diff options
-rw-r--r-- | docs/dev/environment.rst | 10 | ||||
-rw-r--r-- | pkg/linux/README | 4 | ||||
-rwxr-xr-x[-rw-r--r--] | pkg/linux/resolv-update (renamed from pkg/linux/leap-update-resolv-conf) | 0 | ||||
-rw-r--r-- | src/leap/eip/config.py | 28 |
4 files changed, 38 insertions, 4 deletions
diff --git a/docs/dev/environment.rst b/docs/dev/environment.rst index 9f70cb04..3c2b0291 100644 --- a/docs/dev/environment.rst +++ b/docs/dev/environment.rst @@ -90,6 +90,15 @@ Or, if you prefer, you can also `download the official PyQt tarball<http://www.r this section could be completed with useful options that can be passed to the virtualenv command (e.g., to make portable paths, site-packages, ...). +.. _files: + +Copy script files +----------------- + +The openvpn invocation expects some files to be in place. If you have not installed `leap-client` from a debian package, you must copy these files manually:: + + $ sudo mkdir -p /etc/leap + $ sudo cp pkg/linux/resolv-update /etc/leap .. _policykit: @@ -103,6 +112,7 @@ If you *only* are running the client from inside a virtualenv, you will need to $ sudo cp pkg/linux/polkit/net.openvpn.gui.leap.policy /usr/share/polkit-1/actions/ + Missing Authentication agent ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/pkg/linux/README b/pkg/linux/README new file mode 100644 index 00000000..7410789b --- /dev/null +++ b/pkg/linux/README @@ -0,0 +1,4 @@ += Files = +In GNU/Linux, we expect these files to be in place: + +resolv-update -> /etc/leap/resolv-update diff --git a/pkg/linux/leap-update-resolv-conf b/pkg/linux/resolv-update index a54802e3..a54802e3 100644..100755 --- a/pkg/linux/leap-update-resolv-conf +++ b/pkg/linux/resolv-update diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index a60d7ed5..917871da 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -130,6 +130,22 @@ def get_cipher_options(eipserviceconfig=None): opts.append('%s' % _val) return opts +LINUX_UP_DOWN_SCRIPT = "/etc/leap/resolv-update" +OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-down-root.so" + + +def has_updown_scripts(): + """ + checks the existence of the up/down scripts + """ + # XXX should check permissions too + is_file = os.path.isfile(LINUX_UP_DOWN_SCRIPT) + if not is_file: + logger.warning( + "Could not find up/down scripts at %s! " + "Risk of DNS Leaks!!!") + return is_file + def build_ovpn_options(daemon=False, socket_path=None, **kwargs): """ @@ -230,10 +246,14 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs): opts.append('2') if _platform == "Linux": - opts.append("--up") - opts.append("/etc/openvpn/update-resolv-conf") - opts.append("--down") - opts.append("/etc/openvpn/update-resolv-conf") + if has_updown_scripts(): + opts.append("--up") + opts.append(LINUX_UP_DOWN_SCRIPT) + opts.append("--down") + opts.append(LINUX_UP_DOWN_SCRIPT) + opts.append("--plugin") + opts.append(OPENVPN_DOWN_ROOT) + opts.append("'script_type=down %s'" % LINUX_UP_DOWN_SCRIPT) # certs client_cert_path = eipspecs.client_cert_path(provider) |