~mvo/ubuntu-sso-client/strawman-lp711413

« back to all changes in this revision

Viewing changes to ubuntu_sso/key_acls.py

  • Committer: natalia.bidart at canonical
  • Date: 2010-06-10 14:34:40 UTC
  • mto: This revision was merged to the branch mainline in revision 537.
  • Revision ID: natalia.bidart@canonical.com-20100610143440-nzqm5ad5g0xd2k29
Making rename of ubuntu.sso to ubuntu_sso to avoid package name clashing.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
# ubuntu.sso.key_acls - OAuth ACL handling for keyring
 
1
# ubuntu_sso.key_acls - OAuth ACL handling for keyring
2
2
#
3
3
# Author: Stuart Langridge <stuart.langridge@canonical.com>
4
4
#
21
21
access OAuth tokens from the Gnome keyring without the user having to approve
22
22
that, and sets ACLs on relevant keys so they can do so.
23
23
 
24
 
Apps pre-register themselves by dropping an ini file in 
 
24
Apps pre-register themselves by dropping an ini file in
25
25
/etc/xdg/ubuntuone/oauth_registration.d/ in which each section has keys
26
26
realm, consumer_key, exe_path, application_name.
27
27
"""
29
29
import xdg.BaseDirectory, os, ConfigParser, gnomekeyring
30
30
 
31
31
def get_privileged_config_folder(use_source_tree_folder=True):
32
 
    """Find the XDG config folder to use which is not the user's personal 
 
32
    """Find the XDG config folder to use which is not the user's personal
33
33
       config (i.e., ~/.config) so that files in it are root-owned"""
34
 
       
35
34
    # First, check for folder (if we're running from the source tree)
36
35
    if use_source_tree_folder:
37
36
        source_tree_folder = os.path.join(
39
38
             "../../data/oauth_registration.d")
40
39
        if os.path.isdir(source_tree_folder):
41
40
            return os.path.join(source_tree_folder, "..")
42
 
    
 
41
 
43
42
    # Otherwise, check for proper XDG folders
44
 
    privileged_folders = [x for x in 
 
43
    privileged_folders = [x for x in
45
44
       xdg.BaseDirectory.load_config_paths('ubuntuone')
46
45
       if not x.startswith(xdg.BaseDirectory.xdg_config_home)]
47
46
    if privileged_folders:
53
52
    "Return a list of all config files in the pre-registration folder"
54
53
    config_folder = get_privileged_config_folder(use_source_tree_folder)
55
54
    if config_folder:
56
 
        conf_dir = os.path.join(config_folder, 
57
 
          "oauth_registration.d")
 
55
        conf_dir = os.path.join(config_folder, "oauth_registration.d")
58
56
        if os.path.isdir(conf_dir):
59
57
            return [os.path.join(conf_dir, x) for x in os.listdir(conf_dir)]
60
58
    return []
69
67
        try:
70
68
            items = gnomekeyring.find_items_sync(
71
69
                gnomekeyring.ITEM_GENERIC_SECRET,
72
 
                {
73
 
                 'oauth-consumer-key': consumer_key})
 
70
                {'oauth-consumer-key': consumer_key})
74
71
        except (gnomekeyring.NoMatchError,
75
72
                gnomekeyring.DeniedError):
76
73
            return []
77
 
        items = [x.item_id for x in items if 
 
74
        items = [x.item_id for x in items if
78
75
        x.attributes.get("ubuntuone-realm", "").startswith("http://localhost:")]
79
76
        return items
80
77
    else:
90
87
        return [x.item_id for x in items]
91
88
 
92
89
def set_single_acl(app_sets, specific_item_id=None):
93
 
    """Allow a specified set of apps to access a matching keyring 
 
90
    """Allow a specified set of apps to access a matching keyring
94
91
       token without prompts"""
95
92
    for realm, consumer_key, exe_path, application_name in app_sets:
96
93
        if specific_item_id is None:
98
95
        else:
99
96
            # item_id specified
100
97
            items = [specific_item_id]
101
 
    
 
98
 
102
99
        # set an ACL on the key so the calling app can read it without
103
100
        # a prompt dialog
104
101
        for item_id in items:
112
109
                    break
113
110
            else:
114
111
                appref = gnomekeyring.ApplicationRef()
115
 
                ac = gnomekeyring.AccessControl(appref, 
116
 
                   gnomekeyring.ACCESS_READ | 
 
112
                ac = gnomekeyring.AccessControl(appref,
 
113
                   gnomekeyring.ACCESS_READ |
117
114
                   gnomekeyring.ACCESS_WRITE | gnomekeyring.ACCESS_REMOVE)
118
115
                ac.set_display_name(application_name)
119
116
                ac.set_path_name(real_exe_path)
121
118
                new_acls = True
122
119
            if new_acls:
123
120
                gnomekeyring.item_set_acl_sync(None, item_id, acl)
124
 
        
 
121
 
125
122
def set_all_key_acls(item_id=None, use_source_tree_folder=True):
126
123
    """For each file in the config folder, get the (realm, key) pair that
127
124
       the program therein is interested in and register the program as able
132
129
            cfp.read(config_file)
133
130
        except ConfigParser.Error:
134
131
            continue
135
 
        
 
132
 
136
133
        app_sets = []
137
 
        
 
134
 
138
135
        for section in cfp.sections():
139
136
            try:
140
137
                realm = cfp.get(section, "realm")
153
150
            except ConfigParser.NoOptionError:
154
151
                application_name = None
155
152
            if realm and consumer_key and exe_path and application_name:
156
 
                app_sets.append((realm, consumer_key, exe_path, 
 
153
                app_sets.append((realm, consumer_key, exe_path,
157
154
                                 application_name))
158
 
        
159
155
        if app_sets:
160
156
            set_single_acl(app_sets, specific_item_id=item_id)
161
157