summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/eip/config.py36
1 files changed, 21 insertions, 15 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index f82049d3..6a19633d 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -18,6 +18,8 @@ from leap.eip import specs as eipspecs
logger = logging.getLogger(name=__name__)
provider_ca_file = BRANDING.get('provider_ca_file', None)
+_platform = platform.system()
+
class EIPConfig(baseconfig.JSONLeapConfig):
spec = eipspecs.eipconfig_spec
@@ -210,8 +212,13 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
# interface. unix sockets or telnet interface for win.
# XXX take them from the config object.
- ourplatform = platform.system()
- if ourplatform in ("Linux", "Darwin"):
+ if _platform == "Windows":
+ opts.append('--management')
+ opts.append('localhost')
+ # XXX which is a good choice?
+ opts.append('7777')
+
+ if _platform in ("Linux", "Darwin"):
opts.append('--management')
if socket_path is None:
@@ -219,11 +226,14 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
opts.append(socket_path)
opts.append('unix')
- if ourplatform == "Windows":
- opts.append('--management')
- opts.append('localhost')
- # XXX which is a good choice?
- opts.append('7777')
+ opts.append('--script-security')
+ opts.append('2')
+
+ if _platform == "Linux":
+ opts.append("--up")
+ opts.append("/etc/openvpn/update-resolv-conf")
+ opts.append("--down")
+ opts.append("/etc/openvpn/update-resolv-conf")
# certs
client_cert_path = eipspecs.client_cert_path(provider)
@@ -261,11 +271,9 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
use_pkexec = True
ovpn = None
- _plat = platform.system()
-
# XXX get use_pkexec from config instead.
- if _plat == "Linux" and use_pkexec and do_pkexec_check:
+ if _platform == "Linux" and use_pkexec and do_pkexec_check:
# check for both pkexec
# AND a suitable authentication
@@ -286,9 +294,8 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
command.append('pkexec')
-
if vpnbin is None:
- if _plat == "Darwin":
+ if _platform == "Darwin":
# XXX Should hardcode our installed path
# /Applications/LEAPClient.app/Contents/Resources/openvpn.leap
openvpn_bin = "openvpn.leap"
@@ -311,13 +318,12 @@ def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None,
# XXX check len and raise proper error
- if _plat == "Darwin":
+ if _platform == "Darwin":
OSX_ASADMIN = 'do shell script "%s" with administrator privileges'
# XXX fix workaround for Nones
_command = [x if x else " " for x in command]
# XXX debugging!
- #import ipdb;ipdb.set_trace()
- #XXX get openvpn log path from debug flags
+ # XXX get openvpn log path from debug flags
_command.append('--log')
_command.append('/tmp/leap_openvpn.log')
return ["osascript", ["-e", OSX_ASADMIN % ' '.join(_command)]]