[catacomb-python] / pwsafe

#! /usr/bin/python
### -*-python-*-
###
### Tool for maintaining a secure-ish password database
###
### (c) 2005 Straylight/Edgeware
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the Python interface to Catacomb.
###
### Catacomb/Python is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### Catacomb/Python is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with Catacomb/Python; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

###---------------------------------------------------------------------------
### Imported modules.

from __future__ import with_statement

from os import environ
from sys import argv, exit, stdin, stdout, stderr
from getopt import getopt, GetoptError
from fnmatch import fnmatch
import re

import catacomb as C
from catacomb.pwsafe import *

###--------------------------------------------------------------------------
### Python version portability.

def _excval(): return SYS.exc_info()[1]

###--------------------------------------------------------------------------
### Utilities.

## The program name.
prog = re.sub(r'^.*[/\\]', '', argv[0])

def moan(msg):
  """Issue a warning message MSG."""
  print >>stderr, '%s: %s' % (prog, msg)

def die(msg):
  """Report MSG as a fatal error, and exit."""
  moan(msg)
  exit(1)

###--------------------------------------------------------------------------
### Subcommand implementations.

def cmd_create(av):

  ## Default crypto-primitive selections.
  cipher = 'rijndael-cbc'
  hash = 'sha256'
  mac = None

  ## Parse the options.
  try:
    opts, args = getopt(av, 'c:d:h:m:',
                        ['cipher=', 'database=', 'mac=', 'hash='])
  except GetoptError:
    return 1
  dbty = 'flat'
  for o, a in opts:
    if o in ('-c', '--cipher'): cipher = a
    elif o in ('-m', '--mac'): mac = a
    elif o in ('-h', '--hash'): hash = a
    elif o in ('-d', '--database'): dbty = a
    else: raise Exception("barf")
  if len(args) > 2: return 1
  if len(args) >= 1: tag = args[0]
  else: tag = 'pwsafe'

  ## Set up the database.
  if mac is None: mac = hash + '-hmac'
  try: dbcls = StorageBackend.byname(dbty)
  except KeyError: die("Unknown database backend `%s'" % dbty)
  PW.create(dbcls, file, tag,
            C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])

def cmd_changepp(av):
  if len(av) != 0: return 1
  with PW(file, writep = True) as pw: pw.changepp()

def cmd_find(av):
  if len(av) != 1: return 1
  with PW(file) as pw:
    try: print pw[av[0]]
    except KeyError: die("Password `%s' not found" % _excval().args[0])

def cmd_store(av):
  if len(av) < 1 or len(av) > 2: return 1
  tag = av[0]
  with PW(file, writep = True) as pw:
    if len(av) < 2:
      pp = C.getpass("Enter passphrase `%s': " % tag)
      vpp = C.getpass("Confirm passphrase `%s': " % tag)
      if pp != vpp: die("passphrases don't match")
    elif av[1] == '-':
      pp = stdin.readline().rstrip('\n')
    else:
      pp = av[1]
    pw[av[0]] = pp

def cmd_copy(av):
  if len(av) < 1 or len(av) > 2: return 1
  with PW(file) as pw_in:
    with PW(av[0], writep = True) as pw_out:
      if len(av) >= 3: pat = av[1]
      else: pat = None
      for k in pw_in:
        if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]

def cmd_list(av):
  if len(av) > 1: return 1
  with PW(file) as pw:
    if len(av) >= 1: pat = av[0]
    else: pat = None
    for k in pw:
      if pat is None or fnmatch(k, pat): print k

def cmd_topixie(av):
  if len(av) > 2: return 1
  with PW(file) as pw:
    pix = C.Pixie()
    if len(av) == 0:
      for tag in pw: pix.set(tag, pw[tag])
    else:
      tag = av[0]
      if len(av) >= 2: pptag = av[1]
      else: pptag = av[0]
      pix.set(pptag, pw[tag])

def cmd_del(av):
  if len(av) != 1: return 1
  with PW(file, writep = True) as pw:
    tag = av[0]
    try: del pw[tag]
    except KeyError: die("Password `%s' not found" % _excval().args[0])

def cmd_xfer(av):

  ## Parse the command line.
  try: opts, args = getopt(av, 'd:', ['database='])
  except GetoptError: return 1
  dbty = 'flat'
  for o, a in opts:
    if o in ('-d', '--database'): dbty = a
    else: raise Exception("barf")
  if len(args) != 1: return 1
  try: dbcls = StorageBackend.byname(dbty)
  except KeyError: die("Unknown database backend `%s'" % dbty)

  ## Create the target database.
  with StorageBackend.open(file) as db_in:
    with dbcls.create(args[0]) as db_out:
      for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
      for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)

commands = { 'create': [cmd_create,
                        '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
             'find' : [cmd_find, 'LABEL'],
             'store' : [cmd_store, 'LABEL [VALUE]'],
             'list' : [cmd_list, '[GLOB-PATTERN]'],
             'changepp' : [cmd_changepp, ''],
             'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
             'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
             'delete' : [cmd_del, 'TAG'],
             'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }

###--------------------------------------------------------------------------
### Command-line handling and dispatch.

def version():
  print '%s 1.0.0' % prog
  print 'Backend types: %s' % \
      ' '.join([c.NAME for c in StorageBackend.classes()])

def usage(fp):
  print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog

def help():
  version()
  print
  usage(stdout)
  print '''
Maintains passwords or other short secrets securely.

Options:

-h, --help		Show this help text.
-v, --version		Show program version number.
-u, --usage		Show short usage message.

-f, --file=FILE		Where to find the password-safe file.

Commands provided:
'''
  for c in sorted(commands):
    print '%s %s' % (c, commands[c][1])

## Choose a default database file.
if 'PWSAFE' in environ:
  file = environ['PWSAFE']
else:
  file = '%s/.pwsafe' % environ['HOME']

## Parse the command-line options.
try:
  opts, argv = getopt(argv[1:], 'hvuf:',
                      ['help', 'version', 'usage', 'file='])
except GetoptError:
  usage(stderr)
  exit(1)
for o, a in opts:
  if o in ('-h', '--help'):
    help()
    exit(0)
  elif o in ('-v', '--version'):
    version()
    exit(0)
  elif o in ('-u', '--usage'):
    usage(stdout)
    exit(0)
  elif o in ('-f', '--file'):
    file = a
  else:
    raise Exception("barf")
if len(argv) < 1:
  usage(stderr)
  exit(1)

## Dispatch to a command handler.
if argv[0] in commands:
  c = argv[0]
  argv = argv[1:]
else:
  c = 'find'
try:
  if commands[c][0](argv):
    print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
    exit(1)
except DecryptError:
  die("decryption failure")

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
24b3d57b	1	#! /usr/bin/python
d1c45f5c MW	2	### --python--
	3	###
	4	### Tool for maintaining a secure-ish password database
	5	###
	6	### (c) 2005 Straylight/Edgeware
	7	###
	8
	9	###----- Licensing notice ---------------------------------------------------
	10	###
	11	### This file is part of the Python interface to Catacomb.
	12	###
	13	### Catacomb/Python is free software; you can redistribute it and/or modify
	14	### it under the terms of the GNU General Public License as published by
	15	### the Free Software Foundation; either version 2 of the License, or
	16	### (at your option) any later version.
	17	###
	18	### Catacomb/Python is distributed in the hope that it will be useful,
	19	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	20	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	### GNU General Public License for more details.
	22	###
	23	### You should have received a copy of the GNU General Public License
	24	### along with Catacomb/Python; if not, write to the Free Software Foundation,
	25	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	26
	27	###---------------------------------------------------------------------------
	28	### Imported modules.
d7ab1bab	29
85f15f07 MW	30	from __future__ import with_statement
85f15f07 MW	31
43c09851	32	from os import environ
d7ab1bab	33	from sys import argv, exit, stdin, stdout, stderr
d7ab1bab	34	from getopt import getopt, GetoptError
d7ab1bab	35	from fnmatch import fnmatch
80dc9c94	36	import re
2e6a3fda	37
d1c45f5c MW	38	import catacomb as C
	39	from catacomb.pwsafe import *
	40
	41	###--------------------------------------------------------------------------
f6d012db MW	42	### Python version portability.
	43
	44	def _excval(): return SYS.exc_info()[1]
	45
	46	###--------------------------------------------------------------------------
d1c45f5c MW	47	### Utilities.
	48
	49	## The program name.
2e6a3fda	50	prog = re.sub(r'^.*[/\\]', '', argv[0])
d1c45f5c	51
2e6a3fda	52	def moan(msg):
d1c45f5c	53	"""Issue a warning message MSG."""
2e6a3fda	54	print >>stderr, '%s: %s' % (prog, msg)
d1c45f5c	55
2e6a3fda	56	def die(msg):
d1c45f5c	57	"""Report MSG as a fatal error, and exit."""
2e6a3fda	58	moan(msg)
2e6a3fda	59	exit(1)
d7ab1bab	60
d1c45f5c MW	61	###--------------------------------------------------------------------------
d1c45f5c MW	62	### Subcommand implementations.
d7ab1bab	63
d7ab1bab	64	def cmd_create(av):
d1c45f5c MW	65
d1c45f5c MW	66	## Default crypto-primitive selections.
6af1255c MW	67	cipher = 'rijndael-cbc'
6af1255c MW	68	hash = 'sha256'
d7ab1bab	69	mac = None
d1c45f5c MW	70
d1c45f5c MW	71	## Parse the options.
d7ab1bab	72	try:
6baae405 MW	73	opts, args = getopt(av, 'c:d:h:m:',
6baae405 MW	74	['cipher=', 'database=', 'mac=', 'hash='])
d7ab1bab	75	except GetoptError:
d7ab1bab	76	return 1
8501dc39	77	dbty = 'flat'
d7ab1bab	78	for o, a in opts:
9d0d0a7b MW	79	if o in ('-c', '--cipher'): cipher = a
	80	elif o in ('-m', '--mac'): mac = a
	81	elif o in ('-h', '--hash'): hash = a
6baae405	82	elif o in ('-d', '--database'): dbty = a
1c7419c9	83	else: raise Exception("barf")
9d0d0a7b MW	84	if len(args) > 2: return 1
	85	if len(args) >= 1: tag = args[0]
	86	else: tag = 'pwsafe'
d1c45f5c	87
09b8041d MW	88	## Set up the database.
09b8041d MW	89	if mac is None: mac = hash + '-hmac'
6baae405 MW	90	try: dbcls = StorageBackend.byname(dbty)
	91	except KeyError: die("Unknown database backend `%s'" % dbty)
	92	PW.create(dbcls, file, tag,
	93	C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])
d7ab1bab	94
d7ab1bab	95	def cmd_changepp(av):
9d0d0a7b	96	if len(av) != 0: return 1
5bf6e9f5	97	with PW(file, writep = True) as pw: pw.changepp()
d7ab1bab	98
d7ab1bab	99	def cmd_find(av):
9d0d0a7b	100	if len(av) != 1: return 1
5bf6e9f5 MW	101	with PW(file) as pw:
5bf6e9f5 MW	102	try: print pw[av[0]]
f6d012db	103	except KeyError: die("Password `%s' not found" % _excval().args[0])
d7ab1bab	104
d7ab1bab	105	def cmd_store(av):
5bf6e9f5	106	if len(av) < 1 or len(av) > 2: return 1
d7ab1bab	107	tag = av[0]
5bf6e9f5 MW	108	with PW(file, writep = True) as pw:
	109	if len(av) < 2:
	110	pp = C.getpass("Enter passphrase `%s': " % tag)
	111	vpp = C.getpass("Confirm passphrase `%s': " % tag)
	112	if pp != vpp: die("passphrases don't match")
	113	elif av[1] == '-':
63ba6dfa	114	pp = stdin.readline().rstrip('\n')
5bf6e9f5 MW	115	else:
5bf6e9f5 MW	116	pp = av[1]
63ba6dfa	117	pw[av[0]] = pp
d7ab1bab	118
d7ab1bab	119	def cmd_copy(av):
9d0d0a7b	120	if len(av) < 1 or len(av) > 2: return 1
5bf6e9f5 MW	121	with PW(file) as pw_in:
	122	with PW(av[0], writep = True) as pw_out:
	123	if len(av) >= 3: pat = av[1]
	124	else: pat = None
	125	for k in pw_in:
	126	if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]
d7ab1bab	127
d7ab1bab	128	def cmd_list(av):
9d0d0a7b	129	if len(av) > 1: return 1
5bf6e9f5 MW	130	with PW(file) as pw:
	131	if len(av) >= 1: pat = av[0]
	132	else: pat = None
	133	for k in pw:
	134	if pat is None or fnmatch(k, pat): print k
d7ab1bab	135
d7ab1bab	136	def cmd_topixie(av):
9d0d0a7b	137	if len(av) > 2: return 1
5bf6e9f5 MW	138	with PW(file) as pw:
	139	pix = C.Pixie()
	140	if len(av) == 0:
	141	for tag in pw: pix.set(tag, pw[tag])
	142	else:
	143	tag = av[0]
	144	if len(av) >= 2: pptag = av[1]
	145	else: pptag = av[0]
	146	pix.set(pptag, pw[tag])
d7ab1bab	147
3aa33042	148	def cmd_del(av):
9d0d0a7b	149	if len(av) != 1: return 1
5bf6e9f5 MW	150	with PW(file, writep = True) as pw:
	151	tag = av[0]
	152	try: del pw[tag]
f6d012db	153	except KeyError: die("Password `%s' not found" % _excval().args[0])
3aa33042	154
dab03511 MW	155	def cmd_xfer(av):
	156
	157	## Parse the command line.
	158	try: opts, args = getopt(av, 'd:', ['database='])
	159	except GetoptError: return 1
	160	dbty = 'flat'
	161	for o, a in opts:
	162	if o in ('-d', '--database'): dbty = a
1c7419c9	163	else: raise Exception("barf")
dab03511 MW	164	if len(args) != 1: return 1
	165	try: dbcls = StorageBackend.byname(dbty)
	166	except KeyError: die("Unknown database backend `%s'" % dbty)
	167
	168	## Create the target database.
	169	with StorageBackend.open(file) as db_in:
	170	with dbcls.create(args[0]) as db_out:
	171	for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
	172	for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)
	173
d7ab1bab	174	commands = { 'create': [cmd_create,
6baae405	175	'[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
d1c45f5c MW	176	'find' : [cmd_find, 'LABEL'],
	177	'store' : [cmd_store, 'LABEL [VALUE]'],
	178	'list' : [cmd_list, '[GLOB-PATTERN]'],
	179	'changepp' : [cmd_changepp, ''],
	180	'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
	181	'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
dab03511 MW	182	'delete' : [cmd_del, 'TAG'],
dab03511 MW	183	'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }
d1c45f5c MW	184
	185	###--------------------------------------------------------------------------
	186	### Command-line handling and dispatch.
d7ab1bab	187
d7ab1bab	188	def version():
2e6a3fda	189	print '%s 1.0.0' % prog
6baae405 MW	190	print 'Backend types: %s' % \
6baae405 MW	191	' '.join([c.NAME for c in StorageBackend.classes()])
d1c45f5c	192
d7ab1bab	193	def usage(fp):
2e6a3fda	194	print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
d1c45f5c	195
d7ab1bab	196	def help():
	197	version()
	198	print
b2687a0a	199	usage(stdout)
d7ab1bab	200	print '''
	201	Maintains passwords or other short secrets securely.
	202
	203	Options:
	204
	205	-h, --help Show this help text.
	206	-v, --version Show program version number.
	207	-u, --usage Show short usage message.
	208
2e6a3fda	209	-f, --file=FILE Where to find the password-safe file.
2e6a3fda	210
d7ab1bab	211	Commands provided:
d7ab1bab	212	'''
05a82542	213	for c in sorted(commands):
d7ab1bab	214	print '%s %s' % (c, commands[c][1])
d7ab1bab	215
d1c45f5c MW	216	## Choose a default database file.
	217	if 'PWSAFE' in environ:
	218	file = environ['PWSAFE']
	219	else:
	220	file = '%s/.pwsafe' % environ['HOME']
	221
	222	## Parse the command-line options.
d7ab1bab	223	try:
d1c45f5c MW	224	opts, argv = getopt(argv[1:], 'hvuf:',
d1c45f5c MW	225	['help', 'version', 'usage', 'file='])
d7ab1bab	226	except GetoptError:
	227	usage(stderr)
	228	exit(1)
	229	for o, a in opts:
	230	if o in ('-h', '--help'):
	231	help()
	232	exit(0)
	233	elif o in ('-v', '--version'):
	234	version()
	235	exit(0)
	236	elif o in ('-u', '--usage'):
	237	usage(stdout)
	238	exit(0)
	239	elif o in ('-f', '--file'):
	240	file = a
	241	else:
1c7419c9	242	raise Exception("barf")
d7ab1bab	243	if len(argv) < 1:
	244	usage(stderr)
	245	exit(1)
	246
d1c45f5c	247	## Dispatch to a command handler.
d7ab1bab	248	if argv[0] in commands:
	249	c = argv[0]
	250	argv = argv[1:]
	251	else:
	252	c = 'find'
40b16f0c MW	253	try:
	254	if commands[c][0](argv):
	255	print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
	256	exit(1)
	257	except DecryptError:
	258	die("decryption failure")
d1c45f5c MW	259
d1c45f5c MW	260	###----- That's all, folks --------------------------------------------------