diff options
| author | kali <kali@leap.se> | 2012-08-03 09:42:14 +0900 |
|---|---|---|
| committer | kali <kali@leap.se> | 2012-08-03 09:42:14 +0900 |
| commit | 81613b2ef70e5d73b7c34eb4b78ee63189b45ab6 (patch) | |
| tree | 126f60090306475820cefd1c0c175ea6c1c9272e | |
| parent | b9c9b5536f9d1648a196e741cdf4570f64c3fb11 (diff) | |
pkexec check
| -rw-r--r-- | src/leap/baseapp/dialogs.py | 22 | ||||
| -rw-r--r-- | src/leap/baseapp/mainwindow.py | 25 | ||||
| -rw-r--r-- | src/leap/baseapp/permcheck.py | 10 | ||||
| -rw-r--r-- | src/leap/eip/conductor.py | 37 | ||||
| -rw-r--r-- | src/leap/eip/config.py | 35 |
5 files changed, 108 insertions, 21 deletions
diff --git a/src/leap/baseapp/dialogs.py b/src/leap/baseapp/dialogs.py new file mode 100644 index 0000000..d4e51a3 --- /dev/null +++ b/src/leap/baseapp/dialogs.py @@ -0,0 +1,22 @@ +from PyQt4.QtGui import (QDialog, QFrame, QPushButton, QLabel, QMessageBox) + + +class ErrorDialog(QDialog): + def __init__(self, parent=None): + super(ErrorDialog, self).__init__(parent) + + frameStyle = QFrame.Sunken | QFrame.Panel + self.warningLabel = QLabel() + self.warningLabel.setFrameStyle(frameStyle) + self.warningButton = QPushButton("QMessageBox.&warning()") + + def warningMessage(self, msg, label): + msgBox = QMessageBox(QMessageBox.Warning, + "QMessageBox.warning()", msg, + QMessageBox.NoButton, self) + msgBox.addButton("&Ok", QMessageBox.AcceptRole) + msgBox.addButton("&Cancel", QMessageBox.RejectRole) + if msgBox.exec_() == QMessageBox.AcceptRole: + self.warningLabel.setText("Save Again") + else: + self.warningLabel.setText("Continue") diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py index f2c48ac..fec4928 100644 --- a/src/leap/baseapp/mainwindow.py +++ b/src/leap/baseapp/mainwindow.py @@ -11,8 +11,9 @@ from PyQt4.QtGui import (QMainWindow, QWidget, QVBoxLayout, QMessageBox, QTextBrowser, qApp) from PyQt4.QtCore import (pyqtSlot, pyqtSignal, QTimer) +from leap.baseapp.dialogs import ErrorDialog +from leap.eip.conductor import EIPConductor, EIPNoCommandError from leap.gui import mainwindow_rc -from leap.eip.conductor import EIPConductor class LeapWindow(QMainWindow): @@ -64,15 +65,24 @@ class LeapWindow(QMainWindow): # we pass a tuple of signals that will be # triggered when status changes. # + self.trayIcon.show() config_file = getattr(opts, 'config_file', None) + self.conductor = EIPConductor( watcher_cb=self.newLogLine.emit, config_file=config_file, status_signals=(self.statusChange.emit, )) - self.trayIcon.show() + if self.conductor.missing_pkexec is True: + dialog = ErrorDialog() + dialog.warningMessage( + 'We could not find <b>pkexec</b> in your ' + 'system.<br/> Do you want to try ' + '<b>setuid workaround</b>? ' + '(<i>DOES NOTHING YET</i>)', + 'error') - self.setWindowTitle("Leap") + self.setWindowTitle("LEAP Client") self.resize(400, 300) self.set_statusbarMessage('ready') @@ -316,7 +326,14 @@ technolust</i>") stub for running child process with vpn """ if self.vpn_service_started is False: - self.conductor.connect() + try: + self.conductor.connect() + except EIPNoCommandError: + dialog = ErrorDialog() + dialog.warningMessage( + 'No suitable openvpn command found. ' + '<br/>(Might be a permissions problem)', + 'error') if self.debugmode: self.startStopButton.setText('&Disconnect') self.vpn_service_started = True diff --git a/src/leap/baseapp/permcheck.py b/src/leap/baseapp/permcheck.py new file mode 100644 index 0000000..5874876 --- /dev/null +++ b/src/leap/baseapp/permcheck.py @@ -0,0 +1,10 @@ +import os + +from leap.util.fileutil import which + + +def is_pkexec_in_system(): + pkexec_path = which('pkexec') + if not pkexec_path: + return False + return os.access(pkexec_path, os.X_OK) diff --git a/src/leap/eip/conductor.py b/src/leap/eip/conductor.py index bf7f0fb..2d6ad76 100644 --- a/src/leap/eip/conductor.py +++ b/src/leap/eip/conductor.py @@ -8,7 +8,9 @@ import logging from leap.util.coroutines import spawn_and_watch_process -from leap.eip.config import get_config, build_ovpn_command + +from leap.eip.config import (get_config, build_ovpn_command, + EIPNoPkexecAvailable) from leap.eip.vpnwatcher import EIPConnectionStatus, status_watcher from leap.eip.vpnmanager import OpenVPNManager, ConnectionRefusedError @@ -17,6 +19,9 @@ logger = logging.getLogger(name=__name__) # TODO Move exceptions to their own module +class EIPNoCommandError(Exception): + pass + class ConnectionError(Exception): """ @@ -81,6 +86,10 @@ to be triggered for each one of them. self.port = None self.proto = None + self.missing_pkexec = False + self.command = None + self.args = None + self.autostart = True self._get_or_create_config() @@ -94,6 +103,14 @@ to be triggered for each one of them. config = get_config(config_file=self.config_file) self.config = config + if config.has_option('openvpn', 'autostart'): + autostart = config.getboolean('openvpn', 'autostart') + self.autostart = autostart + else: + if config.has_option('DEFAULT', 'autostart'): + autostart = config.getboolean('DEFAULT', 'autostart') + self.autostart = autostart + if config.has_option('openvpn', 'command'): commandline = config.get('openvpn', 'command') @@ -110,18 +127,16 @@ to be triggered for each one of them. else: # no command in config, we build it up. # XXX check also for command-line --command flag - command, args = build_ovpn_command(config) + try: + command, args = build_ovpn_command(config) + except EIPNoPkexecAvailable: + command = args = None + self.missing_pkexec = True + + # XXX if not command, signal error. self.command = command self.args = args - if config.has_option('openvpn', 'autostart'): - autostart = config.getboolean('openvpn', 'autostart') - self.autostart = autostart - else: - if config.has_option('DEFAULT', 'autostart'): - autostart = config.getboolean('DEFAULT', 'autostart') - self.autostart = autostart - def _launch_openvpn(self): """ invocation of openvpn binaries in a subprocess. @@ -152,6 +167,8 @@ to be triggered for each one of them. """ attempts to connect """ + if self.command is None: + raise EIPNoCommandError if self.subp is not None: print('cowardly refusing to launch subprocess again') return diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index 3fca329..c632ba4 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -4,6 +4,11 @@ import os import platform from leap.util.fileutil import which, mkdir_p +from leap.baseapp.permcheck import is_pkexec_in_system + + +class EIPNoPkexecAvailable(Exception): + pass def build_ovpn_options(): @@ -79,19 +84,35 @@ def build_ovpn_command(config): and a list of options. """ command = [] - use_pkexec = False + use_pkexec = True ovpn = None - if config.has_option('openvpn', 'openvpn_binary'): - ovpn = config.get('openvpn', 'openvpn_binary') - if not ovpn and config.has_option('DEFAULT', 'openvpn_binary'): - ovpn = config.get('DEFAULT', 'openvpn_binary') - if config.has_option('openvpn', 'use_pkexec'): use_pkexec = config.get('openvpn', 'use_pkexec') + if platform.system() == "Linux" and use_pkexec: + + # XXX check for both pkexec (done) + # AND a suitable authentication + # agent running. + + if not is_pkexec_in_system(): + raise EIPNoPkexecAvailable + + #TBD -- + #if not is_auth_agent_running() + # raise EIPNoPolkitAuthAgentAvailable - if use_pkexec: command.append('pkexec') + + if config.has_option('openvpn', + 'openvpn_binary'): + ovpn = config.get('openvpn', + 'openvpn_binary') + if not ovpn and config.has_option('DEFAULT', + 'openvpn_binary'): + ovpn = config.get('DEFAULT', + 'openvpn_binary') + if ovpn: command.append(ovpn) |