def _mount(self):
"""
mount the service
"""
if self.password is None:
self.password = self.config.password(self.parent, self.profile_id,
self.mode)
logger.debug('Provide password through temp FIFO', self)
thread = password_ipc.TempPasswordThread(self.password)
env = self.env()
env['ASKPASS_TEMP'] = thread.temp_file
thread.start()
encfs = [self.mountproc, '--extpass=backintime-askpass']
if self.reverse:
encfs += ['--reverse']
if not self.isConfigured():
encfs += ['--standard']
encfs += [self.path, self.currentMountpoint]
logger.debug('Call mount command: %s' % ' '.join(encfs), self)
proc = subprocess.Popen(encfs,
env=env,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
universal_newlines=True)
output = proc.communicate()[0]
self.backupConfig()
if proc.returncode:
raise MountException(_('Can\'t mount \'%(command)s\':\n\n%(error)s') \
% {'command': ' '.join(encfs), 'error': output})
thread.stop()
def startProcess(self):
"""
start 'encfsctl encode' process in pipe mode.
"""
thread = password_ipc.TempPasswordThread(self.password)
env = self.encfs.env()
env['ASKPASS_TEMP'] = thread.temp_file
with thread.starter():
logger.debug('start \'encfsctl encode\' process', self)
encfsctl = ['encfsctl', 'encode', '--extpass=backintime-askpass', '/']
logger.debug('Call command: %s'
%' '.join(encfsctl),
self)
self.p = subprocess.Popen(encfsctl, env = env, bufsize = 0,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
universal_newlines = True)
def startProcess(self):
"""
start 'encfsctl decode' process in pipe mode.
"""
thread = password_ipc.TempPasswordThread(self.password)
env = os.environ.copy()
env['ASKPASS_TEMP'] = thread.temp_file
with thread.starter():
logger.debug('start \'encfsctl decode\' process', self)
encfsctl = ['encfsctl', 'decode', '--extpass=backintime-askpass', self.encfs.path]
logger.debug('Call command: %s'
%' '.join(encfsctl),
self)
self.p = subprocess.Popen(encfsctl, env = env,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
universal_newlines = self.string, #return string (if True) or bytes
bufsize = 0)
def unlockSshAgent(self, force=False):
"""
Unlock the private key in ``ssh-agent`` which will provide it for
all other commands. The password to unlock the key will be provided
by ``backintime-askpass``.
Args:
force (bool): force to unlock the key by removing it
first and add it again to make sure,
the given values are correct
Raises:
exceptions.MountException: if unlock failed
"""
self.startSshAgent()
env = os.environ.copy()
env['SSH_ASKPASS'] = '******'
env['ASKPASS_PROFILE_ID'] = self.profile_id
env['ASKPASS_MODE'] = self.mode
if force:
#remove private key first so we can check if the given password is valid
logger.debug(
'Remove private key %s from ssh agent' % self.private_key_file,
self)
proc = subprocess.Popen(['ssh-add', '-d', self.private_key_file],
stdin=subprocess.DEVNULL,
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
universal_newlines=True)
proc.communicate()
proc = subprocess.Popen(['ssh-add', '-l'],
stdout=subprocess.PIPE,
universal_newlines=True)
output = proc.communicate()[0]
if force or not output.find(self.private_key_fingerprint) >= 0:
logger.debug(
'Add private key %s to ssh agent' % self.private_key_file,
self)
password_available = any([
self.config.passwordSave(self.profile_id),
self.config.passwordUseCache(self.profile_id),
not self.password is None
])
logger.debug('Password available: %s' % password_available, self)
if not password_available and not tools.checkXServer():
#we need to unlink stdin from ssh-add in order to make it
#use our own backintime-askpass.
#But because of this we can NOT use getpass inside backintime-askpass
#if password is not saved and there is no x-server.
#So, let's just keep ssh-add asking for the password in that case.
alarm = tools.Alarm()
alarm.start(10)
try:
proc = subprocess.call(['ssh-add', self.private_key_file])
alarm.stop()
except tools.Timeout:
pass
else:
if self.password:
logger.debug('Provide password through temp FIFO', self)
thread = password_ipc.TempPasswordThread(self.password)
env['ASKPASS_TEMP'] = thread.temp_file
thread.start()
proc = subprocess.Popen(['ssh-add', self.private_key_file],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=env,
preexec_fn=os.setsid,
universal_newlines=True)
output, error = proc.communicate()
if proc.returncode:
logger.error(
'Failed to unlock SSH private key %s: %s' %
(self.private_key_file, error), self)
if self.password:
thread.stop()
proc = subprocess.Popen(['ssh-add', '-l'],
stdout=subprocess.PIPE,
universal_newlines=True)
output = proc.communicate()[0]
if not output.find(self.private_key_fingerprint) >= 0:
logger.debug(
'Was not able to unlock private key %s' %
self.private_key_file, self)
raise MountException(
_('Could not unlock ssh private key. Wrong password '
'or password not available for cron.'))
else:
logger.debug(
'Private key %s is already unlocked in ssh agent' %
self.private_key_file, self)
