From 38cc1758240a3c64db387b0437dcf1517b52da15 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Mon, 10 Dec 2012 19:51:53 +0900
Subject: cleanup and rewrite eipconnection/openvpnconnection classes

---
 src/leap/eip/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/leap/eip/config.py')

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 42c00380..8e687bda 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -53,7 +53,7 @@ def get_socket_path():
     socket_path = os.path.join(
         tempfile.mkdtemp(prefix="leap-tmp"),
         'openvpn.socket')
-    logger.debug('socket path: %s', socket_path)
+    #logger.debug('socket path: %s', socket_path)
     return socket_path
 
 
-- 
cgit v1.2.3


From 53fa2c134ab2c96376276aa1c0ed74db0aaba218 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Mon, 10 Dec 2012 23:20:09 +0900
Subject: get cipher config from eip-service

---
 src/leap/eip/config.py | 57 ++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 46 insertions(+), 11 deletions(-)

(limited to 'src/leap/eip/config.py')

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 8e687bda..1fe0530a 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -5,6 +5,7 @@ import tempfile
 
 from leap import __branding as BRANDING
 from leap import certs
+from leap.util.misc import null_check
 from leap.util.fileutil import (which, mkdir_p, check_and_fix_urw_only)
 
 from leap.base import config as baseconfig
@@ -57,30 +58,30 @@ def get_socket_path():
     return socket_path
 
 
-def get_eip_gateway(provider=None):
+def get_eip_gateway(eipconfig=None, eipserviceconfig=None):
     """
     return the first host in eip service config
     that matches the name defined in the eip.json config
     file.
     """
-    placeholder = "testprovider.example.org"
-    # XXX check for null on provider??
+    null_check(eipconfig, "eipconfig")
+    null_check(eipserviceconfig, "eipserviceconfig")
+
+    PLACEHOLDER = "testprovider.example.org"
 
-    eipconfig = EIPConfig(domain=provider)
-    eipconfig.load()
     conf = eipconfig.config
+    eipsconf = eipserviceconfig.config
 
     primary_gateway = conf.get('primary_gateway', None)
     if not primary_gateway:
-        return placeholder
+        return PLACEHOLDER
 
-    eipserviceconfig = EIPServiceConfig(domain=provider)
-    eipserviceconfig.load()
-    eipsconf = eipserviceconfig.get_config()
     gateways = eipsconf.get('gateways', None)
+
     if not gateways:
         logger.error('missing gateways in eip service config')
-        return placeholder
+        return PLACEHOLDER
+
     if len(gateways) > 0:
         for gw in gateways:
             name = gw.get('name', None)
@@ -100,6 +101,26 @@ def get_eip_gateway(provider=None):
                  'gateway list')
 
 
+def get_cipher_options(eipserviceconfig=None):
+    """
+    gathers optional cipher options from eip-service config.
+    :param eipserviceconfig: EIPServiceConfig instance
+    """
+    null_check(eipserviceconfig, 'eipserviceconfig')
+    eipsconf = eipserviceconfig.get_config()
+
+    ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
+    opts = []
+    if 'openvpn_configuration' in eipsconf:
+        config = eipserviceconfig.openvpn_configuration
+        for key, value in config.items():
+            if key in ALLOWED_KEYS and value is not None:
+                # I humbly think we should sanitize this
+                # input against `valid` openvpn settings. -- kali.
+                opts.append(['--%s' % key, value])
+    return opts
+
+
 def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     """
     build a list of options
@@ -116,6 +137,10 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     # things from there if present.
 
     provider = kwargs.pop('provider', None)
+    eipconfig = EIPConfig(domain=provider)
+    eipconfig.load()
+    eipserviceconfig = EIPServiceConfig(domain=provider)
+    eipserviceconfig.load()
 
     # get user/group name
     # also from config.
@@ -139,9 +164,19 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
 
     # remote
     opts.append('--remote')
-    gw = get_eip_gateway(provider=provider)
+
+    gw = get_eip_gateway(eipconfig=eipconfig,
+                         eipserviceconfig=eipserviceconfig)
     logger.debug('setting eip gateway to %s', gw)
     opts.append(str(gw))
+
+    # get ciphers
+    ciphers = get_cipher_options(
+        eipserviceconfig=eipserviceconfig)
+    for cipheropt in ciphers:
+        opts.append(str(cipheropt))
+
+    # get port/protocol from eipservice too
     opts.append('1194')
     #opts.append('80')
     opts.append('udp')
-- 
cgit v1.2.3


From 04d423e2a89034dfb86fe305108162fd2a696079 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Wed, 12 Dec 2012 03:29:31 +0900
Subject: tests for openvpn options

and make the rest of tests pass after some changes
in this branch (dirtyness in config files)
---
 src/leap/eip/config.py | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'src/leap/eip/config.py')

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 1fe0530a..e40d2785 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -1,6 +1,7 @@
 import logging
 import os
 import platform
+import re
 import tempfile
 
 from leap import __branding as BRANDING
@@ -110,14 +111,18 @@ def get_cipher_options(eipserviceconfig=None):
     eipsconf = eipserviceconfig.get_config()
 
     ALLOWED_KEYS = ("auth", "cipher", "tls-cipher")
+    CIPHERS_REGEX = re.compile("[A-Z0-9\-]+")
     opts = []
     if 'openvpn_configuration' in eipsconf:
-        config = eipserviceconfig.openvpn_configuration
+        config = eipserviceconfig.config.get(
+            "openvpn_configuration", {})
         for key, value in config.items():
             if key in ALLOWED_KEYS and value is not None:
-                # I humbly think we should sanitize this
-                # input against `valid` openvpn settings. -- kali.
-                opts.append(['--%s' % key, value])
+                sanitized_val = CIPHERS_REGEX.findall(value)
+                if len(sanitized_val) != 0:
+                    _val = sanitized_val[0]
+                    opts.append('--%s' % key)
+                    opts.append('%s' % _val)
     return opts
 
 
@@ -162,7 +167,9 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
         opts.append('--verb')
         opts.append("%s" % verbosity)
 
-    # remote
+    # remote ##############################
+    # (server, port, protocol)
+
     opts.append('--remote')
 
     gw = get_eip_gateway(eipconfig=eipconfig,
@@ -170,12 +177,6 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     logger.debug('setting eip gateway to %s', gw)
     opts.append(str(gw))
 
-    # get ciphers
-    ciphers = get_cipher_options(
-        eipserviceconfig=eipserviceconfig)
-    for cipheropt in ciphers:
-        opts.append(str(cipheropt))
-
     # get port/protocol from eipservice too
     opts.append('1194')
     #opts.append('80')
@@ -185,6 +186,13 @@ def build_ovpn_options(daemon=False, socket_path=None, **kwargs):
     opts.append('--remote-cert-tls')
     opts.append('server')
 
+    # get ciphers #######################
+
+    ciphers = get_cipher_options(
+        eipserviceconfig=eipserviceconfig)
+    for cipheropt in ciphers:
+        opts.append(str(cipheropt))
+
     # set user and group
     opts.append('--user')
     opts.append('%s' % user)
-- 
cgit v1.2.3


From f671412ebd4f2ce0dd9948cb8821f1d6d8ac7d9b Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Wed, 12 Dec 2012 07:21:51 +0900
Subject: parse new service format

---
 src/leap/eip/config.py | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

(limited to 'src/leap/eip/config.py')

diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index e40d2785..48e6e9a7 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -65,9 +65,12 @@ def get_eip_gateway(eipconfig=None, eipserviceconfig=None):
     that matches the name defined in the eip.json config
     file.
     """
+    # XXX eventually we should move to a more clever
+    # gateway selection. maybe we could return
+    # all gateways that match our cluster.
+
     null_check(eipconfig, "eipconfig")
     null_check(eipserviceconfig, "eipserviceconfig")
-
     PLACEHOLDER = "testprovider.example.org"
 
     conf = eipconfig.config
@@ -78,26 +81,26 @@ def get_eip_gateway(eipconfig=None, eipserviceconfig=None):
         return PLACEHOLDER
 
     gateways = eipsconf.get('gateways', None)
-
     if not gateways:
         logger.error('missing gateways in eip service config')
         return PLACEHOLDER
 
     if len(gateways) > 0:
         for gw in gateways:
-            name = gw.get('name', None)
-            if not name:
+            clustername = gw.get('cluster', None)
+            if not clustername:
+                logger.error('no cluster name')
                 return
 
-            if name == primary_gateway:
-                hosts = gw.get('hosts', None)
-                if not hosts:
-                    logger.error('no hosts')
+            if clustername == primary_gateway:
+                # XXX at some moment, we must
+                # make this a more generic function,
+                # and return ports, protocols...
+                ipaddress = gw.get('ip_address', None)
+                if not ipaddress:
+                    logger.error('no ip_address')
                     return
-                if len(hosts) > 0:
-                    return hosts[0]
-                else:
-                    logger.error('no hosts')
+                return ipaddress
     logger.error('could not find primary gateway in provider'
                  'gateway list')
 
-- 
cgit v1.2.3