From 7c659fed65f08f2b52f0320c99a456679749e3f3 Mon Sep 17 00:00:00 2001 From: kali Date: Fri, 5 Oct 2012 09:30:50 +0900 Subject: use keyring to store user password using a quite lame cryptedfile by the moment until dbus bug makes gnome-keyring usable again or we come up with the encrypted database solution. we might want to explore the option of using this python-keyring with the different native backends for win and macosx. for now: we generate a random secret that we store in the qsettings file. so, the whole thing is just to avoid plaintext stuff. for this, we could have done rot13, haha. --- src/leap/crypto/__init__.py | 0 src/leap/crypto/leapkeyring.py | 63 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 src/leap/crypto/__init__.py create mode 100644 src/leap/crypto/leapkeyring.py (limited to 'src/leap/crypto') diff --git a/src/leap/crypto/__init__.py b/src/leap/crypto/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py new file mode 100644 index 00000000..394142db --- /dev/null +++ b/src/leap/crypto/leapkeyring.py @@ -0,0 +1,63 @@ +import os + +import keyring + +############# +# Disclaimer +############# +# This currently is not a keyring, it's more like a joke. +# No, seriously. +# We're affected by this **bug** + +# https://bitbucket.org/kang/python-keyring-lib/issue/65/dbusexception-method-opensession-with + +# so using the gnome keyring does not seem feasible right now. +# I thought this was the next best option to store secrets in plain sight. + +# in the future we should move to use the gnome/kde/macosx/win keyrings. + + +class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): + + filename = os.path.expanduser("~/.config/leap/.secrets") + + def __init__(self, seed=None): + self.seed = seed + + def _get_new_password(self): + # XXX every time this method is called, + # $deity kills a kitten. + return "secret%s" % self.seed + + def _init_file(self): + self.keyring_key = self._get_new_password() + self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value') + + def _unlock(self): + self.keyring_key = self._get_new_password() + print 'keyring key ', self.keyring_key + try: + ref_pw = self.get_password( + 'keyring_setting', + 'pass_ref') + print 'ref pw ', ref_pw + assert ref_pw == "pass_ref_value" + except AssertionError: + self._lock() + raise ValueError('Incorrect password') + + +def leap_set_password(key, value, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + keyring.set_password('leap', key, value) + + +def leap_get_password(key, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + return keyring.get_password('leap', key) + + +if __name__ == "__main__": + leap_set_password('test', 'bar') + passwd = leap_get_password('test') + assert passwd == 'bar' -- cgit v1.2.3 From 0576427f697fa631d8f5cc2fc596c60bce38dda3 Mon Sep 17 00:00:00 2001 From: kali Date: Sat, 6 Oct 2012 01:51:51 +0900 Subject: pep8 --- src/leap/crypto/leapkeyring.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/leap/crypto') diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py index 394142db..bb0ca147 100644 --- a/src/leap/crypto/leapkeyring.py +++ b/src/leap/crypto/leapkeyring.py @@ -9,7 +9,8 @@ import keyring # No, seriously. # We're affected by this **bug** -# https://bitbucket.org/kang/python-keyring-lib/issue/65/dbusexception-method-opensession-with +# https://bitbucket.org/kang/python-keyring-lib/ +# issue/65/dbusexception-method-opensession-with # so using the gnome keyring does not seem feasible right now. # I thought this was the next best option to store secrets in plain sight. -- cgit v1.2.3