diff options
Diffstat (limited to 'src/leap/eip/config.py')
-rw-r--r-- | src/leap/eip/config.py | 151 |
1 files changed, 28 insertions, 123 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index c0819628..810a5a8d 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -1,18 +1,13 @@ -import ConfigParser # to be deprecated -import json import logging import os import platform -import socket -from leap.util.fileutil import (which, mkdir_p, - check_and_fix_urw_only) +from leap.util.fileutil import (which, check_and_fix_urw_only) from leap.base import config as baseconfig from leap.baseapp.permcheck import (is_pkexec_in_system, is_auth_agent_running) from leap.eip import exceptions as eip_exceptions -from leap.eip import constants as eipconstants from leap.eip import specs as eipspecs logging.basicConfig() @@ -104,7 +99,9 @@ def build_ovpn_options(daemon=False): ourplatform = platform.system() if ourplatform in ("Linux", "Mac"): opts.append('--management') + # XXX get a different sock each time ... + # XXX #505 opts.append('/tmp/.eip.sock') opts.append('unix') if ourplatform == "Windows": @@ -130,14 +127,11 @@ def build_ovpn_options(daemon=False): return opts -def build_ovpn_command(config, debug=False, do_pkexec_check=True): +def build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None): """ build a string with the complete openvpn invocation - @param config: config object - @type config: ConfigParser instance - @rtype [string, [list of strings]] @rparam: a list containing the command string and a list of options. @@ -146,11 +140,11 @@ def build_ovpn_command(config, debug=False, do_pkexec_check=True): use_pkexec = True ovpn = None - if config.has_option('openvpn', 'use_pkexec'): - use_pkexec = config.get('openvpn', 'use_pkexec') + # XXX get use_pkexec from config instead. + if platform.system() == "Linux" and use_pkexec and do_pkexec_check: - # XXX check for both pkexec (done) + # check for both pkexec # AND a suitable authentication # agent running. logger.info('use_pkexec set to True') @@ -168,23 +162,15 @@ def build_ovpn_command(config, debug=False, do_pkexec_check=True): raise eip_exceptions.EIPNoPolkitAuthAgentAvailable command.append('pkexec') - - if config.has_option('openvpn', - 'openvpn_binary'): - ovpn = config.get('openvpn', - 'openvpn_binary') - if not ovpn and config.has_option('DEFAULT', - 'openvpn_binary'): - ovpn = config.get('DEFAULT', - 'openvpn_binary') - + if vpnbin is None: + ovpn = which('openvpn') + else: + ovpn = vpnbin if ovpn: vpn_command = ovpn else: vpn_command = "openvpn" - command.append(vpn_command) - daemon_mode = not debug for opt in build_ovpn_options(daemon=daemon_mode): @@ -195,77 +181,7 @@ def build_ovpn_command(config, debug=False, do_pkexec_check=True): return [command[0], command[1:]] -# XXX deprecate -def get_sensible_defaults(): - """ - gathers a dict of sensible defaults, - platform sensitive, - to be used to initialize the config parser - @rtype: dict - @rparam: default options. - """ - - # this way we're passing a simple dict - # that will initialize the configparser - # and will get written to "DEFAULTS" section, - # which is fine for now. - # if we want to write to a particular section - # we can better pass a tuple of triples - # (('section1', 'foo', '23'),) - # and config.set them - - defaults = dict() - defaults['openvpn_binary'] = which('openvpn') - defaults['autostart'] = 'true' - - # TODO - # - management. - return defaults - - -# XXX to be deprecated. see dump_default_eipconfig -# and the new JSONConfig classes. -def get_config(config_file=None): - """ - temporary method for getting configs, - mainly for early stage development process. - in the future we will get preferences - from the storage api - - @rtype: ConfigParser instance - @rparam: a config object - """ - defaults = get_sensible_defaults() - config = ConfigParser.ConfigParser(defaults) - - if not config_file: - fpath = baseconfig.get_config_file('eip.cfg') - if not os.path.isfile(fpath): - dpath, cfile = os.path.split(fpath) - if not os.path.isdir(dpath): - mkdir_p(dpath) - with open(fpath, 'wb') as configfile: - config.write(configfile) - config_file = open(fpath) - config.readfp(config_file) - return config - - -def dump_default_eipconfig(filepath): - """ - writes a sample eip config - in the given location - """ - # XXX TODO: - # use EIPConfigSpec istead - folder, filename = os.path.split(filepath) - if not os.path.isdir(folder): - mkdir_p(folder) - with open(filepath, 'w') as fp: - json.dump(eipconstants.EIP_SAMPLE_JSON, fp) - - -def check_vpn_keys(config): +def check_vpn_keys(): """ performs an existance and permission check over the openvpn keys file. @@ -273,35 +189,24 @@ def check_vpn_keys(config): per provider, containing the CA cert, the provider key, and our client certificate """ + provider_ca = eipspecs.provider_ca_path() + client_cert = eipspecs.client_cert_path() - keyopt = ('provider', 'keyfile') - - # XXX at some point, - # should separate between CA, provider cert - # and our certificate. - # make changes in the default provider template - # accordingly. - - # get vpn keys - if config.has_option(*keyopt): - keyfile = config.get(*keyopt) - else: - keyfile = baseconfig.get_config_file( - 'openvpn.keys', - folder=baseconfig.get_default_provider_path()) - logger.debug('keyfile = %s', keyfile) + logger.debug('provider ca = %s', provider_ca) + logger.debug('client cert = %s', client_cert) # if no keys, raise error. # should be catched by the ui and signal user. - if not os.path.isfile(keyfile): - logger.error('key file %s not found. aborting.', - keyfile) - raise eip_exceptions.EIPInitNoKeyFileError - - # check proper permission on keys - # bad perms? try to fix them - try: - check_and_fix_urw_only(keyfile) - except OSError: - raise eip_exceptions.EIPInitBadKeyFilePermError + for keyfile in (provider_ca, client_cert): + if not os.path.isfile(keyfile): + logger.error('key file %s not found. aborting.', + keyfile) + raise eip_exceptions.EIPInitNoKeyFileError + + # check proper permission on keys + # bad perms? try to fix them + try: + check_and_fix_urw_only(keyfile) + except OSError: + raise eip_exceptions.EIPInitBadKeyFilePermError |