ - # leap_assert_type(eipconfig, EIPConfig) + # leap_assert_type(vpnconfig, VPNConfig) # leap_assert_type(providerconfig, ProviderConfig) # XXX this still has to be changed on osx and windows accordingly @@ -212,7 +212,7 @@ class VPNLauncher(object): if openvpn_verb is not None: args += ['--verb', '%d' % (openvpn_verb,)] - # gateways = kls.get_gateways(eipconfig, providerconfig) + # gateways = kls.get_gateways(vpnconfig, providerconfig) gateways = remotes for ip, port in gateways: @@ -227,7 +227,7 @@ class VPNLauncher(object): 'server' ] - openvpn_configuration = eipconfig.get_openvpn_configuration() + openvpn_configuration = vpnconfig.get_openvpn_configuration() for key, value in openvpn_configuration.items(): args += ['--%s' % (key,), value] @@ -257,8 +257,8 @@ class VPNLauncher(object): ] args += [ - '--cert', eipconfig.get_client_cert_path(providerconfig), - '--key', eipconfig.get_client_cert_path(providerconfig), + '--cert', vpnconfig.get_client_cert_path(providerconfig), + '--key', vpnconfig.get_client_cert_path(providerconfig), '--ca', providerconfig.get_ca_cert_path() ] diff --git a/src/leap/bitmask/vpn/launchers/darwin.py b/src/leap/bitmask/vpn/launchers/darwin.py index f637ae1a..9ae64053 100644 --- a/src/leap/bitmask/vpn/launchers/darwin.py +++ b/src/leap/bitmask/vpn/launchers/darwin.py @@ -32,7 +32,7 @@ from leap.common.config import get_path_prefix logger = Logger() -class EIPNoTunKextLoaded(VPNLauncherException): +class NoTunKextLoaded(VPNLauncherException): pass @@ -142,18 +142,18 @@ class DarwinVPNLauncher(VPNLauncher): return kls.COCOASUDO, args @classmethod - def get_vpn_command(kls, eipconfig, providerconfig, socket_host, + def get_vpn_command(kls, vpnconfig, providerconfig, socket_host, socket_port="unix", openvpn_verb=1): """ Returns the OSX implementation for the vpn launching command. Might raise: - EIPNoTunKextLoaded, + NoTunKextLoaded, OpenVPNNotFoundException, VPNLauncherException. - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig :param socket_host: either socket path (unix) or socket IP @@ -168,11 +168,11 @@ class DarwinVPNLauncher(VPNLauncher): :rtype: list """ if not kls.is_kext_loaded(): - raise EIPNoTunKextLoaded + raise VPNNoTunKextLoaded # we use `super` in order to send the class to use command = super(DarwinVPNLauncher, kls).get_vpn_command( - eipconfig, providerconfig, socket_host, socket_port, openvpn_verb) + vpnconfig, providerconfig, socket_host, socket_port, openvpn_verb) cocoa, cargs = kls.get_cocoasudo_ovpn_cmd() cargs.extend(command) diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py index b54790f2..0c3864b2 100644 --- a/src/leap/bitmask/vpn/launchers/linux.py +++ b/src/leap/bitmask/vpn/launchers/linux.py @@ -38,11 +38,11 @@ COM = commands flags_STANDALONE = False -class EIPNoPolkitAuthAgentAvailable(VPNLauncherException): +class NoPolkitAuthAgentAvailable(VPNLauncherException): pass -class EIPNoPkexecAvailable(VPNLauncherException): +class NoPkexecAvailable(VPNLauncherException): pass @@ -77,19 +77,19 @@ class LinuxVPNLauncher(VPNLauncher): OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT, OPENVPN_BIN_PATH) @classmethod - def get_vpn_command(kls, eipconfig, providerconfig, socket_host, + def get_vpn_command(kls, vpnconfig, providerconfig, socket_host, remotes, socket_port="unix", openvpn_verb=1): """ Returns the Linux implementation for the vpn launching command. Might raise: - EIPNoPkexecAvailable, - EIPNoPolkitAuthAgentAvailable, + NoPkexecAvailable, + NoPolkitAuthAgentAvailable, OpenVPNNotFoundException, VPNLauncherException. - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig :param socket_host: either socket path (unix) or socket IP @@ -105,7 +105,7 @@ class LinuxVPNLauncher(VPNLauncher): """ # we use `super` in order to send the class to use command = super(LinuxVPNLauncher, kls).get_vpn_command( - eipconfig, providerconfig, socket_host, socket_port, remotes, + vpnconfig, providerconfig, socket_host, socket_port, remotes, openvpn_verb) command.insert(0, force_eval(kls.BITMASK_ROOT)) @@ -113,12 +113,7 @@ class LinuxVPNLauncher(VPNLauncher): command.insert(2, "start") policyChecker = LinuxPolicyChecker() - try: - pkexec = policyChecker.maybe_pkexec() - except NoPolkitAuthAgentAvailable: - raise EIPNoPolkitAuthAgentAvailable() - except NoPkexecAvailable: - raise EIPNoPkexecAvailable() + pkexec = policyChecker.maybe_pkexec() if pkexec: command.insert(0, first(pkexec)) diff --git a/src/leap/bitmask/vpn/launchers/windows.py b/src/leap/bitmask/vpn/launchers/windows.py index bfaac2fc..bad01ee8 100644 --- a/src/leap/bitmask/vpn/launchers/windows.py +++ b/src/leap/bitmask/vpn/launchers/windows.py @@ -38,7 +38,7 @@ class WindowsVPNLauncher(VPNLauncher): # (and maybe we won't) @classmethod - def get_vpn_command(kls, eipconfig, providerconfig, socket_host, + def get_vpn_command(kls, vpnconfig, providerconfig, socket_host, socket_port="9876", openvpn_verb=1): """ Returns the Windows implementation for the vpn launching command. @@ -47,8 +47,8 @@ class WindowsVPNLauncher(VPNLauncher): OpenVPNNotFoundException, VPNLauncherException. - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig :param socket_host: either socket path (unix) or socket IP @@ -68,6 +68,6 @@ class WindowsVPNLauncher(VPNLauncher): # we use `super` in order to send the class to use command = super(WindowsVPNLauncher, kls).get_vpn_command( - eipconfig, providerconfig, socket_host, socket_port, openvpn_verb) + vpnconfig, providerconfig, socket_host, socket_port, openvpn_verb) return command diff --git a/src/leap/bitmask/vpn/manager.py b/src/leap/bitmask/vpn/manager.py index bf511b38..ba1ae7c1 100644 --- a/src/leap/bitmask/vpn/manager.py +++ b/src/leap/bitmask/vpn/manager.py @@ -23,7 +23,7 @@ import os import tempfile from ._control import VPNControl -from ._config import _TempEIPConfig, _TempProviderConfig +from ._config import _TempVPNConfig, _TempProviderConfig from .constants import IS_WIN @@ -52,12 +52,12 @@ class VPNManager(object): self._remotes = remotes - self._eipconfig = _TempEIPConfig(extra_flags, cert_path, ports) + self._vpnconfig = _TempVPNConfig(extra_flags, cert_path, ports) self._providerconfig = _TempProviderConfig(domain, ca_path) host, port = self._get_management_location() self._vpn = VPNControl(remotes=remotes, - eipconfig=self._eipconfig, + vpnconfig=self._vpnconfig, providerconfig=self._providerconfig, socket_host=host, socket_port=port) diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 097f5f8a..b30c5fc7 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -38,10 +38,14 @@ flags_STANDALONE = False def install_helpers(): + # TODO check if the command has succeeded, and display error + # if failed commands.getoutput('pkexec bitmask_helpers install') def uninstall_helpers(): + # TODO check if the command has succeeded, and display error + # if failed commands.getoutput('pkexec bitmask_helpers uninstall') @@ -149,11 +153,11 @@ class LinuxPolicyChecker(PolicyChecker): raise Exception("We couldn't find pkexec") return pkexec_possibilities else: - logger.warning("No polkit auth agent found. pkexec " + - "will use its own auth agent.") + logger.warn("No polkit auth agent found. pkexec " + + "will use its own auth agent.") raise NoPolkitAuthAgentAvailable() else: - logger.warning("System has no pkexec") + logger.warn("System has no pkexec") raise NoPkexecAvailable() @classmethod diff --git a/src/leap/bitmask/vpn/process.py b/src/leap/bitmask/vpn/process.py index c2941d01..533a45cf 100644 --- a/src/leap/bitmask/vpn/process.py +++ b/src/leap/bitmask/vpn/process.py @@ -57,13 +57,13 @@ class VPNProcess(protocol.ProcessProtocol, _management.VPNManagement): programmatically. """ - # TODO do we really need the eipconfig/providerconfig objects in here??? + # TODO do we really need the vpnconfig/providerconfig objects in here??? - def __init__(self, eipconfig, providerconfig, socket_host, socket_port, + def __init__(self, vpnconfig, providerconfig, socket_host, socket_port, openvpn_verb, remotes, restartfun=None): """ - :param eipconfig: eip configuration object - :type eipconfig: EIPConfig + :param vpnconfig: vpn configuration object + :type vpnconfig: VPNConfig :param providerconfig: provider specific configuration :type providerconfig: ProviderConfig @@ -81,7 +81,7 @@ class VPNProcess(protocol.ProcessProtocol, _management.VPNManagement): """ _management.VPNManagement.__init__(self) - self._eipconfig = eipconfig + self._vpnconfig = vpnconfig self._providerconfig = providerconfig self._socket_host = socket_host self._socket_port = socket_port @@ -201,7 +201,7 @@ class VPNProcess(protocol.ProcessProtocol, _management.VPNManagement): :rtype: list of str """ command = self._launcher.get_vpn_command( - eipconfig=self._eipconfig, + vpnconfig=self._vpnconfig, providerconfig=self._providerconfig, socket_host=self._socket_host, socket_port=self._socket_port, @@ -224,7 +224,7 @@ class VPNProcess(protocol.ProcessProtocol, _management.VPNManagement): :rtype: list """ gateways_ports = self._launcher.get_gateways( - self._eipconfig, self._providerconfig) + self._vpnconfig, self._providerconfig) # filter out ports since we don't need that info return [gateway for gateway, port in gateways_ports] diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index bbde1044..10818ed7 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -17,7 +17,7 @@ # along with this program. If not, see . """ -EIP service declaration. +VPN service declaration. """ import os @@ -25,8 +25,8 @@ import os from twisted.internet import defer from leap.bitmask.hooks import HookableService -from leap.bitmask.vpn.eip import EIPManager -from leap.bitmask.vpn._checks import is_service_ready, get_eip_cert_path +from leap.bitmask.vpn.vpn import VPNManager +from leap.bitmask.vpn._checks import is_service_ready, get_vpn_cert_path from leap.bitmask.vpn._config import get_bitmask_helper_path from leap.bitmask.vpn._config import get_bitmask_polkit_policy_path from leap.bitmask.vpn import privilege @@ -34,18 +34,19 @@ from leap.common.config import get_path_prefix from leap.common.files import check_and_fix_urw_only -class EIPService(HookableService): +class VPNService(HookableService): - name = 'eip' + name = 'vpn' def __init__(self, basepath=None): """ - Initialize EIP service + Initialize VPN service """ - super(EIPService, self).__init__() + super(VPNService, self).__init__() self._started = False - self._eip = None + self._vpn = None + self._domain = '' if basepath is None: self._basepath = get_path_prefix() @@ -53,36 +54,39 @@ class EIPService(HookableService): self._basepath = basepath def startService(self): - print "Starting EIP Service..." + print "Starting VPN Service..." # TODO this could trigger a check for validity of the certificates, # etc. - super(EIPService, self).startService() + super(VPNService, self).startService() def stopService(self): - print "Stopping EIP Service..." - super(EIPService, self).stopService() + print "Stopping VPN Service..." + super(VPNService, self).stopService() def start_vpn(self, domain): + # TODO check if the VPN is started and return an error if it is. self._setup(domain) - self._eip.start() + self._vpn.start() self._started = True + self._domain = domain return {'result': 'started'} def stop_vpn(self): if self._started: - self._eip.stop() + self._vpn.stop() self._started = False return {'result': 'stopped'} def do_status(self): - if self._eip: - status = self._eip.get_status() + if self._vpn: + status = self._vpn.get_status() else: - status = {'EIP': 'OFF'} + status = {'VPN': 'OFF'} + status['domain'] = self._domain return status def do_check(self): - """Check whether the EIP Service is properly configured, + """Check whether the VPN Service is properly configured, and can be started""" # TODO either pass a provider, or set a given provider _ready = is_service_ready('demo.bitmask.net') @@ -90,7 +94,7 @@ class EIPService(HookableService): result = 'ok' else: result = 'no' - return {'eip_ready': result} + return {'vpn_ready': result} @defer.inlineCallbacks def do_get_cert(self, provider): @@ -98,7 +102,7 @@ class EIPService(HookableService): bonafide = self.parent.getServiceNamed("bonafide") _, cert_str = yield bonafide.do_get_vpn_cert() - cert_path = get_eip_cert_path(provider) + cert_path = get_vpn_cert_path(provider) cert_dir = os.path.dirname(cert_path) if not os.path.exists(cert_dir): os.makedirs(cert_dir, mode=0700) @@ -116,7 +120,7 @@ class EIPService(HookableService): return {'uninstall': 'ok'} def _setup(self, provider): - """Set up EIPManager for a specified provider. + """Set up VPNManager for a specified provider. :param provider: the provider to use, e.g. 'demo.bitmask.net' :type provider: str""" @@ -134,7 +138,7 @@ class EIPService(HookableService): ca_path = prefix + "/ca/cacert.pem" # FIXME - # XXX picked manually from eip-service.json + # XXX picked manually from vpn-service.json extra_flags = { "auth": "SHA1", "cipher": "AES-128-CBC", @@ -142,5 +146,5 @@ class EIPService(HookableService): "tls-cipher": "DHE-RSA-AES128-SHA", } - self._eip = EIPManager(remotes, cert_path, key_path, ca_path, + self._vpn = VPNManager(remotes, cert_path, key_path, ca_path, extra_flags) diff --git a/src/leap/bitmask/vpn/vpn.py b/src/leap/bitmask/vpn/vpn.py new file mode 100644 index 00000000..94fee8b5 --- /dev/null +++ b/src/leap/bitmask/vpn/vpn.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# cli.py +# Copyright (C) 2015 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from colorama import Fore + +from leap.bitmask.vpn.manager import VPNManager +from leap.bitmask.vpn.fw.firewall import FirewallManager + + +class VPNManager(object): + + def __init__(self, remotes, cert, key, ca, flags): + + self._vpn = VPNManager( + remotes, cert, key, ca, flags) + self._firewall = FirewallManager(remotes) + + def start(self): + print(Fore.BLUE + "Firewall: starting..." + Fore.RESET) + fw_ok = self._firewall.start() + if not fw_ok: + print(Fore.RED + "Firewall: problem!") + return False + + print(Fore.GREEN + "Firewall: started" + Fore.RESET) + + vpn_ok = self._vpn.start() + if not vpn_ok: + print (Fore.RED + "VPN: Error starting." + Fore.RESET) + self._firewall.stop() + print(Fore.GREEN + "Firewall: stopped." + Fore.RESET) + return False + + print(Fore.GREEN + "VPN: started" + Fore.RESET) + + def stop(self): + print(Fore.BLUE + "Firewall: stopping..." + Fore.RESET) + fw_ok = self._firewall.stop() + + if not fw_ok: + print (Fore.RED + "Firewall: Error stopping." + Fore.RESET) + return False + + print(Fore.GREEN + "Firewall: stopped." + Fore.RESET) + print(Fore.BLUE + "VPN: stopping..." + Fore.RESET) + + vpn_ok = self._vpn.stop() + if not vpn_ok: + print (Fore.RED + "VPN: Error stopping." + Fore.RESET) + return False + + print(Fore.GREEN + "VPN: stopped." + Fore.RESET) + return True + + def get_status(self): + vpn_status = self._vpn.status + # TODO use firewall.is_up instead + fw_status = self._firewall.status + + result = {'VPN': vpn_status, + 'firewall': fw_status} + if vpn_status == 'CONNECTED': + traffic = self._vpn.traffic_status + result['↑↑↑'] = traffic['up'] + result['↓↓↓'] = traffic['down'] + return result -- cgit v1.2.3