diff options
Diffstat (limited to 'src/leap/bitmask/services')
| -rw-r--r-- | src/leap/bitmask/services/__init__.py | 39 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/eipconfig.py | 43 | ||||
| -rw-r--r-- | src/leap/bitmask/services/eip/vpnlaunchers.py | 83 | ||||
| -rw-r--r-- | src/leap/bitmask/services/soledad/soledadbootstrapper.py | 3 |
4 files changed, 134 insertions, 34 deletions
diff --git a/src/leap/bitmask/services/__init__.py b/src/leap/bitmask/services/__init__.py index 253359cd..339f9cc6 100644 --- a/src/leap/bitmask/services/__init__.py +++ b/src/leap/bitmask/services/__init__.py @@ -17,9 +17,48 @@ """ Services module. """ +from PySide import QtCore +from leap.bitmask.util.privilege_policies import is_missing_policy_permissions + DEPLOYED = ["openvpn", "mx"] +def get_service_display_name(service, standalone=False): + """ + Returns the name to display of the given service. + If there is no configured name for that service, then returns the same + parameter + + :param service: the 'machine' service name + :type service: str + :param standalone: True if the app is running in a standalone mode, used + to display messages according that. + :type standalone: bool + + :rtype: str + """ + # qt translator method helper + _tr = QtCore.QObject().tr + + # Correspondence for services and their name to display + EIP_LABEL = _tr("Encrypted Internet") + MX_LABEL = _tr("Encrypted Mail") + + service_display = { + "openvpn": EIP_LABEL, + "mx": MX_LABEL + } + + # If we need to add a warning about eip needing + # administrative permissions to start. That can be either + # because we are running in standalone mode, or because we could + # not find the needed privilege escalation mechanisms being operative. + if standalone or is_missing_policy_permissions(): + EIP_LABEL += " " + _tr("(will need admin password to start)") + + return service_display.get(service, service) + + def get_supported(services): """ Returns a list of the available services. diff --git a/src/leap/bitmask/services/eip/eipconfig.py b/src/leap/bitmask/services/eip/eipconfig.py index 843e7397..1cb7419e 100644 --- a/src/leap/bitmask/services/eip/eipconfig.py +++ b/src/leap/bitmask/services/eip/eipconfig.py @@ -62,11 +62,12 @@ class VPNGatewaySelector(object): self._eipconfig = eipconfig - def get_gateways(self): + def get_gateways_list(self): """ - Returns the 4 best gateways, sorted by timezone proximity. + Returns the existing gateways, sorted by timezone proximity. - :rtype: list of IPv4Address or IPv6Address object. + :rtype: list of tuples (location, ip) + (str, IPv4Address or IPv6Address object) """ gateways_timezones = [] locations = self._eipconfig.get_locations() @@ -77,19 +78,35 @@ class VPNGatewaySelector(object): gateway_distance = 99 # if hasn't location -> should go last if gateway_location is not None: - gw_offset = int(locations[gateway['location']]['timezone']) + timezone = locations[gateway['location']]['timezone'] + gateway_name = locations[gateway['location']].get('name', None) + if gateway_name is not None: + gateway_location = gateway_name + + gw_offset = int(timezone) if gw_offset in self.equivalent_timezones: gw_offset = self.equivalent_timezones[gw_offset] gateway_distance = self._get_timezone_distance(gw_offset) ip = self._eipconfig.get_gateway_ip(idx) - gateways_timezones.append((ip, gateway_distance)) + gateways_timezones.append((ip, gateway_distance, gateway_location)) - gateways_timezones = sorted(gateways_timezones, - key=lambda gw: gw[1])[:4] + gateways_timezones = sorted(gateways_timezones, key=lambda gw: gw[1]) + + gateways = [] + for ip, distance, location in gateways_timezones: + gateways.append((location, ip)) + + return gateways - gateways = [ip for ip, dist in gateways_timezones] + def get_gateways(self): + """ + Returns the 4 best gateways, sorted by timezone proximity. + + :rtype: list of IPv4Address or IPv6Address object. + """ + gateways = [ip for location, ip in self.get_gateways_list()][:4] return gateways def _get_timezone_distance(self, offset): @@ -124,7 +141,7 @@ class VPNGatewaySelector(object): if time.daylight: local_offset = time.altzone - return local_offset / 3600 + return -local_offset / 3600 class EIPConfig(BaseConfig): @@ -246,7 +263,8 @@ if __name__ == "__main__": console.setFormatter(formatter) logger.addHandler(console) - eipconfig = EIPConfig('1') + eipconfig = EIPConfig() + eipconfig.set_api_version('1') try: eipconfig.get_clusters() @@ -255,9 +273,14 @@ if __name__ == "__main__": print "Safe value getting is working" if eipconfig.load("leap/providers/bitmask.net/eip-service.json"): + print "EIPConfig methods" print eipconfig.get_clusters() print eipconfig.get_gateways() print eipconfig.get_locations() print eipconfig.get_openvpn_configuration() print eipconfig.get_serial() print eipconfig.get_version() + print "VPNGatewaySelector methods" + gws = VPNGatewaySelector(eipconfig) + print gws.get_gateways() + print gws.get_gateways_list() diff --git a/src/leap/bitmask/services/eip/vpnlaunchers.py b/src/leap/bitmask/services/eip/vpnlaunchers.py index f8c51ad8..a50da8b9 100644 --- a/src/leap/bitmask/services/eip/vpnlaunchers.py +++ b/src/leap/bitmask/services/eip/vpnlaunchers.py @@ -23,8 +23,8 @@ import logging import getpass import os import platform -import subprocess import stat +import subprocess try: import grp except ImportError: @@ -32,6 +32,9 @@ except ImportError: from abc import ABCMeta, abstractmethod from functools import partial +from time import sleep + +from leap.bitmask.config.leapsettings import LeapSettings from leap.bitmask.config.providerconfig import ProviderConfig from leap.bitmask.services.eip.eipconfig import EIPConfig, VPNGatewaySelector @@ -217,19 +220,23 @@ def _is_auth_agent_running(): return any(is_running) -def _try_to_launch_agent(): +def _try_to_launch_agent(standalone=False): """ Tries to launch a polkit daemon. """ - opts = [ - "/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1", - # XXX add kde thing here - ] - for cmd in opts: - try: - subprocess.Popen([cmd], shell=True) - except: - pass + env = None + if standalone is True: + env = { + "PYTHONPATH": os.path.abspath('../../../../lib/')} + try: + # We need to quote the command because subprocess call + # will do "sh -c 'foo'", so if we do not quoute it we'll end + # up with a invocation to the python interpreter. And that + # is bad. + subprocess.call(["python -m leap.bitmask.util.polkit_agent"], + shell=True, env=env) + except Exception as exc: + logger.exception(exc) class LinuxVPNLauncher(VPNLauncher): @@ -313,7 +320,8 @@ class LinuxVPNLauncher(VPNLauncher): """ if _is_pkexec_in_system(): if not _is_auth_agent_running(): - _try_to_launch_agent() + _try_to_launch_agent(ProviderConfig.standalone) + sleep(0.5) if _is_auth_agent_running(): pkexec_possibilities = which(kls.PKEXEC_BIN) leap_assert(len(pkexec_possibilities) > 0, @@ -414,14 +422,22 @@ class LinuxVPNLauncher(VPNLauncher): if openvpn_verb is not None: args += ['--verb', '%d' % (openvpn_verb,)] - gateway_selector = VPNGatewaySelector(eipconfig) - gateways = gateway_selector.get_gateways() + gateways = [] + leap_settings = LeapSettings(ProviderConfig.standalone) + domain = providerconfig.get_domain() + gateway_conf = leap_settings.get_selected_gateway(domain) + + if gateway_conf == leap_settings.GATEWAY_AUTOMATIC: + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + else: + gateways = [gateway_conf] if not gateways: logger.error('No gateway was found!') raise VPNLauncherException(self.tr('No gateway was found!')) - logger.debug("Using gateways ips: {}".format(', '.join(gateways))) + logger.debug("Using gateways ips: {0}".format(', '.join(gateways))) for gw in gateways: args += ['--remote', gw, '1194', 'udp'] @@ -669,11 +685,22 @@ class DarwinVPNLauncher(VPNLauncher): if openvpn_verb is not None: args += ['--verb', '%d' % (openvpn_verb,)] - gateway_selector = VPNGatewaySelector(eipconfig) - gateways = gateway_selector.get_gateways() + gateways = [] + leap_settings = LeapSettings(ProviderConfig.standalone) + domain = providerconfig.get_domain() + gateway_conf = leap_settings.get_selected_gateway(domain) + + if gateway_conf == leap_settings.GATEWAY_AUTOMATIC: + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + else: + gateways = [gateway_conf] + + if not gateways: + logger.error('No gateway was found!') + raise VPNLauncherException(self.tr('No gateway was found!')) - logger.debug("Using gateways ips: {gw}".format( - gw=', '.join(gateways))) + logger.debug("Using gateways ips: {0}".format(', '.join(gateways))) for gw in gateways: args += ['--remote', gw, '1194', 'udp'] @@ -841,10 +868,22 @@ class WindowsVPNLauncher(VPNLauncher): if openvpn_verb is not None: args += ['--verb', '%d' % (openvpn_verb,)] - gateway_selector = VPNGatewaySelector(eipconfig) - gateways = gateway_selector.get_gateways() + gateways = [] + leap_settings = LeapSettings(ProviderConfig.standalone) + domain = providerconfig.get_domain() + gateway_conf = leap_settings.get_selected_gateway(domain) + + if gateway_conf == leap_settings.GATEWAY_AUTOMATIC: + gateway_selector = VPNGatewaySelector(eipconfig) + gateways = gateway_selector.get_gateways() + else: + gateways = [gateway_conf] + + if not gateways: + logger.error('No gateway was found!') + raise VPNLauncherException(self.tr('No gateway was found!')) - logger.debug("Using gateways ips: {}".format(', '.join(gateways))) + logger.debug("Using gateways ips: {0}".format(', '.join(gateways))) for gw in gateways: args += ['--remote', gw, '1194', 'udp'] diff --git a/src/leap/bitmask/services/soledad/soledadbootstrapper.py b/src/leap/bitmask/services/soledad/soledadbootstrapper.py index 2419fc0d..3bbfea85 100644 --- a/src/leap/bitmask/services/soledad/soledadbootstrapper.py +++ b/src/leap/bitmask/services/soledad/soledadbootstrapper.py @@ -159,8 +159,7 @@ class SoledadBootstrapper(AbstractBootstrapper): self.soledad_timeout.emit() except socket.error as exc: logger.error("Socket error while initializing soledad") - if exc.errno in (111, ): - self.soledad_failed.emit() + self.soledad_failed.emit() except u1db_errors.Unauthorized: logger.error("Error while initializing soledad " "(unauthorized).") |