3 files changed, 72 insertions, 45 deletions

diff --git a/src/leap/platform_init/initializers.py b/src/leap/platform_init/initializers.py
index d04daca6..bbdc7f29 100644
--- a/src/leap/platform_init/initializers.py
+++ b/src/leap/platform_init/initializers.py
@@ -31,7 +31,7 @@ from PySide import QtGui
 from leap.config.leapsettings import LeapSettings
 from leap.services.eip import vpnlaunchers
 from leap.util import first
-from leap.config.providerconfig import ProviderConfig
+from leap.util import privilege_policies
 
 
 logger = logging.getLogger(__name__)
@@ -331,36 +331,6 @@ def DarwinInitializer():
 #
 # Linux initializers
 #
-
-POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
-<policyconfig>
-
-  <vendor>LEAP Project</vendor>
-  <vendor_url>http://leap.se/</vendor_url>
-
-  <action id="net.openvpn.gui.leap.run-openvpn">
-    <description>Runs the openvpn binary</description>
-    <description xml:lang="es">Ejecuta el binario openvpn</description>
-    <message>OpenVPN needs that you authenticate to start</message>
-    <message xml:lang="es">
-      OpenVPN necesita autorizacion para comenzar
-    </message>
-    <icon_name>package-x-generic</icon_name>
-    <defaults>
-      <allow_any>yes</allow_any>
-      <allow_inactive>yes</allow_inactive>
-      <allow_active>yes</allow_active>
-    </defaults>
-    <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
-    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
-  </action>
-</policyconfig>
-"""
-
-
 def _linux_install_missing_scripts(badexec, notfound):
     """
     Tries to install the missing up/down scripts.
@@ -381,14 +351,8 @@ def _linux_install_missing_scripts(badexec, notfound):
         fd, tempscript = tempfile.mkstemp(prefix="leap_installer-")
         polfd, pol_tempfile = tempfile.mkstemp(prefix="leap_installer-")
         try:
-            # We need to do the config/../apps/openvpn otherwise the
-            # policy file won't work
-            openvpn_path = os.path.join(
-                ProviderConfig().get_path_prefix(),
-                "..", "apps", "eip",
-                launcher.OPENVPN_BIN)
-
-            policy_contents = POLICY_TEMPLATE.format(path=openvpn_path)
+            path = launcher.get_path_prefix()
+            policy_contents = privilege_policies.get_policy_contents(path)
 
             with os.fdopen(polfd, 'w') as f:
                 f.write(policy_contents)
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 8522d1df..992f0c50 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -38,6 +38,7 @@ from leap.common.files import which
 from leap.config.providerconfig import ProviderConfig
 from leap.services.eip.eipconfig import EIPConfig, VPNGatewaySelector
 from leap.util import first
+from leap.util.privilege_policies import LinuxPolicyChecker
 
 logger = logging.getLogger(__name__)
 
@@ -62,7 +63,7 @@ class EIPNoTunKextLoaded(VPNLauncherException):
     pass
 
 
-class VPNLauncher:
+class VPNLauncher(object):
     """
     Abstract launcher class
     """
@@ -250,12 +251,25 @@ class LinuxVPNLauncher(VPNLauncher):
         OPENVPN_DOWN_ROOT_BASE,
         OPENVPN_DOWN_ROOT_FILE)
 
-    POLKIT_BASE = "/usr/share/polkit-1/actions"
-    POLKIT_FILE = "net.openvpn.gui.leap.policy"
-    POLKIT_PATH = "%s/%s" % (POLKIT_BASE, POLKIT_FILE)
-
     UPDOWN_FILES = (UP_DOWN_PATH,)
-    OTHER_FILES = (POLKIT_PATH,)
+    POLKIT_PATH = LinuxPolicyChecker.get_polkit_path()
+    OTHER_FILES = (POLKIT_PATH, )
+
+    def missing_other_files(self):
+        """
+        'Extend' the VPNLauncher's missing_other_files to check if the polkit
+        files is outdated. If the polkit file is in OTHER_FILES, exists, but is
+        not up to date, it is added to the missing list.
+
+        :rtype: list
+        """
+        missing = VPNLauncher.missing_other_files.im_func(self)
+        polkit_file = LinuxPolicyChecker().get_polkit_path()
+        if polkit_file not in missing:
+            if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH):
+                missing.append(polkit_file)
+
+        return missing
 
     @classmethod
     def cmd_for_missing_scripts(kls, frompath, pol_file):
diff --git a/src/leap/util/privilege_policies.py b/src/leap/util/privilege_policies.py
index 10224bcd..05ae60e0 100644
--- a/src/leap/util/privilege_policies.py
+++ b/src/leap/util/privilege_policies.py
@@ -27,6 +27,35 @@ from abc import ABCMeta, abstractmethod
 logger = logging.getLogger(__name__)
 
 
+POLICY_TEMPLATE = """<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+  <vendor>LEAP Project</vendor>
+  <vendor_url>https://leap.se/</vendor_url>
+
+  <action id="net.openvpn.gui.leap.run-openvpn">
+    <description>Runs the openvpn binary</description>
+    <description xml:lang="es">Ejecuta el binario openvpn</description>
+    <message>OpenVPN needs that you authenticate to start</message>
+    <message xml:lang="es">
+      OpenVPN necesita autorizacion para comenzar
+    </message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>yes</allow_any>
+      <allow_inactive>yes</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">{path}</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+  </action>
+</policyconfig>
+"""
+
+
 def is_missing_policy_permissions():
     """
     Returns True if we do not have implemented a policy checker for this
@@ -47,6 +76,17 @@ def is_missing_policy_permissions():
     return policy_checker().is_missing_policy_permissions()
 
 
+def get_policy_contents(openvpn_path):
+    """
+    Returns the contents that the policy file should have.
+
+    :param openvpn_path: the openvpn path to use in the polkit file
+    :type openvpn_path: str
+    :rtype: str
+    """
+    return POLICY_TEMPLATE.format(path=openvpn_path)
+
+
 class PolicyChecker:
     """
     Abstract PolicyChecker class
@@ -72,6 +112,15 @@ class LinuxPolicyChecker(PolicyChecker):
     LINUX_POLKIT_FILE = ("/usr/share/polkit-1/actions/"
                          "net.openvpn.gui.leap.policy")
 
+    @classmethod
+    def get_polkit_path(self):
+        """
+        Returns the polkit file path.
+
+        :rtype: str
+        """
+        return self.LINUX_POLKIT_FILE
+
     def is_missing_policy_permissions(self):
         """
         Returns True if we could not find the appropriate policykit file