summaryrefslogtreecommitdiff
path: root/src/leap/bitmask
diff options
context:
space:
mode:
authorKali Kaneko (leap communications) <kali@leap.se>2017-05-19 14:54:51 +0200
committerRuben Pollan <meskio@sindominio.net>2017-05-22 12:56:22 +0200
commit35d2f5662c6f03480f3f6f9ef9092757447361ed (patch)
tree8ee163148918f1b75e5e064c7cf46bb3f1ae15df /src/leap/bitmask
parent9b415b6423c7dd18fe9ffa302c3343dfa2314619 (diff)
[feat] port the polkit agent launcher
this commit is porting the polkit launcher from the legacy bitmask client. if no polkit authentication agent is running, it will try to run one that is found in the system. - Resolves: #8836
Diffstat (limited to 'src/leap/bitmask')
-rw-r--r--src/leap/bitmask/vpn/helpers/linux/polkit_agent.py82
-rw-r--r--src/leap/bitmask/vpn/launchers/linux.py5
-rw-r--r--src/leap/bitmask/vpn/privilege.py32
3 files changed, 95 insertions, 24 deletions
diff --git a/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py
new file mode 100644
index 0000000..10bf7db
--- /dev/null
+++ b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py
@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+# polkit_agent.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Daemonizes polkit authentication agent.
+"""
+
+import os
+import subprocess
+
+import daemon
+
+
+POLKIT_PATHS = (
+ '/usr/lib/lxpolkit/lxpolkit',
+ '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1',
+ '/usr/lib/mate-polkit/polkit-mate-authentication-agent-1',
+ '/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1',
+)
+
+
+# TODO write tests for this piece.
+def _get_polkit_agent():
+ """
+ Return a valid polkit agent to use.
+
+ :rtype: str or None
+ """
+ # TODO: in caso of having more than one polkit agent we may want to
+ # stablish priorities. E.g.: lxpolkit over gnome-polkit for minimalistic
+ # desktops.
+ for polkit in POLKIT_PATHS:
+ if os.path.isfile(polkit):
+ return polkit
+
+ return None
+
+
+def _launch_agent():
+ """
+ Launch a polkit authentication agent on a subprocess.
+ """
+ polkit_agent = _get_polkit_agent()
+
+ if polkit_agent is None:
+ print("No usable polkit was found.")
+ return
+
+ print('Launching polkit auth agent')
+ try:
+ # XXX fix KDE launch. See: #3755
+ subprocess.call(polkit_agent)
+ except Exception as e:
+ print('Error launching polkit authentication agent %r' % (e, ))
+
+
+def launch():
+ """
+ Launch a polkit authentication agent as a daemon.
+ """
+ with daemon.DaemonContext():
+ _launch_agent()
+
+
+if __name__ == "__main__":
+ # TODO pass a --nodaemon flag so that we can launch this in the foreground
+ # and debug this module, getting errors to stderr.
+ launch()
diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py
index 5852d1e..d68d6ef 100644
--- a/src/leap/bitmask/vpn/launchers/linux.py
+++ b/src/leap/bitmask/vpn/launchers/linux.py
@@ -21,18 +21,13 @@ Linux VPN launcher implementation.
import commands
import os
-import sys
from twisted.logger import Logger
from leap.bitmask.util import STANDALONE
from leap.bitmask.vpn.utils import first, force_eval
from leap.bitmask.vpn.privilege import LinuxPolicyChecker
-from leap.bitmask.vpn.privilege import NoPkexecAvailable
-from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable
from leap.bitmask.vpn.launcher import VPNLauncher
-from leap.bitmask.vpn.launcher import VPNLauncherException
-from leap.common.config import get_path_prefix
logger = Logger()
COM = commands
diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py
index 2576877..4617aed 100644
--- a/src/leap/bitmask/vpn/privilege.py
+++ b/src/leap/bitmask/vpn/privilege.py
@@ -169,26 +169,20 @@ class LinuxPolicyChecker(PolicyChecker):
@classmethod
def launch(self):
"""
- Tries to launch policykit
+ Tries to launch policykit.
"""
- env = None
- if STANDALONE:
- # This allows us to send to subprocess the environment configs that
- # works for the standalone bundle (like the PYTHONPATH)
- env = dict(os.environ)
- # The LD_LIBRARY_PATH is set on the launcher but not forwarded to
- # subprocess unless we do so explicitly.
- env["LD_LIBRARY_PATH"] = os.path.abspath("./lib/")
- try:
- # We need to quote the command because subprocess call
- # will do "sh -c 'foo'", so if we do not quoute it we'll end
- # up with a invocation to the python interpreter. And that
- # is bad.
- log.debug('Trying to launch polkit agent')
- subprocess.call(["python -m leap.bitmask.util.polkit_agent"],
- shell=True, env=env)
- except Exception:
- log.failure('Error while launching vpn')
+ if not self.is_up():
+ try:
+ # We need to quote the command because subprocess call
+ # will do "sh -c 'foo'", so if we do not quoute it we'll end
+ # up with a invocation to the python interpreter. And that
+ # is bad.
+ log.debug('Trying to launch polkit agent')
+ subprocess.call(
+ ["python -m leap.bitmask.vpn.helpers.linux.polkit_agent"],
+ shell=True)
+ except Exception:
+ log.failure('Error while launching vpn')
@classmethod
def is_up(self):