def init(self, settings, q):
if platform.system() == 'Darwin':
# Explicitly add support for MacGPG2
os.environ['PATH'] = os.environ['PATH'] + ':/usr/local/MacGPG2/bin'
try:
lang = gettext.translation('pext_module_pass',
localedir=os.path.join(
os.path.dirname(
os.path.abspath(__file__)),
'locale'),
languages=[settings['_locale']])
except FileNotFoundError:
lang = gettext.NullTranslations()
print("No {} translation available for pext_module_pass".format(
settings['_locale']))
lang.install()
self.result_display_thread = None
self.result_display_active = True
self.data_location = expanduser(normcase("~/.password-store/")) if (
'directory' not in settings) else expanduser(
normcase(settings['directory']))
self.password_store = pypass.PasswordStore(self.data_location)
self.q = q
self.settings = settings
if 'ssh_password' not in self.settings or not self.settings[
'ssh_password']:
self.settings['ssh_password'] = None
if self.settings['_api_version'] < [0, 11, 1]:
self.q.put([
Action.critical_error,
_("This module requires at least API version 0.11.1, you are using {}. Please update Pext."
).format(".".join(
[str(i) for i in self.settings['_api_version']]))
])
return
self.git_repo = self.data_location
if (not os.path.isdir(os.path.join(self.data_location, ".git"))) or (
'use_git' in self.settings
and self.settings['use_git'] == _('No')):
self.git_repo = None
self.passwordEntries = {}
self.q.put([Action.set_base_context, [_("Create"), _("Generate")]])
self._get_entries()
if not os.path.exists(os.path.join(self.data_location, ".gpg-id")):
self._init()
def init(self, settings, q):
if platform.system() == 'Darwin':
# Explicitly add support for MacGPG2
os.environ['PATH'] = os.environ['PATH'] + ':/usr/local/MacGPG2/bin'
try:
lang = gettext.translation('pext_module_pass',
localedir=os.path.join(
os.path.dirname(
os.path.abspath(__file__)),
'locale'),
languages=[settings['_locale']])
except FileNotFoundError:
lang = gettext.NullTranslations()
print("No {} translation available for pext_module_pass".format(
settings['_locale']))
lang.install()
self.result_display_thread = None
self.result_display_active = True
self.data_location = expanduser(normcase("~/.password-store/")) if (
'directory' not in settings) else expanduser(
normcase(settings['directory']))
self.password_store = pypass.PasswordStore(self.data_location)
self.q = q
self.settings = settings
with open(
os.path.join(os.path.dirname(os.path.abspath(__file__)),
'breaches.json')) as breaches_json:
self.breaches = json.load(breaches_json)
if 'ssh_password' not in self.settings or not self.settings[
'ssh_password']:
self.settings['ssh_password'] = None
if self.settings['_api_version'] < [0, 11, 1]:
self.q.put([
Action.critical_error,
_("This module requires at least API version 0.11.1, you are using {}. Please update Pext."
).format(".".join(
[str(i) for i in self.settings['_api_version']]))
])
return
self.git_repo = self.data_location
if (not os.path.isdir(os.path.join(self.data_location, ".git"))) or (
'use_git' in self.settings
and self.settings['use_git'] == _('No')):
self.git_repo = None
self.passwordEntries = {}
breached_account_count = self._get_entries()
if breached_account_count > 0:
self.q.put([
Action.ask_question,
_("Found {} account(s) likely involved in a data breach. You should change the passwords for these accounts as soon as possible. Do you want to view the accounts in question?"
).format(breached_account_count), "view_breaches"
])
if not os.path.exists(os.path.join(self.data_location, ".gpg-id")):
self._init()
pass_lines.extend(old_pass_lines[1:])
else:
# Keep otpauth:// lines from old data because there's no nice place to store them in NM's data anyway
pass_lines.extend([
line for line in old_pass_lines
if line.startswith('otpauth://')
])
if pass_lines != old_pass_lines:
# FIXME: Make pypass support multiple lines in gpg-id
subprocess.check_output(
['pass', 'insert', '--multiline', pass_file],
env={'PASSWORD_STORE_DIR': self.password_store.path},
text=True,
input='\n'.join(pass_lines))
return True
if __name__ == '__main__':
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
loop = GLib.MainLoop()
# FIXME: Does this automatically use $PASSWORD_STORE_DIR?
PassAgent('mijofa.py.nm-pass-agent',
password_store=pypass.PasswordStore(path=os.environ.get(
'PASSWORD_STORE_DIR',
str(pathlib.Path('~/.password-store').expanduser()))))
systemd.daemon.notify('READY=1')
loop.run()
systemd.daemon.notify('STOPPING=1')
logging.getLogger().setLevel(args.logging_level)
with args.json_config_path.open() as f:
json_config_object = json.loads(jsmin.jsmin(f.read()))
# Sanity check
if args.enrollment_policy_name:
if args.enrollment_policy_name not in json_config_object['policies']:
raise RuntimeError('Bogus enrollment policy name',
args.enrollment_policy_name,
json_config_object['policies'].keys())
if 'service_account' in json_config_object:
# first-time setup has already been done, so get an oauth token from the private key.
service_account_object = json.loads(
pypass.PasswordStore().get_decrypted_password(
json_config_object['service_account']).strip())
# Basic sanity checks
if service_account_object['type'] != 'service_account':
raise RuntimeError('wrong json')
if 'private_key' not in service_account_object:
raise RuntimeError('wrong json')
gcloud_project_id = service_account_object['project_id']
logging.debug('Project ID is: %s', gcloud_project_id)
androidmanagement = apiclient.discovery.build(
serviceName='androidmanagement',
version='v1',
cache_discovery=False, # disable some stupid warning
credentials=google.oauth2.service_account.Credentials.from_service_account_info(
info=service_account_object,
scopes=['https://www.googleapis.com/auth/androidmanagement']))
logging.info('Authentication succeeded.')