From 36b0dfacca794e9cb899b5dde2dae3b8bbc6cc43 Mon Sep 17 00:00:00 2001 From: kali Date: Tue, 7 Aug 2012 04:14:06 +0900 Subject: build default provider openvpn config. preparation for completion of #356, #355, #354, #182 if no default openvpn config is present, we build one with a preset template and the remote_ip of the eip service as the only input. right now we're taking it from the eip.cfg file. --- src/leap/app.py | 4 +- src/leap/baseapp/mainwindow.py | 8 +-- src/leap/eip/conductor.py | 58 +++++++++++----- src/leap/eip/config.py | 149 ++++++++++++++++++++++++++++++++++++++--- src/leap/eip/vpnmanager.py | 3 +- 5 files changed, 191 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/leap/app.py b/src/leap/app.py index 186eb048..db48701b 100644 --- a/src/leap/app.py +++ b/src/leap/app.py @@ -6,6 +6,7 @@ from PyQt4.QtGui import (QApplication, QSystemTrayIcon, QMessageBox) from leap.baseapp.mainwindow import LeapWindow +logging.basicConfig() logger = logging.getLogger(name=__name__) @@ -21,7 +22,8 @@ def main(): #XXX get debug level and set logger accordingly if debug: - logger.debug('args: ', opts) + logger.setLevel('DEBUG') + logger.debug('args: %s' % opts) app = QApplication(sys.argv) diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py index 0e2f4e1d..d5251a5c 100644 --- a/src/leap/baseapp/mainwindow.py +++ b/src/leap/baseapp/mainwindow.py @@ -75,7 +75,7 @@ class LeapWindow(QMainWindow): status_signals=(self.statusChange.emit, ), debug=self.debugmode) - print('debugmode:%s' % self.debugmode) + #print('debugmode:%s' % self.debugmode) if self.conductor.missing_auth_agent is True: dialog = ErrorDialog() @@ -310,11 +310,11 @@ technolust") updating icon, status bar, etc. """ - print('STATUS CHANGED! (on Qt-land)') - print('%s -> %s' % (status.previous, status.current)) + #print('STATUS CHANGED! (on Qt-land)') + #print('%s -> %s' % (status.previous, status.current)) icon_name = self.conductor.get_icon_name() self.setIcon(icon_name) - print 'icon = ', icon_name + #print 'icon = ', icon_name # change connection pixmap widget self.setConnWidget(icon_name) diff --git a/src/leap/eip/conductor.py b/src/leap/eip/conductor.py index 7b927143..243f1fde 100644 --- a/src/leap/eip/conductor.py +++ b/src/leap/eip/conductor.py @@ -5,12 +5,15 @@ from __future__ import (division, unicode_literals, print_function) #import threading from functools import partial import logging +import os from leap.util.coroutines import spawn_and_watch_process from leap.eip.config import (get_config, build_ovpn_command, - EIPNoPkexecAvailable, EIPNoPolkitAuthAgentAvailable) + check_or_create_default_vpnconf, + EIPNoPkexecAvailable, + EIPNoPolkitAuthAgentAvailable) from leap.eip.vpnwatcher import EIPConnectionStatus, status_watcher from leap.eip.vpnmanager import OpenVPNManager, ConnectionRefusedError @@ -51,6 +54,10 @@ class UnrecoverableError(EIPClientError): # to user-friendly msg in dialog. pass +# +# Openvpn related classes +# + class OpenVPNConnection(object): """ @@ -76,7 +83,7 @@ to be triggered for each one of them. # XXX get host/port from config self.manager = OpenVPNManager() self.debug = debug - print('conductor:%s' % debug) + #print('conductor:%s' % debug) self.config_file = config_file self.watcher_cb = watcher_cb @@ -97,23 +104,20 @@ to be triggered for each one of them. self.autostart = True self._get_or_create_config() - def _get_or_create_config(self): - """ - retrieves the config options from defaults or - home file, or config file passed in command line. - populates command and args to be passed to subprocess. - """ - config = get_config(config_file=self.config_file) - self.config = config - + def _set_autostart(self): + config = self.config if config.has_option('openvpn', 'autostart'): - autostart = config.getboolean('openvpn', 'autostart') + autostart = config.getboolean('openvpn', + 'autostart') self.autostart = autostart else: if config.has_option('DEFAULT', 'autostart'): - autostart = config.getboolean('DEFAULT', 'autostart') + autostart = config.getboolean('DEFAULT', + 'autostart') self.autostart = autostart + def _set_ovpn_command(self): + config = self.config if config.has_option('openvpn', 'command'): commandline = config.get('openvpn', 'command') @@ -124,7 +128,6 @@ to be triggered for each one of them. else: args = [] - # XXX CALL BUILD COMMAND self.command = command self.args = args else: @@ -144,6 +147,29 @@ to be triggered for each one of them. self.command = command self.args = args + def _check_ovpn_config(self): + """ + checks if there is a default openvpn config. + if not, it writes one with info from the provider + definition file + """ + # TODO + # - get --with-openvpn-config from opts + check_or_create_default_vpnconf(self.config) + + def _get_or_create_config(self): + """ + retrieves the config options from defaults or + home file, or config file passed in command line. + populates command and args to be passed to subprocess. + """ + config = get_config(config_file=self.config_file) + self.config = config + + self._set_autostart() + self._set_ovpn_command() + self._check_ovpn_config() + def _launch_openvpn(self): """ invocation of openvpn binaries in a subprocess. @@ -167,8 +193,8 @@ to be triggered for each one of them. self.subp = subp self.watcher = watcher - conn_result = self.status.CONNECTED - return conn_result + #conn_result = self.status.CONNECTED + #return conn_result def _try_connection(self): """ diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index f0cf1d86..9af6f57a 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -9,6 +9,7 @@ from leap.baseapp.permcheck import (is_pkexec_in_system, is_auth_agent_running) logger = logging.getLogger(name=__name__) +logger.setLevel('DEBUG') class EIPNoPkexecAvailable(Exception): @@ -19,6 +20,129 @@ class EIPNoPolkitAuthAgentAvailable(Exception): pass +OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard +remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT} + +client +dev tun +persist-tun +persist-key +proto udp +tls-client +remote-cert-tls server + +cert {LEAP_EIP_KEYS} +key {LEAP_EIP_KEYS} +ca {LEAP_EIP_KEYS} +""" + + +def get_config_dir(): + """ + get the base dir for all leap config + @rparam: config path + @rtype: string + """ + # TODO + # check for $XDG_CONFIG_HOME var? + # get a more sensible path for win/mac + # kclair: opinion? ^^ + return os.path.expanduser( + os.path.join('~', + '.config', + 'leap')) + + +def get_config_file(filename, folder=None): + """ + concatenates the given filename + with leap config dir. + @param filename: name of the file + @type filename: string + @rparam: full path to config file + """ + path = [] + path.append(get_config_dir()) + if folder is not None: + path.append(folder) + path.append(filename) + return os.path.join(*path) + + +def get_default_provider_path(): + default_subpath = os.path.join("providers", + "default") + default_provider_path = get_config_file( + '', + folder=default_subpath) + return default_provider_path + + +def check_or_create_default_vpnconf(config): + """ + checks that a vpn config file + exists for a default provider, + or creates one if it does not. + ATM REQURES A [provider] section in + eip.cfg with _at least_ a remote_ip value + """ + default_provider_path = get_default_provider_path() + + if not os.path.isdir(default_provider_path): + mkdir_p(default_provider_path) + + conf_file = get_config_file( + 'openvpn.conf', + folder=default_provider_path) + + if os.path.isfile(conf_file): + return + else: + logger.debug( + 'missing default openvpn config\n' + 'creating one...') + + # We're getting provider from eip.cfg + # by now. Get it from a list of gateways + # instead. + + remote_ip = config.get('provider', + 'remote_ip') + + # XXX check that IT LOOKS LIKE AN IP!!! + if config.has_option('provider', 'remote_port'): + remote_port = config.get('provider', + 'remote_port') + else: + remote_port = 1194 + + default_subpath = os.path.join("providers", + "default") + default_provider_path = get_config_file( + '', + folder=default_subpath) + + if not os.path.isdir(default_provider_path): + mkdir_p(default_provider_path) + + conf_file = get_config_file( + 'openvpn.conf', + folder=default_provider_path) + + # XXX keys have to be manually placed by now + keys_file = get_config_file( + 'openvpn.keys', + folder=default_provider_path) + + ovpn_config = OPENVPN_CONFIG_TEMPLATE.format( + VPN_REMOTE_HOST=remote_ip, + VPN_REMOTE_PORT=remote_port, + LEAP_EIP_KEYS=keys_file) + + with open(conf_file, 'wb') as f: + f.write(ovpn_config) + + def build_ovpn_options(daemon=False): """ build a list of options @@ -41,8 +165,10 @@ def build_ovpn_options(daemon=False): group = grp.getgrgid(gid).gr_name opts = [] - opts.append('--persist-tun') - opts.append('--persist-key') + + #moved to config files + #opts.append('--persist-tun') + #opts.append('--persist-key') # set user and group opts.append('--user') @@ -69,19 +195,25 @@ def build_ovpn_options(daemon=False): # XXX which is a good choice? opts.append('7777') - # remaining config options, in a file + # remaining config options will go in a file + # NOTE: we will build this file from # the service definition file. - ovpncnf = os.path.expanduser( - '~/.config/leap/openvpn.conf') + # XXX override from --with-openvpn-config + opts.append('--config') + + default_provider_path = get_default_provider_path() + ovpncnf = get_config_file( + 'openvpn.conf', + folder=default_provider_path) opts.append(ovpncnf) # we cannot run in daemon mode # with the current subp setting. # see: https://leap.se/code/issues/383 #if daemon is True: - # opts.append('--daemon') + #opts.append('--daemon') return opts @@ -192,8 +324,7 @@ def get_config(config_file=None): config = ConfigParser.ConfigParser(defaults) if not config_file: - fpath = os.path.expanduser( - '~/.config/leap/eip.cfg') + fpath = get_config_file('eip.cfg') if not os.path.isfile(fpath): dpath, cfile = os.path.split(fpath) if not os.path.isdir(dpath): @@ -203,7 +334,6 @@ def get_config(config_file=None): config_file = open(fpath) #TODO - # - get a more sensible path for win/mac # - convert config_file to list; # look in places like /etc/leap/eip.cfg # for global settings. @@ -211,6 +341,7 @@ def get_config(config_file=None): # at this point, the file should exist. # errors would have been raised above. + config.readfp(config_file) return config diff --git a/src/leap/eip/vpnmanager.py b/src/leap/eip/vpnmanager.py index 78777cfb..caf7ab76 100644 --- a/src/leap/eip/vpnmanager.py +++ b/src/leap/eip/vpnmanager.py @@ -6,6 +6,7 @@ import telnetlib import time logger = logging.getLogger(name=__name__) +logger.setLevel('DEBUG') TELNET_PORT = 23 @@ -74,7 +75,7 @@ class OpenVPNManager(object): self.with_errors = False def forget_errors(self): - print('forgetting errors') + logger.debug('forgetting errors') self.with_errors = False def connect(self): -- cgit v1.2.3