Beispiel #1
0
    def test_create_lock(self):
        '''create_sync() and locking/unlocking'''

        # create
        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                GnomeKeyring.Result.OK)
        (result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertFalse(info.get_is_locked())

        # try to create already existing ring
        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)

        # lock
        self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
                GnomeKeyring.Result.OK)
        self.assertTrue(GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())

        # unlock with wrong password
        self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
                GnomeKeyring.Result.IO_ERROR)

        # unlock with correct password
        self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
                GnomeKeyring.Result.OK)
    def test_create_lock(self):
        '''create_sync() and locking/unlocking'''

        # create
        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                         GnomeKeyring.Result.OK)
        (result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertFalse(info.get_is_locked())

        # try to create already existing ring
        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                         GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)

        # lock
        self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
                         GnomeKeyring.Result.OK)
        self.assertTrue(
            GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())

        # unlock with wrong password
        self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
                         GnomeKeyring.Result.IO_ERROR)

        # unlock with correct password
        self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
                         GnomeKeyring.Result.OK)
Beispiel #3
0
def process(args):
    krname = args.get('namespace')
    if krname is None:
        err('No namespace (keyring name) specified')

    to_write = args.get('write', {})
    to_remove = args.get('remove', {})
    overwrite_all = args.get('overwrite', False)
    password = args.get('password')

    try:
        keyring_info = verify(gk.get_info_sync(krname),
                              'access keyring=%s' % krname)
    except NoSuchKeyringError:
        if password is None:
            err('Cannot create keyring=%s without a password' % krname)
        # Desired keyring does not yet exist. Create it on-demand.
        verify(gk.create_sync(krname, password), 'create keyring=%s' % krname)
        # Try to get info again, now that we have created the missing keyring.
        keyring_info = verify(gk.get_info_sync(krname),
                              'access keyring=%s' % krname)

    if keyring_info.get_is_locked():
        if password is None:
            err('Cannot access locked keyring=%s without a password' % krname)
        # Unlock the desired keyring.
        ok = gk.unlock_sync(krname, password)
        if ok is not None:
            # Handle pygobject3-style invocation of unlock_sync().
            if ok == gk.Result.IO_ERROR:
                # An incorrect password causes an IO_ERROR for some reason. Emit a
                # clearer error message than the default result_to_message() one.
                err('Cannot unlock keyring=%s: Invalid password' % krname)
            verify(ok, 'unlock keyring=%s' % krname)

    result = {}  # By default, emit minimal valid JSON.

    if len(to_write) == 0 and len(to_remove) == 0:
        # Given nothing to write, we emit existing secrets.
        result = get_secrets(krname)

    if len(to_write) > 0:
        set_secrets(krname, to_write, overwrite_all)

    if len(to_remove) > 0:
        remove_secrets(krname, to_remove)

    json.dump(result, sys.stdout)
Beispiel #4
0
    def test_item_create_info(self):
        '''item_create_sync(),  item_get_info_sync(), list_item_ids_sync()'''

        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                GnomeKeyring.Result.OK)
        self.assertEqual(GnomeKeyring.get_info_sync(TEST_KEYRING)[0], GnomeKeyring.Result.OK)

        attrs = GnomeKeyring.Attribute.list_new()
        GnomeKeyring.Attribute.list_append_string(attrs, 'context', 'testsuite')
        GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)

        (result, id) = GnomeKeyring.item_create_sync(TEST_KEYRING,
                GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password', attrs,
                'my_secret', False)
        self.assertEqual(result, GnomeKeyring.Result.OK)

        # now query for it
        (result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertEqual(info.get_display_name(), 'my_password')
        self.assertEqual(info.get_secret(), 'my_secret')

        # list_item_ids_sync()
        (result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertEqual(items, [id])
    def test_item_create_info(self):
        '''item_create_sync(),  item_get_info_sync(), list_item_ids_sync()'''

        self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
                         GnomeKeyring.Result.OK)
        self.assertEqual(
            GnomeKeyring.get_info_sync(TEST_KEYRING)[0],
            GnomeKeyring.Result.OK)

        attrs = GnomeKeyring.Attribute.list_new()
        GnomeKeyring.Attribute.list_append_string(attrs, 'context',
                                                  'testsuite')
        GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)

        (result, id) = GnomeKeyring.item_create_sync(
            TEST_KEYRING, GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password',
            attrs, 'my_secret', False)
        self.assertEqual(result, GnomeKeyring.Result.OK)

        # now query for it
        (result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertEqual(info.get_display_name(), 'my_password')
        self.assertEqual(info.get_secret(), 'my_secret')

        # list_item_ids_sync()
        (result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertEqual(items, [id])
Beispiel #6
0
    def test_info_default(self):
        '''get_info_sync() for default keyring'''

        # we cannot assume too much about the default keyring; it might be
        # locked or not, and we should avoid poking in it too much
        (result, info) = GnomeKeyring.get_info_sync(None)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertTrue(info.get_is_locked() in (False, True))
    def test_info_default(self):
        '''get_info_sync() for default keyring'''

        # we cannot assume too much about the default keyring; it might be
        # locked or not, and we should avoid poking in it too much
        (result, info) = GnomeKeyring.get_info_sync(None)
        self.assertEqual(result, GnomeKeyring.Result.OK)
        self.assertTrue(info.get_is_locked() in (False, True))
Beispiel #8
0
def setup_gnome_keyring():
    """
    Provide clean login Gnome keyring (removes the previous one
    beforehand, if there is a one).
    """
    try:
        # Delete originally stored password
        (response, keyring) = GnomeKeyring.get_default_keyring_sync()
        log.debug('get_info default: %s, %s' % (response, keyring))
        if response == GnomeKeyring.Result.OK:
            if keyring is not None:
                delete_response = GnomeKeyring.delete_sync(keyring)
                log.debug('delete default: %s' % delete_response)
                assert delete_response == GnomeKeyring.Result.OK, \
                    "Delete failed: %s" % delete_response
            response, keyring = GnomeKeyring.get_info_sync('login')
            if response == GnomeKeyring.Result.OK:
                if keyring is not None:
                    delete_response = GnomeKeyring.delete_sync('login')
                    log.debug('delete login: %s' % delete_response)
                    assert delete_response == GnomeKeyring.Result.OK, \
                        "Delete failed: %s" % delete_response
            elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
                raise IOError(
                    'Unexpected error when manipulating login keyring')

            # This is result of the underlying DBus error:
            # CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
            # CKR_MECHANISM_PARAM_INVALID
            # So, failed either
            # * egg_padding_pkcs7_unpad
            #   (gnome-keyring/egg/egg-padding.c)
            # * gkm_aes_mechanism_unwrap
            #   (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
            # * gkm_dh_mechanism_derive
            #   (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
            # * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
            #   (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
            create_response = GnomeKeyring.create_sync('login', 'redhat')
            log.debug('create login: %s' % create_response)
            if create_response != GnomeKeyring.Result.OK:
                raise IOError(
                    'Create failed: %s\n%s' %
                    (create_response,
                     GnomeKeyring.result_to_message(create_response)))

            set_default_response = \
                GnomeKeyring.set_default_keyring_sync('login')
            assert set_default_response == GnomeKeyring.Result.OK, \
                "Set default failed: %s" % set_default_response
        unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
        assert unlock_response == GnomeKeyring.Result.OK, \
            "Unlock failed: %s" % unlock_response
    except Exception as e:
        log.error("Exception while unlocking a keyring: %s", e.message)
        raise  # We shouldn’t let this exception evaporate
Beispiel #9
0
def setup_gnome_keyring():
    """
    Provide clean login Gnome keyring (removes the previous one
    beforehand, if there is a one).
    """
    try:
        # Delete originally stored password
        (response, keyring) = GnomeKeyring.get_default_keyring_sync()
        log.debug('get_info default: %s, %s' % (response, keyring))
        if response == GnomeKeyring.Result.OK:
            if keyring is not None:
                delete_response = GnomeKeyring.delete_sync(keyring)
                log.debug('delete default: %s' % delete_response)
                assert delete_response == GnomeKeyring.Result.OK, \
                    "Delete failed: %s" % delete_response
            response, keyring = GnomeKeyring.get_info_sync('login')
            if response == GnomeKeyring.Result.OK:
                if keyring is not None:
                    delete_response = GnomeKeyring.delete_sync('login')
                    log.debug('delete login: %s' % delete_response)
                    assert delete_response == GnomeKeyring.Result.OK, \
                        "Delete failed: %s" % delete_response
            elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
                raise IOError(
                    'Unexpected error when manipulating login keyring')

            # This is result of the underlying DBus error:
            # CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
            # CKR_MECHANISM_PARAM_INVALID
            # So, failed either
            # * egg_padding_pkcs7_unpad
            #   (gnome-keyring/egg/egg-padding.c)
            # * gkm_aes_mechanism_unwrap
            #   (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
            # * gkm_dh_mechanism_derive
            #   (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
            # * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
            #   (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
            create_response = GnomeKeyring.create_sync('login', 'redhat')
            log.debug('create login: %s' % create_response)
            if create_response != GnomeKeyring.Result.OK:
                raise IOError(
                    'Create failed: %s\n%s' %
                    (create_response,
                     GnomeKeyring.result_to_message(create_response)))

            set_default_response = \
                GnomeKeyring.set_default_keyring_sync('login')
            assert set_default_response == GnomeKeyring.Result.OK, \
                "Set default failed: %s" % set_default_response
        unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
        assert unlock_response == GnomeKeyring.Result.OK, \
            "Unlock failed: %s" % unlock_response
    except Exception as e:
        log.error("Exception while unlocking a keyring: %s", e.message)
        raise  # We shouldn’t let this exception evaporate
Beispiel #10
0
    def test_info_unknown(self):
        '''get_info_sync() for unknown keyring'''

        (result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING + '_nonexisting')
        self.assertEqual(result, GnomeKeyring.Result.NO_SUCH_KEYRING)
        else:
            screen.addstr('\n')

    # Done; pause or eat the key that was ungetch()'d
    screen.addstr('Press any key to continue ...')
    screen.getch()


if __name__ == '__main__':
    gi.require_version('GnomeKeyring', '1.0')
    gi.require_version('Secret', '1')
    from gi.repository import GnomeKeyring as gkr, Secret

    # Unlock the login keyring, if necessary
    was_locked = False
    if gkr.get_info_sync(KEYRING)[1].get_is_locked():
        was_locked = True
        import getpass
        result = gkr.unlock_sync(
            'login',
            getpass.getpass(prompt='Enter password for '
                            'login keyring: '))
        if result == gkr.Result.IO_ERROR:  # Incorrect password
            sys.exit(1)

    # Connect to libsecret
    service = Secret.Service.get_sync(Secret.ServiceFlags.OPEN_SESSION
                                      | Secret.ServiceFlags.LOAD_COLLECTIONS)
    collections = service.get_collections()

    # Search the default keyring
    def test_info_unknown(self):
        '''get_info_sync() for unknown keyring'''

        (result,
         info) = GnomeKeyring.get_info_sync(TEST_KEYRING + '_nonexisting')
        self.assertEqual(result, GnomeKeyring.Result.NO_SUCH_KEYRING)
	def isLocked(self):
		info =  GnomeKeyring.get_info_sync(self.keyring)[1]
		return info.get_is_locked()
Beispiel #14
0
	def __update_info(self):
		"""Update keyring status information"""
		self._info = keyring.get_info_sync(self.KEYRING_NAME)[1]

		# update icon
		self.__update_icon()
Beispiel #15
0
        else:
            screen.addstr('\n')

    # Done; pause or eat the key that was ungetch()'d
    screen.addstr('Press any key to continue ...')
    screen.getch()


if __name__ == '__main__':
    gi.require_version('GnomeKeyring', '1.0')
    gi.require_version('Secret', '1')
    from gi.repository import GnomeKeyring as gkr, Secret

    # Unlock the login keyring, if necessary
    was_locked = False
    if gkr.get_info_sync(KEYRING)[1].get_is_locked():
        was_locked = True
        import getpass
        result = gkr.unlock_sync('login',
                                 getpass.getpass(prompt='Enter password for '
                                                 'login keyring: '))
        if result == gkr.Result.IO_ERROR:  # Incorrect password
            sys.exit(1)

    # Connect to libsecret
    service = Secret.Service.get_sync(Secret.ServiceFlags.OPEN_SESSION |
                                      Secret.ServiceFlags.LOAD_COLLECTIONS)
    collections = service.get_collections()

    # Search the default keyring
    items = service.unlock_sync(collections, None)[1][0].get_items()