summaryrefslogtreecommitdiff
path: root/src/leap/eip
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip')
-rw-r--r--src/leap/eip/conductor.py58
-rw-r--r--src/leap/eip/config.py149
-rw-r--r--src/leap/eip/vpnmanager.py3
3 files changed, 184 insertions, 26 deletions
diff --git a/src/leap/eip/conductor.py b/src/leap/eip/conductor.py
index 7b927143..243f1fde 100644
--- a/src/leap/eip/conductor.py
+++ b/src/leap/eip/conductor.py
@@ -5,12 +5,15 @@ from __future__ import (division, unicode_literals, print_function)
#import threading
from functools import partial
import logging
+import os
from leap.util.coroutines import spawn_and_watch_process
from leap.eip.config import (get_config, build_ovpn_command,
- EIPNoPkexecAvailable, EIPNoPolkitAuthAgentAvailable)
+ check_or_create_default_vpnconf,
+ EIPNoPkexecAvailable,
+ EIPNoPolkitAuthAgentAvailable)
from leap.eip.vpnwatcher import EIPConnectionStatus, status_watcher
from leap.eip.vpnmanager import OpenVPNManager, ConnectionRefusedError
@@ -51,6 +54,10 @@ class UnrecoverableError(EIPClientError):
# to user-friendly msg in dialog.
pass
+#
+# Openvpn related classes
+#
+
class OpenVPNConnection(object):
"""
@@ -76,7 +83,7 @@ to be triggered for each one of them.
# XXX get host/port from config
self.manager = OpenVPNManager()
self.debug = debug
- print('conductor:%s' % debug)
+ #print('conductor:%s' % debug)
self.config_file = config_file
self.watcher_cb = watcher_cb
@@ -97,23 +104,20 @@ to be triggered for each one of them.
self.autostart = True
self._get_or_create_config()
- def _get_or_create_config(self):
- """
- retrieves the config options from defaults or
- home file, or config file passed in command line.
- populates command and args to be passed to subprocess.
- """
- config = get_config(config_file=self.config_file)
- self.config = config
-
+ def _set_autostart(self):
+ config = self.config
if config.has_option('openvpn', 'autostart'):
- autostart = config.getboolean('openvpn', 'autostart')
+ autostart = config.getboolean('openvpn',
+ 'autostart')
self.autostart = autostart
else:
if config.has_option('DEFAULT', 'autostart'):
- autostart = config.getboolean('DEFAULT', 'autostart')
+ autostart = config.getboolean('DEFAULT',
+ 'autostart')
self.autostart = autostart
+ def _set_ovpn_command(self):
+ config = self.config
if config.has_option('openvpn', 'command'):
commandline = config.get('openvpn', 'command')
@@ -124,7 +128,6 @@ to be triggered for each one of them.
else:
args = []
- # XXX CALL BUILD COMMAND
self.command = command
self.args = args
else:
@@ -144,6 +147,29 @@ to be triggered for each one of them.
self.command = command
self.args = args
+ def _check_ovpn_config(self):
+ """
+ checks if there is a default openvpn config.
+ if not, it writes one with info from the provider
+ definition file
+ """
+ # TODO
+ # - get --with-openvpn-config from opts
+ check_or_create_default_vpnconf(self.config)
+
+ def _get_or_create_config(self):
+ """
+ retrieves the config options from defaults or
+ home file, or config file passed in command line.
+ populates command and args to be passed to subprocess.
+ """
+ config = get_config(config_file=self.config_file)
+ self.config = config
+
+ self._set_autostart()
+ self._set_ovpn_command()
+ self._check_ovpn_config()
+
def _launch_openvpn(self):
"""
invocation of openvpn binaries in a subprocess.
@@ -167,8 +193,8 @@ to be triggered for each one of them.
self.subp = subp
self.watcher = watcher
- conn_result = self.status.CONNECTED
- return conn_result
+ #conn_result = self.status.CONNECTED
+ #return conn_result
def _try_connection(self):
"""
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index f0cf1d86..9af6f57a 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -9,6 +9,7 @@ from leap.baseapp.permcheck import (is_pkexec_in_system,
is_auth_agent_running)
logger = logging.getLogger(name=__name__)
+logger.setLevel('DEBUG')
class EIPNoPkexecAvailable(Exception):
@@ -19,6 +20,129 @@ class EIPNoPolkitAuthAgentAvailable(Exception):
pass
+OPENVPN_CONFIG_TEMPLATE = """#Autogenerated by eip-client wizard
+remote {VPN_REMOTE_HOST} {VPN_REMOTE_PORT}
+
+client
+dev tun
+persist-tun
+persist-key
+proto udp
+tls-client
+remote-cert-tls server
+
+cert {LEAP_EIP_KEYS}
+key {LEAP_EIP_KEYS}
+ca {LEAP_EIP_KEYS}
+"""
+
+
+def get_config_dir():
+ """
+ get the base dir for all leap config
+ @rparam: config path
+ @rtype: string
+ """
+ # TODO
+ # check for $XDG_CONFIG_HOME var?
+ # get a more sensible path for win/mac
+ # kclair: opinion? ^^
+ return os.path.expanduser(
+ os.path.join('~',
+ '.config',
+ 'leap'))
+
+
+def get_config_file(filename, folder=None):
+ """
+ concatenates the given filename
+ with leap config dir.
+ @param filename: name of the file
+ @type filename: string
+ @rparam: full path to config file
+ """
+ path = []
+ path.append(get_config_dir())
+ if folder is not None:
+ path.append(folder)
+ path.append(filename)
+ return os.path.join(*path)
+
+
+def get_default_provider_path():
+ default_subpath = os.path.join("providers",
+ "default")
+ default_provider_path = get_config_file(
+ '',
+ folder=default_subpath)
+ return default_provider_path
+
+
+def check_or_create_default_vpnconf(config):
+ """
+ checks that a vpn config file
+ exists for a default provider,
+ or creates one if it does not.
+ ATM REQURES A [provider] section in
+ eip.cfg with _at least_ a remote_ip value
+ """
+ default_provider_path = get_default_provider_path()
+
+ if not os.path.isdir(default_provider_path):
+ mkdir_p(default_provider_path)
+
+ conf_file = get_config_file(
+ 'openvpn.conf',
+ folder=default_provider_path)
+
+ if os.path.isfile(conf_file):
+ return
+ else:
+ logger.debug(
+ 'missing default openvpn config\n'
+ 'creating one...')
+
+ # We're getting provider from eip.cfg
+ # by now. Get it from a list of gateways
+ # instead.
+
+ remote_ip = config.get('provider',
+ 'remote_ip')
+
+ # XXX check that IT LOOKS LIKE AN IP!!!
+ if config.has_option('provider', 'remote_port'):
+ remote_port = config.get('provider',
+ 'remote_port')
+ else:
+ remote_port = 1194
+
+ default_subpath = os.path.join("providers",
+ "default")
+ default_provider_path = get_config_file(
+ '',
+ folder=default_subpath)
+
+ if not os.path.isdir(default_provider_path):
+ mkdir_p(default_provider_path)
+
+ conf_file = get_config_file(
+ 'openvpn.conf',
+ folder=default_provider_path)
+
+ # XXX keys have to be manually placed by now
+ keys_file = get_config_file(
+ 'openvpn.keys',
+ folder=default_provider_path)
+
+ ovpn_config = OPENVPN_CONFIG_TEMPLATE.format(
+ VPN_REMOTE_HOST=remote_ip,
+ VPN_REMOTE_PORT=remote_port,
+ LEAP_EIP_KEYS=keys_file)
+
+ with open(conf_file, 'wb') as f:
+ f.write(ovpn_config)
+
+
def build_ovpn_options(daemon=False):
"""
build a list of options
@@ -41,8 +165,10 @@ def build_ovpn_options(daemon=False):
group = grp.getgrgid(gid).gr_name
opts = []
- opts.append('--persist-tun')
- opts.append('--persist-key')
+
+ #moved to config files
+ #opts.append('--persist-tun')
+ #opts.append('--persist-key')
# set user and group
opts.append('--user')
@@ -69,19 +195,25 @@ def build_ovpn_options(daemon=False):
# XXX which is a good choice?
opts.append('7777')
- # remaining config options, in a file
+ # remaining config options will go in a file
+
# NOTE: we will build this file from
# the service definition file.
- ovpncnf = os.path.expanduser(
- '~/.config/leap/openvpn.conf')
+ # XXX override from --with-openvpn-config
+
opts.append('--config')
+
+ default_provider_path = get_default_provider_path()
+ ovpncnf = get_config_file(
+ 'openvpn.conf',
+ folder=default_provider_path)
opts.append(ovpncnf)
# we cannot run in daemon mode
# with the current subp setting.
# see: https://leap.se/code/issues/383
#if daemon is True:
- # opts.append('--daemon')
+ #opts.append('--daemon')
return opts
@@ -192,8 +324,7 @@ def get_config(config_file=None):
config = ConfigParser.ConfigParser(defaults)
if not config_file:
- fpath = os.path.expanduser(
- '~/.config/leap/eip.cfg')
+ fpath = get_config_file('eip.cfg')
if not os.path.isfile(fpath):
dpath, cfile = os.path.split(fpath)
if not os.path.isdir(dpath):
@@ -203,7 +334,6 @@ def get_config(config_file=None):
config_file = open(fpath)
#TODO
- # - get a more sensible path for win/mac
# - convert config_file to list;
# look in places like /etc/leap/eip.cfg
# for global settings.
@@ -211,6 +341,7 @@ def get_config(config_file=None):
# at this point, the file should exist.
# errors would have been raised above.
+
config.readfp(config_file)
return config
diff --git a/src/leap/eip/vpnmanager.py b/src/leap/eip/vpnmanager.py
index 78777cfb..caf7ab76 100644
--- a/src/leap/eip/vpnmanager.py
+++ b/src/leap/eip/vpnmanager.py
@@ -6,6 +6,7 @@ import telnetlib
import time
logger = logging.getLogger(name=__name__)
+logger.setLevel('DEBUG')
TELNET_PORT = 23
@@ -74,7 +75,7 @@ class OpenVPNManager(object):
self.with_errors = False
def forget_errors(self):
- print('forgetting errors')
+ logger.debug('forgetting errors')
self.with_errors = False
def connect(self):