summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/gui/mainwindow.py13
-rw-r--r--src/leap/services/eip/vpnlaunchers.py67
2 files changed, 66 insertions, 14 deletions
diff --git a/src/leap/gui/mainwindow.py b/src/leap/gui/mainwindow.py
index 42ee5418..2ed01917 100644
--- a/src/leap/gui/mainwindow.py
+++ b/src/leap/gui/mainwindow.py
@@ -39,6 +39,7 @@ from leap.gui.loggerwindow import LoggerWindow
from leap.gui.wizard import Wizard
from leap.gui.login import LoginWidget
from leap.gui.statuspanel import StatusPanelWidget
+from leap.platform_init import IS_MAC
from leap.services.eip.eipbootstrapper import EIPBootstrapper
from leap.services.eip.eipconfig import EIPConfig
from leap.services.eip.providerbootstrapper import ProviderBootstrapper
@@ -542,12 +543,12 @@ class MainWindow(QtGui.QMainWindow):
self._action_visible.setText(get_action(visible))
context_menu = self._systray.contextMenu()
- # for some reason, context_menu.show()
- # is failing in a way beyond my understanding.
- # (not working the first time it's clicked).
- # this works however.
- # XXX in osx it shows some glitches.
- context_menu.exec_(self._systray.geometry().center())
+ if not IS_MAC:
+ # for some reason, context_menu.show()
+ # is failing in a way beyond my understanding.
+ # (not working the first time it's clicked).
+ # this works however.
+ context_menu.exec_(self._systray.geometry().center())
def _toggle_visible(self):
"""
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index ef73ed94..762b536d 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -23,6 +23,7 @@ import logging
import getpass
import os
import platform
+import subprocess
try:
import grp
except ImportError:
@@ -199,11 +200,25 @@ def _is_auth_agent_running():
:return: True if it's running, False if it's not.
:rtype: boolean
"""
- polkit_gnome = 'ps aux | grep polkit-[g]nome-authentication-agent-1'
- polkit_kde = 'ps aux | grep polkit-[k]de-authentication-agent-1'
+ ps = 'ps aux | grep polkit-%s-authentication-agent-1'
+ opts = (ps % case for case in ['[g]nome', '[k]de'])
+ is_running = map(lambda l: commands.getoutput(l), opts)
+ return any(is_running)
- return (len(commands.getoutput(polkit_gnome)) > 0 or
- len(commands.getoutput(polkit_kde)) > 0)
+
+def _try_to_launch_agent():
+ """
+ Tries to launch a polkit daemon.
+ """
+ opts = [
+ "/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1&",
+ # XXX add kde thing here
+ ]
+ for cmd in opts:
+ try:
+ subprocess.Popen([cmd], shell=True)
+ except:
+ pass
class LinuxVPNLauncher(VPNLauncher):
@@ -220,7 +235,11 @@ class LinuxVPNLauncher(VPNLauncher):
# We assume this is there by our openvpn dependency, and
# we will put it there on the bundle too.
# TODO adapt to the bundle path.
- OPENVPN_DOWN_ROOT = "/usr/lib/openvpn/openvpn-plugin-down-root.so"
+ OPENVPN_DOWN_ROOT_BASE = "/usr/lib/openvpn/"
+ OPENVPN_DOWN_ROOT_FILE = "openvpn-plugin-down-root.so"
+ OPENVPN_DOWN_ROOT_PATH = "%s/%s" % (
+ OPENVPN_DOWN_ROOT_BASE,
+ OPENVPN_DOWN_ROOT_FILE)
POLKIT_BASE = "/usr/share/polkit-1/actions"
POLKIT_FILE = "net.openvpn.gui.leap.policy"
@@ -254,6 +273,8 @@ class LinuxVPNLauncher(VPNLauncher):
:rtype: list
"""
if _is_pkexec_in_system():
+ if not _is_auth_agent_running():
+ _try_to_launch_agent()
if _is_auth_agent_running():
pkexec_possibilities = which(kls.PKEXEC_BIN)
leap_assert(len(pkexec_possibilities) > 0,
@@ -267,6 +288,30 @@ class LinuxVPNLauncher(VPNLauncher):
logger.warning("System has no pkexec")
raise EIPNoPkexecAvailable()
+ @classmethod
+ def maybe_down_plugin(kls):
+ """
+ Returns the path of the openvpn down-root-plugin, searching first
+ in the relative path for the standalone bundle, and then in the system
+ path where the debian package puts it.
+
+ :returns: the path where the plugin was found, or None
+ :rtype: str or None
+ """
+ cwd = os.getcwd()
+ rel_path_in_bundle = os.path.join(
+ 'apps', 'eip', 'files', kls.OPENVPN_DOWN_ROOT_FILE)
+ abs_path_in_bundle = os.path.join(cwd, rel_path_in_bundle)
+ if os.path.isfile(abs_path_in_bundle):
+ return abs_path_in_bundle
+ abs_path_in_system = kls.OPENVPN_DOWN_ROOT_FILE
+ if os.path.isfile(abs_path_in_system):
+ return abs_path_in_system
+
+ logger.warning("We could not find the down-root-plugin, so no updown "
+ "scripts will be run. DNS leaks are likely!")
+ return None
+
def get_vpn_command(self, eipconfig=None, providerconfig=None,
socket_host=None, socket_port="unix"):
"""
@@ -348,7 +393,7 @@ class LinuxVPNLauncher(VPNLauncher):
'--group', grp.getgrgid(os.getgroups()[-1]).gr_name
]
- if socket_port == "unix":
+ if socket_port == "unix": # that's always the case for linux
args += [
'--management-client-user', getpass.getuser()
]
@@ -359,11 +404,17 @@ class LinuxVPNLauncher(VPNLauncher):
'--script-security', '2'
]
- if _has_updown_scripts(self.UP_DOWN_PATH):
+ plugin_path = self.maybe_down_plugin()
+ # If we do not have the down plugin neither in the bundle
+ # nor in the system, we do not do updown scripts. The alternative
+ # is leaving the user without the ability to restore dns and routes
+ # to its original state.
+
+ if plugin_path and _has_updown_scripts(self.UP_DOWN_PATH):
args += [
'--up', self.UP_DOWN_PATH,
'--down', self.UP_DOWN_PATH,
- '--plugin', self.OPENVPN_DOWN_ROOT,
+ '--plugin', plugin_path,
'\'script_type=down %s\'' % self.UP_DOWN_PATH
]