7 files changed, 65 insertions, 34 deletions

diff --git a/changes/bug-2905_close-app-on-rejected-wizard b/changes/bug-2905_close-app-on-rejected-wizard
new file mode 100644
index 00000000..cf3b8e3d
--- /dev/null
+++ b/changes/bug-2905_close-app-on-rejected-wizard
@@ -0,0 +1 @@
+  o Close the app on rejected wizard. Closes bug #2905.
diff --git a/changes/feature_2877-improve_gateway_selector b/changes/feature_2877-improve_gateway_selector
new file mode 100644
index 00000000..5162a09e
--- /dev/null
+++ b/changes/feature_2877-improve_gateway_selector
@@ -0,0 +1 @@
+  o Improve gateway selector based on timezone. It allows to use multiple gateways in openvpn for redundancy. Closes #2894.
diff --git a/src/leap/gui/mainwindow.py b/src/leap/gui/mainwindow.py
index 51b96463..5a303830 100644
--- a/src/leap/gui/mainwindow.py
+++ b/src/leap/gui/mainwindow.py
@@ -299,9 +299,12 @@ class MainWindow(QtGui.QMainWindow):
         """
         if self._wizard is None:
             self._wizard = Wizard(bypass_checks=self._bypass_checks)
-        self._wizard.accepted.connect(self._finish_init)
+            self._wizard.accepted.connect(self._finish_init)
+
         self.setVisible(False)
         self._wizard.exec_()
+        # We need this to process any wizard related event
+        QtCore.QCoreApplication.processEvents()
         self._wizard = None
         self.setVisible(True)
 
@@ -1209,7 +1212,7 @@ class MainWindow(QtGui.QMainWindow):
         self._cleanup_pidfiles()
 
         logger.debug('Terminating vpn')
-        self._vpn.terminate()
+        self._vpn.terminate(shutdown=True)
 
     def quit(self):
         """
diff --git a/src/leap/gui/wizard.py b/src/leap/gui/wizard.py
index d03427db..897bf94f 100644
--- a/src/leap/gui/wizard.py
+++ b/src/leap/gui/wizard.py
@@ -154,6 +154,11 @@ class Wizard(QtGui.QWizard):
         self.page(self.FINISH_PAGE).setButtonText(
             QtGui.QWizard.FinishButton, self.tr("Connect"))
 
+        # XXX: Temporary removal for enrollment policy
+        # https://leap.se/code/issues/2922
+        self.ui.label_12.setVisible(False)
+        self.ui.lblProviderPolicy.setVisible(False)
+
     def get_domain(self):
         return self._domain
 
diff --git a/src/leap/services/eip/eipconfig.py b/src/leap/services/eip/eipconfig.py
index f7d03963..a85fe64a 100644
--- a/src/leap/services/eip/eipconfig.py
+++ b/src/leap/services/eip/eipconfig.py
@@ -52,33 +52,32 @@ class VPNGatewaySelector(object):
         self._set_local_offset()
         self._eipconfig = eipconfig
 
-    def _get_best_gateway(self):
+    def get_gateways(self):
         """
-        Returns index of the closest gateway, using timezones offsets.
+        Returns the 4 best gateways, sorted by timezone proximity.
 
-        :rtype: int
+        :rtype: list of IPv4Address or IPv6Address object.
         """
-        best_gateway = (-1, 99)  # gateway, distance
+        gateways_timezones = []
         locations = self._eipconfig.get_locations()
         gateways = self._eipconfig.get_gateways()
+
         for idx, gateway in enumerate(gateways):
-            gateway_offset = int(locations[gateway['location']]['timezone'])
-            gateway_distance = self._get_timezone_distance(gateway_offset)
-            if gateway_distance < best_gateway[1]:
-                best_gateway = (idx, gateway_distance)
+            gateway_location = gateway.get('location')
+            gateway_distance = 99  # if hasn't location -> should go last
 
-        return best_gateway[0]
+            if gateway_location is not None:
+                gw_offset = int(locations[gateway['location']]['timezone'])
+                gateway_distance = self._get_timezone_distance(gw_offset)
 
-    def get_best_gateway_ip(self):
-        """
-        Returns the ip of the best possible gateway.
+            ip = self._eipconfig.get_gateway_ip(idx)
+            gateways_timezones.append((ip, gateway_distance))
 
-        :rtype: An IPv4Address or IPv6Address object.
-        """
-        best_gateway = self._get_best_gateway()
-        gateway_ip = self._eipconfig.get_gateway_ip(best_gateway)
+        gateways_timezones = sorted(gateways_timezones,
+                                    key=lambda gw: gw[1])[:4]
 
-        return gateway_ip
+        gateways = [ip for ip, dist in gateways_timezones]
+        return gateways
 
     def _get_timezone_distance(self, offset):
         '''
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 436072d2..af77c146 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -321,16 +321,18 @@ class LinuxVPNLauncher(VPNLauncher):
         # TODO: handle verbosity
 
         gateway_selector = VPNGatewaySelector(eipconfig)
-        gateway_ip = gateway_selector.get_best_gateway_ip()
+        gateways = gateway_selector.get_gateways()
 
-        logger.debug("Using gateway ip %s" % (gateway_ip,))
+        logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
+
+        for gw in gateways:
+            args += ['--remote', gw, '1194', 'udp']
 
         args += [
             '--client',
             '--dev', 'tun',
             '--persist-tun',
             '--persist-key',
-            '--remote', gateway_ip, '1194', 'udp',
             '--tls-client',
             '--remote-cert-tls',
             'server'
@@ -474,16 +476,18 @@ class DarwinVPNLauncher(VPNLauncher):
         # TODO: handle verbosity
 
         gateway_selector = VPNGatewaySelector(eipconfig)
-        gateway_ip = gateway_selector.get_best_gateway_ip()
+        gateways = gateway_selector.get_gateways()
+
+        logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
 
-        logger.debug("Using gateway ip %s" % (gateway_ip,))
+        for gw in gateways:
+            args += ['--remote', gw, '1194', 'udp']
 
         args += [
             '--client',
             '--dev', 'tun',
             '--persist-tun',
             '--persist-key',
-            '--remote', gateway_ip, '1194', 'udp',
             '--tls-client',
             '--remote-cert-tls',
             'server'
@@ -617,16 +621,18 @@ class WindowsVPNLauncher(VPNLauncher):
         # TODO: handle verbosity
 
         gateway_selector = VPNGatewaySelector(eipconfig)
-        gateway_ip = gateway_selector.get_best_gateway_ip()
+        gateways = gateway_selector.get_gateways()
+
+        logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
 
-        logger.debug("Using gateway ip %s" % (gateway_ip,))
+        for gw in gateways:
+            args += ['--remote', gw, '1194', 'udp']
 
         args += [
             '--client',
             '--dev', 'tun',
             '--persist-tun',
             '--persist-key',
-            '--remote', gateway_ip, '1194', 'udp',
             '--tls-client',
             '--remote-cert-tls',
             'server'
diff --git a/src/leap/services/eip/vpnprocess.py b/src/leap/services/eip/vpnprocess.py
index 162dc7f0..f3443533 100644
--- a/src/leap/services/eip/vpnprocess.py
+++ b/src/leap/services/eip/vpnprocess.py
@@ -20,8 +20,8 @@ VPN Manager, spawned in a custom processProtocol.
 import logging
 import os
 import psutil
+import shutil
 import socket
-import time
 
 from PySide import QtCore
 
@@ -143,7 +143,7 @@ class VPN(object):
         logger.debug("Process did not died. Sending a SIGKILL.")
         self._vpnproc.killProcess()
 
-    def terminate(self):
+    def terminate(self, shutdown=False):
         """
         Stops the openvpn subprocess.
 
@@ -156,15 +156,13 @@ class VPN(object):
         # First we try to be polite and send a SIGTERM...
         if self._vpnproc:
             self._sentterm = True
-            self._vpnproc.terminate_openvpn()
+            self._vpnproc.terminate_openvpn(shutdown=shutdown)
 
             # ...but we also trigger a countdown to be unpolite
             # if strictly needed.
             reactor.callLater(
                 self.TERMINATE_WAIT, self._kill_if_left_alive)
 
-    # TODO: should also cleanup tempfiles!!!
-
     def _start_pollers(self):
         """
         Iterate through the registered observers
@@ -482,12 +480,30 @@ class VPNManager(object):
         """
         return self._launcher.get_vpn_env(self._providerconfig)
 
-    def terminate_openvpn(self):
+    def terminate_openvpn(self, shutdown=False):
         """
         Attempts to terminate openvpn by sending a SIGTERM.
         """
         if self.is_connected():
             self._send_command("signal SIGTERM")
+        if shutdown:
+            self._cleanup_tempfiles()
+
+    def _cleanup_tempfiles(self):
+        """
+        Remove all temporal files we might have left behind.
+
+        Iif self.port is 'unix', we have created a temporal socket path that,
+        under normal circumstances, we should be able to delete.
+        """
+        if self._socket_port == "unix":
+            logger.debug('cleaning socket file temp folder')
+            tempfolder = os.path.split(self._socket_host)[0]  # XXX use `first`
+            if os.path.isdir(tempfolder):
+                try:
+                    shutil.rmtree(tempfolder)
+                except OSError:
+                    logger.error('could not delete tmpfolder %s' % tempfolder)
 
     # ---------------------------------------------------
     # XXX old methods, not adapted to twisted process yet