change paths for installing the latest helpers

4 files changed, 71 insertions, 124 deletions

diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 78503af9..6942b99b 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -57,10 +57,12 @@ BITMASK_CHAIN = "bitmask"
 IP = "/bin/ip"
 IPTABLES = "/sbin/iptables"
 IP6TABLES = "/sbin/ip6tables"
-RESOLVCONF = "/sbin/resolvconf"
+
+RESOLVCONF_SYSTEM_BIN = "/sbin/resolvconf"
+RESOLVCONF_LEAP_BIN = "/usr/local/sbin/leap-resolvconf"
+
 OPENVPN_USER = "nobody"
 OPENVPN_GROUP = "nogroup"
-
 LEAPOPENVPN = "LEAPOPENVPN"
 OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn"  # Debian location
 OPENVPN_LEAP_BIN = "/usr/sbin/leap-openvpn"  # installed by bundle
@@ -513,6 +515,21 @@ def openvpn_stop(args):
 ##
 
 
+def get_resolvconf_bin():
+    """
+    Return the path for either the system resolvconf or the one the
+    bundle has put there.
+    """
+    if os.path.isfile(RESOLVCONF_SYSTEM_BIN):
+        return RESOLVCONF_SYSTEM_BIN
+
+    # the bundle option should be removed from the debian package.
+    if os.path.isfile(RESOLVCONF_LEAP_BIN):
+        return RESOLVCONF_LEAP_BIN
+
+RESOLVCONF = get_resolvconf_bin()
+
+
 class NameserverSetter(Daemon):
     """
     A daemon that will add leap nameserver inside the tunnel
diff --git a/src/leap/bitmask/platform_init/initializers.py b/src/leap/bitmask/platform_init/initializers.py
index d93efbc6..f2710c58 100644
--- a/src/leap/bitmask/platform_init/initializers.py
+++ b/src/leap/bitmask/platform_init/initializers.py
@@ -366,15 +366,8 @@ def _linux_install_missing_scripts(badexec, notfound):
         fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")
         polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")
         try:
-            path = launcher.OPENVPN_BIN_PATH
-            policy_contents = privilege_policies.get_policy_contents(path)
-
-            with os.fdopen(polfd, 'w') as f:
-                f.write(policy_contents)
-
             pkexec = first(launcher.maybe_pkexec())
-            scriptlines = launcher.cmd_for_missing_scripts(installer_path,
-                                                           pol_tempfile)
+            scriptlines = launcher.cmd_for_missing_scripts(installer_path)
             with os.fdopen(fd, 'w') as f:
                 f.write(scriptlines)
 
diff --git a/src/leap/bitmask/services/eip/linuxvpnlauncher.py b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
index 6d54c27b..9e6176cb 100644
--- a/src/leap/bitmask/services/eip/linuxvpnlauncher.py
+++ b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
@@ -25,7 +25,6 @@ import sys
 import time
 
 from leap.bitmask.config import flags
-from leap.bitmask.util import privilege_policies
 from leap.bitmask.util.privilege_policies import LinuxPolicyChecker
 from leap.common.files import which
 from leap.bitmask.services.eip.vpnlauncher import VPNLauncher
@@ -111,8 +110,15 @@ class LinuxVPNLauncher(VPNLauncher):
 
     POLKIT_PATH = LinuxPolicyChecker.get_polkit_path()
 
+    if flags.STANDALONE:
+        RESOLVCONF_BIN_PATH = "/usr/local/sbin/leap-resolvconf"
+    else:
+        # this only will work with debian/ubuntu distros.
+        RESOLVCONF_BIN_PATH = "/sbin/resolvconf"
+
     # XXX openvpn binary TOO
-    OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT)
+    OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT, OPENVPN_BIN_PATH,
+                   RESOLVCONF_BIN_PATH)
 
     @classmethod
     def maybe_pkexec(kls):
@@ -144,27 +150,20 @@ class LinuxVPNLauncher(VPNLauncher):
             logger.warning("System has no pkexec")
             raise EIPNoPkexecAvailable()
 
-    @classmethod
-    def missing_other_files(kls):
-        """
-        'Extend' the VPNLauncher's missing_other_files to check if the polkit
-        files is outdated, in the case of an standalone bundle.
-        If the polkit file that is in OTHER_FILES exists but is not up to date,
-        it is added to the missing list.
-
-        :returns: a list of missing files
-        :rtype: list of str
-        """
+    #@classmethod
+    #def missing_other_files(kls):
+        #"""
+        #'Extend' the VPNLauncher's missing_other_files to check if the polkit
+        #files is outdated, in the case of an standalone bundle.
+        #If the polkit file that is in OTHER_FILES exists but is not up to date,
+        #it is added to the missing list.
+#
+        #:returns: a list of missing files
+        #:rtype: list of str
+        #"""
         # we use `super` in order to send the class to use
-        missing = super(LinuxVPNLauncher, kls).missing_other_files()
-
-        if flags.STANDALONE:
-            polkit_file = LinuxPolicyChecker.get_polkit_path()
-            if polkit_file not in missing:
-                if privilege_policies.is_policy_outdated(kls.OPENVPN_BIN_PATH):
-                    missing.append(polkit_file)
-
-        return missing
+        #missing = super(LinuxVPNLauncher, kls).missing_other_files()
+        #return missing
 
     @classmethod
     def get_vpn_command(kls, eipconfig, providerconfig, socket_host,
@@ -208,30 +207,44 @@ class LinuxVPNLauncher(VPNLauncher):
         return command
 
     @classmethod
-    def cmd_for_missing_scripts(kls, frompath, pol_file):
+    def cmd_for_missing_scripts(kls, frompath):
         """
         Returns a sh script that can copy the missing files.
 
-        :param frompath: The path where the up/down scripts live
+        :param frompath: The path where the helper files live
         :type frompath: str
-        :param pol_file: The path where the dynamically generated
-                         policy file lives
-        :type pol_file: str
 
         :rtype: str
         """
-        to = kls.SYSTEM_CONFIG
+        # no system config for now
+        # sys_config = kls.SYSTEM_CONFIG
+        (polkit_file, openvpn_bin_file,
+         bitmask_root_file, resolvconf_bin_file) = map(
+            lambda p: os.path.split(p)[-1],
+            (kls.POLKIT_PATH, kls.OPENVPN_BIN_PATH,
+             kls.BITMASK_ROOT, kls.RESOLVCONF_BIN_PATH))
 
         cmd = '#!/bin/sh\n'
-        cmd += 'mkdir -p "%s"\n' % (to, )
-        cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.UPDOWN_FILE, to)
-        cmd += 'ln -f %s/%s %s/%s\n' % (to, kls.UPDOWN_FILE, to, kls.UP_FILE)
-        cmd += 'ln -f %s/%s %s/%s\n' % (to, kls.UPDOWN_FILE, to, kls.DOWN_FILE)
-        cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.RESOLVCONF_FILE, to)
-        cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.RESOLV_UDATE_FILE, to)
-        cmd += 'cp "%s" "%s"\n' % (pol_file, kls.POLKIT_PATH)
+        cmd += 'mkdir -p /usr/local/sbin\n'
+
+        cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, polkit_file),
+                                   kls.POLKIT_PATH)
         cmd += 'chmod 644 "%s"\n' % (kls.POLKIT_PATH, )
 
+        cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, bitmask_root_file),
+                                   kls.BITMASK_ROOT)
+        cmd += 'chmod 744 "%s"\n' % (kls.BITMASK_ROOT, )
+
+        if flags.STANDALONE:
+            cmd += 'cp "%s" "%s"\n' % (
+                os.path.join(frompath, openvpn_bin_file),
+                kls.OPENVPN_BIN_PATH)
+            cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
+
+            cmd += 'cp "%s" "%s"\n' % (
+                os.path.join(frompath, resolvconf_bin_file),
+                kls.RESOLVCONF_BIN_PATH)
+            cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
         return cmd
 
     @classmethod
diff --git a/src/leap/bitmask/util/privilege_policies.py b/src/leap/bitmask/util/privilege_policies.py
index 72442553..9d1e2c9a 100644
--- a/src/leap/bitmask/util/privilege_policies.py
+++ b/src/leap/bitmask/util/privilege_policies.py
@@ -27,35 +27,6 @@ from abc import ABCMeta, abstractmethod
 logger = logging.getLogger(__name__)
 
 
-POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
-<policyconfig>
-
-  <vendor>LEAP Project</vendor>
-  <vendor_url>https://leap.se/</vendor_url>
-
-  <action id="net.openvpn.gui.leap.run-openvpn">
-    <description>Runs the openvpn binary</description>
-    <description xml:lang="es">Ejecuta el binario openvpn</description>
-    <message>OpenVPN needs that you authenticate to start</message>
-    <message xml:lang="es">
-      OpenVPN necesita autorizacion para comenzar
-    </message>
-    <icon_name>package-x-generic</icon_name>
-    <defaults>
-      <allow_any>yes</allow_any>
-      <allow_inactive>yes</allow_inactive>
-      <allow_active>yes</allow_active>
-    </defaults>
-    <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
-    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
-  </action>
-</policyconfig>
-"""
-
-
 def is_missing_policy_permissions():
     """
     Returns True if we do not have implemented a policy checker for this
@@ -76,36 +47,6 @@ def is_missing_policy_permissions():
     return policy_checker().is_missing_policy_permissions()
 
 
-def get_policy_contents(openvpn_path):
-    """
-    Returns the contents that the policy file should have.
-
-    :param openvpn_path: the openvpn path to use in the polkit file
-    :type openvpn_path: str
-    :rtype: str
-    """
-    return POLICY_TEMPLATE.format(path=openvpn_path)
-
-
-def is_policy_outdated(path):
-    """
-    Returns if the existing polkit file is outdated, comparing if the path
-    is correct.
-
-    :param path: the path that should have the polkit file.
-    :type path: str.
-    :rtype: bool
-    """
-    _system = platform.system()
-    platform_checker = _system + "PolicyChecker"
-    policy_checker = globals().get(platform_checker, None)
-    if policy_checker is None:
-        logger.debug("we could not find a policy checker implementation "
-                     "for %s" % (_system,))
-        return False
-    return policy_checker().is_outdated(path)
-
-
 class PolicyChecker:
     """
     Abstract PolicyChecker class
@@ -129,7 +70,7 @@ class LinuxPolicyChecker(PolicyChecker):
     PolicyChecker for Linux
     """
     LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/"
-                         "net.openvpn.gui.leap.policy")
+                         "se.leap.bitmask.policy")
 
     @classmethod
     def get_polkit_path(self):
@@ -141,6 +82,8 @@ class LinuxPolicyChecker(PolicyChecker):
         return self.LINUX_POLKIT_FILE
 
     def is_missing_policy_permissions(self):
+    # FIXME this name is quite confusing, it does not have anything to do with
+    # file permissions.
         """
         Returns True if we could not find the appropriate policykit file
         in place
@@ -148,22 +91,3 @@ class LinuxPolicyChecker(PolicyChecker):
         :rtype: bool
         """
         return not os.path.isfile(self.LINUX_POLKIT_FILE)
-
-    def is_outdated(self, path):
-        """
-        Returns if the existing polkit file is outdated, comparing if the path
-        is correct.
-
-        :param path: the path that should have the polkit file.
-        :type path: str.
-        :rtype: bool
-        """
-        polkit = None
-        try:
-            with open(self.LINUX_POLKIT_FILE) as f:
-                polkit = f.read()
-        except IOError, e:
-            logger.error("Error reading polkit file(%s): %r" % (
-                self.LINUX_POLKIT_FILE, e))
-
-        return get_policy_contents(path) != polkit