Add check for outdated polkit file. Closes #3209.

4 files changed, 50 insertions, 5 deletions

diff --git a/changes/feature-3209_check-outdated-polkit-file b/changes/feature-3209_check-outdated-polkit-file
new file mode 100644
index 00000000..8cb7c35c
--- /dev/null
+++ b/changes/feature-3209_check-outdated-polkit-file
@@ -0,0 +1 @@
+  o Add check for outdated polkit file. Closes #3209.
diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py
index bbdc7f29..3523c117 100644
--- a/src/leap/platform_init/initializers.py
+++ b/src/leap/platform_init/initializers.py
@@ -351,7 +351,7 @@ def _linux_install_missing_scripts(badexec, notfound):
         fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")
         polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")
         try:
-            path = launcher.get_path_prefix()
+            path = launcher.OPENVPN_BIN_PATH
             policy_contents = privilege_policies.get_policy_contents(path)
 
             with os.fdopen(polfd, 'w') as f:
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 992f0c50..7f66275d 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -39,6 +39,7 @@ from leap.config.providerconfig import ProviderConfig
 from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector
 from leap.util import first
 from leap.util.privilege_policies import LinuxPolicyChecker
+from leap.util import privilege_policies
 
 logger = logging.getLogger(__name__)
 
@@ -238,6 +239,10 @@ class LinuxVPNLauncher(VPNLauncher):
 
     PKEXEC_BIN = 'pkexec'
     OPENVPN_BIN = 'openvpn'
+    OPENVPN_BIN_PATH = os.path.join(
+        ProviderConfig().get_path_prefix(),
+        "..", "apps", "eip", OPENVPN_BIN)
+
     SYSTEM_CONFIG = "/etc/leap"
     UP_DOWN_FILE = "resolv-update"
     UP_DOWN_PATH = "%s/%s" % (SYSTEM_CONFIG, UP_DOWN_FILE)
@@ -258,13 +263,14 @@ class LinuxVPNLauncher(VPNLauncher):
     def missing_other_files(self):
         """
         'Extend' the VPNLauncher's missing_other_files to check if the polkit
-        files is outdated. If the polkit file is in OTHER_FILES, exists, but is
-        not up to date, it is added to the missing list.
+        files is outdated. If the polkit file that is in OTHER_FILES exists but
+        is not up to date, it is added to the missing list.
 
-        :rtype: list
+        :returns: a list of missing files
+        :rtype: list of str
         """
         missing = VPNLauncher.missing_other_files.im_func(self)
-        polkit_file = LinuxPolicyChecker().get_polkit_path()
+        polkit_file = LinuxPolicyChecker.get_polkit_path()
         if polkit_file not in missing:
             if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH):
                 missing.append(polkit_file)
diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py
index 05ae60e0..72442553 100644
--- a/src/leap/util/privilege_policies.py
+++ b/src/leap/util/privilege_policies.py
@@ -87,6 +87,25 @@ def get_policy_contents(openvpn_path):
     return POLICY_TEMPLATE.format(path=openvpn_path)
 
 
+def is_policy_outdated(path):
+    """
+    Returns if the existing polkit file is outdated, comparing if the path
+    is correct.
+
+    :param path: the path that should have the polkit file.
+    :type path: str.
+    :rtype: bool
+    """
+    _system = platform.system()
+    platform_checker = _system + "PolicyChecker"
+    policy_checker = globals().get(platform_checker, None)
+    if policy_checker is None:
+        logger.debug("we could not find a policy checker implementation "
+                     "for %s" % (_system,))
+        return False
+    return policy_checker().is_outdated(path)
+
+
 class PolicyChecker:
     """
     Abstract PolicyChecker class
@@ -129,3 +148,22 @@ class LinuxPolicyChecker(PolicyChecker):
         :rtype: bool
         """
         return not os.path.isfile(self.LINUX_POLKIT_FILE)
+
+    def is_outdated(self, path):
+        """
+        Returns if the existing polkit file is outdated, comparing if the path
+        is correct.
+
+        :param path: the path that should have the polkit file.
+        :type path: str.
+        :rtype: bool
+        """
+        polkit = None
+        try:
+            with open(self.LINUX_POLKIT_FILE) as f:
+                polkit = f.read()
+        except IOError, e:
+            logger.error("Error reading polkit file(%s): %r" % (
+                self.LINUX_POLKIT_FILE, e))
+
+        return get_policy_contents(path) != polkit