diff options
Diffstat (limited to 'src/leap/eip/config.py')
-rw-r--r-- | src/leap/eip/config.py | 66 |
1 files changed, 55 insertions, 11 deletions
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index c0e17a19..44922310 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -3,7 +3,9 @@ import os import platform import tempfile -from leap.util.fileutil import (which, check_and_fix_urw_only) +from leap import __branding as BRANDING +from leap import certs +from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only) from leap.base import config as baseconfig from leap.baseapp.permcheck import (is_pkexec_in_system, @@ -12,13 +14,18 @@ from leap.eip import exceptions as eip_exceptions from leap.eip import specs as eipspecs logger = logging.getLogger(name=__name__) +provider_ca_file = BRANDING.get('provider_ca_file', None) class EIPConfig(baseconfig.JSONLeapConfig): spec = eipspecs.eipconfig_spec def _get_slug(self): - return baseconfig.get_config_file('eip.json') + dppath = baseconfig.get_default_provider_path() + eipjsonpath = baseconfig.get_config_file( + 'eip-service.json', + folder=dppath) + return eipjsonpath def _set_slug(self, *args, **kwargs): raise AttributeError("you cannot set slug") @@ -48,6 +55,25 @@ def get_socket_path(): return socket_path +def get_eip_gateway(): + """ + return the first host in the list of hosts + under gateways list + """ + eipconfig = EIPConfig() + eipconfig.load() + conf = eipconfig.get_config() + gateways = conf.get('gateways', None) + if len(gateways) > 0: + # we just pick first + gw = gateways[0] + hosts = gw['hosts'] + if len(hosts) > 0: + return hosts[0] + else: + return "testprovider.example.org" + + def build_ovpn_options(daemon=False, socket_path=None, **kwargs): """ build a list of options @@ -84,9 +110,11 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs): opts.append("%s" % verbosity) # remote - # XXX get remote from eip.json opts.append('--remote') - opts.append('testprovider.example.org') + gw = get_eip_gateway() + #gw = "springbokvpn.org" + logger.debug('setting eip gateway to %s', gw) + opts.append(str(gw)) opts.append('1194') opts.append('udp') @@ -137,6 +165,7 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs): #if daemon is True: #opts.append('--daemon') + logger.debug('vpn options: %s', opts) return opts @@ -211,15 +240,30 @@ def check_vpn_keys(): logger.debug('client cert = %s', client_cert) # if no keys, raise error. - # should be catched by the ui and signal user. + # it's catched by the ui and signal user. + + if not os.path.isfile(provider_ca): + # not there. let's try to copy. + folder, filename = os.path.split(provider_ca) + if not os.path.isdir(folder): + mkdir_p(folder) + if provider_ca_file: + cacert = certs.where(provider_ca_file) + with open(provider_ca, 'w') as pca: + with open(cacert, 'r') as cac: + pca.write(cac.read()) + + if not os.path.isfile(provider_ca): + logger.error('key file %s not found. aborting.', + provider_ca) + raise eip_exceptions.EIPInitNoKeyFileError + + if not os.path.isfile(client_cert): + logger.error('key file %s not found. aborting.', + client_cert) + raise eip_exceptions.EIPInitNoKeyFileError for keyfile in (provider_ca, client_cert): - if not os.path.isfile(keyfile): - logger.error('key file %s not found. aborting.', - keyfile) - raise eip_exceptions.EIPInitNoKeyFileError - - # check proper permission on keys # bad perms? try to fix them try: check_and_fix_urw_only(keyfile) |