diff options
-rw-r--r-- | pkg/requirements.pip | 1 | ||||
-rw-r--r-- | setup.py | 1 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/helpers/linux/polkit_agent.py | 82 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/launchers/linux.py | 5 | ||||
-rw-r--r-- | src/leap/bitmask/vpn/privilege.py | 32 |
5 files changed, 97 insertions, 24 deletions
diff --git a/pkg/requirements.pip b/pkg/requirements.pip index a34f829..80dca0b 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -2,6 +2,7 @@ twisted colorama zope.interface service-identity +python-daemon gnupg leap.common>=0.5.5 leap.soledad.client>=0.9.5 @@ -18,6 +18,7 @@ required = [ 'service-identity', 'colorama', 'srp', + 'python-daemon', 'leap.common', ] diff --git a/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py new file mode 100644 index 0000000..10bf7db --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# polkit_agent.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Daemonizes polkit authentication agent. +""" + +import os +import subprocess + +import daemon + + +POLKIT_PATHS = ( + '/usr/lib/lxpolkit/lxpolkit', + '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1', + '/usr/lib/mate-polkit/polkit-mate-authentication-agent-1', + '/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1', +) + + +# TODO write tests for this piece. +def _get_polkit_agent(): + """ + Return a valid polkit agent to use. + + :rtype: str or None + """ + # TODO: in caso of having more than one polkit agent we may want to + # stablish priorities. E.g.: lxpolkit over gnome-polkit for minimalistic + # desktops. + for polkit in POLKIT_PATHS: + if os.path.isfile(polkit): + return polkit + + return None + + +def _launch_agent(): + """ + Launch a polkit authentication agent on a subprocess. + """ + polkit_agent = _get_polkit_agent() + + if polkit_agent is None: + print("No usable polkit was found.") + return + + print('Launching polkit auth agent') + try: + # XXX fix KDE launch. See: #3755 + subprocess.call(polkit_agent) + except Exception as e: + print('Error launching polkit authentication agent %r' % (e, )) + + +def launch(): + """ + Launch a polkit authentication agent as a daemon. + """ + with daemon.DaemonContext(): + _launch_agent() + + +if __name__ == "__main__": + # TODO pass a --nodaemon flag so that we can launch this in the foreground + # and debug this module, getting errors to stderr. + launch() diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py index 5852d1e..d68d6ef 100644 --- a/src/leap/bitmask/vpn/launchers/linux.py +++ b/src/leap/bitmask/vpn/launchers/linux.py @@ -21,18 +21,13 @@ Linux VPN launcher implementation. import commands import os -import sys from twisted.logger import Logger from leap.bitmask.util import STANDALONE from leap.bitmask.vpn.utils import first, force_eval from leap.bitmask.vpn.privilege import LinuxPolicyChecker -from leap.bitmask.vpn.privilege import NoPkexecAvailable -from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable from leap.bitmask.vpn.launcher import VPNLauncher -from leap.bitmask.vpn.launcher import VPNLauncherException -from leap.common.config import get_path_prefix logger = Logger() COM = commands diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 2576877..4617aed 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -169,26 +169,20 @@ class LinuxPolicyChecker(PolicyChecker): @classmethod def launch(self): """ - Tries to launch policykit + Tries to launch policykit. """ - env = None - if STANDALONE: - # This allows us to send to subprocess the environment configs that - # works for the standalone bundle (like the PYTHONPATH) - env = dict(os.environ) - # The LD_LIBRARY_PATH is set on the launcher but not forwarded to - # subprocess unless we do so explicitly. - env["LD_LIBRARY_PATH"] = os.path.abspath("./lib/") - try: - # We need to quote the command because subprocess call - # will do "sh -c 'foo'", so if we do not quoute it we'll end - # up with a invocation to the python interpreter. And that - # is bad. - log.debug('Trying to launch polkit agent') - subprocess.call(["python -m leap.bitmask.util.polkit_agent"], - shell=True, env=env) - except Exception: - log.failure('Error while launching vpn') + if not self.is_up(): + try: + # We need to quote the command because subprocess call + # will do "sh -c 'foo'", so if we do not quoute it we'll end + # up with a invocation to the python interpreter. And that + # is bad. + log.debug('Trying to launch polkit agent') + subprocess.call( + ["python -m leap.bitmask.vpn.helpers.linux.polkit_agent"], + shell=True) + except Exception: + log.failure('Error while launching vpn') @classmethod def is_up(self): |