1 Index: keyring-5.3/keyring/backends/file.py
2 ===================================================================
3 --- keyring-5.3.orig/keyring/backends/file.py
4 +++ keyring-5.3/keyring/backends/file.py
5 @@ -19,6 +19,8 @@ from ..util.escape import escape as esca
6 from oslo_concurrency import lockutils
9 +lockfile = "keyringlock"
11 class FileBacked(object):
14 @@ -104,16 +106,18 @@ class BaseKeyring(FileBacked, KeyringBac
15 service = escape_for_ini(service)
16 username = escape_for_ini(username)
18 + # ensure the file exists
19 + self._ensure_file_path()
21 # encrypt the password
22 password_encrypted = self.encrypt(password.encode('utf-8'))
24 password_base64 = base64.encodestring(password_encrypted).decode()
26 + lockdir = os.path.dirname(self.file_path)
28 - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
29 + with lockutils.lock(lockfile,external=True,lock_path=lockdir):
31 - # ensure the file exists
32 - self._ensure_file_path()
36 @@ -159,14 +163,13 @@ class BaseKeyring(FileBacked, KeyringBac
42 def _ensure_file_path(self):
44 Ensure the storage path exists.
45 If it doesn't, create it with "go-rwx" permissions.
47 storage_root = os.path.dirname(self.file_path)
48 + lockdir = storage_root
49 if storage_root and not os.path.isdir(storage_root):
50 os.makedirs(storage_root)
51 if not os.path.isfile(self.file_path):
52 @@ -175,13 +178,22 @@ class BaseKeyring(FileBacked, KeyringBac
54 user_read_write = 0o644
55 os.chmod(self.file_path, user_read_write)
56 + if not os.path.isfile(lockdir + "/" + lockfile):
58 + with open(lockdir + "/" + lockfile, 'w'):
60 + # must have the lock file with the correct group permissisions g+rw
61 + os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
64 def delete_password(self, service, username):
65 """Delete the password for the username of the service.
67 service = escape_for_ini(service)
68 username = escape_for_ini(username)
69 - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
71 + lockdir = os.path.dirname(self.file_path)
72 + with lockutils.lock(lockfile,external=True,lock_path=lockdir):
73 config = configparser.RawConfigParser()
74 if os.path.exists(self.file_path):
75 config.read(self.file_path)
76 @@ -290,17 +302,6 @@ class EncryptedKeyring(Encrypted, BaseKe
77 # set a reference password, used to check that the password provided
78 # matches for subsequent checks.
80 - # try to pre-create the /tmp/keyringlock if it doesn't exist
81 - lockfile = "/tmp/keyringlock"
82 - if os.geteuid() == 0 and (not os.path.exists(lockfile)):
83 - from pwd import getpwnam
85 - nonrootuser = "sysadmin"
86 - with open(lockfile, 'w'):
88 - # must have the lock file with the correct group permissisions g+rw
89 - os.chmod(lockfile, stat.S_IRWXG | stat.S_IRWXU)
92 self.set_password('keyring-setting', 'password reference',
93 'password reference value')
94 @@ -313,9 +314,10 @@ class EncryptedKeyring(Encrypted, BaseKe
98 + lockdir = os.path.dirname(self.file_path)
99 # lock access to the file_path here, make sure it's not being written
100 # to while while we're checking for keyring-setting
101 - with lockutils.lock("keyringlock",external=True,lock_path="/tmp"):
102 + with lockutils.lock(lockfile,external=True,lock_path=lockdir):
103 config = configparser.RawConfigParser()
104 config.read(self.file_path)
106 @@ -325,7 +327,6 @@ class EncryptedKeyring(Encrypted, BaseKe
108 except (configparser.NoSectionError, configparser.NoOptionError):
109 # The current file doesn't have the keyring-setting, check the backup
110 - logging.warning("_check_file: The current file doesn't have the keyring-setting, check the backup")
111 if os.path.exists(self.backup_file_path):
112 config = configparser.RawConfigParser()
113 config.read(self.backup_file_path)