summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-05-08 10:41:55 -0500
committerKali Kaneko <kali@leap.se>2014-05-12 11:25:29 -0500
commit745ae7f55836ff331d9176b52cc98df451a3c2ef (patch)
tree837b6756dbc12da22857ad4c28a91dcc79739967
parentd68e35c611638a57bbda99665f9685e5ae6fcd23 (diff)
change paths for installing the latest helpers
-rwxr-xr-xpkg/linux/bitmask-root21
-rw-r--r--src/leap/bitmask/platform_init/initializers.py9
-rw-r--r--src/leap/bitmask/services/eip/linuxvpnlauncher.py83
-rw-r--r--src/leap/bitmask/util/privilege_policies.py82
4 files changed, 71 insertions, 124 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 78503af9..6942b99b 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -57,10 +57,12 @@ BITMASK_CHAIN = "bitmask"
IP = "/bin/ip"
IPTABLES = "/sbin/iptables"
IP6TABLES = "/sbin/ip6tables"
-RESOLVCONF = "/sbin/resolvconf"
+
+RESOLVCONF_SYSTEM_BIN = "/sbin/resolvconf"
+RESOLVCONF_LEAP_BIN = "/usr/local/sbin/leap-resolvconf"
+
OPENVPN_USER = "nobody"
OPENVPN_GROUP = "nogroup"
-
LEAPOPENVPN = "LEAPOPENVPN"
OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location
OPENVPN_LEAP_BIN = "/usr/sbin/leap-openvpn" # installed by bundle
@@ -513,6 +515,21 @@ def openvpn_stop(args):
##
+def get_resolvconf_bin():
+ """
+ Return the path for either the system resolvconf or the one the
+ bundle has put there.
+ """
+ if os.path.isfile(RESOLVCONF_SYSTEM_BIN):
+ return RESOLVCONF_SYSTEM_BIN
+
+ # the bundle option should be removed from the debian package.
+ if os.path.isfile(RESOLVCONF_LEAP_BIN):
+ return RESOLVCONF_LEAP_BIN
+
+RESOLVCONF = get_resolvconf_bin()
+
+
class NameserverSetter(Daemon):
"""
A daemon that will add leap nameserver inside the tunnel
diff --git a/src/leap/bitmask/platform_init/initializers.py b/src/leap/bitmask/platform_init/initializers.py
index d93efbc6..f2710c58 100644
--- a/src/leap/bitmask/platform_init/initializers.py
+++ b/src/leap/bitmask/platform_init/initializers.py
@@ -366,15 +366,8 @@ def _linux_install_missing_scripts(badexec, notfound):
fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")
polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")
try:
- path = launcher.OPENVPN_BIN_PATH
- policy_contents = privilege_policies.get_policy_contents(path)
-
- with os.fdopen(polfd, 'w') as f:
- f.write(policy_contents)
-
pkexec = first(launcher.maybe_pkexec())
- scriptlines = launcher.cmd_for_missing_scripts(installer_path,
- pol_tempfile)
+ scriptlines = launcher.cmd_for_missing_scripts(installer_path)
with os.fdopen(fd, 'w') as f:
f.write(scriptlines)
diff --git a/src/leap/bitmask/services/eip/linuxvpnlauncher.py b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
index 6d54c27b..9e6176cb 100644
--- a/src/leap/bitmask/services/eip/linuxvpnlauncher.py
+++ b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
@@ -25,7 +25,6 @@ import sys
import time
from leap.bitmask.config import flags
-from leap.bitmask.util import privilege_policies
from leap.bitmask.util.privilege_policies import LinuxPolicyChecker
from leap.common.files import which
from leap.bitmask.services.eip.vpnlauncher import VPNLauncher
@@ -111,8 +110,15 @@ class LinuxVPNLauncher(VPNLauncher):
POLKIT_PATH = LinuxPolicyChecker.get_polkit_path()
+ if flags.STANDALONE:
+ RESOLVCONF_BIN_PATH = "/usr/local/sbin/leap-resolvconf"
+ else:
+ # this only will work with debian/ubuntu distros.
+ RESOLVCONF_BIN_PATH = "/sbin/resolvconf"
+
# XXX openvpn binary TOO
- OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT)
+ OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT, OPENVPN_BIN_PATH,
+ RESOLVCONF_BIN_PATH)
@classmethod
def maybe_pkexec(kls):
@@ -144,27 +150,20 @@ class LinuxVPNLauncher(VPNLauncher):
logger.warning("System has no pkexec")
raise EIPNoPkexecAvailable()
- @classmethod
- def missing_other_files(kls):
- """
- 'Extend' the VPNLauncher's missing_other_files to check if the polkit
- files is outdated, in the case of an standalone bundle.
- If the polkit file that is in OTHER_FILES exists but is not up to date,
- it is added to the missing list.
-
- :returns: a list of missing files
- :rtype: list of str
- """
+ #@classmethod
+ #def missing_other_files(kls):
+ #"""
+ #'Extend' the VPNLauncher's missing_other_files to check if the polkit
+ #files is outdated, in the case of an standalone bundle.
+ #If the polkit file that is in OTHER_FILES exists but is not up to date,
+ #it is added to the missing list.
+#
+ #:returns: a list of missing files
+ #:rtype: list of str
+ #"""
# we use `super` in order to send the class to use
- missing = super(LinuxVPNLauncher, kls).missing_other_files()
-
- if flags.STANDALONE:
- polkit_file = LinuxPolicyChecker.get_polkit_path()
- if polkit_file not in missing:
- if privilege_policies.is_policy_outdated(kls.OPENVPN_BIN_PATH):
- missing.append(polkit_file)
-
- return missing
+ #missing = super(LinuxVPNLauncher, kls).missing_other_files()
+ #return missing
@classmethod
def get_vpn_command(kls, eipconfig, providerconfig, socket_host,
@@ -208,30 +207,44 @@ class LinuxVPNLauncher(VPNLauncher):
return command
@classmethod
- def cmd_for_missing_scripts(kls, frompath, pol_file):
+ def cmd_for_missing_scripts(kls, frompath):
"""
Returns a sh script that can copy the missing files.
- :param frompath: The path where the up/down scripts live
+ :param frompath: The path where the helper files live
:type frompath: str
- :param pol_file: The path where the dynamically generated
- policy file lives
- :type pol_file: str
:rtype: str
"""
- to = kls.SYSTEM_CONFIG
+ # no system config for now
+ # sys_config = kls.SYSTEM_CONFIG
+ (polkit_file, openvpn_bin_file,
+ bitmask_root_file, resolvconf_bin_file) = map(
+ lambda p: os.path.split(p)[-1],
+ (kls.POLKIT_PATH, kls.OPENVPN_BIN_PATH,
+ kls.BITMASK_ROOT, kls.RESOLVCONF_BIN_PATH))
cmd = '#!/bin/sh\n'
- cmd += 'mkdir -p "%s"\n' % (to, )
- cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.UPDOWN_FILE, to)
- cmd += 'ln -f %s/%s %s/%s\n' % (to, kls.UPDOWN_FILE, to, kls.UP_FILE)
- cmd += 'ln -f %s/%s %s/%s\n' % (to, kls.UPDOWN_FILE, to, kls.DOWN_FILE)
- cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.RESOLVCONF_FILE, to)
- cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.RESOLV_UDATE_FILE, to)
- cmd += 'cp "%s" "%s"\n' % (pol_file, kls.POLKIT_PATH)
+ cmd += 'mkdir -p /usr/local/sbin\n'
+
+ cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, polkit_file),
+ kls.POLKIT_PATH)
cmd += 'chmod 644 "%s"\n' % (kls.POLKIT_PATH, )
+ cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, bitmask_root_file),
+ kls.BITMASK_ROOT)
+ cmd += 'chmod 744 "%s"\n' % (kls.BITMASK_ROOT, )
+
+ if flags.STANDALONE:
+ cmd += 'cp "%s" "%s"\n' % (
+ os.path.join(frompath, openvpn_bin_file),
+ kls.OPENVPN_BIN_PATH)
+ cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
+
+ cmd += 'cp "%s" "%s"\n' % (
+ os.path.join(frompath, resolvconf_bin_file),
+ kls.RESOLVCONF_BIN_PATH)
+ cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
return cmd
@classmethod
diff --git a/src/leap/bitmask/util/privilege_policies.py b/src/leap/bitmask/util/privilege_policies.py
index 72442553..9d1e2c9a 100644
--- a/src/leap/bitmask/util/privilege_policies.py
+++ b/src/leap/bitmask/util/privilege_policies.py
@@ -27,35 +27,6 @@ from abc import ABCMeta, abstractmethod
logger = logging.getLogger(__name__)
-POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
-<policyconfig>
-
- <vendor>LEAP Project</vendor>
- <vendor_url>https://leap.se/</vendor_url>
-
- <action id="net.openvpn.gui.leap.run-openvpn">
- <description>Runs the openvpn binary</description>
- <description xml:lang="es">Ejecuta el binario openvpn</description>
- <message>OpenVPN needs that you authenticate to start</message>
- <message xml:lang="es">
- OpenVPN necesita autorizacion para comenzar
- </message>
- <icon_name>package-x-generic</icon_name>
- <defaults>
- <allow_any>yes</allow_any>
- <allow_inactive>yes</allow_inactive>
- <allow_active>yes</allow_active>
- </defaults>
- <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
- <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
- </action>
-</policyconfig>
-"""
-
-
def is_missing_policy_permissions():
"""
Returns True if we do not have implemented a policy checker for this
@@ -76,36 +47,6 @@ def is_missing_policy_permissions():
return policy_checker().is_missing_policy_permissions()
-def get_policy_contents(openvpn_path):
- """
- Returns the contents that the policy file should have.
-
- :param openvpn_path: the openvpn path to use in the polkit file
- :type openvpn_path: str
- :rtype: str
- """
- return POLICY_TEMPLATE.format(path=openvpn_path)
-
-
-def is_policy_outdated(path):
- """
- Returns if the existing polkit file is outdated, comparing if the path
- is correct.
-
- :param path: the path that should have the polkit file.
- :type path: str.
- :rtype: bool
- """
- _system = platform.system()
- platform_checker = _system + "PolicyChecker"
- policy_checker = globals().get(platform_checker, None)
- if policy_checker is None:
- logger.debug("we could not find a policy checker implementation "
- "for %s" % (_system,))
- return False
- return policy_checker().is_outdated(path)
-
-
class PolicyChecker:
"""
Abstract PolicyChecker class
@@ -129,7 +70,7 @@ class LinuxPolicyChecker(PolicyChecker):
PolicyChecker for Linux
"""
LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/"
- "net.openvpn.gui.leap.policy")
+ "se.leap.bitmask.policy")
@classmethod
def get_polkit_path(self):
@@ -141,6 +82,8 @@ class LinuxPolicyChecker(PolicyChecker):
return self.LINUX_POLKIT_FILE
def is_missing_policy_permissions(self):
+ # FIXME this name is quite confusing, it does not have anything to do with
+ # file permissions.
"""
Returns True if we could not find the appropriate policykit file
in place
@@ -148,22 +91,3 @@ class LinuxPolicyChecker(PolicyChecker):
:rtype: bool
"""
return not os.path.isfile(self.LINUX_POLKIT_FILE)
-
- def is_outdated(self, path):
- """
- Returns if the existing polkit file is outdated, comparing if the path
- is correct.
-
- :param path: the path that should have the polkit file.
- :type path: str.
- :rtype: bool
- """
- polkit = None
- try:
- with open(self.LINUX_POLKIT_FILE) as f:
- polkit = f.read()
- except IOError, e:
- logger.error("Error reading polkit file(%s): %r" % (
- self.LINUX_POLKIT_FILE, e))
-
- return get_policy_contents(path) != polkit