summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/services
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/services')
-rw-r--r--src/leap/bitmask/services/__init__.py39
-rw-r--r--src/leap/bitmask/services/eip/eipconfig.py43
-rw-r--r--src/leap/bitmask/services/eip/vpnlaunchers.py83
-rw-r--r--src/leap/bitmask/services/soledad/soledadbootstrapper.py3
4 files changed, 134 insertions, 34 deletions
diff --git a/src/leap/bitmask/services/__init__.py b/src/leap/bitmask/services/__init__.py
index 253359cd..339f9cc6 100644
--- a/src/leap/bitmask/services/__init__.py
+++ b/src/leap/bitmask/services/__init__.py
@@ -17,9 +17,48 @@
"""
Services module.
"""
+from PySide import QtCore
+from leap.bitmask.util.privilege_policies import is_missing_policy_permissions
+
DEPLOYED = ["openvpn", "mx"]
+def get_service_display_name(service, standalone=False):
+ """
+ Returns the name to display of the given service.
+ If there is no configured name for that service, then returns the same
+ parameter
+
+ :param service: the 'machine' service name
+ :type service: str
+ :param standalone: True if the app is running in a standalone mode, used
+ to display messages according that.
+ :type standalone: bool
+
+ :rtype: str
+ """
+ # qt translator method helper
+ _tr = QtCore.QObject().tr
+
+ # Correspondence for services and their name to display
+ EIP_LABEL = _tr("Encrypted Internet")
+ MX_LABEL = _tr("Encrypted Mail")
+
+ service_display = {
+ "openvpn": EIP_LABEL,
+ "mx": MX_LABEL
+ }
+
+ # If we need to add a warning about eip needing
+ # administrative permissions to start. That can be either
+ # because we are running in standalone mode, or because we could
+ # not find the needed privilege escalation mechanisms being operative.
+ if standalone or is_missing_policy_permissions():
+ EIP_LABEL += " " + _tr("(will need admin password to start)")
+
+ return service_display.get(service, service)
+
+
def get_supported(services):
"""
Returns a list of the available services.
diff --git a/src/leap/bitmask/services/eip/eipconfig.py b/src/leap/bitmask/services/eip/eipconfig.py
index 843e7397..1cb7419e 100644
--- a/src/leap/bitmask/services/eip/eipconfig.py
+++ b/src/leap/bitmask/services/eip/eipconfig.py
@@ -62,11 +62,12 @@ class VPNGatewaySelector(object):
self._eipconfig = eipconfig
- def get_gateways(self):
+ def get_gateways_list(self):
"""
- Returns the 4 best gateways, sorted by timezone proximity.
+ Returns the existing gateways, sorted by timezone proximity.
- :rtype: list of IPv4Address or IPv6Address object.
+ :rtype: list of tuples (location, ip)
+ (str, IPv4Address or IPv6Address object)
"""
gateways_timezones = []
locations = self._eipconfig.get_locations()
@@ -77,19 +78,35 @@ class VPNGatewaySelector(object):
gateway_distance = 99 # if hasn't location -> should go last
if gateway_location is not None:
- gw_offset = int(locations[gateway['location']]['timezone'])
+ timezone = locations[gateway['location']]['timezone']
+ gateway_name = locations[gateway['location']].get('name', None)
+ if gateway_name is not None:
+ gateway_location = gateway_name
+
+ gw_offset = int(timezone)
if gw_offset in self.equivalent_timezones:
gw_offset = self.equivalent_timezones[gw_offset]
gateway_distance = self._get_timezone_distance(gw_offset)
ip = self._eipconfig.get_gateway_ip(idx)
- gateways_timezones.append((ip, gateway_distance))
+ gateways_timezones.append((ip, gateway_distance, gateway_location))
- gateways_timezones = sorted(gateways_timezones,
- key=lambda gw: gw[1])[:4]
+ gateways_timezones = sorted(gateways_timezones, key=lambda gw: gw[1])
+
+ gateways = []
+ for ip, distance, location in gateways_timezones:
+ gateways.append((location, ip))
+
+ return gateways
- gateways = [ip for ip, dist in gateways_timezones]
+ def get_gateways(self):
+ """
+ Returns the 4 best gateways, sorted by timezone proximity.
+
+ :rtype: list of IPv4Address or IPv6Address object.
+ """
+ gateways = [ip for location, ip in self.get_gateways_list()][:4]
return gateways
def _get_timezone_distance(self, offset):
@@ -124,7 +141,7 @@ class VPNGatewaySelector(object):
if time.daylight:
local_offset = time.altzone
- return local_offset / 3600
+ return -local_offset / 3600
class EIPConfig(BaseConfig):
@@ -246,7 +263,8 @@ if __name__ == "__main__":
console.setFormatter(formatter)
logger.addHandler(console)
- eipconfig = EIPConfig('1')
+ eipconfig = EIPConfig()
+ eipconfig.set_api_version('1')
try:
eipconfig.get_clusters()
@@ -255,9 +273,14 @@ if __name__ == "__main__":
print "Safe value getting is working"
if eipconfig.load("leap/providers/bitmask.net/eip-service.json"):
+ print "EIPConfig methods"
print eipconfig.get_clusters()
print eipconfig.get_gateways()
print eipconfig.get_locations()
print eipconfig.get_openvpn_configuration()
print eipconfig.get_serial()
print eipconfig.get_version()
+ print "VPNGatewaySelector methods"
+ gws = VPNGatewaySelector(eipconfig)
+ print gws.get_gateways()
+ print gws.get_gateways_list()
diff --git a/src/leap/bitmask/services/eip/vpnlaunchers.py b/src/leap/bitmask/services/eip/vpnlaunchers.py
index f8c51ad8..a50da8b9 100644
--- a/src/leap/bitmask/services/eip/vpnlaunchers.py
+++ b/src/leap/bitmask/services/eip/vpnlaunchers.py
@@ -23,8 +23,8 @@ import logging
import getpass
import os
import platform
-import subprocess
import stat
+import subprocess
try:
import grp
except ImportError:
@@ -32,6 +32,9 @@ except ImportError:
from abc import ABCMeta, abstractmethod
from functools import partial
+from time import sleep
+
+from leap.bitmask.config.leapsettings import LeapSettings
from leap.bitmask.config.providerconfig import ProviderConfig
from leap.bitmask.services.eip.eipconfig import EIPConfig, VPNGatewaySelector
@@ -217,19 +220,23 @@ def _is_auth_agent_running():
return any(is_running)
-def _try_to_launch_agent():
+def _try_to_launch_agent(standalone=False):
"""
Tries to launch a polkit daemon.
"""
- opts = [
- "/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1",
- # XXX add kde thing here
- ]
- for cmd in opts:
- try:
- subprocess.Popen([cmd], shell=True)
- except:
- pass
+ env = None
+ if standalone is True:
+ env = {
+ "PYTHONPATH": os.path.abspath('../../../../lib/')}
+ try:
+ # We need to quote the command because subprocess call
+ # will do "sh -c 'foo'", so if we do not quoute it we'll end
+ # up with a invocation to the python interpreter. And that
+ # is bad.
+ subprocess.call(["python -m leap.bitmask.util.polkit_agent"],
+ shell=True, env=env)
+ except Exception as exc:
+ logger.exception(exc)
class LinuxVPNLauncher(VPNLauncher):
@@ -313,7 +320,8 @@ class LinuxVPNLauncher(VPNLauncher):
"""
if _is_pkexec_in_system():
if not _is_auth_agent_running():
- _try_to_launch_agent()
+ _try_to_launch_agent(ProviderConfig.standalone)
+ sleep(0.5)
if _is_auth_agent_running():
pkexec_possibilities = which(kls.PKEXEC_BIN)
leap_assert(len(pkexec_possibilities) > 0,
@@ -414,14 +422,22 @@ class LinuxVPNLauncher(VPNLauncher):
if openvpn_verb is not None:
args += ['--verb', '%d' % (openvpn_verb,)]
- gateway_selector = VPNGatewaySelector(eipconfig)
- gateways = gateway_selector.get_gateways()
+ gateways = []
+ leap_settings = LeapSettings(ProviderConfig.standalone)
+ domain = providerconfig.get_domain()
+ gateway_conf = leap_settings.get_selected_gateway(domain)
+
+ if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
+ gateway_selector = VPNGatewaySelector(eipconfig)
+ gateways = gateway_selector.get_gateways()
+ else:
+ gateways = [gateway_conf]
if not gateways:
logger.error('No gateway was found!')
raise VPNLauncherException(self.tr('No gateway was found!'))
- logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
+ logger.debug("Using gateways ips: {0}".format(', '.join(gateways)))
for gw in gateways:
args += ['--remote', gw, '1194', 'udp']
@@ -669,11 +685,22 @@ class DarwinVPNLauncher(VPNLauncher):
if openvpn_verb is not None:
args += ['--verb', '%d' % (openvpn_verb,)]
- gateway_selector = VPNGatewaySelector(eipconfig)
- gateways = gateway_selector.get_gateways()
+ gateways = []
+ leap_settings = LeapSettings(ProviderConfig.standalone)
+ domain = providerconfig.get_domain()
+ gateway_conf = leap_settings.get_selected_gateway(domain)
+
+ if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
+ gateway_selector = VPNGatewaySelector(eipconfig)
+ gateways = gateway_selector.get_gateways()
+ else:
+ gateways = [gateway_conf]
+
+ if not gateways:
+ logger.error('No gateway was found!')
+ raise VPNLauncherException(self.tr('No gateway was found!'))
- logger.debug("Using gateways ips: {gw}".format(
- gw=', '.join(gateways)))
+ logger.debug("Using gateways ips: {0}".format(', '.join(gateways)))
for gw in gateways:
args += ['--remote', gw, '1194', 'udp']
@@ -841,10 +868,22 @@ class WindowsVPNLauncher(VPNLauncher):
if openvpn_verb is not None:
args += ['--verb', '%d' % (openvpn_verb,)]
- gateway_selector = VPNGatewaySelector(eipconfig)
- gateways = gateway_selector.get_gateways()
+ gateways = []
+ leap_settings = LeapSettings(ProviderConfig.standalone)
+ domain = providerconfig.get_domain()
+ gateway_conf = leap_settings.get_selected_gateway(domain)
+
+ if gateway_conf == leap_settings.GATEWAY_AUTOMATIC:
+ gateway_selector = VPNGatewaySelector(eipconfig)
+ gateways = gateway_selector.get_gateways()
+ else:
+ gateways = [gateway_conf]
+
+ if not gateways:
+ logger.error('No gateway was found!')
+ raise VPNLauncherException(self.tr('No gateway was found!'))
- logger.debug("Using gateways ips: {}".format(', '.join(gateways)))
+ logger.debug("Using gateways ips: {0}".format(', '.join(gateways)))
for gw in gateways:
args += ['--remote', gw, '1194', 'udp']
diff --git a/src/leap/bitmask/services/soledad/soledadbootstrapper.py b/src/leap/bitmask/services/soledad/soledadbootstrapper.py
index 2419fc0d..3bbfea85 100644
--- a/src/leap/bitmask/services/soledad/soledadbootstrapper.py
+++ b/src/leap/bitmask/services/soledad/soledadbootstrapper.py
@@ -159,8 +159,7 @@ class SoledadBootstrapper(AbstractBootstrapper):
self.soledad_timeout.emit()
except socket.error as exc:
logger.error("Socket error while initializing soledad")
- if exc.errno in (111, ):
- self.soledad_failed.emit()
+ self.soledad_failed.emit()
except u1db_errors.Unauthorized:
logger.error("Error while initializing soledad "
"(unauthorized).")