summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/feature_generate_polkit1
-rw-r--r--src/leap/platform_init/initializers.py48
-rw-r--r--src/leap/services/eip/vpnlaunchers.py16
3 files changed, 60 insertions, 5 deletions
diff --git a/changes/feature_generate_polkit b/changes/feature_generate_polkit
new file mode 100644
index 00000000..c2fcc648
--- /dev/null
+++ b/changes/feature_generate_polkit
@@ -0,0 +1 @@
+ o Linux: Dynamically generate policy file for polkit. Closes #3208 \ No newline at end of file
diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py
index d22d7143..d04daca6 100644
--- a/src/leap/platform_init/initializers.py
+++ b/src/leap/platform_init/initializers.py
@@ -31,6 +31,8 @@ from PySide import QtGui
from leap.config.leapsettings import LeapSettings
from leap.services.eip import vpnlaunchers
from leap.util import first
+from leap.config.providerconfig import ProviderConfig
+
logger = logging.getLogger(__name__)
@@ -330,6 +332,35 @@ def DarwinInitializer():
# Linux initializers
#
+POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>LEAP Project</vendor>
+ <vendor_url>http://leap.se/</vendor_url>
+
+ <action id="net.openvpn.gui.leap.run-openvpn">
+ <description>Runs the openvpn binary</description>
+ <description xml:lang="es">Ejecuta el binario openvpn</description>
+ <message>OpenVPN needs that you authenticate to start</message>
+ <message xml:lang="es">
+ OpenVPN necesita autorizacion para comenzar
+ </message>
+ <icon_name>package-x-generic</icon_name>
+ <defaults>
+ <allow_any>yes</allow_any>
+ <allow_inactive>yes</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+</policyconfig>
+"""
+
+
def _linux_install_missing_scripts(badexec, notfound):
"""
Tries to install the missing up/down scripts.
@@ -348,11 +379,26 @@ def _linux_install_missing_scripts(badexec, notfound):
if os.path.isdir(installer_path):
fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")
+ polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")
try:
+ # We need to do the config/../apps/openvpn otherwise the
+ # policy file won't work
+ openvpn_path = os.path.join(
+ ProviderConfig().get_path_prefix(),
+ "..", "apps", "eip",
+ launcher.OPENVPN_BIN)
+
+ policy_contents = POLICY_TEMPLATE.format(path=openvpn_path)
+
+ with os.fdopen(polfd, 'w') as f:
+ f.write(policy_contents)
+
pkexec = first(launcher.maybe_pkexec())
- scriptlines = launcher.cmd_for_missing_scripts(installer_path)
+ scriptlines = launcher.cmd_for_missing_scripts(installer_path,
+ pol_tempfile)
with os.fdopen(fd, 'w') as f:
f.write(scriptlines)
+
st = os.stat(tempscript)
os.chmod(tempscript, st.st_mode | stat.S_IEXEC | stat.S_IXUSR |
stat.S_IXGRP | stat.S_IXOTH)
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index fc77de48..550877cd 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -254,16 +254,24 @@ class LinuxVPNLauncher(VPNLauncher):
OTHER_FILES = (POLKIT_PATH,)
@classmethod
- def cmd_for_missing_scripts(kls, frompath):
+ def cmd_for_missing_scripts(kls, frompath, pol_file):
"""
- Returns a command that can copy the missing scripts.
+ Returns a sh script that can copy the missing files.
+
+ :param frompath: The path where the up/down scripts live
+ :type frompath: str
+ :param pol_file: The path where the dynamically generated
+ policy file lives
+ :type pol_file: str
+
:rtype: str
"""
to = kls.SYSTEM_CONFIG
- cmd = "#!/bin/sh\nset -e\nmkdir -p %s\ncp %s/%s %s\ncp %s/%s %s" % (
+ cmd = "#!/bin/sh\nset -e\nmkdir -p %s\n"
+ cmd += "cp %s/%s %s\ncp \"%s\" \"%s\"" % (
to,
frompath, kls.UP_DOWN_FILE, to,
- frompath, kls.POLKIT_FILE, kls.POLKIT_PATH)
+ pol_file, kls.POLKIT_PATH)
return cmd
@classmethod