summaryrefslogtreecommitdiff
path: root/src/leap/eip/config.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip/config.py')
-rw-r--r--src/leap/eip/config.py65
1 files changed, 54 insertions, 11 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index c0e17a19..e5fcd164 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -3,7 +3,9 @@ import os
import platform
import tempfile
-from leap.util.fileutil import (which, check_and_fix_urw_only)
+from leap import __branding as BRANDING
+from leap import certs
+from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only)
from leap.base import config as baseconfig
from leap.baseapp.permcheck import (is_pkexec_in_system,
@@ -12,13 +14,18 @@ from leap.eip import exceptions as eip_exceptions
from leap.eip import specs as eipspecs
logger = logging.getLogger(name=__name__)
+provider_ca_file = BRANDING.get('provider_ca_file', None)
class EIPConfig(baseconfig.JSONLeapConfig):
spec = eipspecs.eipconfig_spec
def _get_slug(self):
- return baseconfig.get_config_file('eip.json')
+ dppath = baseconfig.get_default_provider_path()
+ eipjsonpath = baseconfig.get_config_file(
+ 'eip-service.json',
+ folder=dppath)
+ return eipjsonpath
def _set_slug(self, *args, **kwargs):
raise AttributeError("you cannot set slug")
@@ -48,6 +55,25 @@ def get_socket_path():
return socket_path
+def get_eip_gateway():
+ """
+ return the first host in the list of hosts
+ under gateways list
+ """
+ eipconfig = EIPConfig()
+ eipconfig.load()
+ conf = eipconfig.get_config()
+ gateways = conf.get('gateways', None)
+ if len(gateways) > 0:
+ # we just pick first
+ gw = gateways[0]
+ hosts = gw['hosts']
+ if len(hosts) > 0:
+ return hosts[0]
+ else:
+ return "testprovider.example.org"
+
+
def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
"""
build a list of options
@@ -84,9 +110,10 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
opts.append("%s" % verbosity)
# remote
- # XXX get remote from eip.json
opts.append('--remote')
- opts.append('testprovider.example.org')
+ gw = get_eip_gateway()
+ logger.debug('setting eip gateway to %s', gw)
+ opts.append(str(gw))
opts.append('1194')
opts.append('udp')
@@ -137,6 +164,7 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
#if daemon is True:
#opts.append('--daemon')
+ logger.debug('vpn options: %s', opts)
return opts
@@ -211,15 +239,30 @@ def check_vpn_keys():
logger.debug('client cert = %s', client_cert)
# if no keys, raise error.
- # should be catched by the ui and signal user.
+ # it's catched by the ui and signal user.
+
+ if not os.path.isfile(provider_ca):
+ # not there. let's try to copy.
+ folder, filename = os.path.split(provider_ca)
+ if not os.path.isdir(folder):
+ mkdir_p(folder)
+ if provider_ca_file:
+ cacert = certs.where(provider_ca_file)
+ with open(provider_ca, 'w') as pca:
+ with open(cacert, 'r') as cac:
+ pca.write(cac.read())
+
+ if not os.path.isfile(provider_ca):
+ logger.error('key file %s not found. aborting.',
+ provider_ca)
+ raise eip_exceptions.EIPInitNoKeyFileError
+
+ if not os.path.isfile(client_cert):
+ logger.error('key file %s not found. aborting.',
+ client_cert)
+ raise eip_exceptions.EIPInitNoKeyFileError
for keyfile in (provider_ca, client_cert):
- if not os.path.isfile(keyfile):
- logger.error('key file %s not found. aborting.',
- keyfile)
- raise eip_exceptions.EIPInitNoKeyFileError
-
- # check proper permission on keys
# bad perms? try to fix them
try:
check_and_fix_urw_only(keyfile)