From 5dc5dc816f2ba50920dd3a5908824c244c8d9390 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Sat, 11 Jan 2014 23:10:53 -0400 Subject: workaround for using keyring inside a virtualenv (securestorage backend) This is related to research #4190 and #4083. I didn't resolve them, but I ended understanding a bit more what kind of issues can we be having with those. This workaround is more than anything a cleanup on that for future work, and is making me able to test the client much more nicely inside a virtualenv (where the default keyring selecting was the plaintext one). For this to work inside a virtualenv, one have to install SecureStorage, which in turns depends on python-dbus, which is basically uninstallable using pip inside a venv. So, symlinking to the rescue! it needs gi/repository and pyobject to be symlinked too. but at least you don't have to type the pass every time. I don't know what should be do in the long term with this issue. Some of us were not too fond on using the keyrings at all. We don't have many options among all the keyring backends, and sadly many of them depend on PyCrypto. So probably roll our own backend. Yay. --- src/leap/bitmask/util/keyring_helpers.py | 43 ++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 8 deletions(-) (limited to 'src/leap/bitmask/util') diff --git a/src/leap/bitmask/util/keyring_helpers.py b/src/leap/bitmask/util/keyring_helpers.py index 4b3eb57f..b202d47e 100644 --- a/src/leap/bitmask/util/keyring_helpers.py +++ b/src/leap/bitmask/util/keyring_helpers.py @@ -31,18 +31,45 @@ OBSOLETE_KEYRINGS = [ PlaintextKeyring ] +canuse = lambda kr: kr is not None and kr.__class__ not in OBSOLETE_KEYRINGS + + +def _get_keyring_with_fallback(): + """ + Get the default keyring, and if obsolete try to pick SecretService keyring + if available. + + This is a workaround for the cases in which the keyring module chooses + an insecure keyring by default (ie, inside a virtualenv). + """ + kr = keyring.get_keyring() + if not canuse(kr): + try: + kr_klass = keyring.backends.SecretService + kr = kr_klass.Keyring() + except AttributeError: + logger.warning("Keyring cannot find SecretService Backend") + logger.debug("Selected keyring: %s" % (kr.__class__,)) + if not canuse(kr): + logger.debug("Not using default keyring since it is obsolete") + return kr + def has_keyring(): """ - Returns whether we have an useful keyring to use. + Return whether we have an useful keyring to use. :rtype: bool """ - kr = keyring.get_keyring() - klass = kr.__class__ - logger.debug("Selected keyring: %s" % (klass,)) + kr = _get_keyring_with_fallback() + return canuse(kr) + - canuse = kr is not None and klass not in OBSOLETE_KEYRINGS - if not canuse: - logger.debug("Not using this keyring since it is obsolete") - return canuse +def get_keyring(): + """ + Return an usable keyring. + + :rtype: keyringBackend or None + """ + kr = _get_keyring_with_fallback() + return kr if canuse(kr) else None -- cgit v1.2.3