From ca0e9b85a831f716a0959c5fdb9dbb571515de97 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Wed, 7 May 2014 15:42:56 -0500
Subject: tear down fw on quit-action too

---
 src/leap/bitmask/services/eip/vpnprocess.py | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

(limited to 'src/leap/bitmask/services/eip')

diff --git a/src/leap/bitmask/services/eip/vpnprocess.py b/src/leap/bitmask/services/eip/vpnprocess.py
index a8b833d0..420db971 100644
--- a/src/leap/bitmask/services/eip/vpnprocess.py
+++ b/src/leap/bitmask/services/eip/vpnprocess.py
@@ -223,9 +223,6 @@ class VPN(object):
                   subprocess is 0.
         :rtype: bool
         """
-        # XXX this is a temporary solution for being able to use the root
-        # helper while we still control the openvpn process.
-
         # XXX could check for wrapper existence, check it's root owned etc.
         # XXX could check that the iptables rules are in place.
 
@@ -257,8 +254,6 @@ class VPN(object):
                 logger.debug("Process has been happily terminated.")
 
                 # we try to bring the firewall up
-                # XXX We could keep some state to be sure it was the
-                # user who did turn EIP off.
                 if IS_LINUX and self._user_stopped:
                     firewall_down = self._tear_down_firewall()
                     if firewall_down:
@@ -310,12 +305,17 @@ class VPN(object):
 
             # ...but we also trigger a countdown to be unpolite
             # if strictly needed.
-
-            # XXX Watch out! This will fail NOW since we are running
-            # openvpn as root as a workaround for some connection issues.
             reactor.callLater(
                 self.TERMINATE_WAIT, self._kill_if_left_alive)
 
+            if shutdown:
+                if IS_LINUX and self._user_stopped:
+                    firewall_down = self._tear_down_firewall()
+                    if firewall_down:
+                        logger.debug("Firewall down")
+                    else:
+                        logger.warning("Could not tear firewall down")
+
     def _start_pollers(self):
         """
         Iterate through the registered observers
@@ -892,9 +892,13 @@ class VPNProcess(protocol.ProcessProtocol, VPNManager):
         return command
 
     def getGateways(self):
+        """
+        Get the gateways from the appropiate launcher.
+
+        :rtype: list
+        """
         gateways = self._launcher.get_gateways(
             self._eipconfig, self._providerconfig)
-        print "getGateways --> ", gateways
         return gateways
 
     # shutdown
-- 
cgit v1.2.3