def _mount(self): """ mount the service """ if self.password is None: self.password = self.config.password(self.parent, self.profile_id, self.mode) logger.debug('Provide password through temp FIFO', self) thread = password_ipc.TempPasswordThread(self.password) env = self.env() env['ASKPASS_TEMP'] = thread.temp_file thread.start() encfs = [self.mountproc, '--extpass=backintime-askpass'] if self.reverse: encfs += ['--reverse'] if not self.isConfigured(): encfs += ['--standard'] encfs += [self.path, self.currentMountpoint] logger.debug('Call mount command: %s' % ' '.join(encfs), self) proc = subprocess.Popen(encfs, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) output = proc.communicate()[0] self.backupConfig() if proc.returncode: raise MountException(_('Can\'t mount \'%(command)s\':\n\n%(error)s') \ % {'command': ' '.join(encfs), 'error': output}) thread.stop()
def startProcess(self): """ start 'encfsctl encode' process in pipe mode. """ thread = password_ipc.TempPasswordThread(self.password) env = self.encfs.env() env['ASKPASS_TEMP'] = thread.temp_file with thread.starter(): logger.debug('start \'encfsctl encode\' process', self) encfsctl = ['encfsctl', 'encode', '--extpass=backintime-askpass', '/'] logger.debug('Call command: %s' %' '.join(encfsctl), self) self.p = subprocess.Popen(encfsctl, env = env, bufsize = 0, stdin=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines = True)
def startProcess(self): """ start 'encfsctl decode' process in pipe mode. """ thread = password_ipc.TempPasswordThread(self.password) env = os.environ.copy() env['ASKPASS_TEMP'] = thread.temp_file with thread.starter(): logger.debug('start \'encfsctl decode\' process', self) encfsctl = ['encfsctl', 'decode', '--extpass=backintime-askpass', self.encfs.path] logger.debug('Call command: %s' %' '.join(encfsctl), self) self.p = subprocess.Popen(encfsctl, env = env, stdin=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines = self.string, #return string (if True) or bytes bufsize = 0)
def unlockSshAgent(self, force=False): """ Unlock the private key in ``ssh-agent`` which will provide it for all other commands. The password to unlock the key will be provided by ``backintime-askpass``. Args: force (bool): force to unlock the key by removing it first and add it again to make sure, the given values are correct Raises: exceptions.MountException: if unlock failed """ self.startSshAgent() env = os.environ.copy() env['SSH_ASKPASS'] = '******' env['ASKPASS_PROFILE_ID'] = self.profile_id env['ASKPASS_MODE'] = self.mode if force: #remove private key first so we can check if the given password is valid logger.debug( 'Remove private key %s from ssh agent' % self.private_key_file, self) proc = subprocess.Popen(['ssh-add', '-d', self.private_key_file], stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, universal_newlines=True) proc.communicate() proc = subprocess.Popen(['ssh-add', '-l'], stdout=subprocess.PIPE, universal_newlines=True) output = proc.communicate()[0] if force or not output.find(self.private_key_fingerprint) >= 0: logger.debug( 'Add private key %s to ssh agent' % self.private_key_file, self) password_available = any([ self.config.passwordSave(self.profile_id), self.config.passwordUseCache(self.profile_id), not self.password is None ]) logger.debug('Password available: %s' % password_available, self) if not password_available and not tools.checkXServer(): #we need to unlink stdin from ssh-add in order to make it #use our own backintime-askpass. #But because of this we can NOT use getpass inside backintime-askpass #if password is not saved and there is no x-server. #So, let's just keep ssh-add asking for the password in that case. alarm = tools.Alarm() alarm.start(10) try: proc = subprocess.call(['ssh-add', self.private_key_file]) alarm.stop() except tools.Timeout: pass else: if self.password: logger.debug('Provide password through temp FIFO', self) thread = password_ipc.TempPasswordThread(self.password) env['ASKPASS_TEMP'] = thread.temp_file thread.start() proc = subprocess.Popen(['ssh-add', self.private_key_file], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env, preexec_fn=os.setsid, universal_newlines=True) output, error = proc.communicate() if proc.returncode: logger.error( 'Failed to unlock SSH private key %s: %s' % (self.private_key_file, error), self) if self.password: thread.stop() proc = subprocess.Popen(['ssh-add', '-l'], stdout=subprocess.PIPE, universal_newlines=True) output = proc.communicate()[0] if not output.find(self.private_key_fingerprint) >= 0: logger.debug( 'Was not able to unlock private key %s' % self.private_key_file, self) raise MountException( _('Could not unlock ssh private key. Wrong password ' 'or password not available for cron.')) else: logger.debug( 'Private key %s is already unlocked in ssh agent' % self.private_key_file, self)