1 files changed, 59 insertions, 53 deletions

diff --git a/src/leap/bitmask/services/eip/linuxvpnlauncher.py b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
index d24e7ae7..1f0813e0 100644
--- a/src/leap/bitmask/services/eip/linuxvpnlauncher.py
+++ b/src/leap/bitmask/services/eip/linuxvpnlauncher.py
@@ -25,7 +25,6 @@ import sys
 import time
 
 from leap.bitmask.config import flags
-from leap.bitmask.util import privilege_policies
 from leap.bitmask.util.privilege_policies import LinuxPolicyChecker
 from leap.common.files import which
 from leap.bitmask.services.eip.vpnlauncher import VPNLauncher
@@ -36,6 +35,8 @@ from leap.bitmask.util import first
 
 logger = logging.getLogger(__name__)
 
+COM = commands
+
 
 class EIPNoPolkitAuthAgentAvailable(VPNLauncherException):
     pass
@@ -64,9 +65,10 @@ def _is_auth_agent_running():
     """
     # the [x] thing is to avoid grep match itself
     polkit_options = [
-        'ps aux | grep polkit-[g]nome-authentication-agent-1',
-        'ps aux | grep polkit-[k]de-authentication-agent-1',
-        'ps aux | grep [l]xpolkit'
+        'ps aux | grep "polkit-[g]nome-authentication-agent-1"',
+        'ps aux | grep "polkit-[k]de-authentication-agent-1"',
+        'ps aux | grep "polkit-[m]ate-authentication-agent-1"',
+        'ps aux | grep "[l]xpolkit"'
     ]
     is_running = [commands.getoutput(cmd) for cmd in polkit_options]
     return any(is_running)
@@ -84,35 +86,39 @@ def _try_to_launch_agent():
         # will do "sh -c 'foo'", so if we do not quoute it we'll end
         # up with a invocation to the python interpreter. And that
         # is bad.
+        logger.debug("Trying to launch polkit agent")
         subprocess.call(["python -m leap.bitmask.util.polkit_agent"],
                         shell=True, env=env)
     except Exception as exc:
         logger.exception(exc)
 
 
+SYSTEM_CONFIG = "/etc/leap"
+leapfile = lambda f: "%s/%s" % (SYSTEM_CONFIG, f)
+
+
 class LinuxVPNLauncher(VPNLauncher):
     PKEXEC_BIN = 'pkexec'
-    OPENVPN_BIN = 'openvpn'
-    OPENVPN_BIN_PATH = os.path.join(
-        get_path_prefix(), "..", "apps", "eip", OPENVPN_BIN)
-
-    SYSTEM_CONFIG = "/etc/leap"
-    UP_DOWN_FILE = "resolv-update"
-    UP_DOWN_PATH = "%s/%s" % (SYSTEM_CONFIG, UP_DOWN_FILE)
+    BITMASK_ROOT = "/usr/sbin/bitmask-root"
 
     # We assume this is there by our openvpn dependency, and
     # we will put it there on the bundle too.
-    # TODO adapt to the bundle path.
-    OPENVPN_DOWN_ROOT_BASE = "/usr/lib/openvpn/"
-    OPENVPN_DOWN_ROOT_FILE = "openvpn-plugin-down-root.so"
-    OPENVPN_DOWN_ROOT_PATH = "%s/%s" % (
-        OPENVPN_DOWN_ROOT_BASE,
-        OPENVPN_DOWN_ROOT_FILE)
-
-    UP_SCRIPT = DOWN_SCRIPT = UP_DOWN_PATH
-    UPDOWN_FILES = (UP_DOWN_PATH,)
+    if flags.STANDALONE:
+        OPENVPN_BIN_PATH = "/usr/sbin/leap-openvpn"
+    else:
+        OPENVPN_BIN_PATH = "/usr/sbin/openvpn"
+
     POLKIT_PATH = LinuxPolicyChecker.get_polkit_path()
-    OTHER_FILES = (POLKIT_PATH, )
+
+    if flags.STANDALONE:
+        RESOLVCONF_BIN_PATH = "/usr/local/sbin/leap-resolvconf"
+    else:
+        # this only will work with debian/ubuntu distros.
+        RESOLVCONF_BIN_PATH = "/sbin/resolvconf"
+
+    # XXX openvpn binary TOO
+    OTHER_FILES = (POLKIT_PATH, BITMASK_ROOT, OPENVPN_BIN_PATH,
+                   RESOLVCONF_BIN_PATH)
 
     @classmethod
     def maybe_pkexec(kls):
@@ -130,7 +136,7 @@ class LinuxVPNLauncher(VPNLauncher):
         if _is_pkexec_in_system():
             if not _is_auth_agent_running():
                 _try_to_launch_agent()
-                time.sleep(0.5)
+                time.sleep(2)
             if _is_auth_agent_running():
                 pkexec_possibilities = which(kls.PKEXEC_BIN)
                 leap_assert(len(pkexec_possibilities) > 0,
@@ -145,28 +151,6 @@ class LinuxVPNLauncher(VPNLauncher):
             raise EIPNoPkexecAvailable()
 
     @classmethod
-    def missing_other_files(kls):
-        """
-        'Extend' the VPNLauncher's missing_other_files to check if the polkit
-        files is outdated, in the case of an standalone bundle.
-        If the polkit file that is in OTHER_FILES exists but is not up to date,
-        it is added to the missing list.
-
-        :returns: a list of missing files
-        :rtype: list of str
-        """
-        # we use `super` in order to send the class to use
-        missing = super(LinuxVPNLauncher, kls).missing_other_files()
-
-        if flags.STANDALONE:
-            polkit_file = LinuxPolicyChecker.get_polkit_path()
-            if polkit_file not in missing:
-                if privilege_policies.is_policy_outdated(kls.OPENVPN_BIN_PATH):
-                    missing.append(polkit_file)
-
-        return missing
-
-    @classmethod
     def get_vpn_command(kls, eipconfig, providerconfig, socket_host,
                         socket_port="unix", openvpn_verb=1):
         """
@@ -197,6 +181,10 @@ class LinuxVPNLauncher(VPNLauncher):
         command = super(LinuxVPNLauncher, kls).get_vpn_command(
             eipconfig, providerconfig, socket_host, socket_port, openvpn_verb)
 
+        command.insert(0, kls.BITMASK_ROOT)
+        command.insert(1, "openvpn")
+        command.insert(2, "start")
+
         pkexec = kls.maybe_pkexec()
         if pkexec:
             command.insert(0, first(pkexec))
@@ -204,26 +192,44 @@ class LinuxVPNLauncher(VPNLauncher):
         return command
 
     @classmethod
-    def cmd_for_missing_scripts(kls, frompath, pol_file):
+    def cmd_for_missing_scripts(kls, frompath):
         """
         Returns a sh script that can copy the missing files.
 
-        :param frompath: The path where the up/down scripts live
+        :param frompath: The path where the helper files live
         :type frompath: str
-        :param pol_file: The path where the dynamically generated
-                         policy file lives
-        :type pol_file: str
 
         :rtype: str
         """
-        to = kls.SYSTEM_CONFIG
+        # no system config for now
+        # sys_config = kls.SYSTEM_CONFIG
+        (polkit_file, openvpn_bin_file,
+         bitmask_root_file, resolvconf_bin_file) = map(
+            lambda p: os.path.split(p)[-1],
+            (kls.POLKIT_PATH, kls.OPENVPN_BIN_PATH,
+             kls.BITMASK_ROOT, kls.RESOLVCONF_BIN_PATH))
 
         cmd = '#!/bin/sh\n'
-        cmd += 'mkdir -p "%s"\n' % (to, )
-        cmd += 'cp "%s/%s" "%s"\n' % (frompath, kls.UP_DOWN_FILE, to)
-        cmd += 'cp "%s" "%s"\n' % (pol_file, kls.POLKIT_PATH)
+        cmd += 'mkdir -p /usr/local/sbin\n'
+
+        cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, polkit_file),
+                                   kls.POLKIT_PATH)
         cmd += 'chmod 644 "%s"\n' % (kls.POLKIT_PATH, )
 
+        cmd += 'cp "%s" "%s"\n' % (os.path.join(frompath, bitmask_root_file),
+                                   kls.BITMASK_ROOT)
+        cmd += 'chmod 744 "%s"\n' % (kls.BITMASK_ROOT, )
+
+        if flags.STANDALONE:
+            cmd += 'cp "%s" "%s"\n' % (
+                os.path.join(frompath, openvpn_bin_file),
+                kls.OPENVPN_BIN_PATH)
+            cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
+
+            cmd += 'cp "%s" "%s"\n' % (
+                os.path.join(frompath, resolvconf_bin_file),
+                kls.RESOLVCONF_BIN_PATH)
+            cmd += 'chmod 744 "%s"\n' % (kls.POLKIT_PATH, )
         return cmd
 
     @classmethod