def testTimeout(self):
desc = b"dummyKey"
value = b"dummyValue"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
# create key with 1 second timeout:
keyId = keyutils.add_key(desc, value, keyring)
keyutils.set_timeout(keyId, 1)
self.assertEqual(keyutils.request_key(desc, keyring), keyId)
time.sleep(1.5)
self.assertEqual(keyutils.request_key(desc, keyring), None)
def promptPassword(self, keyDesc, prompt, promptDesc, validateCallback):
try:
import keyutils
keyring = keyutils.KEY_SPEC_SESSION_KEYRING
except ImportError:
keyutils = keyring = None
if keyutils:
keyId = keyutils.request_key(keyDesc, keyring)
if keyId is not None:
passwd = keyutils.read_key(keyId)
if validateCallback(passwd):
return passwd
# Fall through if the cached creds are invalid
for x in range(3):
self.write(promptDesc)
passwd = self.inputPassword(prompt)
if validateCallback(passwd):
if keyutils:
keyutils.add_key(keyDesc, passwd, keyring)
return passwd
if not passwd:
# User wants out but getpass eats Ctrl-C
break
self.write("The specified credentials were not valid.\n")
return None
def promptPassword(self, keyDesc, prompt, promptDesc, validateCallback):
try:
import keyutils
keyring = keyutils.KEY_SPEC_SESSION_KEYRING
except ImportError:
keyutils = keyring = None
if keyutils:
keyId = keyutils.request_key(keyDesc, keyring)
if keyId is not None:
passwd = keyutils.read_key(keyId)
if validateCallback(passwd):
return passwd
# Fall through if the cached creds are invalid
for x in range(3):
self.write(promptDesc)
passwd = self.inputPassword(prompt)
if validateCallback(passwd):
if keyutils:
keyutils.add_key(keyDesc, passwd, keyring)
return passwd
if not passwd:
# User wants out but getpass eats Ctrl-C
break
self.write("The specified credentials were not valid.\n")
return None
def testTimeout(self):
desc = b"dummyKey"
value = b"dummyValue"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
# create key with 1 second timeout:
keyId = keyutils.add_key(desc, value, keyring)
self.assertEqual(keyutils.request_key(desc, keyring), keyId)
keyutils.set_timeout(keyId, 1)
time.sleep(1.5)
try:
keyId = keyutils.request_key(desc, keyring)
except keyutils.Error as err:
# https://patchwork.kernel.org/patch/5336901
self.assertEqual(err.args[0], keyutils.EKEYEXPIRED)
keyId = None
self.assertEqual(keyId, None)
def _key_id(self, device):
key = self._key(device)
try:
key_id = keyutils.request_key(key, self.keyring)
except keyutils.Error:
raise KeyError("Key has been revoked!")
if key_id is None:
raise KeyError("Key not cached!")
return key_id
def _key_id(self, device):
key = self._key(device)
try:
key_id = keyutils.request_key(key, self.keyring)
except keyutils.Error:
raise KeyError("Key has been revoked!")
if key_id is None:
raise KeyError("Key not cached!")
return key_id
def testClear(self):
desc = b"dummyKey"
value = b"dummyValue"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
key_id = keyutils.add_key(desc, value, keyring)
self.assertEqual(keyutils.request_key(desc, keyring), key_id)
keyutils.clear(keyring)
self.assertRaises(keyutils.Error, keyutils.read_key, key_id)
def testSet(self):
keyDesc = b"test:key:01"
keyVal = b"key value with\0 some weird chars in it too"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
# Key not initialized; should get None
keyId = keyutils.request_key(keyDesc, keyring)
self.assertEqual(keyId, None)
self.assertRaises(keyutils.Error, keyutils.read_key, 12345)
try:
keyutils.read_key(12345)
except keyutils.Error as e:
self.assertEqual(e.args, (126, 'Required key not available'))
keyutils.add_key(keyDesc, keyVal, keyring)
keyId = keyutils.request_key(keyDesc, keyring)
data = keyutils.read_key(keyId)
self.assertEqual(data, keyVal)
def _keyId(self):
if self.__keyId is False:
try:
self.__keyId = keyutils.request_key(self.__keyName,
self._KeyRing.SESSION)
except keyutils.Error as exc:
if exc.args[0] not in (keyutils.EKEYEXPIRED,
keyutils.EKEYREVOKED):
raise
self.__keyId = None
return self.__keyId
def _get_user_key_id(self, key=None, pid=None):
""" Returns ID under which a given key name is known.
"""
key = key or self.default_key
pid = pid or self.default_pid
formatted = self._format_proc_key(key, pid)
key_id = _keyutils.request_key(formatted, self._user_keyring)
if not key_id:
raise ValueError('No such key `{}` in proc keyring'.format(formatted))
return key_id
def testSet(self):
keyDesc = "test:key:01"
keyVal = "key value with\0 some weird chars in it too"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
# Key not initialized; should get None
keyId = keyutils.request_key(keyDesc, keyring)
self.failUnlessEqual(keyId, None)
self.failUnlessRaises(keyutils.Error, keyutils.read_key, 12345L)
try:
keyutils.read_key(12345L)
except keyutils.Error, e:
self.failUnlessEqual(e.args, (126, "Required key not available"))
def clear_keyctl_password(self):
'''
This is to delete the key for whatever reason. A good reason is if you accidentally cache a password.
:return:
'''
keyctl_keyring_name = 'keyutils did not import so unknown'
ring = keyutils.KEY_SPEC_SESSION_KEYRING
keyctl_keyring_name = '@s'
key_id = keyutils.request_key(self.key_name, ring)
if key_id:
keyutils.unlink(key_id, ring)
log.debug('key deleted')
def getPassword(keyDesc):
if not _keyutils:
return None
_setupSession()
try:
keyId = _keyutils.request_key(keyDesc, _keyring)
except _keyutils.Error as err:
if err.args[0] != _keyutils.EKEYREVOKED:
raise
# This happens if using old keyutils if the session was revoked (which
# normally _setupSession would fix), or using new keyutils if the key
# itself was revoked.
return None
if keyId is not None:
return _keyutils.read_key(keyId)
return None
def getPassword(keyDesc):
if not _keyutils:
return None
_setupSession()
try:
keyId = _keyutils.request_key(keyDesc, _keyring)
except _keyutils.Error as err:
if err.args[0] != _keyutils.EKEYREVOKED:
raise
# This happens if using old keyutils if the session was revoked (which
# normally _setupSession would fix), or using new keyutils if the key
# itself was revoked.
return None
if keyId is not None:
return _keyutils.read_key(keyId)
return None
def getKeyPassphrase(self, keyId, prompt, errorMessage=None):
if errorMessage:
print errorMessage
keyDesc = "conary:pgp:%s" % keyId
try:
import keyutils
# We only initialize keyring if keyutils is not None
keyring = keyutils.KEY_SPEC_SESSION_KEYRING
except ImportError:
keyutils = None
# If the passphrase was invalidated, we don't want to be stuck; so, if
# the caller did set an error message, we will not try to use keyutils
if keyutils and not errorMessage:
keyId = keyutils.request_key(keyDesc, keyring)
if keyId is not None:
return keyutils.read_key(keyId)
print
print prompt
passPhrase = getpass.getpass("Passphrase: ")
if keyutils:
keyutils.add_key(keyDesc, passPhrase, keyring)
return passPhrase
def getKeyPassphrase(self, keyId, prompt, errorMessage=None):
if errorMessage:
print errorMessage
keyDesc = "conary:pgp:%s" % keyId
try:
import keyutils
# We only initialize keyring if keyutils is not None
keyring = keyutils.KEY_SPEC_SESSION_KEYRING
except ImportError:
keyutils = None
# If the passphrase was invalidated, we don't want to be stuck; so, if
# the caller did set an error message, we will not try to use keyutils
if keyutils and not errorMessage:
keyId = keyutils.request_key(keyDesc, keyring)
if keyId is not None:
return keyutils.read_key(keyId)
print
print prompt
passPhrase = getpass.getpass("Passphrase: ")
if keyutils:
keyutils.add_key(keyDesc, passPhrase, keyring)
return passPhrase
def getPassword(keyDesc):
if _keyutils:
keyId = _keyutils.request_key(keyDesc, _keyring)
if keyId is not None:
return _keyutils.read_key(keyId)
return None
def get_user_password_through_keyctl(self,
timeout,
active_directory,
skip_test,
keyring=None,
raise_on_error=True):
'''
:param timeout:
:param active_directory:
:param skip_test:
:param keyring:
:param raise_on_error:
:return:
'''
password = None
try:
if keyring is None: # if keyring doesn't exist, generate a new keyring
keyring = keyutils.KEY_SPEC_SESSION_KEYRING
log.debug('KEY_SPEC_SESSION_KEYRING generated\n')
elif keyring is 'user':
keyring == keyutils.KEY_SPEC_USER_SESSION_KEYRING
log.debug('KEY_SPEC_USER_SESSION_KEYRING generated\n')
if keyring == keyutils.KEY_SPEC_SESSION_KEYRING:
keyctl_keyring_name = '@s'
elif keyring == keyutils.KEY_SPEC_USER_SESSION_KEYRING:
keyctl_keyring_name = '@us'
else:
sys.exit(
'update this code to add the un translated keyring type {}\n'
.format(keyring))
key_id = keyutils.request_key(self.key_name, keyring)
if key_id:
log.debug('Key {} exists on {}. Pulling from keyring\n'.format(
self.key_name, keyring))
password = keyutils.read_key(key_id)
else:
log.debug(
'Key {} does not exist on {}. creating new key\n'.format(
self.key_name, keyring))
password = password_check(username=self.username,
keyname=self.key_name,
active_directory=active_directory,
skip_test=skip_test)
key_id = keyutils.add_key(
self.key_name, password,
keyring) # for keyctl(1) the 'type' is 'user'
keyutils.set_timeout(key_id,
timeout) # Reset it each time it's accessed
except Exception as e:
if raise_on_error:
raise Exception(
"Failed to get key from keyutils using keyring {} - exception was {}"
.format(keyctl_keyring_name, e))
return password
def getPassword(keyDesc):
if _keyutils:
keyId = _keyutils.request_key(keyDesc, _keyring)
if keyId is not None:
return _keyutils.read_key(keyId)
return None
