build default provider openvpn config.

preparation for completion of #356, #355, #354, #182
if no default openvpn config is present, we build one
with a preset template and the remote_ip of the eip
service as the only input. right now we're taking it from
the eip.cfg file.

1 files changed, 140 insertions, 9 deletions

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index f0cf1d86..9af6f57a 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -9,6 +9,7 @@ from leap.baseapp.permcheck import (is_pkexec_in_system,
                                     is_auth_agent_running)
 
 logger = logging.getLogger(name=__name__)
+logger.setLevel('DEBUG')
 
 
 class EIPNoPkexecAvailable(Exception):
@@ -19,6 +20,129 @@ class EIPNoPolkitAuthAgentAvailable(Exception):
     pass
 
 
+OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard
+remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT}
+
+client
+dev tun
+persist-tun
+persist-key
+proto udp
+tls-client
+remote-cert-tls server
+
+cert {LEAP_EIP_KEYS}
+key {LEAP_EIP_KEYS}
+ca {LEAP_EIP_KEYS}
+"""
+
+
+def get_config_dir():
+    """
+    get the base dir for all leap config
+    @rparam: config path
+    @rtype: string
+    """
+    # TODO
+    # check for $XDG_CONFIG_HOME var?
+    # get a more sensible path for win/mac
+    # kclair: opinion? ^^
+    return os.path.expanduser(
+        os.path.join('~',
+                     '.config',
+                     'leap'))
+
+
+def get_config_file(filename, folder=None):
+    """
+    concatenates the given filename
+    with leap config dir.
+    @param filename: name of the file
+    @type filename: string
+    @rparam: full path to config file
+    """
+    path = []
+    path.append(get_config_dir())
+    if folder is not None:
+        path.append(folder)
+    path.append(filename)
+    return os.path.join(*path)
+
+
+def get_default_provider_path():
+    default_subpath = os.path.join("providers",
+                                   "default")
+    default_provider_path = get_config_file(
+        '',
+        folder=default_subpath)
+    return default_provider_path
+
+
+def check_or_create_default_vpnconf(config):
+    """
+    checks that a vpn config file
+    exists for a default provider,
+    or creates one if it does not.
+    ATM REQURES A [provider] section in
+    eip.cfg with _at least_ a remote_ip value
+    """
+    default_provider_path = get_default_provider_path()
+
+    if not os.path.isdir(default_provider_path):
+        mkdir_p(default_provider_path)
+
+    conf_file = get_config_file(
+        'openvpn.conf',
+        folder=default_provider_path)
+
+    if os.path.isfile(conf_file):
+        return
+    else:
+        logger.debug(
+            'missing default openvpn config\n'
+            'creating one...')
+
+    # We're getting provider from eip.cfg
+    # by now. Get it from a list of gateways
+    # instead.
+
+    remote_ip = config.get('provider',
+                           'remote_ip')
+
+    # XXX check that IT LOOKS LIKE AN IP!!!
+    if config.has_option('provider', 'remote_port'):
+        remote_port = config.get('provider',
+                                 'remote_port')
+    else:
+        remote_port = 1194
+
+    default_subpath = os.path.join("providers",
+                                   "default")
+    default_provider_path = get_config_file(
+        '',
+        folder=default_subpath)
+
+    if not os.path.isdir(default_provider_path):
+        mkdir_p(default_provider_path)
+
+    conf_file = get_config_file(
+        'openvpn.conf',
+        folder=default_provider_path)
+
+    # XXX keys have to be manually placed by now
+    keys_file = get_config_file(
+        'openvpn.keys',
+        folder=default_provider_path)
+
+    ovpn_config = OPENVPN_CONFIG_TEMPLATE.format(
+        VPN_REMOTE_HOST=remote_ip,
+        VPN_REMOTE_PORT=remote_port,
+        LEAP_EIP_KEYS=keys_file)
+
+    with open(conf_file, 'wb') as f:
+        f.write(ovpn_config)
+
+
 def build_ovpn_options(daemon=False):
     """
     build a list of options
@@ -41,8 +165,10 @@ def build_ovpn_options(daemon=False):
     group = grp.getgrgid(gid).gr_name
 
     opts = []
-    opts.append('--persist-tun')
-    opts.append('--persist-key')
+
+    #moved to config files
+    #opts.append('--persist-tun')
+    #opts.append('--persist-key')
 
     # set user and group
     opts.append('--user')
@@ -69,19 +195,25 @@ def build_ovpn_options(daemon=False):
         # XXX which is a good choice?
         opts.append('7777')
 
-    # remaining config options, in a file
+    # remaining config options will go in a file
+
     # NOTE: we will build this file from
     # the service definition file.
-    ovpncnf = os.path.expanduser(
-        '~/.config/leap/openvpn.conf')
+    # XXX override from --with-openvpn-config
+
     opts.append('--config')
+
+    default_provider_path = get_default_provider_path()
+    ovpncnf = get_config_file(
+        'openvpn.conf',
+        folder=default_provider_path)
     opts.append(ovpncnf)
 
     # we cannot run in daemon mode
     # with the current subp setting.
     # see: https://leap.se/code/issues/383
     #if daemon is True:
-    #    opts.append('--daemon')
+        #opts.append('--daemon')
 
     return opts
 
@@ -192,8 +324,7 @@ def get_config(config_file=None):
     config = ConfigParser.ConfigParser(defaults)
 
     if not config_file:
-        fpath = os.path.expanduser(
-            '~/.config/leap/eip.cfg')
+        fpath = get_config_file('eip.cfg')
         if not os.path.isfile(fpath):
             dpath, cfile = os.path.split(fpath)
             if not os.path.isdir(dpath):
@@ -203,7 +334,6 @@ def get_config(config_file=None):
         config_file = open(fpath)
 
     #TODO
-    # - get a more sensible path for win/mac
     # - convert config_file to list;
     #   look in places like /etc/leap/eip.cfg
     #   for global settings.
@@ -211,6 +341,7 @@ def get_config(config_file=None):
 
     # at this point, the file should exist.
     # errors would have been raised above.
+
     config.readfp(config_file)
 
     return config