diff options
author | Ruben Pollan <meskio@sindominio.net> | 2017-09-18 19:53:17 +0200 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-09-20 17:56:49 +0200 |
commit | 79e9f3c69b4eb061490d6a12a52888abc429542e (patch) | |
tree | bab13194d73dc75218a1575d52888c0f563e508c | |
parent | d0e4444555df79978aed5cd6c9548e2fd1c63936 (diff) |
[feat] detect if pkexec is present in the system
Check it before starting the vpn.
- Resolves: #8895
-rw-r--r-- | src/leap/bitmask/vpn/_checks.py | 11 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/__init__.py | 3 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/privilege.py | 20 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/service.py | 4 |
4 files changed, 25 insertions, 13 deletions
diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py index 6c08962..c6117d0 100644 --- a/src/leap/bitmask/vpn/_checks.py +++ b/src/leap/bitmask/vpn/_checks.py @@ -2,13 +2,14 @@ import os from datetime import datetime from time import mktime +from twisted.logger import Logger +from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable from leap.common.certs import get_cert_time_boundaries from leap.common.config import get_path_prefix +log = Logger() -# TODO use privilege.py module, plenty of checks in there for pkexec and -# friends. class ImproperlyConfigured(Exception): pass @@ -18,6 +19,10 @@ def is_service_ready(provider): if not _has_valid_cert(provider): raise ImproperlyConfigured('Missing VPN certificate') + if not is_pkexec_in_system(): + log.warn('System has no pkexec') + raise NoPkexecAvailable() + return True @@ -40,10 +45,12 @@ def _has_valid_cert(provider): cert_path = get_vpn_cert_path(provider) has_file = os.path.isfile(cert_path) if not has_file: + log.warn("VPN cert not present for %s" % (provider,)) return False expiry = cert_expires(provider) if datetime.now() > expiry: + log.warn("VPN cert expired for %s" % (provider,)) return False return True diff --git a/src/leap/bitmask/vpn/helpers/__init__.py b/src/leap/bitmask/vpn/helpers/__init__.py index e09f406..57847e1 100644 --- a/src/leap/bitmask/vpn/helpers/__init__.py +++ b/src/leap/bitmask/vpn/helpers/__init__.py @@ -4,6 +4,7 @@ import os.path import sys from leap.bitmask.vpn.constants import IS_LINUX, IS_MAC +from leap.bitmask.vpn.privilege import is_pkexec_in_system from leap.bitmask.vpn import _config from leap.bitmask.util import STANDALONE @@ -38,7 +39,7 @@ if IS_LINUX: polkit = ( os.path.exists(polkit_to) or os.path.exists(deb_polkit_to)) - return helper and polkit + return is_pkexec_in_system() and helper and polkit if IS_MAC: diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 458f690..dd8d29a 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -109,7 +109,7 @@ class LinuxPolicyChecker(object): :returns: a list of the paths where pkexec is to be found :rtype: list """ - if not self._is_pkexec_in_system(): + if not is_pkexec_in_system(): log.warn('System has no pkexec') raise NoPkexecAvailable() @@ -181,12 +181,12 @@ class LinuxPolicyChecker(object): return is_running - @classmethod - def _is_pkexec_in_system(self): - """ - Checks the existence of the pkexec binary in system. - """ - pkexec_path = which('pkexec') - if len(pkexec_path) == 0: - return False - return True + +def is_pkexec_in_system(): + """ + Checks the existence of the pkexec binary in system. + """ + pkexec_path = which('pkexec') + if len(pkexec_path) == 0: + return False + return True diff --git a/src/leap/bitmask/vpn/service.py b/src/leap/bitmask/vpn/service.py index 1ecfa79..3669971 100644 --- a/src/leap/bitmask/vpn/service.py +++ b/src/leap/bitmask/vpn/service.py @@ -106,6 +106,10 @@ class VPNService(HookableService): exc = Exception("VPN can't start, a provider is needed") exc.expected = True raise exc + if not is_service_ready(domain): + exc = Exception("VPN is not ready") + exc.expected = True + raise exc yield self._setup(domain) |