summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkali <kali@leap.se>2013-01-23 07:02:58 +0900
committerkali <kali@leap.se>2013-01-23 07:02:58 +0900
commit8226d6032b6db0c15ff70e377f87f4acfdd21787 (patch)
tree95fcc3b400eee4297a73ac94db75bc5dfc56c4d0
parent06a1ef47e1719c3987006043fd1aae10e6da5c86 (diff)
working up/down resolv-conf script
-rw-r--r--docs/dev/environment.rst10
-rw-r--r--pkg/linux/README4
-rwxr-xr-x[-rw-r--r--]pkg/linux/resolv-update (renamed from pkg/linux/leap-update-resolv-conf)0
-rw-r--r--src/leap/eip/config.py28
4 files changed, 38 insertions, 4 deletions
diff --git a/docs/dev/environment.rst b/docs/dev/environment.rst
index 9f70cb04..3c2b0291 100644
--- a/docs/dev/environment.rst
+++ b/docs/dev/environment.rst
@@ -90,6 +90,15 @@ Or, if you prefer, you can also `download the official PyQt tarball<http://www.r
this section could be completed with useful options that can be passed to the virtualenv command (e.g., to make portable paths, site-packages, ...).
+.. _files:
+
+Copy script files
+-----------------
+
+The openvpn invocation expects some files to be in place. If you have not installed `leap-client` from a debian package, you must copy these files manually::
+
+ $ sudo mkdir -p /etc/leap
+ $ sudo cp pkg/linux/resolv-update /etc/leap
.. _policykit:
@@ -103,6 +112,7 @@ If you *only* are running the client from inside a virtualenv, you will need to
$ sudo cp pkg/linux/polkit/net.openvpn.gui.leap.policy /usr/share/polkit-1/actions/
+
Missing Authentication agent
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/pkg/linux/README b/pkg/linux/README
new file mode 100644
index 00000000..7410789b
--- /dev/null
+++ b/pkg/linux/README
@@ -0,0 +1,4 @@
+= Files =
+In GNU/Linux, we expect these files to be in place:
+
+resolv-update -> /etc/leap/resolv-update
diff --git a/pkg/linux/leap-update-resolv-conf b/pkg/linux/resolv-update
index a54802e3..a54802e3 100644..100755
--- a/pkg/linux/leap-update-resolv-conf
+++ b/pkg/linux/resolv-update
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index a60d7ed5..917871da 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -130,6 +130,22 @@ def get_cipher_options(eipserviceconfig=None):
opts.append('%s' % _val)
return opts
+LINUX_UP_DOWN_SCRIPT = "/etc/leap/resolv-update"
+OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-down-root.so"
+
+
+def has_updown_scripts():
+ """
+ checks the existence of the up/down scripts
+ """
+ # XXX should check permissions too
+ is_file = os.path.isfile(LINUX_UP_DOWN_SCRIPT)
+ if not is_file:
+ logger.warning(
+ "Could not find up/down scripts at %s! "
+ "Risk of DNS Leaks!!!")
+ return is_file
+
def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
"""
@@ -230,10 +246,14 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
opts.append('2')
if _platform == "Linux":
- opts.append("--up")
- opts.append("/etc/openvpn/update-resolv-conf")
- opts.append("--down")
- opts.append("/etc/openvpn/update-resolv-conf")
+ if has_updown_scripts():
+ opts.append("--up")
+ opts.append(LINUX_UP_DOWN_SCRIPT)
+ opts.append("--down")
+ opts.append(LINUX_UP_DOWN_SCRIPT)
+ opts.append("--plugin")
+ opts.append(OPENVPN_DOWN_ROOT)
+ opts.append("'script_type=down %s'" % LINUX_UP_DOWN_SCRIPT)
# certs
client_cert_path = eipspecs.client_cert_path(provider)