eip Package¶
checks Module¶
- class leap.eip.checks.EIPConfigChecker(fetcher=<module 'requests' from '/usr/lib/python2.7/dist-packages/requests/__init__.pyc'>, domain=None)¶
Bases: object
Several checks needed to ensure a EIPConnection can be sucessfully established. use run_all to run all checks.
- check_complete_eip_config(config=None)¶
- check_default_eipconfig()¶
checks if default eipconfig exists, and dumps a default file if not
- check_is_there_default_provider(config=None)¶
raises EIPMissingDefaultProvider if no default provider found on eip config. This is catched by ui and runs FirstRunWizard (MVS+)
- fetch_definition(skip_download=False, force_download=False, config=None, uri=None, domain=None)¶
fetches a definition file from server
- fetch_eip_service_config(skip_download=False, force_download=False, config=None, uri=None, autocacert=True, verify=True)¶
- get_api_domain()¶
gets api domain
- run_all(checker=None, skip_download=False)¶
runs all checks in a row. will raise if some error encountered. catching those exceptions is not our responsibility at this moment
- set_api_domain()¶
sets api domain from defaultprovider config object
- class leap.eip.checks.ProviderCertChecker(fetcher=<module 'requests' from '/usr/lib/python2.7/dist-packages/requests/__init__.pyc'>, domain=None, apidomain=None)¶
Bases: object
Several checks needed for getting client certs and checking tls connection with provider.
- ca_cert_path¶
- check_ca_cert_fingerprint(hash_type='SHA256', fingerprint=None)¶
compares the fingerprint in the ca cert with a string we are passed returns True if they are equal, False if not. @param hash_type: digest function @type hash_type: str @param fingerprint: the fingerprint to compare with. @type fingerprint: str (with : separator) @rtype bool
- check_new_cert_needed(skip_download=False, verify=True)¶
- download_ca_cert(uri=None, verify=True)¶
- download_ca_signature()¶
- download_new_client_cert(uri=None, verify=True, skip_download=False, credentials=None)¶
- get_ca_signatures()¶
- is_cert_not_expired(certfile=None, now=<built-in function gmtime>)¶
- is_cert_valid(cert_path=None, do_raise=True)¶
- is_certificate_exists(certfile=None)¶
- is_https_working(uri=None, verify=True, autocacert=False)¶
- is_there_provider_ca()¶
- is_there_trust_path()¶
- is_valid_pemfile(cert_s=None)¶
checks that the passed string is a valid pem certificate @param cert_s: string containing pem content @type cert_s: string @rtype: bool
- run_all(checker=None, skip_download=False, skip_verify=False)¶
- set_api_domain(domain)¶
- verify_api_https(uri)¶
- write_cert(pemfile_content, to=None)¶
- leap.eip.checks.get_branding_ca_cert(domain)¶
- leap.eip.checks.logger = <logging.Logger object at 0xb43226c>¶
Checks on certificates. To be moved to base. docs TBD
It is used from the eip conductor (a instance of EIPConnection that is managed from the QtApp), running run_all method before trying to call connect or any other of the state-changing methods.
It checks that the needed files are provided or can be discovered over the net. Much of these tests are not specific to EIP module, and can be splitted into base.tests to be invoked by the base leap init routines. However, I’m testing them alltogether for the sake of having the whole unit reachable and testable as a whole.
config Module¶
- class leap.eip.config.EIPConfig(*args, **kwargs)¶
Bases: leap.base.config.JSONLeapConfig
- slug¶
- spec¶
alias of EIPConfigSpec
- class leap.eip.config.EIPServiceConfig(*args, **kwargs)¶
Bases: leap.base.config.JSONLeapConfig
- slug¶
- spec¶
alias of EIPServiceConfigSpec
- leap.eip.config.build_ovpn_command(debug=False, do_pkexec_check=True, vpnbin=None, socket_path=None, **kwargs)¶
build a string with the complete openvpn invocation
@rtype [string, [list of strings]] @rparam: a list containing the command string
and a list of options.
- leap.eip.config.build_ovpn_options(daemon=False, socket_path=None, **kwargs)¶
build a list of options to be passed in the openvpn invocation @rtype: list @rparam: options
- leap.eip.config.check_vpn_keys(provider=None)¶
performs an existance and permission check over the openvpn keys file. Currently we’re expecting a single file per provider, containing the CA cert, the provider key, and our client certificate
- leap.eip.config.get_cipher_options(eipserviceconfig=None)¶
gathers optional cipher options from eip-service config. :param eipserviceconfig: EIPServiceConfig instance
- leap.eip.config.get_eip_gateway(eipconfig=None, eipserviceconfig=None)¶
return the first host in eip service config that matches the name defined in the eip.json config file.
- leap.eip.config.get_socket_path()¶
- leap.eip.config.has_updown_scripts()¶
checks the existence of the up/down scripts
constants Module¶
eipconnection Module¶
EIP Connection Class
- class leap.eip.eipconnection.EIPConnection(provider_cert_checker=<class 'leap.eip.checks.ProviderCertChecker'>, config_checker=<class 'leap.eip.checks.EIPConfigChecker'>, *args, **kwargs)¶
Bases: leap.eip.openvpnconnection.OpenVPNConnection, leap.eip.eipconnection.StatusMixIn
Aka conductor. Manages the execution of the OpenVPN process, auto starts, monitors the network connection, handles configuration, fixes leaky hosts, handles errors, etc. Status updates (connected, bandwidth, etc) are signaled to the GUI.
- connect(**kwargs)¶
entry point for connection process
- disconnect(shutdown=False)¶
disconnects client
- has_errors()¶
- init_checkers()¶
initialize checkers
- run_checks(skip_download=False, skip_verify=False)¶
run all eip checks previous to attempting a connection
- set_provider_domain(domain)¶
sets the provider domain. used from the first run wizard when we launch the run_checks and connect process after having initialized the conductor.
- class leap.eip.eipconnection.EIPConnectionStatus(callbacks=None)¶
Bases: object
Keep track of client (gui) and openvpn states.
These are the OpenVPN states: CONNECTING – OpenVPN’s initial state. WAIT – (Client only) Waiting for initial response
from server.AUTH – (Client only) Authenticating with server. GET_CONFIG – (Client only) Downloading configuration options
from server.- ASSIGN_IP – Assigning IP address to virtual network
- interface.
ADD_ROUTES – Adding routes to system. CONNECTED – Initialization Sequence Completed. RECONNECTING – A restart has occurred. EXITING – A graceful exit is in progress.
We add some extra states:
DISCONNECTED – GUI initial state. UNRECOVERABLE – An unrecoverable error has been raised
while invoking openvpn service.- ADD_ROUTES = 6¶
- ASSIGN_IP = 5¶
- AUTH = 3¶
- CONNECTED = 7¶
- CONNECTING = 1¶
- DISCONNECTED = 0¶
- EXITING = 9¶
- GET_CONFIG = 4¶
- RECONNECTING = 8¶
- UNRECOVERABLE = 11¶
- WAIT = 2¶
- change_to(to)¶
Parameters: to (int) – destination state
- get_leap_status()¶
- get_readable_status()¶
- get_state_icon()¶
returns the high level icon for each fine-grain openvpn state
- set_current(to)¶
setter for the ‘current’ property :param to: destination state :type to: int
- set_vpn_state(status)¶
accepts a state string from the management interface, and sets the internal state. :param status: openvpn STATE (uppercase). :type status: str
- class leap.eip.eipconnection.StatusMixIn¶
Bases: object
- ERR_CONNREFUSED = False¶
- connection_state()¶
returns the current connection state
- get_connection_state()¶
- get_icon_name()¶
get icon name from status object
- get_leap_status()¶
- get_status_io()¶
- make_error()¶
capture error and wrap it in an understandable format
- poll_connection_state()¶
- state()¶
Sends OpenVPN command: state
- vpn_status()¶
OpenVPN command: status
- vpn_status2()¶
OpenVPN command: last 2 statuses
exceptions Module¶
Generic error hierarchy Leap/EIP exceptions used for exception handling, logging, and notifying user of errors during leap operation.
Exception hierarchy¶
All EIP Errors must inherit from EIPClientError (note: move that to a more generic LEAPClientBaseError).
Exception attributes and their meaning/uses¶
- critical: if True, will abort execution prematurely,
after attempting any cleaning action.
- failfirst: breaks any error_check loop that is examining
the error queue.
message: the message that will be used in the __repr__ of the exception.
- usermessage: the message that will be passed to user in ErrorDialogs
in Qt-land.
TODO:
- EIPClientError: Should inherit from LeapException
- gettext / i18n for user messages.
- exception leap.eip.exceptions.ConnectionRefusedError¶
Bases: exceptions.Exception
- exception leap.eip.exceptions.CriticalError¶
Bases: leap.eip.exceptions.EIPClientError
we cannot do anything about it, sorry
- critical = True¶
- failfirst = True¶
- exception leap.eip.exceptions.EIPBadCertError¶
Bases: leap.eip.exceptions.Warning
- message = 'cert verification failed'¶
- usermessage = u'there is a problem with provider certificate'¶
- exception leap.eip.exceptions.EIPClientError¶
Bases: exceptions.Exception
base EIPClient exception
- critical = False¶
- failfirst = False¶
- warning = False¶
- exception leap.eip.exceptions.EIPConfigurationError¶
- exception leap.eip.exceptions.EIPInitBadKeyFilePermError¶
Bases: leap.eip.exceptions.Warning
- exception leap.eip.exceptions.EIPInitBadProviderError¶
- exception leap.eip.exceptions.EIPInitNoKeyFileError¶
Bases: leap.eip.exceptions.CriticalError
- message = 'No vpn keys found in the expected path'¶
- usermessage = u'We could not find your eip certs in the expected path'¶
- exception leap.eip.exceptions.EIPInitNoProviderError¶
- exception leap.eip.exceptions.EIPMissingDefaultProvider¶
Bases: exceptions.Exception
- exception leap.eip.exceptions.EIPNoCommandError¶
Bases: leap.eip.exceptions.EIPClientError
- message = 'no suitable openvpn command found'¶
- usermessage = u'No suitable openvpn command found. <br/>(Might be a permissions problem)'¶
- exception leap.eip.exceptions.EIPNoPkexecAvailable¶
Bases: leap.eip.exceptions.Warning
- failfirst = True¶
- message = 'No pkexec binary found'¶
- usermessage = u'We could not find <b>pkexec</b> in your system.<br/> Do you want to try <b>setuid workaround</b>? (<i>DOES NOTHING YET</i>)'¶
- exception leap.eip.exceptions.EIPNoPolkitAuthAgentAvailable¶
Bases: leap.eip.exceptions.CriticalError
- message = 'No polkit authentication agent could be found'¶
- usermessage = u'We could not find any authentication agent in your system.<br/>Make sure you have <b>polkit-gnome-authentication-agent-1</b> running and try again.'¶
- exception leap.eip.exceptions.HttpsBadCertError¶
Bases: leap.base.exceptions.LeapException
- message = 'verification error on cert'¶
- usermessage = u'Server certificate could not be verified'¶
- exception leap.eip.exceptions.HttpsNotSupported¶
Bases: leap.base.exceptions.LeapException
- message = 'connection refused while accessing via https'¶
- usermessage = u'Server does not allow secure connections'¶
- exception leap.eip.exceptions.LeapBadConfigFetchedError¶
Bases: leap.eip.exceptions.Warning
- message = 'provider sent a malformed json file'¶
- usermessage = u'an error occurred during configuratio of leap services'¶
- exception leap.eip.exceptions.MissingSocketError¶
Bases: exceptions.Exception
- exception leap.eip.exceptions.OpenVPNAlreadyRunning¶
Bases: leap.eip.exceptions.CriticalError
- message = 'Another OpenVPN Process is already running.'¶
- usermessage = u'Another OpenVPN Process has been detected. Please close it before starting leap-client'¶
- exception leap.eip.exceptions.Warning¶
Bases: leap.eip.exceptions.EIPClientError
just that, warnings
- warning = True¶
openvpnconnection Module¶
OpenVPN Connection
- class leap.eip.openvpnconnection.OpenVPNConnection(watcher_cb=None, debug=False, host=None, port='unix', password=None, *args, **kwargs)¶
Bases: leap.base.connection.Connection, leap.eip.openvpnconnection.OpenVPNManagement
All related to invocation of the openvpn binary. It’s extended by EIPConnection.
- connected()¶
Returns True if connected rtype: bool
- get_log(lines=1)¶
- run_openvpn_checks()¶
runs check needed before launching openvpn subprocess. will raise if errors found.
- terminate_openvpn_connection(shutdown=False)¶
terminates openvpn child subprocess
- try_openvpn_connection()¶
attempts to connect
specs Module¶
- leap.eip.specs.client_cert_path(domain)¶
- leap.eip.specs.default_client_cert_path()¶
- leap.eip.specs.default_provider_ca_path()¶
- leap.eip.specs.provider_ca_path(domain)¶
udstelnet Module¶
- class leap.eip.udstelnet.UDSTelnet(host=None, port=0, timeout=<object object at 0xb74ee670>)¶
Bases: telnetlib.Telnet
a telnet-alike class, that can listen on unix domain sockets
- open(host, port=23, timeout=<object object at 0xb74ee670>)¶
Connect to a host. If port is ‘unix’, it will open a connection over unix docmain sockets.
The optional second argument is the port number, which defaults to the standard telnet port (23).
Don’t try to reopen an already connected instance.
