diff options
author | kali <kali@leap.se> | 2012-10-05 09:30:50 +0900 |
---|---|---|
committer | kali <kali@leap.se> | 2012-10-05 09:30:50 +0900 |
commit | 7c659fed65f08f2b52f0320c99a456679749e3f3 (patch) | |
tree | e0085fd2b4658dd53d7eed450f77e002e5ab5ea5 /src | |
parent | baefda49d741a6e8149233f292f92221aaf3b675 (diff) |
use keyring to store user password
using a quite lame cryptedfile by the moment until dbus bug
makes gnome-keyring usable again or we come up with the
encrypted database solution. we might want to explore the
option of using this python-keyring with the different
native backends for win and macosx.
for now: we generate a random secret that we store in the qsettings file.
so, the whole thing is just to avoid plaintext stuff.
for this, we could have done rot13, haha.
Diffstat (limited to 'src')
-rw-r--r-- | src/leap/crypto/__init__.py | 0 | ||||
-rw-r--r-- | src/leap/crypto/leapkeyring.py | 63 | ||||
-rwxr-xr-x | src/leap/gui/firstrunwizard.py | 34 |
3 files changed, 93 insertions, 4 deletions
diff --git a/src/leap/crypto/__init__.py b/src/leap/crypto/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/leap/crypto/__init__.py diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py new file mode 100644 index 00000000..394142db --- /dev/null +++ b/src/leap/crypto/leapkeyring.py @@ -0,0 +1,63 @@ +import os + +import keyring + +############# +# Disclaimer +############# +# This currently is not a keyring, it's more like a joke. +# No, seriously. +# We're affected by this **bug** + +# https://bitbucket.org/kang/python-keyring-lib/issue/65/dbusexception-method-opensession-with + +# so using the gnome keyring does not seem feasible right now. +# I thought this was the next best option to store secrets in plain sight. + +# in the future we should move to use the gnome/kde/macosx/win keyrings. + + +class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): + + filename = os.path.expanduser("~/.config/leap/.secrets") + + def __init__(self, seed=None): + self.seed = seed + + def _get_new_password(self): + # XXX every time this method is called, + # $deity kills a kitten. + return "secret%s" % self.seed + + def _init_file(self): + self.keyring_key = self._get_new_password() + self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value') + + def _unlock(self): + self.keyring_key = self._get_new_password() + print 'keyring key ', self.keyring_key + try: + ref_pw = self.get_password( + 'keyring_setting', + 'pass_ref') + print 'ref pw ', ref_pw + assert ref_pw == "pass_ref_value" + except AssertionError: + self._lock() + raise ValueError('Incorrect password') + + +def leap_set_password(key, value, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + keyring.set_password('leap', key, value) + + +def leap_get_password(key, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + return keyring.get_password('leap', key) + + +if __name__ == "__main__": + leap_set_password('test', 'bar') + passwd = leap_get_password('test') + assert passwd == 'bar' diff --git a/src/leap/gui/firstrunwizard.py b/src/leap/gui/firstrunwizard.py index 3b27985f..1012f64c 100755 --- a/src/leap/gui/firstrunwizard.py +++ b/src/leap/gui/firstrunwizard.py @@ -8,6 +8,7 @@ sip.setapi('QVariant', 2) from PyQt4 import QtCore from PyQt4 import QtGui +from leap.crypto import leapkeyring from leap.gui import mainwindow_rc logger = logging.getLogger(__name__) @@ -89,7 +90,9 @@ QLabel { color: red; class FirstRunWizard(QtGui.QWizard): - def __init__(self, parent=None, providers=None, success_cb=None): + def __init__( + self, parent=None, providers=None, + success_cb=None): super(FirstRunWizard, self).__init__( parent, QtCore.Qt.WindowStaysOnTopHint) @@ -126,6 +129,7 @@ class FirstRunWizard(QtGui.QWizard): QtGui.QWizard.setWindowFlags(self, flags) def focusOutEvent(self, event): + # needed ? self.setFocus(True) self.activateWindow() self.raise_() @@ -137,13 +141,27 @@ class FirstRunWizard(QtGui.QWizard): gather the info, update settings and call the success callback. """ - logger.debug('chosen provider: %s', self.get_provider()) - logger.debug('username: %s', self.field('userName')) - logger.debug('remember password: %s', self.field('rememberPassword')) + provider = self.get_provider() + username = self.field('userName') + password = self.field('userPassword') + remember_pass = self.field('rememberPassword') + + logger.debug('chosen provider: %s', provider) + logger.debug('username: %s', username) + logger.debug('remember password: %s', remember_pass) super(FirstRunWizard, self).accept() settings = QtCore.QSettings() settings.setValue("FirstRunWizardDone", True) + settings.setValue( + "eip_%s_username" % provider, + username) + settings.setValue("%s_remember_pass" % provider, remember_pass) + + seed = self.get_random_str(10) + settings.setValue("%s_seed" % provider, seed) + + leapkeyring.leap_set_password(username, password, seed=seed) logger.debug('First Run Wizard Done.') cb = self.success_cb @@ -154,6 +172,14 @@ class FirstRunWizard(QtGui.QWizard): provider = self.field('provider_index') return self.providers[provider] + def get_random_str(self, n): + from string import (ascii_uppercase, ascii_lowercase, digits) + from random import choice + return ''.join(choice( + ascii_uppercase + + ascii_lowercase + + digits) for x in range(n)) + class IntroPage(QtGui.QWizardPage): def __init__(self, parent=None): |