Mailinglist Archive: opensuse-buildservice (233 mails)

< Previous Next >
[opensuse-buildservice] Using keyring for storing passwords
  • From: Michal Čihař <michal@xxxxxxxxx>
  • Date: Thu, 4 Dec 2008 10:56:51 +0100
  • Message-id: <20081204105651.126bb59f@xxxxxxxxxxxxxxxxx>
Hi all

as I really don't like idea of storing clear text passwords, I hacked
support for GNOME Keyring in osc (see attached patch). If keyring is
available, login credentials are stored and read from keyring and it
stores them in a secure way. Is there a chance to get such change
merged?

--
Michal Čihař | http://cihar.com | http://blog.cihar.com
Index: osc/conf.py
===================================================================
--- osc/conf.py (revision 5802)
+++ osc/conf.py (working copy)
@@ -37,6 +37,14 @@
import OscConfigParser
from osc import oscerr

+try:
+ import gobject
+ gobject.set_application_name('osc')
+ import gnomekeyring
+ GNOME_KEYRING = gnomekeyring.is_available()
+except:
+ GNOME_KEYRING = False
+
# being global to this module, this dict can be accessed from outside
# it will hold the parsed configuration
config = { }
@@ -252,6 +260,16 @@
conf_template = custom_template or new_conf_template
config = DEFAULTS.copy()
config.update(entries)
+ if GNOME_KEYRING:
+ protocol, host = \
+ parse_apisrv_url(None, config['apisrv'])
+ gnomekeyring.set_network_password_sync(
+ user = config['user'],
+ password = config['pass'],
+ protocol = protocol,
+ server = host)
+ config['user'] = ''
+ config['pass'] = ''
sio = StringIO.StringIO(conf_template.strip() % config)
cp = OscConfigParser.OscConfigParser(DEFAULTS)
cp.readfp(sio)
@@ -270,7 +288,29 @@
finally:
if file: file.close()

+def add_section(filename, url, user, passwd):
+ """
+ Add a section to config file for new api url.
+ """
+ cp = get_configParser()
+ cp.add_section(url)
+ if GNOME_KEYRING:
+ protocol, host = \
+ parse_apisrv_url(None, url)
+ gnomekeyring.set_network_password_sync(
+ user = user,
+ password = passwd,
+ protocol = protocol,
+ server = host)
+ cp.set(url, 'keyring', 'yes')
+ else:
+ cp.set(url, 'user', user)
+ cp.set(url, 'pass', passwd)
+ file = open(filename, 'w')
+ cp.write(file, True)
+ if file: file.close()

+
def get_config(override_conffile = None,
override_apisrv = None,
override_debug = None,
@@ -333,12 +373,29 @@
http_header_regexp = re.compile(r"\s*(.*?)\s*:\s*(.*?)\s*(?:,\s*|\Z)")

for url in [ x for x in cp.sections() if x != 'general' ]:
- dummy, host = \
+ protocol, host = \
parse_apisrv_url(config['scheme'], url)
- #FIXME: this could actually be the ideal spot to take defaults
- #from the general section.
- user = cp.get(url, 'user')
- password = cp.get(url, 'pass')
+ user = None
+ # Read from gnome keyring if available
+ if GNOME_KEYRING:
+ try:
+ gk_data = gnomekeyring.find_network_password_sync(
+ protocol = protocol,
+ server = host)
+ password = gk_data[0]['password']
+ user = gk_data[0]['user']
+ except gnomekeyring.NoMatchError:
+ # We could not read password, here we can either fall back to
+ # to reading config file or skip this entry. I think it is
better
+ # to skip this entry allow user to enter password for this
server
+ # which will be stored in keyring.
+ continue
+ # Read credentials from config
+ if user is None:
+ #FIXME: this could actually be the ideal spot to take defaults
+ #from the general section.
+ user = cp.get(url, 'user')
+ password = cp.get(url, 'pass')

if cp.has_option(url, 'http_headers'):
http_headers = cp.get(url, 'http_headers')
Index: osc/commandline.py
===================================================================
--- osc/commandline.py (revision 5802)
+++ osc/commandline.py (working copy)
@@ -87,13 +87,7 @@
import getpass
user = raw_input('Username: ')
passwd = getpass.getpass()
- cp = conf.get_configParser()
- cp.add_section(e.url)
- cp.set(e.url, 'user', user)
- cp.set(e.url, 'pass', passwd)
- file = open(e.file, 'w')
- cp.write(file, True)
- if file: file.close()
+ conf.add_section(e.file, e.url, user, passwd)
if try_again: self.postoptparse(try_again = False)

self.conf = conf
< Previous Next >
Follow Ups