Python gnome keyring in bash mount script

Question

I am not sure if the title is correct, if not please edit it.

Now my problem is that I have a automated mount script written in bash and it runs when user logs in and asks for the users AD credentials to mount the Windows share.

#!/bin/bash
MOUNTDIR=
DIRNAME=
DOMAIN=
SERVER=
SHARE=

# create mountpoint for mounting
if [ ! -d ${HOME}/${DIRNAME} ]; then
        mkdir ${HOME}/${DIRNAME}
fi

## define a function that launched the zenity username dialog
get_username(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Username:"
}
# define a function that launched the zenity password dialog
get_password(){
    zenity --entry --width=300 --title="Mount $MOUNTDIR" --text="Password:" --hide-text
}

# attempt to get the username and exit if cancel was pressed.
wUsername=$(get_username) || exit

# if the username is empty or matches only whitespace.
while [ "$(expr match "$wUsername" '.')" -lt "1" ]; do
    zenity --error --title="Error in username!" --text="Please check your username! Username field can not be empty!"  || exit
    wUsername=$(get_username) || exit
done

wPassword=$(get_password) || exit

while [ "$(expr match "$wPassword" '.')" -lt "1" ]; do
    zenity --error --title="Error in password!" --text="Please check your password! Password field can not be empty!" || exit
    wPassword=$(get_password) || exit
done

# mount windows share to mountpoint
sudo mount -t cifs //$SERVER/$SHARE ${HOME}/${DIRNAME} -o username=${wUsername},password=${wPassword},domain=${DOMAIN}

# show if mounting was OK or failed
if [ $? -eq 0 ]; then
        zenity --info --title="Mounting public share succeeded!" --text="Location Documents/Shares/public!"
else
        zenity --error --title="Mounting public did not succed!" --text="Please contact system administrator!"
fi

Now I have been looking at a blog called Bending Gnome Keyring With Python it explains the gnome keyring really well. But as I have never coded in python and never added python to bash then maybe someone here can show me how can I import gnome keyring to bash so it saves the users username and password so once the script is rerunned it takes the info from the gnome keyring.

Thank you. If you need more info please comment!

Answer 1

Hm, that guide is a bit verbose, and dipping into Python seems unnecessary for your needs. You would be served well by gnome-keyring-query (which you'll have to compile yourself).

The username can be pulled in from a command line option, or you can keep the prompt, or you can use $USER as a default.

First, add the password to the keyring:

echo -n "$wPassword" |gnome-keyring-query set WindowsAD
unset wPassword  # do not keep this in memory any longer than necessary

gnome-keyring-query does technically allow you to enter the password directly, but it stores the trailing linebreak from your ENTER keystroke and therefore will get it wrong.

To read it:

wUsername="$USER"
wPassword="$(gnome-keyring-query get WindowsAD)"
sudo mount ...
unset wPassword

From a security perspective, I'm not so happy seeing the password in the command line; anybody getting a full process list (eg ps auxww ) would see it. However, the only alternative I can see is to use /etc/fstab.d (use a file that only root can read, maybe even delete it after mounting). That may be too cumbersome for you (or you may be on a system that does not support it).