1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
from os import remove, chmod, access, R_OK
from shutil import copyfile
from hashlib import sha512
import os.path
import sys
from leap.bitmask.vpn.constants import IS_LINUX, IS_MAC
from leap.bitmask.vpn import _config
from leap.bitmask.util import STANDALONE
if IS_LINUX:
from leap.bitmask.vpn.constants import BITMASK_ROOT_SYSTEM
from leap.bitmask.vpn.constants import BITMASK_ROOT_LOCAL
from leap.bitmask.vpn.constants import OPENVPN_SYSTEM, OPENVPN_LOCAL
from leap.bitmask.vpn.constants import POLKIT_SYSTEM, POLKIT_LOCAL
from leap.bitmask.vpn.privilege import is_pkexec_in_system
from leap.bitmask.vpn.privilege import LinuxPolicyChecker
def install():
helper_from = _config.get_bitmask_helper_path()
polkit_from = _config.get_bitmask_polkit_policy_path()
openvpn_from = _config.get_bitmask_openvpn_path()
sbin = '/usr/local/sbin'
if not os.path.isdir(sbin):
os.makedirs(sbin)
copyfile(helper_from, BITMASK_ROOT_LOCAL)
chmod(BITMASK_ROOT_LOCAL, 0744)
copyfile(polkit_from, POLKIT_LOCAL)
if STANDALONE:
copyfile(openvpn_from, OPENVPN_LOCAL)
chmod(OPENVPN_LOCAL, 0744)
def uninstall():
remove(BITMASK_ROOT_LOCAL)
remove(POLKIT_LOCAL)
remove(OPENVPN_LOCAL)
def privcheck(timeout=5):
has_pkexec = is_pkexec_in_system()
running = LinuxPolicyChecker.is_up()
if not running:
try:
LinuxPolicyChecker.get_usable_pkexec(timeout=timeout)
running = LinuxPolicyChecker.is_up()
except Exception:
running = False
return has_pkexec and running
def check():
helper = _is_up_to_date(_config.get_bitmask_helper_path(),
BITMASK_ROOT_LOCAL,
BITMASK_ROOT_SYSTEM)
polkit = _is_up_to_date(_config.get_bitmask_polkit_policy_path(),
POLKIT_LOCAL,
POLKIT_SYSTEM)
openvpn = (os.path.exists(OPENVPN_SYSTEM) or
_is_up_to_date(_config.get_bitmask_openvpn_path(),
OPENVPN_LOCAL, ""))
return helper and polkit and openvpn
def _is_up_to_date(src, local, system):
if src is None or not access(src, R_OK):
return True
src_digest = digest(src)
if access(system, R_OK) and src_digest == digest(system):
return True
if access(local, R_OK) and src_digest == digest(local):
return True
return False
elif IS_MAC:
def check():
# XXX check if bitmask-helper is running
return True
def privcheck():
return True
def digest(path):
with open(path, 'r') as f:
s = f.read()
return sha512(s).digest()
def main():
if sys.argv[-1] == 'install':
install()
if sys.argv[-1] == 'uninstall':
uninstall()
if __name__ == "__main__":
main()
|