1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# cli.py
# Copyright (C) 2015 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from colorama import Fore
from leap.bitmask.util import merge_status
from leap.bitmask.vpn.fw.firewall import FirewallManager
from leap.bitmask.vpn.tunnel import VPNTunnel
# TODO further refactor pending: merge with VPNService?
class TunnelManager(object):
"""
A TunnelManager controls a VPNTunnel and the Firewall
"""
def __init__(self, provider, remotes, cert, key, ca, flags):
self._vpntunnel = VPNTunnel(
provider, remotes, cert, key, ca, flags)
self._firewall = FirewallManager(remotes)
self.starting = False
def start(self):
# TODO we should have some way of switching this flag to False
# other than parsing the result of the status command.
self.starting = True
print(Fore.BLUE + "Firewall: starting..." + Fore.RESET)
fw_ok = self._firewall.start()
if not fw_ok:
print(Fore.RED + "Firewall: problem!")
self.starting = False
return False
print(Fore.GREEN + "Firewall: started" + Fore.RESET)
try:
vpn_ok = self._vpntunnel.start()
except Exception:
self.starting = False
return False
if not vpn_ok:
print (Fore.RED + "VPN: Error starting." + Fore.RESET)
self._firewall.stop()
print(Fore.GREEN + "Firewall: stopped." + Fore.RESET)
self.starting = False
return False
print(Fore.GREEN + "VPN: started" + Fore.RESET)
return True
def stop(self):
self.starting = False
print(Fore.BLUE + "Firewall: stopping..." + Fore.RESET)
fw_ok = self._firewall.stop()
if not fw_ok:
print (Fore.RED + "Firewall: Error stopping." + Fore.RESET)
return False
print(Fore.GREEN + "Firewall: stopped." + Fore.RESET)
print(Fore.BLUE + "VPN: stopping..." + Fore.RESET)
vpn_ok = self._vpntunnel.stop()
if not vpn_ok:
print (Fore.RED + "VPN: Error stopping." + Fore.RESET)
return False
print(Fore.GREEN + "VPN: stopped." + Fore.RESET)
return True
def stop_firewall(self):
self._firewall.stop()
def is_firewall_up(self):
return self._firewall.is_up()
def get_status(self):
childrenStatus = {
"vpn": self._vpntunnel.status,
"firewall": self._firewall.status
}
if self.starting:
# XXX small correction to the merge: if we are starting fw+vpn,
# we report vpn as starting so that is consistent with the ui or
# cli action. this state propagates from the parent
# object to the vpn child, and we revert it when we reach
# the 'on' state. this needs to be revisited in the formal state
# machine, and mainly needs a way of setting that state directly
# and resetting the 'starting' flag without resorting to hijack
# this command.
vpnstatus = childrenStatus['vpn']['status']
if vpnstatus == 'off':
childrenStatus['vpn']['status'] = 'starting'
if vpnstatus == 'on':
self.starting = False
return merge_status(childrenStatus)
|
