コード例 #1
0
ファイル: emailfirewall.py プロジェクト: EvyW/bitmask_client
    def _run(self, cmd):
        """
        Run an email firewall command with bitmask-root

        Might raise:
            NoPkexecAvailable,
            NoPolkitAuthAgentAvailable,

        :param cmd: command to send to bitmask-root fw-email
        :type cmd: [str]
        :returns: exit code of bitmask-root
        :rtype: int
        """
        command = []

        policyChecker = LinuxPolicyChecker()
        pkexec = policyChecker.maybe_pkexec()
        if pkexec:
            command.append(first(pkexec))

        command.append(force_eval(self.BITMASK_ROOT))
        command.append("fw-email")
        command += cmd

        # XXX: will be nice to use twisted ProcessProtocol instead of
        #      subprocess to avoid blocking until it finish
        return subprocess.call(command)
コード例 #2
0
def check_polkit():
    """
    Check if we have a running polkit agent and tries to launch an agent if
    needed.
    Show an error message if there is no agent and we couldn't run one.

    :return: True if we have a polkit running (or if we started one), False
             otherwise
    :rtype: bool
    """
    if LinuxPolicyChecker.is_up():
        return True

    try:
        LinuxPolicyChecker.maybe_pkexec()
        return True
    except Exception:
        logger.error("No polkit agent running.")

        msg = QtGui.QMessageBox()
        msg.setWindowTitle(msg.tr("No polkit agent running"))
        msg.setText(
            msg.tr('There is no polkit agent running and it is needed to run '
                   'the Bitmask services.<br>Take a look at the '
                   '<a href="https://leap.se/en/docs/client/known-issues">'
                   'known issues</a> page'))
        msg.setIcon(QtGui.QMessageBox.Critical)
        msg.exec_()

        return False
コード例 #3
0
def check_polkit():
    """
    Check if we have a running polkit agent and tries to launch an agent if
    needed.
    Show an error message if there is no agent and we couldn't run one.

    :return: True if we have a polkit running (or if we started one), False
             otherwise
    :rtype: bool
    """
    if LinuxPolicyChecker.is_up():
        return True

    try:
        LinuxPolicyChecker.maybe_pkexec()
        return True
    except Exception:
        logger.error("No polkit agent running.")

        msg = QtGui.QMessageBox()
        msg.setWindowTitle(msg.tr("No polkit agent running"))
        msg.setText(
            msg.tr('There is no polkit agent running and it is needed to run '
                   'the Bitmask services.<br>Take a look at the '
                   '<a href="https://leap.se/en/docs/client/known-issues">'
                   'known issues</a> page'))
        msg.setIcon(QtGui.QMessageBox.Critical)
        msg.exec_()

        return False
コード例 #4
0
    def _run(self, cmd):
        """
        Run an email firewall command with bitmask-root

        Might raise:
            NoPkexecAvailable,
            NoPolkitAuthAgentAvailable,

        :param cmd: command to send to bitmask-root fw-email
        :type cmd: [str]
        :returns: exit code of bitmask-root
        :rtype: int
        """
        command = []

        policyChecker = LinuxPolicyChecker()
        pkexec = policyChecker.maybe_pkexec()
        if pkexec:
            command.append(first(pkexec))

        command.append(force_eval(self.BITMASK_ROOT))
        command.append("fw-email")
        command += cmd

        # XXX: will be nice to use twisted ProcessProtocol instead of
        #      subprocess to avoid blocking until it finish
        return subprocess.call(command)
コード例 #5
0
    def get_vpn_command(kls,
                        eipconfig,
                        providerconfig,
                        socket_host,
                        socket_port="unix",
                        openvpn_verb=1):
        """
        Returns the Linux implementation for the vpn launching command.

        Might raise:
            EIPNoPkexecAvailable,
            EIPNoPolkitAuthAgentAvailable,
            OpenVPNNotFoundException,
            VPNLauncherException.

        :param eipconfig: eip configuration object
        :type eipconfig: EIPConfig
        :param providerconfig: provider specific configuration
        :type providerconfig: ProviderConfig
        :param socket_host: either socket path (unix) or socket IP
        :type socket_host: str
        :param socket_port: either string "unix" if it's a unix socket,
                            or port otherwise
        :type socket_port: str
        :param openvpn_verb: the openvpn verbosity wanted
        :type openvpn_verb: int

        :return: A VPN command ready to be launched.
        :rtype: list
        """
        # we use `super` in order to send the class to use
        command = super(LinuxVPNLauncher,
                        kls).get_vpn_command(eipconfig, providerconfig,
                                             socket_host, socket_port,
                                             openvpn_verb)

        command.insert(0, force_eval(kls.BITMASK_ROOT))
        command.insert(1, "openvpn")
        command.insert(2, "start")

        policyChecker = LinuxPolicyChecker()
        try:
            pkexec = policyChecker.maybe_pkexec()
        except NoPolkitAuthAgentAvailable:
            raise EIPNoPolkitAuthAgentAvailable()
        except NoPkexecAvailable:
            raise EIPNoPkexecAvailable()
        if pkexec:
            command.insert(0, first(pkexec))

        return command
コード例 #6
0
    def get_vpn_command(kls, eipconfig, providerconfig, socket_host, socket_port="unix", openvpn_verb=1):
        """
        Returns the Linux implementation for the vpn launching command.

        Might raise:
            EIPNoPkexecAvailable,
            EIPNoPolkitAuthAgentAvailable,
            OpenVPNNotFoundException,
            VPNLauncherException.

        :param eipconfig: eip configuration object
        :type eipconfig: EIPConfig
        :param providerconfig: provider specific configuration
        :type providerconfig: ProviderConfig
        :param socket_host: either socket path (unix) or socket IP
        :type socket_host: str
        :param socket_port: either string "unix" if it's a unix socket,
                            or port otherwise
        :type socket_port: str
        :param openvpn_verb: the openvpn verbosity wanted
        :type openvpn_verb: int

        :return: A VPN command ready to be launched.
        :rtype: list
        """
        # we use `super` in order to send the class to use
        command = super(LinuxVPNLauncher, kls).get_vpn_command(
            eipconfig, providerconfig, socket_host, socket_port, openvpn_verb
        )

        command.insert(0, force_eval(kls.BITMASK_ROOT))
        command.insert(1, "openvpn")
        command.insert(2, "start")

        policyChecker = LinuxPolicyChecker()
        try:
            pkexec = policyChecker.maybe_pkexec()
        except NoPolkitAuthAgentAvailable:
            raise EIPNoPolkitAuthAgentAvailable()
        except NoPkexecAvailable:
            raise EIPNoPkexecAvailable()
        if pkexec:
            command.insert(0, first(pkexec))

        return command
コード例 #7
0
def _linux_install_missing_scripts(badexec, notfound):
    """
    Try to install the missing helper files.

    :param badexec: error for notifying execution error during command.
    :type badexec: str
    :param notfound: error for notifying missing path.
    :type notfound: str
    :returns: True if the files could be copied successfully.
    :rtype: bool
    """
    success = False
    installer_path = os.path.abspath(
        os.path.join(os.getcwd(), "..", "apps", "eip", "files"))

    install_helper = "leap-install-helper.sh"
    install_helper_path = os.path.join(installer_path, install_helper)

    install_opts = ("--from-path %s --install-bitmask-root YES "
                    "--install-polkit-file YES --install-openvpn YES "
                    "--remove-old-files YES" % (installer_path,))

    if os.path.isdir(installer_path):
        try:
            policyChecker = LinuxPolicyChecker()
            pkexec = first(policyChecker.maybe_pkexec())
            cmdline = ["%s %s %s" % (
                pkexec, install_helper_path, install_opts)]

            ret = subprocess.call(
                cmdline, stdout=subprocess.PIPE,
                shell=True)
            success = ret == 0
            if not success:
                logger.error("Install of helpers failed.")
        except Exception as exc:
            logger.error(badexec)
            logger.error("Error was: %r" % (exc,))
    else:
        logger.error(notfound)
        logger.debug('path searched: %s' % (installer_path,))

    return success
コード例 #8
0
def _linux_install_missing_scripts(badexec, notfound):
    """
    Try to install the missing helper files.

    :param badexec: error for notifying execution error during command.
    :type badexec: str
    :param notfound: error for notifying missing path.
    :type notfound: str
    :returns: True if the files could be copied successfully.
    :rtype: bool
    """
    success = False
    installer_path = os.path.abspath(
        os.path.join(os.getcwd(), "..", "apps", "eip", "files"))

    install_helper = "leap-install-helper.sh"
    install_helper_path = os.path.join(installer_path, install_helper)

    install_opts = ("--from-path %s --install-bitmask-root YES "
                    "--install-polkit-file YES --install-openvpn YES "
                    "--remove-old-files YES" % (installer_path, ))

    if os.path.isdir(installer_path):
        try:
            policyChecker = LinuxPolicyChecker()
            pkexec = first(policyChecker.maybe_pkexec())
            cmdline = [
                "%s %s %s" % (pkexec, install_helper_path, install_opts)
            ]

            ret = subprocess.call(cmdline, stdout=subprocess.PIPE, shell=True)
            success = ret == 0
            if not success:
                logger.error("Install of helpers failed.")
        except Exception as exc:
            logger.error(badexec)
            logger.error("Error was: %r" % (exc, ))
    else:
        logger.error(notfound)
        logger.debug('path searched: %s' % (installer_path, ))

    return success
コード例 #9
0
    def missing_other_files(self):
        """
        'Extend' the VPNLauncher's missing_other_files to check if the polkit
        files is outdated. If the polkit file that is in OTHER_FILES exists but
        is not up to date, it is added to the missing list.

        :returns: a list of missing files
        :rtype: list of str
        """
        missing = VPNLauncher.missing_other_files.im_func(self)
        polkit_file = LinuxPolicyChecker.get_polkit_path()
        if polkit_file not in missing:
            if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH):
                missing.append(polkit_file)

        return missing
コード例 #10
0
    def _can_start(self, domain):
        """
        Returns True if it has everything that is needed to run EIP,
        False otherwise

        :param domain: the domain for the provider to check
        :type domain: str
        """
        if IS_LINUX and not LinuxPolicyChecker.is_up():
            logger.error("No polkit agent running.")
            return False

        provider_config = ProviderConfig.get_provider_config(domain)
        if EIP_SERVICE not in provider_config.get_services():
            return False
        eip_config = eipconfig.EIPConfig()

        api_version = provider_config.get_api_version()
        eip_config.set_api_version(api_version)
        eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))

        launcher = get_vpn_launcher()
        ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
        if not os.path.isfile(ovpn_path):
            logger.error("Cannot start OpenVPN, binary not found: %s" %
                         (ovpn_path,))
            return False

        # check for other problems
        if not eip_loaded or provider_config is None:
            logger.error("Cannot load provider and eip config, cannot "
                         "autostart")
            return False

        client_cert_path = eip_config.\
            get_client_cert_path(provider_config, about_to_download=True)

        if leap_certs.should_redownload(client_cert_path):
            logger.error("The client should redownload the certificate,"
                         " cannot autostart")
            return False

        if not os.path.isfile(client_cert_path):
            logger.error("Can't find the certificate, cannot autostart")
            return False

        return True
コード例 #11
0
    def missing_other_files(kls):
        """
        'Extend' the VPNLauncher's missing_other_files to check if the polkit
        files is outdated. If the polkit file that is in OTHER_FILES exists but
        is not up to date, it is added to the missing list.

        :returns: a list of missing files
        :rtype: list of str
        """
        # we use `super` in order to send the class to use
        missing = super(LinuxVPNLauncher, kls).missing_other_files()
        polkit_file = LinuxPolicyChecker.get_polkit_path()
        if polkit_file not in missing:
            if privilege_policies.is_policy_outdated(kls.OPENVPN_BIN_PATH):
                missing.append(polkit_file)

        return missing
コード例 #12
0
    def _can_start(self, domain):
        """
        Returns True if it has everything that is needed to run EIP,
        False otherwise

        :param domain: the domain for the provider to check
        :type domain: str
        """
        if not LinuxPolicyChecker.is_up():
            logger.error("No polkit agent running.")
            return False

        eip_config = eipconfig.EIPConfig()
        provider_config = ProviderConfig.get_provider_config(domain)

        api_version = provider_config.get_api_version()
        eip_config.set_api_version(api_version)
        eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))

        launcher = get_vpn_launcher()
        ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
        if not os.path.isfile(ovpn_path):
            logger.error("Cannot start OpenVPN, binary not found: %s" %
                         (ovpn_path, ))
            return False

        # check for other problems
        if not eip_loaded or provider_config is None:
            logger.error("Cannot load provider and eip config, cannot "
                         "autostart")
            return False

        client_cert_path = eip_config.\
            get_client_cert_path(provider_config, about_to_download=True)

        if leap_certs.should_redownload(client_cert_path):
            logger.error("The client should redownload the certificate,"
                         " cannot autostart")
            return False

        if not os.path.isfile(client_cert_path):
            logger.error("Can't find the certificate, cannot autostart")
            return False

        return True
コード例 #13
0
 def __call__(self):
     # LinuxPolicyChecker will give us the right path if standalone.
     return LinuxPolicyChecker.get_polkit_path()
コード例 #14
0
 def __call__(self):
     # LinuxPolicyChecker will give us the right path if standalone.
     return LinuxPolicyChecker.get_polkit_path()