def _run(self, cmd):
"""
Run an email firewall command with bitmask-root
Might raise:
NoPkexecAvailable,
NoPolkitAuthAgentAvailable,
:param cmd: command to send to bitmask-root fw-email
:type cmd: [str]
:returns: exit code of bitmask-root
:rtype: int
"""
command = []
policyChecker = LinuxPolicyChecker()
pkexec = policyChecker.maybe_pkexec()
if pkexec:
command.append(first(pkexec))
command.append(force_eval(self.BITMASK_ROOT))
command.append("fw-email")
command += cmd
# XXX: will be nice to use twisted ProcessProtocol instead of
# subprocess to avoid blocking until it finish
return subprocess.call(command)
def check_polkit():
"""
Check if we have a running polkit agent and tries to launch an agent if
needed.
Show an error message if there is no agent and we couldn't run one.
:return: True if we have a polkit running (or if we started one), False
otherwise
:rtype: bool
"""
if LinuxPolicyChecker.is_up():
return True
try:
LinuxPolicyChecker.maybe_pkexec()
return True
except Exception:
logger.error("No polkit agent running.")
msg = QtGui.QMessageBox()
msg.setWindowTitle(msg.tr("No polkit agent running"))
msg.setText(
msg.tr('There is no polkit agent running and it is needed to run '
'the Bitmask services.<br>Take a look at the '
'<a href="https://leap.se/en/docs/client/known-issues">'
'known issues</a> page'))
msg.setIcon(QtGui.QMessageBox.Critical)
msg.exec_()
return False
def check_polkit():
"""
Check if we have a running polkit agent and tries to launch an agent if
needed.
Show an error message if there is no agent and we couldn't run one.
:return: True if we have a polkit running (or if we started one), False
otherwise
:rtype: bool
"""
if LinuxPolicyChecker.is_up():
return True
try:
LinuxPolicyChecker.maybe_pkexec()
return True
except Exception:
logger.error("No polkit agent running.")
msg = QtGui.QMessageBox()
msg.setWindowTitle(msg.tr("No polkit agent running"))
msg.setText(
msg.tr('There is no polkit agent running and it is needed to run '
'the Bitmask services.<br>Take a look at the '
'<a href="https://leap.se/en/docs/client/known-issues">'
'known issues</a> page'))
msg.setIcon(QtGui.QMessageBox.Critical)
msg.exec_()
return False
def _run(self, cmd):
"""
Run an email firewall command with bitmask-root
Might raise:
NoPkexecAvailable,
NoPolkitAuthAgentAvailable,
:param cmd: command to send to bitmask-root fw-email
:type cmd: [str]
:returns: exit code of bitmask-root
:rtype: int
"""
command = []
policyChecker = LinuxPolicyChecker()
pkexec = policyChecker.maybe_pkexec()
if pkexec:
command.append(first(pkexec))
command.append(force_eval(self.BITMASK_ROOT))
command.append("fw-email")
command += cmd
# XXX: will be nice to use twisted ProcessProtocol instead of
# subprocess to avoid blocking until it finish
return subprocess.call(command)
def get_vpn_command(kls,
eipconfig,
providerconfig,
socket_host,
socket_port="unix",
openvpn_verb=1):
"""
Returns the Linux implementation for the vpn launching command.
Might raise:
EIPNoPkexecAvailable,
EIPNoPolkitAuthAgentAvailable,
OpenVPNNotFoundException,
VPNLauncherException.
:param eipconfig: eip configuration object
:type eipconfig: EIPConfig
:param providerconfig: provider specific configuration
:type providerconfig: ProviderConfig
:param socket_host: either socket path (unix) or socket IP
:type socket_host: str
:param socket_port: either string "unix" if it's a unix socket,
or port otherwise
:type socket_port: str
:param openvpn_verb: the openvpn verbosity wanted
:type openvpn_verb: int
:return: A VPN command ready to be launched.
:rtype: list
"""
# we use `super` in order to send the class to use
command = super(LinuxVPNLauncher,
kls).get_vpn_command(eipconfig, providerconfig,
socket_host, socket_port,
openvpn_verb)
command.insert(0, force_eval(kls.BITMASK_ROOT))
command.insert(1, "openvpn")
command.insert(2, "start")
policyChecker = LinuxPolicyChecker()
try:
pkexec = policyChecker.maybe_pkexec()
except NoPolkitAuthAgentAvailable:
raise EIPNoPolkitAuthAgentAvailable()
except NoPkexecAvailable:
raise EIPNoPkexecAvailable()
if pkexec:
command.insert(0, first(pkexec))
return command
def get_vpn_command(kls, eipconfig, providerconfig, socket_host, socket_port="unix", openvpn_verb=1):
"""
Returns the Linux implementation for the vpn launching command.
Might raise:
EIPNoPkexecAvailable,
EIPNoPolkitAuthAgentAvailable,
OpenVPNNotFoundException,
VPNLauncherException.
:param eipconfig: eip configuration object
:type eipconfig: EIPConfig
:param providerconfig: provider specific configuration
:type providerconfig: ProviderConfig
:param socket_host: either socket path (unix) or socket IP
:type socket_host: str
:param socket_port: either string "unix" if it's a unix socket,
or port otherwise
:type socket_port: str
:param openvpn_verb: the openvpn verbosity wanted
:type openvpn_verb: int
:return: A VPN command ready to be launched.
:rtype: list
"""
# we use `super` in order to send the class to use
command = super(LinuxVPNLauncher, kls).get_vpn_command(
eipconfig, providerconfig, socket_host, socket_port, openvpn_verb
)
command.insert(0, force_eval(kls.BITMASK_ROOT))
command.insert(1, "openvpn")
command.insert(2, "start")
policyChecker = LinuxPolicyChecker()
try:
pkexec = policyChecker.maybe_pkexec()
except NoPolkitAuthAgentAvailable:
raise EIPNoPolkitAuthAgentAvailable()
except NoPkexecAvailable:
raise EIPNoPkexecAvailable()
if pkexec:
command.insert(0, first(pkexec))
return command
def _linux_install_missing_scripts(badexec, notfound):
"""
Try to install the missing helper files.
:param badexec: error for notifying execution error during command.
:type badexec: str
:param notfound: error for notifying missing path.
:type notfound: str
:returns: True if the files could be copied successfully.
:rtype: bool
"""
success = False
installer_path = os.path.abspath(
os.path.join(os.getcwd(), "..", "apps", "eip", "files"))
install_helper = "leap-install-helper.sh"
install_helper_path = os.path.join(installer_path, install_helper)
install_opts = ("--from-path %s --install-bitmask-root YES "
"--install-polkit-file YES --install-openvpn YES "
"--remove-old-files YES" % (installer_path,))
if os.path.isdir(installer_path):
try:
policyChecker = LinuxPolicyChecker()
pkexec = first(policyChecker.maybe_pkexec())
cmdline = ["%s %s %s" % (
pkexec, install_helper_path, install_opts)]
ret = subprocess.call(
cmdline, stdout=subprocess.PIPE,
shell=True)
success = ret == 0
if not success:
logger.error("Install of helpers failed.")
except Exception as exc:
logger.error(badexec)
logger.error("Error was: %r" % (exc,))
else:
logger.error(notfound)
logger.debug('path searched: %s' % (installer_path,))
return success
def _linux_install_missing_scripts(badexec, notfound):
"""
Try to install the missing helper files.
:param badexec: error for notifying execution error during command.
:type badexec: str
:param notfound: error for notifying missing path.
:type notfound: str
:returns: True if the files could be copied successfully.
:rtype: bool
"""
success = False
installer_path = os.path.abspath(
os.path.join(os.getcwd(), "..", "apps", "eip", "files"))
install_helper = "leap-install-helper.sh"
install_helper_path = os.path.join(installer_path, install_helper)
install_opts = ("--from-path %s --install-bitmask-root YES "
"--install-polkit-file YES --install-openvpn YES "
"--remove-old-files YES" % (installer_path, ))
if os.path.isdir(installer_path):
try:
policyChecker = LinuxPolicyChecker()
pkexec = first(policyChecker.maybe_pkexec())
cmdline = [
"%s %s %s" % (pkexec, install_helper_path, install_opts)
]
ret = subprocess.call(cmdline, stdout=subprocess.PIPE, shell=True)
success = ret == 0
if not success:
logger.error("Install of helpers failed.")
except Exception as exc:
logger.error(badexec)
logger.error("Error was: %r" % (exc, ))
else:
logger.error(notfound)
logger.debug('path searched: %s' % (installer_path, ))
return success
def missing_other_files(self):
"""
'Extend' the VPNLauncher's missing_other_files to check if the polkit
files is outdated. If the polkit file that is in OTHER_FILES exists but
is not up to date, it is added to the missing list.
:returns: a list of missing files
:rtype: list of str
"""
missing = VPNLauncher.missing_other_files.im_func(self)
polkit_file = LinuxPolicyChecker.get_polkit_path()
if polkit_file not in missing:
if privilege_policies.is_policy_outdated(self.OPENVPN_BIN_PATH):
missing.append(polkit_file)
return missing
def _can_start(self, domain):
"""
Returns True if it has everything that is needed to run EIP,
False otherwise
:param domain: the domain for the provider to check
:type domain: str
"""
if IS_LINUX and not LinuxPolicyChecker.is_up():
logger.error("No polkit agent running.")
return False
provider_config = ProviderConfig.get_provider_config(domain)
if EIP_SERVICE not in provider_config.get_services():
return False
eip_config = eipconfig.EIPConfig()
api_version = provider_config.get_api_version()
eip_config.set_api_version(api_version)
eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))
launcher = get_vpn_launcher()
ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
if not os.path.isfile(ovpn_path):
logger.error("Cannot start OpenVPN, binary not found: %s" %
(ovpn_path,))
return False
# check for other problems
if not eip_loaded or provider_config is None:
logger.error("Cannot load provider and eip config, cannot "
"autostart")
return False
client_cert_path = eip_config.\
get_client_cert_path(provider_config, about_to_download=True)
if leap_certs.should_redownload(client_cert_path):
logger.error("The client should redownload the certificate,"
" cannot autostart")
return False
if not os.path.isfile(client_cert_path):
logger.error("Can't find the certificate, cannot autostart")
return False
return True
def missing_other_files(kls):
"""
'Extend' the VPNLauncher's missing_other_files to check if the polkit
files is outdated. If the polkit file that is in OTHER_FILES exists but
is not up to date, it is added to the missing list.
:returns: a list of missing files
:rtype: list of str
"""
# we use `super` in order to send the class to use
missing = super(LinuxVPNLauncher, kls).missing_other_files()
polkit_file = LinuxPolicyChecker.get_polkit_path()
if polkit_file not in missing:
if privilege_policies.is_policy_outdated(kls.OPENVPN_BIN_PATH):
missing.append(polkit_file)
return missing
def _can_start(self, domain):
"""
Returns True if it has everything that is needed to run EIP,
False otherwise
:param domain: the domain for the provider to check
:type domain: str
"""
if not LinuxPolicyChecker.is_up():
logger.error("No polkit agent running.")
return False
eip_config = eipconfig.EIPConfig()
provider_config = ProviderConfig.get_provider_config(domain)
api_version = provider_config.get_api_version()
eip_config.set_api_version(api_version)
eip_loaded = eip_config.load(eipconfig.get_eipconfig_path(domain))
launcher = get_vpn_launcher()
ovpn_path = force_eval(launcher.OPENVPN_BIN_PATH)
if not os.path.isfile(ovpn_path):
logger.error("Cannot start OpenVPN, binary not found: %s" %
(ovpn_path, ))
return False
# check for other problems
if not eip_loaded or provider_config is None:
logger.error("Cannot load provider and eip config, cannot "
"autostart")
return False
client_cert_path = eip_config.\
get_client_cert_path(provider_config, about_to_download=True)
if leap_certs.should_redownload(client_cert_path):
logger.error("The client should redownload the certificate,"
" cannot autostart")
return False
if not os.path.isfile(client_cert_path):
logger.error("Can't find the certificate, cannot autostart")
return False
return True
def __call__(self):
# LinuxPolicyChecker will give us the right path if standalone.
return LinuxPolicyChecker.get_polkit_path()
def __call__(self):
# LinuxPolicyChecker will give us the right path if standalone.
return LinuxPolicyChecker.get_polkit_path()
