summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/requirements.pip1
-rw-r--r--setup.py1
-rw-r--r--src/leap/bitmask/vpn/helpers/linux/polkit_agent.py82
-rw-r--r--src/leap/bitmask/vpn/launchers/linux.py5
-rw-r--r--src/leap/bitmask/vpn/privilege.py32
5 files changed, 97 insertions, 24 deletions
diff --git a/pkg/requirements.pip b/pkg/requirements.pip
index a34f829..80dca0b 100644
--- a/pkg/requirements.pip
+++ b/pkg/requirements.pip
@@ -2,6 +2,7 @@ twisted
colorama
zope.interface
service-identity
+python-daemon
gnupg
leap.common>=0.5.5
leap.soledad.client>=0.9.5
diff --git a/setup.py b/setup.py
index c4ddb4d..76fb4a5 100644
--- a/setup.py
+++ b/setup.py
@@ -18,6 +18,7 @@ required = [
'service-identity',
'colorama',
'srp',
+ 'python-daemon',
'leap.common',
]
diff --git a/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py
new file mode 100644
index 0000000..10bf7db
--- /dev/null
+++ b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py
@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+# polkit_agent.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Daemonizes polkit authentication agent.
+"""
+
+import os
+import subprocess
+
+import daemon
+
+
+POLKIT_PATHS = (
+ '/usr/lib/lxpolkit/lxpolkit',
+ '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1',
+ '/usr/lib/mate-polkit/polkit-mate-authentication-agent-1',
+ '/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1',
+)
+
+
+# TODO write tests for this piece.
+def _get_polkit_agent():
+ """
+ Return a valid polkit agent to use.
+
+ :rtype: str or None
+ """
+ # TODO: in caso of having more than one polkit agent we may want to
+ # stablish priorities. E.g.: lxpolkit over gnome-polkit for minimalistic
+ # desktops.
+ for polkit in POLKIT_PATHS:
+ if os.path.isfile(polkit):
+ return polkit
+
+ return None
+
+
+def _launch_agent():
+ """
+ Launch a polkit authentication agent on a subprocess.
+ """
+ polkit_agent = _get_polkit_agent()
+
+ if polkit_agent is None:
+ print("No usable polkit was found.")
+ return
+
+ print('Launching polkit auth agent')
+ try:
+ # XXX fix KDE launch. See: #3755
+ subprocess.call(polkit_agent)
+ except Exception as e:
+ print('Error launching polkit authentication agent %r' % (e, ))
+
+
+def launch():
+ """
+ Launch a polkit authentication agent as a daemon.
+ """
+ with daemon.DaemonContext():
+ _launch_agent()
+
+
+if __name__ == "__main__":
+ # TODO pass a --nodaemon flag so that we can launch this in the foreground
+ # and debug this module, getting errors to stderr.
+ launch()
diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py
index 5852d1e..d68d6ef 100644
--- a/src/leap/bitmask/vpn/launchers/linux.py
+++ b/src/leap/bitmask/vpn/launchers/linux.py
@@ -21,18 +21,13 @@ Linux VPN launcher implementation.
import commands
import os
-import sys
from twisted.logger import Logger
from leap.bitmask.util import STANDALONE
from leap.bitmask.vpn.utils import first, force_eval
from leap.bitmask.vpn.privilege import LinuxPolicyChecker
-from leap.bitmask.vpn.privilege import NoPkexecAvailable
-from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable
from leap.bitmask.vpn.launcher import VPNLauncher
-from leap.bitmask.vpn.launcher import VPNLauncherException
-from leap.common.config import get_path_prefix
logger = Logger()
COM = commands
diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py
index 2576877..4617aed 100644
--- a/src/leap/bitmask/vpn/privilege.py
+++ b/src/leap/bitmask/vpn/privilege.py
@@ -169,26 +169,20 @@ class LinuxPolicyChecker(PolicyChecker):
@classmethod
def launch(self):
"""
- Tries to launch policykit
+ Tries to launch policykit.
"""
- env = None
- if STANDALONE:
- # This allows us to send to subprocess the environment configs that
- # works for the standalone bundle (like the PYTHONPATH)
- env = dict(os.environ)
- # The LD_LIBRARY_PATH is set on the launcher but not forwarded to
- # subprocess unless we do so explicitly.
- env["LD_LIBRARY_PATH"] = os.path.abspath("./lib/")
- try:
- # We need to quote the command because subprocess call
- # will do "sh -c 'foo'", so if we do not quoute it we'll end
- # up with a invocation to the python interpreter. And that
- # is bad.
- log.debug('Trying to launch polkit agent')
- subprocess.call(["python -m leap.bitmask.util.polkit_agent"],
- shell=True, env=env)
- except Exception:
- log.failure('Error while launching vpn')
+ if not self.is_up():
+ try:
+ # We need to quote the command because subprocess call
+ # will do "sh -c 'foo'", so if we do not quoute it we'll end
+ # up with a invocation to the python interpreter. And that
+ # is bad.
+ log.debug('Trying to launch polkit agent')
+ subprocess.call(
+ ["python -m leap.bitmask.vpn.helpers.linux.polkit_agent"],
+ shell=True)
+ except Exception:
+ log.failure('Error while launching vpn')
@classmethod
def is_up(self):