示例#1
0
    def testTimeout(self):
        desc = b"dummyKey"
        value = b"dummyValue"
        keyring = keyutils.KEY_SPEC_THREAD_KEYRING

        # create key with 1 second timeout:
        keyId = keyutils.add_key(desc, value, keyring)
        keyutils.set_timeout(keyId, 1)

        self.assertEqual(keyutils.request_key(desc, keyring), keyId)
        time.sleep(1.5)
        self.assertEqual(keyutils.request_key(desc, keyring), None)
示例#2
0
 def promptPassword(self, keyDesc, prompt, promptDesc, validateCallback):
     try:
         import keyutils
         keyring = keyutils.KEY_SPEC_SESSION_KEYRING
     except ImportError:
         keyutils = keyring = None
     if keyutils:
         keyId = keyutils.request_key(keyDesc, keyring)
         if keyId is not None:
             passwd = keyutils.read_key(keyId)
             if validateCallback(passwd):
                 return passwd
             # Fall through if the cached creds are invalid
     for x in range(3):
         self.write(promptDesc)
         passwd = self.inputPassword(prompt)
         if validateCallback(passwd):
             if keyutils:
                 keyutils.add_key(keyDesc, passwd, keyring)
             return passwd
         if not passwd:
             # User wants out but getpass eats Ctrl-C
             break
         self.write("The specified credentials were not valid.\n")
     return None
示例#3
0
 def promptPassword(self, keyDesc, prompt, promptDesc, validateCallback):
     try:
         import keyutils
         keyring = keyutils.KEY_SPEC_SESSION_KEYRING
     except ImportError:
         keyutils = keyring = None
     if keyutils:
         keyId = keyutils.request_key(keyDesc, keyring)
         if keyId is not None:
             passwd = keyutils.read_key(keyId)
             if validateCallback(passwd):
                 return passwd
             # Fall through if the cached creds are invalid
     for x in range(3):
         self.write(promptDesc)
         passwd = self.inputPassword(prompt)
         if validateCallback(passwd):
             if keyutils:
                 keyutils.add_key(keyDesc, passwd, keyring)
             return passwd
         if not passwd:
             # User wants out but getpass eats Ctrl-C
             break
         self.write("The specified credentials were not valid.\n")
     return None
    def testTimeout(self):
        desc = b"dummyKey"
        value = b"dummyValue"
        keyring = keyutils.KEY_SPEC_THREAD_KEYRING

        # create key with 1 second timeout:
        keyId = keyutils.add_key(desc, value, keyring)
        self.assertEqual(keyutils.request_key(desc, keyring), keyId)

        keyutils.set_timeout(keyId, 1)
        time.sleep(1.5)
        try:
            keyId = keyutils.request_key(desc, keyring)
        except keyutils.Error as err:
            # https://patchwork.kernel.org/patch/5336901
            self.assertEqual(err.args[0], keyutils.EKEYEXPIRED)
            keyId = None
        self.assertEqual(keyId, None)
示例#5
0
 def _key_id(self, device):
     key = self._key(device)
     try:
         key_id = keyutils.request_key(key, self.keyring)
     except keyutils.Error:
         raise KeyError("Key has been revoked!")
     if key_id is None:
         raise KeyError("Key not cached!")
     return key_id
示例#6
0
 def _key_id(self, device):
     key = self._key(device)
     try:
         key_id = keyutils.request_key(key, self.keyring)
     except keyutils.Error:
         raise KeyError("Key has been revoked!")
     if key_id is None:
         raise KeyError("Key not cached!")
     return key_id
示例#7
0
    def testClear(self):
        desc = b"dummyKey"
        value = b"dummyValue"
        keyring = keyutils.KEY_SPEC_THREAD_KEYRING

        key_id = keyutils.add_key(desc, value, keyring)

        self.assertEqual(keyutils.request_key(desc, keyring), key_id)
        keyutils.clear(keyring)
        self.assertRaises(keyutils.Error, keyutils.read_key, key_id)
示例#8
0
    def testSet(self):
        keyDesc = b"test:key:01"
        keyVal = b"key value with\0 some weird chars in it too"
        keyring = keyutils.KEY_SPEC_THREAD_KEYRING

        # Key not initialized; should get None
        keyId = keyutils.request_key(keyDesc, keyring)
        self.assertEqual(keyId, None)

        self.assertRaises(keyutils.Error, keyutils.read_key, 12345)
        try:
            keyutils.read_key(12345)
        except keyutils.Error as e:
            self.assertEqual(e.args, (126, 'Required key not available'))

        keyutils.add_key(keyDesc, keyVal, keyring)
        keyId = keyutils.request_key(keyDesc, keyring)

        data = keyutils.read_key(keyId)
        self.assertEqual(data, keyVal)
示例#9
0
文件: store.py 项目: earlchew/keysafe
    def _keyId(self):
        if self.__keyId is False:
            try:
                self.__keyId = keyutils.request_key(self.__keyName,
                                                    self._KeyRing.SESSION)
            except keyutils.Error as exc:
                if exc.args[0] not in (keyutils.EKEYEXPIRED,
                                       keyutils.EKEYREVOKED):
                    raise
                self.__keyId = None

        return self.__keyId
示例#10
0
    def _get_user_key_id(self, key=None, pid=None):
        """ Returns ID under which a given key name is known.
        """
        key = key or self.default_key
        pid = pid or self.default_pid

        formatted = self._format_proc_key(key, pid)
        key_id = _keyutils.request_key(formatted, self._user_keyring)

        if not key_id:
            raise ValueError('No such key `{}` in proc keyring'.format(formatted))

        return key_id
示例#11
0
    def testSet(self):
        keyDesc = "test:key:01"
        keyVal = "key value with\0 some weird chars in it too"
        keyring = keyutils.KEY_SPEC_THREAD_KEYRING

        # Key not initialized; should get None
        keyId = keyutils.request_key(keyDesc, keyring)
        self.failUnlessEqual(keyId, None)

        self.failUnlessRaises(keyutils.Error, keyutils.read_key, 12345L)
        try:
            keyutils.read_key(12345L)
        except keyutils.Error, e:
            self.failUnlessEqual(e.args, (126, "Required key not available"))
示例#12
0
    def clear_keyctl_password(self):
        '''
        This is to delete the key for whatever reason. A good reason is if you accidentally cache a password.
        :return:
        '''
        keyctl_keyring_name = 'keyutils did not import so unknown'

        ring = keyutils.KEY_SPEC_SESSION_KEYRING
        keyctl_keyring_name = '@s'
        key_id = keyutils.request_key(self.key_name, ring)

        if key_id:
            keyutils.unlink(key_id, ring)
            log.debug('key deleted')
示例#13
0
def getPassword(keyDesc):
    if not _keyutils:
        return None
    _setupSession()
    try:
        keyId = _keyutils.request_key(keyDesc, _keyring)
    except _keyutils.Error as err:
        if err.args[0] != _keyutils.EKEYREVOKED:
            raise
        # This happens if using old keyutils if the session was revoked (which
        # normally _setupSession would fix), or using new keyutils if the key
        # itself was revoked.
        return None
    if keyId is not None:
        return _keyutils.read_key(keyId)
    return None
示例#14
0
def getPassword(keyDesc):
    if not _keyutils:
        return None
    _setupSession()
    try:
        keyId = _keyutils.request_key(keyDesc, _keyring)
    except _keyutils.Error as err:
        if err.args[0] != _keyutils.EKEYREVOKED:
            raise
        # This happens if using old keyutils if the session was revoked (which
        # normally _setupSession would fix), or using new keyutils if the key
        # itself was revoked.
        return None
    if keyId is not None:
        return _keyutils.read_key(keyId)
    return None
示例#15
0
 def getKeyPassphrase(self, keyId, prompt, errorMessage=None):
     if errorMessage:
         print errorMessage
     keyDesc = "conary:pgp:%s" % keyId
     try:
         import keyutils
         # We only initialize keyring if keyutils is not None
         keyring = keyutils.KEY_SPEC_SESSION_KEYRING
     except ImportError:
         keyutils = None
     # If the passphrase was invalidated, we don't want to be stuck; so, if
     # the caller did set an error message, we will not try to use keyutils
     if keyutils and not errorMessage:
         keyId = keyutils.request_key(keyDesc, keyring)
         if keyId is not None:
             return keyutils.read_key(keyId)
     print
     print prompt
     passPhrase = getpass.getpass("Passphrase: ")
     if keyutils:
         keyutils.add_key(keyDesc, passPhrase, keyring)
     return passPhrase
示例#16
0
    def getKeyPassphrase(self, keyId, prompt, errorMessage=None):
        if errorMessage:
            print errorMessage
        keyDesc = "conary:pgp:%s" % keyId
        try:
            import keyutils

            # We only initialize keyring if keyutils is not None
            keyring = keyutils.KEY_SPEC_SESSION_KEYRING
        except ImportError:
            keyutils = None
        # If the passphrase was invalidated, we don't want to be stuck; so, if
        # the caller did set an error message, we will not try to use keyutils
        if keyutils and not errorMessage:
            keyId = keyutils.request_key(keyDesc, keyring)
            if keyId is not None:
                return keyutils.read_key(keyId)
        print
        print prompt
        passPhrase = getpass.getpass("Passphrase: ")
        if keyutils:
            keyutils.add_key(keyDesc, passPhrase, keyring)
        return passPhrase
示例#17
0
def getPassword(keyDesc):
    if _keyutils:
        keyId = _keyutils.request_key(keyDesc, _keyring)
        if keyId is not None:
            return _keyutils.read_key(keyId)
    return None
示例#18
0
    def get_user_password_through_keyctl(self,
                                         timeout,
                                         active_directory,
                                         skip_test,
                                         keyring=None,
                                         raise_on_error=True):
        '''

        :param timeout:
        :param active_directory:
        :param skip_test:
        :param keyring:
        :param raise_on_error:
        :return:
        '''
        password = None

        try:
            if keyring is None:  # if keyring doesn't exist, generate a new keyring
                keyring = keyutils.KEY_SPEC_SESSION_KEYRING
                log.debug('KEY_SPEC_SESSION_KEYRING generated\n')
            elif keyring is 'user':
                keyring == keyutils.KEY_SPEC_USER_SESSION_KEYRING
                log.debug('KEY_SPEC_USER_SESSION_KEYRING generated\n')

            if keyring == keyutils.KEY_SPEC_SESSION_KEYRING:
                keyctl_keyring_name = '@s'

            elif keyring == keyutils.KEY_SPEC_USER_SESSION_KEYRING:
                keyctl_keyring_name = '@us'

            else:
                sys.exit(
                    'update this code to add the un translated keyring type {}\n'
                    .format(keyring))

            key_id = keyutils.request_key(self.key_name, keyring)

            if key_id:
                log.debug('Key {} exists on {}. Pulling from keyring\n'.format(
                    self.key_name, keyring))
                password = keyutils.read_key(key_id)

            else:
                log.debug(
                    'Key {} does not exist on {}. creating new key\n'.format(
                        self.key_name, keyring))
                password = password_check(username=self.username,
                                          keyname=self.key_name,
                                          active_directory=active_directory,
                                          skip_test=skip_test)

            key_id = keyutils.add_key(
                self.key_name, password,
                keyring)  # for keyctl(1) the 'type' is 'user'
            keyutils.set_timeout(key_id,
                                 timeout)  # Reset it each time it's accessed

        except Exception as e:
            if raise_on_error:
                raise Exception(
                    "Failed to get key from keyutils using keyring {} - exception was {}"
                    .format(keyctl_keyring_name, e))
        return password
示例#19
0
def getPassword(keyDesc):
    if _keyutils:
        keyId = _keyutils.request_key(keyDesc, _keyring)
        if keyId is not None:
            return _keyutils.read_key(keyId)
    return None