summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn/_checks.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/vpn/_checks.py')
-rw-r--r--src/leap/bitmask/vpn/_checks.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py
index 6c08962..c6117d0 100644
--- a/src/leap/bitmask/vpn/_checks.py
+++ b/src/leap/bitmask/vpn/_checks.py
@@ -2,13 +2,14 @@ import os
from datetime import datetime
from time import mktime
+from twisted.logger import Logger
+from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable
from leap.common.certs import get_cert_time_boundaries
from leap.common.config import get_path_prefix
+log = Logger()
-# TODO use privilege.py module, plenty of checks in there for pkexec and
-# friends.
class ImproperlyConfigured(Exception):
pass
@@ -18,6 +19,10 @@ def is_service_ready(provider):
if not _has_valid_cert(provider):
raise ImproperlyConfigured('Missing VPN certificate')
+ if not is_pkexec_in_system():
+ log.warn('System has no pkexec')
+ raise NoPkexecAvailable()
+
return True
@@ -40,10 +45,12 @@ def _has_valid_cert(provider):
cert_path = get_vpn_cert_path(provider)
has_file = os.path.isfile(cert_path)
if not has_file:
+ log.warn("VPN cert not present for %s" % (provider,))
return False
expiry = cert_expires(provider)
if datetime.now() > expiry:
+ log.warn("VPN cert expired for %s" % (provider,))
return False
return True
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 13:01:59 +0000