diff options
author | Kali Kaneko <kali@leap.se> | 2017-06-22 08:26:06 -0700 |
---|---|---|
committer | Kali Kaneko (leap communications) <kali@leap.se> | 2017-06-23 19:38:30 +0200 |
commit | 25c17baf2c9d3c35e34d93f3dcb238f8264b67d9 (patch) | |
tree | 771f8d04bc7dd0730de9fbe0995aaed8103ffd3a /src/leap/bitmask/vpn | |
parent | 2f3083714e541178d14b12dd70113175262a0aa3 (diff) |
[bu] cleanup options in launcher
Some reordering, and general cleanup of options.
Some of the openvpn options are added now by bitmask-root.
- Resolves: #8948
Diffstat (limited to 'src/leap/bitmask/vpn')
-rw-r--r-- | src/leap/bitmask/vpn/launcher.py | 118 |
1 files changed, 4 insertions, 114 deletions
diff --git a/src/leap/bitmask/vpn/launcher.py b/src/leap/bitmask/vpn/launcher.py index 8ce2660..466f6d8 100644 --- a/src/leap/bitmask/vpn/launcher.py +++ b/src/leap/bitmask/vpn/launcher.py @@ -198,7 +198,6 @@ class VPNLauncher(object): args = [] args += [ - '--setenv', "LEAPOPENVPN", "1", '--nobind' ] @@ -212,10 +211,9 @@ class VPNLauncher(object): args += [ '--client', - '--dev', ' tun', '--tls-client', '--remote-cert-tls', - 'server' + 'server', ] openvpn_configuration = vpnconfig.get_openvpn_configuration() @@ -236,25 +234,10 @@ class VPNLauncher(object): args += [ '--management-signal', '--management', socket_host, socket_port, - '--script-security', '2' - ] - - if kls.UP_SCRIPT is not None: - if _has_updown_scripts(kls.UP_SCRIPT): - args += [ - '--up', '\"%s\"' % (kls.UP_SCRIPT,), - ] - - if kls.DOWN_SCRIPT is not None: - if _has_updown_scripts(kls.DOWN_SCRIPT): - args += [ - '--down', '\"%s\"' % (kls.DOWN_SCRIPT,) - ] - - args += [ + '--script-security', '2', + '--ca', providerconfig.get_ca_cert_path(), '--cert', vpnconfig.get_client_cert_path(providerconfig), - '--key', vpnconfig.get_client_cert_path(providerconfig), - '--ca', providerconfig.get_ca_cert_path() + '--key', vpnconfig.get_client_cert_path(providerconfig) ] if not IS_MAC: @@ -266,96 +249,3 @@ class VPNLauncher(object): command_and_args = [openvpn_path] + args return command_and_args - - @classmethod - def missing_updown_scripts(kls): - """ - Return what updown scripts are missing. - - :rtype: list - """ - # FIXME - # XXX remove method when we ditch UPDOWN in osx and win too - if IS_LINUX: - return [] - else: - # leap_assert(kls.UPDOWN_FILES is not None, - # "Need to define UPDOWN_FILES for this particular " - # "launcher before calling this method") - # TODO assert vs except? - if kls.UPDOWN_FILES is None: - raise Exception( - "Need to define UPDOWN_FILES for this particular " - "launcher before calling this method") - file_exist = partial(_has_updown_scripts, warn=False) - zipped = zip(kls.UPDOWN_FILES, map(file_exist, kls.UPDOWN_FILES)) - missing = filter(lambda (path, exists): exists is False, zipped) - return [path for path, exists in missing] - - @classmethod - def missing_other_files(kls): - """ - Return what other important files are missing during startup. - Same as missing_updown_scripts but does not check for exec bit. - - :rtype: list - """ - if kls.OTHER_FILES is None: - raise Exception( - "Need to define OTHER_FILES for this particular " - "auncher before calling this method") - - other = force_eval(kls.OTHER_FILES) - file_exist = partial(_has_other_files, warn=False) - - if flags_STANDALONE: - try: - from leap.bitmask import _binaries - except ImportError: - raise RuntimeError( - "Could not find binary hash info in this bundle!") - - _, bitmask_root_path, openvpn_bin_path = other - - check_hash = _has_expected_binary_hash - openvpn_hash = _binaries.OPENVPN_BIN - bitmask_root_hash = _binaries.BITMASK_ROOT - - correct_hash = ( - True, # we do not check the polkit file - check_hash(bitmask_root_path, bitmask_root_hash), - check_hash(openvpn_bin_path, openvpn_hash)) - - zipped = zip(other, map(file_exist, other), correct_hash) - missing = filter( - lambda (path, exists, hash_ok): ( - exists is False or hash_ok is False), - zipped) - return [path for path, exists, hash_ok in missing] - else: - zipped = zip(other, map(file_exist, other)) - missing = filter(lambda (path, exists): exists is False, zipped) - return [path for path, exists in missing] - - -def _has_expected_binary_hash(path, expected_hash): - """ - Check if the passed path matches the expected hash. - - Used from within the bundle, to know if we have to reinstall the shipped - binaries into the system path. - - This path will be /usr/local/sbin for linux. - - :param path: the path to check. - :type path: str - :param expected_hash: the sha256 hash that we expect - :type expected_hash: str - :rtype: bool - """ - try: - with open(path) as f: - file_hash = hashlib.sha256(f.read()).hexdigest() - return expected_hash == file_hash - except IOError: - return False |