From 81613b2ef70e5d73b7c34eb4b78ee63189b45ab6 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Fri, 3 Aug 2012 09:42:14 +0900
Subject: pkexec check

---
 src/leap/eip/conductor.py | 37 +++++++++++++++++++++++++++----------
 src/leap/eip/config.py    | 35 ++++++++++++++++++++++++++++-------
 2 files changed, 55 insertions(+), 17 deletions(-)

(limited to 'src/leap/eip')

diff --git a/src/leap/eip/conductor.py b/src/leap/eip/conductor.py
index bf7f0fb2..2d6ad764 100644
--- a/src/leap/eip/conductor.py
+++ b/src/leap/eip/conductor.py
@@ -8,7 +8,9 @@ import logging
 
 from leap.util.coroutines import spawn_and_watch_process
 
-from leap.eip.config import get_config, build_ovpn_command
+
+from leap.eip.config import (get_config, build_ovpn_command,
+                             EIPNoPkexecAvailable)
 from leap.eip.vpnwatcher import EIPConnectionStatus, status_watcher
 from leap.eip.vpnmanager import OpenVPNManager, ConnectionRefusedError
 
@@ -17,6 +19,9 @@ logger = logging.getLogger(name=__name__)
 
 # TODO Move exceptions to their own module
 
+class EIPNoCommandError(Exception):
+    pass
+
 
 class ConnectionError(Exception):
     """
@@ -81,6 +86,10 @@ to be triggered for each one of them.
         self.port = None
         self.proto = None
 
+        self.missing_pkexec = False
+        self.command = None
+        self.args = None
+
         self.autostart = True
         self._get_or_create_config()
 
@@ -94,6 +103,14 @@ to be triggered for each one of them.
         config = get_config(config_file=self.config_file)
         self.config = config
 
+        if config.has_option('openvpn', 'autostart'):
+            autostart = config.getboolean('openvpn', 'autostart')
+            self.autostart = autostart
+        else:
+            if config.has_option('DEFAULT', 'autostart'):
+                autostart = config.getboolean('DEFAULT', 'autostart')
+                self.autostart = autostart
+
         if config.has_option('openvpn', 'command'):
             commandline = config.get('openvpn', 'command')
 
@@ -110,18 +127,16 @@ to be triggered for each one of them.
         else:
         # no command in config, we build it up.
         # XXX check also for command-line --command flag
-            command, args = build_ovpn_command(config)
+            try:
+                command, args = build_ovpn_command(config)
+            except EIPNoPkexecAvailable:
+                command = args = None
+                self.missing_pkexec = True
+
+            # XXX if not command, signal error.
             self.command = command
             self.args = args
 
-        if config.has_option('openvpn', 'autostart'):
-            autostart = config.getboolean('openvpn', 'autostart')
-            self.autostart = autostart
-        else:
-            if config.has_option('DEFAULT', 'autostart'):
-                autostart = config.getboolean('DEFAULT', 'autostart')
-                self.autostart = autostart
-
     def _launch_openvpn(self):
         """
         invocation of openvpn binaries in a subprocess.
@@ -152,6 +167,8 @@ to be triggered for each one of them.
         """
         attempts to connect
         """
+        if self.command is None:
+            raise EIPNoCommandError
         if self.subp is not None:
             print('cowardly refusing to launch subprocess again')
             return
diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py
index 3fca329c..c632ba40 100644
--- a/src/leap/eip/config.py
+++ b/src/leap/eip/config.py
@@ -4,6 +4,11 @@ import os
 import platform
 
 from leap.util.fileutil import which, mkdir_p
+from leap.baseapp.permcheck import is_pkexec_in_system
+
+
+class EIPNoPkexecAvailable(Exception):
+    pass
 
 
 def build_ovpn_options():
@@ -79,19 +84,35 @@ def build_ovpn_command(config):
         and a list of options.
     """
     command = []
-    use_pkexec = False
+    use_pkexec = True
     ovpn = None
 
-    if config.has_option('openvpn', 'openvpn_binary'):
-        ovpn = config.get('openvpn', 'openvpn_binary')
-    if not ovpn and config.has_option('DEFAULT', 'openvpn_binary'):
-        ovpn = config.get('DEFAULT', 'openvpn_binary')
-
     if config.has_option('openvpn', 'use_pkexec'):
         use_pkexec = config.get('openvpn', 'use_pkexec')
+    if platform.system() == "Linux" and use_pkexec:
+
+        # XXX check for both pkexec (done)
+        # AND a suitable authentication
+        # agent running.
+
+        if not is_pkexec_in_system():
+            raise EIPNoPkexecAvailable
+
+        #TBD --
+        #if not is_auth_agent_running()
+        # raise EIPNoPolkitAuthAgentAvailable
 
-    if use_pkexec:
         command.append('pkexec')
+
+    if config.has_option('openvpn',
+                         'openvpn_binary'):
+        ovpn = config.get('openvpn',
+                          'openvpn_binary')
+    if not ovpn and config.has_option('DEFAULT',
+                                      'openvpn_binary'):
+        ovpn = config.get('DEFAULT',
+                          'openvpn_binary')
+
     if ovpn:
         command.append(ovpn)
 
-- 
cgit v1.2.3