Merge branch 'feature/ovpn-no-config' into develop

closes #447
deprecates the use of config files; all options are passed
to openvpn as command line arguments.

5 files changed, 70 insertions, 134 deletions

diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py
index d7f4ecac..2f7a14dd 100644
--- a/src/leap/baseapp/mainwindow.py
+++ b/src/leap/baseapp/mainwindow.py
@@ -431,7 +431,7 @@ technolust</i>")
         if self.conductor.with_errors:
             #XXX how to wait on pkexec???
             #something better that this workaround, plz!!
-            time.sleep(10)
+            time.sleep(5)
             print('errors. disconnect.')
             self.start_or_stopVPN()  # is stop
 
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 1db7158f..c6a7ca72 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -160,7 +160,7 @@ class EIPConfigChecker(object):
     def check_complete_eip_config(self, config=None):
         # TODO check for gateway
         if config is None:
-            config = self.config
+            config = self.eipconfig.get_config()
         try:
             'trying assertions'
             assert 'provider' in config
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index b6c38a77..c0819628 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -19,23 +19,6 @@ logging.basicConfig()
 logger = logging.getLogger(name=__name__)
 logger.setLevel('DEBUG')
 
-# XXX deprecate per #447
-OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard
-remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT}
-
-client
-dev tun
-persist-tun
-persist-key
-proto udp
-tls-client
-remote-cert-tls server
-
-cert {LEAP_EIP_KEYS}
-key {LEAP_EIP_KEYS}
-ca {LEAP_EIP_KEYS}
-"""
-
 
 class EIPConfig(baseconfig.JSONLeapConfig):
     spec = eipspecs.eipconfig_spec
@@ -63,83 +46,6 @@ class EIPServiceConfig(baseconfig.JSONLeapConfig):
     slug = property(_get_slug, _set_slug)
 
 
-def check_or_create_default_vpnconf(config):
-    """
-    checks that a vpn config file
-    exists for a default provider,
-    or creates one if it does not.
-    ATM REQURES A [provider] section in
-    eip.cfg with _at least_ a remote_ip value
-    """
-    default_provider_path = baseconfig.get_default_provider_path()
-
-    if not os.path.isdir(default_provider_path):
-        mkdir_p(default_provider_path)
-
-    conf_file = baseconfig.get_config_file(
-        'openvpn.conf',
-        folder=default_provider_path)
-
-    if os.path.isfile(conf_file):
-        return
-    else:
-        logger.debug(
-            'missing default openvpn config\n'
-            'creating one...')
-
-    # We're getting provider from eip.cfg
-    # by now. Get it from a list of gateways
-    # instead.
-
-    try:
-        # XXX by now, we're expecting
-        # only IP format for remote.
-        # We should allow also domain names,
-        # and make a reverse resolv.
-        remote_ip = config.get('provider',
-                               'remote_ip')
-        baseconfig.validate_ip(remote_ip)
-
-    except ConfigParser.NoSectionError:
-        raise eip_exceptions.EIPInitNoProviderError
-
-    except socket.error:
-        # this does not look like an ip, dave
-        raise eip_exceptions.EIPInitBadProviderError
-
-    if config.has_option('provider', 'remote_port'):
-        remote_port = config.get('provider',
-                                 'remote_port')
-    else:
-        remote_port = 1194
-
-    default_subpath = os.path.join("providers",
-                                   "default")
-    default_provider_path = baseconfig.get_config_file(
-        '',
-        folder=default_subpath)
-
-    if not os.path.isdir(default_provider_path):
-        mkdir_p(default_provider_path)
-
-    conf_file = baseconfig.get_config_file(
-        'openvpn.conf',
-        folder=default_provider_path)
-
-    # XXX keys have to be manually placed by now
-    keys_file = baseconfig.get_config_file(
-        'openvpn.keys',
-        folder=default_provider_path)
-
-    ovpn_config = OPENVPN_CONFIG_TEMPLATE.format(
-        VPN_REMOTE_HOST=remote_ip,
-        VPN_REMOTE_PORT=remote_port,
-        LEAP_EIP_KEYS=keys_file)
-
-    with open(conf_file, 'wb') as f:
-        f.write(ovpn_config)
-
-
 def build_ovpn_options(daemon=False):
     """
     build a list of options
@@ -162,6 +68,25 @@ def build_ovpn_options(daemon=False):
 
     opts = []
 
+    opts.append('--client')
+
+    opts.append('--dev')
+    # XXX same in win?
+    opts.append('tun')
+    opts.append('--persist-tun')
+    opts.append('--persist-key')
+
+    # remote
+    # XXX get remote from eip.json
+    opts.append('--remote')
+    opts.append('testprovider.example.org')
+    opts.append('1194')
+    opts.append('udp')
+
+    opts.append('--tls-client')
+    opts.append('--remote-cert-tls')
+    opts.append('server')
+
     # set user and group
     opts.append('--user')
     opts.append('%s' % user)
@@ -179,6 +104,7 @@ def build_ovpn_options(daemon=False):
     ourplatform = platform.system()
     if ourplatform in ("Linux", "Mac"):
         opts.append('--management')
+        # XXX get a different sock each time ...
         opts.append('/tmp/.eip.sock')
         opts.append('unix')
     if ourplatform == "Windows":
@@ -187,21 +113,13 @@ def build_ovpn_options(daemon=False):
         # XXX which is a good choice?
         opts.append('7777')
 
-    # remaining config options will go in a file
-
-    # NOTE: we will build this file from
-    # the service definition file.
-    # XXX override from --with-openvpn-config
-
-    opts.append('--config')
-
-    default_provider_path = baseconfig.get_default_provider_path()
-
-    # XXX get rid of config_file at all
-    ovpncnf = baseconfig.get_config_file(
-        'openvpn.conf',
-        folder=default_provider_path)
-    opts.append(ovpncnf)
+    # certs
+    opts.append('--cert')
+    opts.append(eipspecs.client_cert_path())
+    opts.append('--key')
+    opts.append(eipspecs.client_cert_path())
+    opts.append('--ca')
+    opts.append(eipspecs.provider_ca_path())
 
     # we cannot run in daemon mode
     # with the current subp setting.
diff --git a/src/leap/eip/openvpnconnection.py b/src/leap/eip/openvpnconnection.py
index 5f67d27a..1f2f6d8c 100644
--- a/src/leap/eip/openvpnconnection.py
+++ b/src/leap/eip/openvpnconnection.py
@@ -139,23 +139,6 @@ to be triggered for each one of them.
             self.command = command
             self.args = args
 
-    def _check_ovpn_config(self):
-        """
-        checks if there is a default openvpn config.
-        if not, it writes one with info from the provider
-        definition file
-        """
-        # TODO
-        # - get --with-openvpn-config from opts
-        try:
-            eip_config.check_or_create_default_vpnconf(self.config)
-        except eip_exceptions.EIPInitNoProviderError:
-            logger.error('missing default provider definition')
-            self.missing_provider = True
-        except eip_exceptions.EIPInitBadProviderError:
-            logger.error('bad provider definition')
-            self.bad_provider = True
-
     def _get_or_create_config(self):
         """
         retrieves the config options from defaults or
@@ -168,7 +151,6 @@ to be triggered for each one of them.
 
         self._set_autostart()
         self._set_ovpn_command()
-        self._check_ovpn_config()
 
     def _check_vpn_keys(self):
         """
diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py
index 16219648..87ef33ef 100644
--- a/src/leap/eip/tests/test_config.py
+++ b/src/leap/eip/tests/test_config.py
@@ -48,6 +48,22 @@ class EIPConfigTest(BaseLeapTest):
         username = self.get_username()
         groupname = self.get_groupname()
 
+        args.append('--client')
+        args.append('--dev')
+        #does this have to be tap for win??
+        args.append('tun')
+        args.append('--persist-tun')
+        args.append('--persist-key')
+        args.append('--remote')
+        args.append('testprovider.example.org')
+        # XXX get port!?
+        args.append('1194')
+        # XXX get proto
+        args.append('udp')
+        args.append('--tls-client')
+        args.append('--remote-cert-tls')
+        args.append('server')
+
         args.append('--user')
         args.append(username)
         args.append('--group')
@@ -55,16 +71,36 @@ class EIPConfigTest(BaseLeapTest):
         args.append('--management-client-user')
         args.append(username)
         args.append('--management-signal')
-        args.append('--management')
 
+        args.append('--management')
         #XXX hey!
         #get platform switches here!
         args.append('/tmp/.eip.sock')
         args.append('unix')
-        args.append('--config')
-        args.append(os.path.expanduser(
-            '~/.config/leap/providers/%s/openvpn.conf'
-            % constants.DEFAULT_TEST_PROVIDER))
+
+        # certs
+        # XXX get values from specs?
+        args.append('--cert')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'client',
+            'openvpn.pem'))
+        args.append('--key')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'client',
+            'openvpn.pem'))
+        args.append('--ca')
+        args.append(os.path.join(
+            self.home,
+            '.config', 'leap', 'providers',
+            'testprovider.example.org',
+            'keys', 'ca',
+            'testprovider-ca-cert.pem'))
         return args
 
     # build command string