summaryrefslogtreecommitdiff
path: root/src/leap/services
diff options
context:
space:
mode:
authorTomás Touceda <chiiph@leap.se>2013-06-13 10:52:26 -0300
committerTomás Touceda <chiiph@leap.se>2013-06-13 10:52:26 -0300
commit35291c130f749850753e89d889a121ec098c0dc9 (patch)
tree59305982261bdcca659b45bafdd4c97597ac17ee /src/leap/services
parentf35506e9b93cf0182af37ccdcc36e343b44b882c (diff)
parentcd11784b8fdf0cb45783e8d6a8e9b5288f34820d (diff)
Merge remote-tracking branch 'kali/feature/osx-eip-scripts_rev1' into develop
Conflicts: src/leap/gui/mainwindow.py
Diffstat (limited to 'src/leap/services')
-rw-r--r--src/leap/services/abstractbootstrapper.py18
-rw-r--r--src/leap/services/eip/eipbootstrapper.py4
-rw-r--r--src/leap/services/eip/vpnlaunchers.py96
-rw-r--r--src/leap/services/mail/smtpbootstrapper.py9
4 files changed, 88 insertions, 39 deletions
diff --git a/src/leap/services/abstractbootstrapper.py b/src/leap/services/abstractbootstrapper.py
index 7bebdc15..2cbd56bc 100644
--- a/src/leap/services/abstractbootstrapper.py
+++ b/src/leap/services/abstractbootstrapper.py
@@ -48,14 +48,14 @@ class AbstractBootstrapper(QtCore.QObject):
"""
QtCore.QObject.__init__(self)
- leap_assert(self._gui_errback.im_func == \
- AbstractBootstrapper._gui_errback.im_func,
+ leap_assert(self._gui_errback.im_func ==
+ AbstractBootstrapper._gui_errback.im_func,
"Cannot redefine _gui_errback")
- leap_assert(self._errback.im_func == \
- AbstractBootstrapper._errback.im_func,
+ leap_assert(self._errback.im_func ==
+ AbstractBootstrapper._errback.im_func,
"Cannot redefine _errback")
- leap_assert(self._gui_notify.im_func == \
- AbstractBootstrapper._gui_notify.im_func,
+ leap_assert(self._gui_notify.im_func ==
+ AbstractBootstrapper._gui_notify.im_func,
"Cannot redefine _gui_notify")
# **************************************************** #
@@ -87,9 +87,9 @@ class AbstractBootstrapper(QtCore.QObject):
if self._err_msg is not None \
else str(failure.value)
self._signal_to_emit.emit({
- self.PASSED_KEY: False,
- self.ERROR_KEY: err_msg
- })
+ self.PASSED_KEY: False,
+ self.ERROR_KEY: err_msg
+ })
failure.trap(Exception)
def _errback(self, failure, signal=None):
diff --git a/src/leap/services/eip/eipbootstrapper.py b/src/leap/services/eip/eipbootstrapper.py
index 51c3dab4..4da8f90f 100644
--- a/src/leap/services/eip/eipbootstrapper.py
+++ b/src/leap/services/eip/eipbootstrapper.py
@@ -173,8 +173,8 @@ class EIPBootstrapper(AbstractBootstrapper):
cb_chain = [
(self._download_config, self.download_config),
- (self._download_client_certificates, \
- self.download_client_certificate)
+ (self._download_client_certificates,
+ self.download_client_certificate)
]
self.addCallbackChain(cb_chain)
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 952d3618..6c2ff006 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -29,6 +29,7 @@ except ImportError:
pass # ignore, probably windows
from abc import ABCMeta, abstractmethod
+from functools import partial
from leap.common.check import leap_assert, leap_assert_type
from leap.common.files import which
@@ -105,22 +106,37 @@ def get_platform_launcher():
def _is_pkexec_in_system():
+ """
+ Checks the existence of the pkexec binary in system.
+ """
pkexec_path = which('pkexec')
if len(pkexec_path) == 0:
return False
return True
-def _has_updown_scripts(path):
+def _has_updown_scripts(path, warn=True):
"""
- Checks the existence of the up/down scripts
+ Checks the existence of the up/down scripts.
+
+ :param path: the path to be checked
+ :type path: str
+
+ :param warn: whether we should log the absence
+ :type warn: bool
+
+ :rtype: bool
"""
- # XXX should check permissions too
is_file = os.path.isfile(path)
- if not is_file:
- logger.error("Could not find up/down scripts. " +
- "Might produce DNS leaks.")
- return is_file
+ if warn and not is_file:
+ logger.error("Could not find up/down script %s. "
+ "Might produce DNS leaks." % (path,))
+
+ is_exe = os.access(path, os.X_OK)
+ if warn and not is_exe:
+ logger.error("Up/down script %s is not executable. "
+ "Might produce DNS leaks." % (path,))
+ return is_file and is_exe
def _is_auth_agent_running():
@@ -229,7 +245,6 @@ class LinuxVPNLauncher(VPNLauncher):
openvpn_configuration = eipconfig.get_openvpn_configuration()
- # FIXME: sanitize this! --
for key, value in openvpn_configuration.items():
args += ['--%s' % (key,), value]
@@ -294,15 +309,40 @@ class DarwinVPNLauncher(VPNLauncher):
OSASCRIPT_BIN = '/usr/bin/osascript'
OSX_ASADMIN = "do shell script \"%s\" with administrator privileges"
- OPENVPN_BIN = 'openvpn.leap'
- INSTALL_PATH = "/Applications/LEAPClient.app/"
+
+ INSTALL_PATH = "/Applications/LEAP\ Client.app"
# OPENVPN_BIN = "/%s/Contents/Resources/openvpn.leap" % (
# self.INSTALL_PATH,)
- UP_SCRIPT = "/%s/client.up.sh" % (INSTALL_PATH,)
- DOWN_SCRIPT = "/%s/client.down.sh" % (INSTALL_PATH,)
+ OPENVPN_BIN = 'openvpn.leap'
+ OPENVPN_PATH = "%s/Contents/Resources/openvpn" % (INSTALL_PATH,)
+
+ UP_SCRIPT = "%s/client.up.sh" % (OPENVPN_PATH,)
+ DOWN_SCRIPT = "%s/client.down.sh" % (OPENVPN_PATH,)
+ OPENVPN_DOWN_PLUGIN = '%s/openvpn-down-root.so' % (OPENVPN_PATH,)
+
+ UPDOWN_FILES = (UP_SCRIPT, DOWN_SCRIPT, OPENVPN_DOWN_PLUGIN)
+
+ @classmethod
+ def missing_updown_scripts(kls):
+ """
+ Returns what updown scripts are missing.
+ :rtype: list
+ """
+ file_exist = partial(_has_updown_scripts, warn=False)
+ zipped = zip(kls.UPDOWN_FILES, map(file_exist, kls.UPDOWN_FILES))
+ missing = filter(lambda (path, exists): exists is False, zipped)
+ return [path for path, exists in missing]
- # TODO: Add
- # OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-down-root.so"
+ @classmethod
+ def cmd_for_missing_scripts(kls, frompath):
+ """
+ Returns a command that can copy the missing scripts.
+ :rtype: str
+ """
+ to = kls.OPENVPN_PATH
+ cmd = "#!/bin/sh\nmkdir -p %s\ncp \"%s/\"* %s" % (to, frompath, to)
+ #return kls.OSX_ASADMIN % cmd
+ return cmd
def get_vpn_command(self, eipconfig=None, providerconfig=None,
socket_host=None, socket_port="unix"):
@@ -365,20 +405,19 @@ class DarwinVPNLauncher(VPNLauncher):
'server'
]
- # FIXME: sanitize this! --
-
openvpn_configuration = eipconfig.get_openvpn_configuration()
for key, value in openvpn_configuration.items():
args += ['--%s' % (key,), value]
+ user = getpass.getuser()
args += [
- '--user', getpass.getuser(),
+ '--user', user,
'--group', grp.getgrgid(os.getgroups()[-1]).gr_name
]
if socket_port == "unix":
args += [
- '--management-client-user', getpass.getuser()
+ '--management-client-user', user
]
args += [
@@ -391,13 +430,21 @@ class DarwinVPNLauncher(VPNLauncher):
args += [
'--up', self.UP_SCRIPT,
]
+
if _has_updown_scripts(self.DOWN_SCRIPT):
args += [
- '--down', self.DOWN_SCRIPT,
- # FIXME add down-plugin
- # '--plugin', self.OPENVPN_DOWN_ROOT,
- # '\'script_type=down %s\'' % self.DOWN_SCRIPT
- ]
+ '--down', self.DOWN_SCRIPT]
+
+ # should have the down script too
+ if _has_updown_scripts(self.OPENVPN_DOWN_PLUGIN):
+ args += [
+ '--plugin', self.OPENVPN_DOWN_PLUGIN,
+ '\'%s\'' % self.DOWN_SCRIPT
+ ]
+
+ # we set user to be passed to the up/down scripts
+ args += [
+ '--setenv', "LEAPUSER", "%s" % (user,)]
args += [
'--cert', eipconfig.get_client_cert_path(providerconfig),
@@ -405,6 +452,9 @@ class DarwinVPNLauncher(VPNLauncher):
'--ca', providerconfig.get_ca_cert_path()
]
+ # We are using osascript until we can write a proper wrapper
+ # for privilege escalation.
+
command = self.OSASCRIPT_BIN
cmd_args = ["-e", self.OSX_ASADMIN % (' '.join(args),)]
diff --git a/src/leap/services/mail/smtpbootstrapper.py b/src/leap/services/mail/smtpbootstrapper.py
index ea480c6d..e8af5349 100644
--- a/src/leap/services/mail/smtpbootstrapper.py
+++ b/src/leap/services/mail/smtpbootstrapper.py
@@ -94,11 +94,10 @@ class SMTPBootstrapper(AbstractBootstrapper):
# Not modified
if res.status_code == 304:
logger.debug("SMTP definition has not been modified")
- self._smtp_config.load(os.path.join("leap",
- "providers",
- self._provider_config.\
- get_domain(),
- "smtp-service.json"))
+ self._smtp_config.load(os.path.join(
+ "leap", "providers",
+ self._provider_config.get_domain(),
+ "smtp-service.json"))
else:
smtp_definition, mtime = get_content(res)