Back In Time

BIT and saving passwords fails for root user

Asked by Benjamin Schmid

Thank you very much for this great tool and even more pointing me out to the incredible great 'SSH encrypted' feature in the newer version!

I try to use the "Store Password into Keychain" option. This works fine if BIT is run as regular user. But when I use the "Back in time (root)" launcher this freezes the application.

Here the output of my user vs. root as described in a related BIT bug:

  $ ~ sudo python -c "import keyring; print(keyring.get_keyring())"
  <keyring.backend.SecretServiceKeyring object at 0x7fe92d9c3050>
  $ ~ python -c "import keyring; print(keyring.get_keyring())"
  <keyring.backend.GnomeKeyring object at 0x1f56110>

Is this supposed to work? Do I miss some configuration?
I launched it manually via sudo and got the following stracktrace:

ERROR:dbus.proxies:Introspect error on :1.137:/org/freedesktop/secrets/aliases/default: dbus.exceptions.DBusException: org.freedesktop.Secret.Error.NoSuchObject: The '/org/freedesktop/secrets/aliases/default' object does not exist
ERROR:dbus.connection:Unable to set arguments ({'org.freedesktop.Secret.Item.Label': 'profile_id_1 @ backintime/ssh_encfs', 'org.freedesktop.Secret.Item.Attributes': {'username': 'profile_id_1', 'service': 'backintime/ssh_encfs'}}, dbus.Struct((dbus.ObjectPath('/org/freedesktop/secrets/session/s1'), '', dbus.ByteArray(''), 'text/plain'), signature=None), True) according to signature None: <type 'exceptions.TypeError'>: Expected a string or unicode object
Traceback (most recent call last):
  File "/usr/share/backintime/gnome/app.py", line 1028, in on_btn_settings_clicked
    settingsdialog.SettingsDialog( self.config, self.snapshots, self ).run()
  File "/usr/share/backintime/gnome/settingsdialog.py", line 1124, in run
    if not self.validate():
  File "/usr/share/backintime/gnome/settingsdialog.py", line 1274, in validate
    if not self.save_profile():
  File "/usr/share/backintime/gnome/settingsdialog.py", line 1008, in save_profile
    self.config.set_password(password_1, self.profile_id, mode)
  File "/usr/share/backintime/common/config.py", line 582, in set_password
    self.pw.set_password(password, profile_id, mode, pw_id)
  File "/usr/share/backintime/common/password.py", line 475, in set_password
    self._set_password_to_keyring(service_name, user_name, password)
  File "/usr/share/backintime/common/password.py", line 483, in _set_password_to_keyring
    return tools.set_password(service_name, user_name, password)
  File "/usr/share/backintime/common/tools.py", line 549, in set_password
    return keyring.set_password(*args)
  File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 42, in set_password
    _keyring_backend.set_password(service_name, username, password)
  File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 234, in set_password
    True)
  File "/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 70, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib/python2.7/dist-packages/dbus/connection.py", line 641, in call_blocking
    message.append(signature=signature, *args)
TypeError: Expected a string or unicode object

Question information

Language:
English Edit question
Status:
Answered
For:
Back In Time Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Germar (germar) said : 		#1

No, this is not supposed to work ;-)
Root has no keyring. So there is no way to store secrets with root. Normally 'store password to keyring' should be disabled with root. I'm not sure why it wasn't. Also there seems to be a bug in python-secretstorage which caused the TypeError.

For now you can only cache password in ram for root. I know this is not very satisfying but I've no better solution yet.

Revision history for this message
Benjamin Schmid (benbuntu) said : 		#2

So to cache password for root I have to manually start "BIT (root)" after a system reboot and interactively enter two passwords (SSH & encFS) for a working BIT cronjob for root, right?

If yes: Is there a way to pass/inject those two passwords into BIT on session login? i.e. like:

    _ME="$(whoami)" # Logged in users name
    SSH_PASSWORD=$(python -c "import keyring;print keyring.get_password('""bit.ssh""', '""$_ME""')")
    ENCFS_PASSWORD=$(python -c "import keyring;print keyring.get_password('""bit.encfs""', '""$_ME""')")
    sudo "echo $SSH_PASSWORD | /usr/bin/backintime --pw-cache start --cache-ssh-password"
    sudo "echo $ENCFS_PASSWORD | /usr/bin/backintime --pw-cache start --cache-encfs-password"

I did not find any way to pass those two passwords except via the interactive prompt.

Revision history for this message
Germar (germar) said : 		#3

There is no such function. You could fiddle around with the FIFO '/root/.local/share/backintime/password_cache/FIFO' to inject those passwords. You would need to write something like 'set_pw:backintime/ssh_encfs/profile_id_1:<base64 encode passwd>'
or 'set_pw:backintime/ssh_encfs_2/profile_[...]' to the FIFO.

Like I said I'm not happy with this, too. But I've no better solution yet. Blueprints are very welcome ;-)

Can you help with this problem?

Provide an answer of your own, or ask Benjamin Schmid for more information if necessary.

To post a message you must log in.