virt-manager/virtManager/keyring.py

#
# Copyright (C) 2006 Red Hat, Inc.
# Copyright (C) 2006 Daniel P. Berrange <berrange@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301 USA.
#

import logging

# pylint: disable=E0611
from gi.repository import Gio
from gi.repository import GLib
# pylint: enable=E0611


class vmmSecret(object):
    def __init__(self, name, secret=None, attributes=None):
        self.name = name
        self.secret = secret
        self.attributes = attributes

    def get_secret(self):
        return self.secret
    def get_name(self):
        return self.name


class vmmKeyring(object):

    def __init__(self):
        self._collection = None

        try:
            self._dbus = Gio.bus_get_sync(Gio.BusType.SESSION, None)
            self._service = Gio.DBusProxy.new_sync(self._dbus, 0, None,
                                    "org.freedesktop.secrets",
                                    "/org/freedesktop/secrets",
                                    "org.freedesktop.Secret.Service", None)

            self._session = self._service.OpenSession("(sv)", "plain",
                                                      GLib.Variant("s", ""))[1]

            self._collection = Gio.DBusProxy.new_sync(self._dbus, 0, None,
                                "org.freedesktop.secrets",
                                "/org/freedesktop/secrets/aliases/default",
                                "org.freedesktop.Secret.Collection", None)

            logging.debug("Using keyring session %s", self._session)
        except:
            logging.exception("Error determining keyring")


    ##############
    # Public API #
    ##############

    def is_available(self):
        return not (self._collection is None)

    def add_secret(self, secret):
        ret = None
        try:
            props = {
                "org.freedesktop.Secret.Item.Label" : GLib.Variant("s", secret.get_name()),
                "org.freedesktop.Secret.Item.Attributes" : GLib.Variant("a{ss}", secret.attributes),
            }
            params = (self._session, [],
                      [ord(v) for v in secret.get_secret()],
                      "text/plain; charset=utf8")
            replace = True

            _id = self._collection.CreateItem("(a{sv}(oayays)b)",
                                              props, params, replace)[0]
            ret = int(_id.rsplit("/")[-1])
        except:
            logging.exception("Failed to add keyring secret")

        return ret

    def get_secret(self, _id):
        ret = None
        try:
            path = self._collection.get_object_path() + "/" + str(_id)
            iface = Gio.DBusProxy.new_sync(self._dbus, 0, None,
                                    "org.freedesktop.secrets", path,
                                    "org.freedesktop.Secret.Item", None)

            secretbytes = iface.GetSecret("(o)", self._session)[2]
            label = iface.get_cached_property("Label").unpack().strip("'")
            dbusattrs = iface.get_cached_property("Attributes").unpack()

            secret = u"".join([unichr(c) for c in secretbytes])

            attrs = {}
            for key, val in dbusattrs.items():
                if key not in ["hvuri", "uuid"]:
                    continue
                attrs["%s" % key] = "%s" % val

            ret = vmmSecret(label, secret, attrs)
        except:
            logging.exception("Failed to get keyring secret id=%s", _id)

        return ret
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00			`#`
			`# Copyright (C) 2006 Red Hat, Inc.`
			`# Copyright (C) 2006 Daniel P. Berrange <berrange@redhat.com>`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation; either version 2 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
Refresh GPL text with latest FSF address & fix spec file license tag 2007-11-20 19:12:20 +03:00			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,`
			`# MA 02110-1301 USA.`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00			`#`
Convert to use GTK3 and GObject Introspection bindings Switch over to use GObject introspection bindings for all python modules related to GObject/GTK3/etc. It is not possible to mix and match old pyggtk/pygobject manual bindings with new introspection based bindings so it must be all changed in one go. Imports like import gtk Change to from gi.repository import Gtk The vmmGObject class is changed to always inherit from GObject.GObject There is no compelling reason to avoid a GObject dep for the virt-manager TUI & it horribly messed up the code. Signal declarations are changed from vmmChooseCD.signal_new(vmmChooseCD, "cdrom-chosen", [object, str]) To __gsignals__ = { "cdrom-chosen": (GObject.SignalFlags.RUN_FIRST, None, [object, str]) } which is required by new GObject bindings Most of the rest of the change is simply dealing with renamed constants / classes. Alot of legacy compat code was removed - ie helpers which check to see if certain GTK2 methods are available are no longer required since we're mandating GTK3 only. The event loop is replaced with LibvirtGLib's event loop. Still todo - Rip out all DBus stuff & make vmmEngine class inherit GtkApplication which provides unique support & DBus method handling - Switch to use LibvirtGConfig & LibvirtGObject for libvirt interaction - Possibly switch to Python 3 too ? - Figure out why GNOME keyring is missing Introspection support My suggestion is that the standalone GIT repo for virt-install only live on as a support branch for legacy platforms. A stable-0.9 branch of virt-manager can be kept for legacy PyGtk2 based virt-manager releases. The virt-manager master branch should exclusively use GObject inspection and ideally Python3 and contain both the virt-manager and virt-install codebases in one since they are intimately related to each other & using separate GIT repos has needlessly complicated life for everyone. crobinso: Some locking fixes Misc cleanups and dropping now-useless code Fix dbus usage Fix graph cell renderer regression Fix a couple tooltip issues 2012-05-14 17:24:56 +04:00
Replace numerous 'print' statements with calls to python logging. Added syntax checking of all modules 2006-09-26 02:22:27 +04:00			`import logging`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`# pylint: disable=E0611`
			`from gi.repository import Gio`
			`from gi.repository import GLib`
			`# pylint: enable=E0611`
Cleanup gnome-keyring code (still broken with introspection) 2012-11-09 19:08:15 +04:00

			`class vmmSecret(object):`
			`def __init__(self, name, secret=None, attributes=None):`
			`self.name = name`
			`self.secret = secret`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`self.attributes = attributes`
Cleanup gnome-keyring code (still broken with introspection) 2012-11-09 19:08:15 +04:00
			`def get_secret(self):`
			`return self.secret`
			`def get_name(self):`
			`return self.name`

Clean up all pylint + pep8 violations 2012-11-08 17:15:02 +04:00
Register all gobject signals through vmmGObject baseclass Allows us to remove gobject imports in various places which will help when merging code with TUI. 2011-04-18 20:39:53 +04:00			`class vmmKeyring(object):`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00			`def __init__(self):`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`self._collection = None`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00
keyring: Minor code cleanup 2010-06-15 18:14:44 +04:00			`try:`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`self._dbus = Gio.bus_get_sync(Gio.BusType.SESSION, None)`
			`self._service = Gio.DBusProxy.new_sync(self._dbus, 0, None,`
			`"org.freedesktop.secrets",`
			`"/org/freedesktop/secrets",`
			`"org.freedesktop.Secret.Service", None)`

			`self._session = self._service.OpenSession("(sv)", "plain",`
			`GLib.Variant("s", ""))[1]`

			`self._collection = Gio.DBusProxy.new_sync(self._dbus, 0, None,`
			`"org.freedesktop.secrets",`
			`"/org/freedesktop/secrets/aliases/default",`
			`"org.freedesktop.Secret.Collection", None)`

			`logging.debug("Using keyring session %s", self._session)`
keyring: Minor code cleanup 2010-06-15 18:14:44 +04:00			`except:`
			`logging.exception("Error determining keyring")`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00

			`##############`
			`# Public API #`
			`##############`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00
Switched keyring code to use gnomekeyring module. Disable keyring support if not available 2006-08-16 00:07:17 +04:00			`def is_available(self):`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`return not (self._collection is None)`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00
			`def add_secret(self, secret):`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`ret = None`
We have to make sure the 'default' keyring is created or we'll abort() on an NULL pointer. Also handle keyring failure gracefully 2006-08-17 00:12:50 +04:00			`try:`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`props = {`
			`"org.freedesktop.Secret.Item.Label" : GLib.Variant("s", secret.get_name()),`
			`"org.freedesktop.Secret.Item.Attributes" : GLib.Variant("a{ss}", secret.attributes),`
			`}`
			`params = (self._session, [],`
			`[ord(v) for v in secret.get_secret()],`
			`"text/plain; charset=utf8")`
			`replace = True`

			`_id = self._collection.CreateItem("(a{sv}(oayays)b)",`
			`props, params, replace)[0]`
			`ret = int(_id.rsplit("/")[-1])`
We have to make sure the 'default' keyring is created or we'll abort() on an NULL pointer. Also handle keyring failure gracefully 2006-08-17 00:12:50 +04:00			`except:`
keyring: Minor code cleanup 2010-06-15 18:14:44 +04:00			`logging.exception("Failed to add keyring secret")`

keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`return ret`
Added initial support for saving VNC password in the GNOME keyring 2006-07-19 22:33:23 +04:00
Rename variables that shadow built-in functions. 2008-11-18 23:42:51 +03:00			`def get_secret(self, _id):`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`ret = None`
We have to make sure the 'default' keyring is created or we'll abort() on an NULL pointer. Also handle keyring failure gracefully 2006-08-17 00:12:50 +04:00			`try:`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`path = self._collection.get_object_path() + "/" + str(_id)`
			`iface = Gio.DBusProxy.new_sync(self._dbus, 0, None,`
			`"org.freedesktop.secrets", path,`
			`"org.freedesktop.Secret.Item", None)`

			`secretbytes = iface.GetSecret("(o)", self._session)[2]`
			`label = iface.get_cached_property("Label").unpack().strip("'")`
			`dbusattrs = iface.get_cached_property("Attributes").unpack()`
Cleanup gnome-keyring code (still broken with introspection) 2012-11-09 19:08:15 +04:00
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`secret = u"".join([unichr(c) for c in secretbytes])`

			`attrs = {}`
			`for key, val in dbusattrs.items():`
			`if key not in ["hvuri", "uuid"]:`
			`continue`
			`attrs["%s" % key] = "%s" % val`

			`ret = vmmSecret(label, secret, attrs)`
We have to make sure the 'default' keyring is created or we'll abort() on an NULL pointer. Also handle keyring failure gracefully 2006-08-17 00:12:50 +04:00			`except:`
keyring: Convert to Secrets DBUS API This fixes keyring support since the gnome bindings are busted, while also giving us a chance of working natively on KDE. I haven't added an explicit dep on libsecret in the spec, since this is such minor functionality it's not worth pulling the dep, which should be there on all modern desktops anyways. 2013-04-17 00:20:58 +04:00			`logging.exception("Failed to get keyring secret id=%s", _id)`

			`return ret`