4 ### Tool for maintaining a secure-ish password database
6 ### (c) 2005 Straylight/Edgeware
9 ###----- Licensing notice ---------------------------------------------------
11 ### This file is part of the Python interface to Catacomb.
13 ### Catacomb/Python is free software; you can redistribute it and/or modify
14 ### it under the terms of the GNU General Public License as published by
15 ### the Free Software Foundation; either version 2 of the License, or
16 ### (at your option) any later version.
18 ### Catacomb/Python is distributed in the hope that it will be useful,
19 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
20 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ### GNU General Public License for more details.
23 ### You should have received a copy of the GNU General Public License
24 ### along with Catacomb/Python; if not, write to the Free Software Foundation,
25 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 ###--------------------------------------------------------------------------
30 from __future__
import with_statement
32 from os
import environ
33 import sys
as SYS
; from sys
import argv
, exit
, stdin
, stdout
, stderr
34 from getopt
import getopt
, GetoptError
35 from fnmatch
import fnmatch
39 from catacomb
.pwsafe
import *
41 ###--------------------------------------------------------------------------
42 ### Python version portability.
44 if SYS
.version_info
>= (3,):
46 def hack_stream(stream
):
47 _enc
= stream
.encoding
48 _lbuf
= stream
.line_buffering
50 return IO
.TextIOWrapper(stream
.detach(),
52 line_buffering
= _lbuf
,
54 errors
= "surrogateescape")
55 SYS
.stdout
= stdout
= hack_stream(stdout
)
56 def _text(bin
): return bin
.decode(errors
= "surrogateescape")
57 def _bin(text
): return text
.encode(errors
= "surrogateescape")
59 def _text(bin
): return bin
60 def _bin(text
): return text
62 def _excval(): return SYS
.exc_info()[1]
64 ###--------------------------------------------------------------------------
68 prog
= re
.sub(r
'^.*[/\\]', '', argv
[0])
71 """Issue a warning message MSG."""
72 stderr
.write('%s: %s\n' %
(prog
, msg
))
75 """Report MSG as a fatal error, and exit."""
79 ###--------------------------------------------------------------------------
80 ### Subcommand implementations.
84 ## Default crypto-primitive selections.
85 cipher
= 'rijndael-cbc'
91 opts
, args
= getopt(av
, 'c:d:h:m:',
92 ['cipher=', 'database=', 'mac=', 'hash='])
97 if o
in ('-c', '--cipher'): cipher
= a
98 elif o
in ('-m', '--mac'): mac
= a
99 elif o
in ('-h', '--hash'): hash = a
100 elif o
in ('-d', '--database'): dbty
= a
101 else: raise Exception("barf")
102 if len(args
) > 2: return 1
103 if len(args
) >= 1: tag
= args
[0]
106 ## Set up the database.
107 if mac
is None: mac
= hash + '-hmac'
108 try: dbcls
= StorageBackend
.byname(dbty
)
109 except KeyError: die("Unknown database backend `%s'" % dbty
)
110 PW
.create(dbcls
, file, tag
,
111 C
.gcciphers
[cipher
], C
.gchashes
[hash], C
.gcmacs
[mac
])
113 def cmd_changepp(av
):
114 if len(av
) != 0: return 1
115 with
PW(file, writep
= True) as pw
: pw
.changepp()
118 if len(av
) != 1: return 1
120 try: print(_text(pw
[_bin(av
[0])]))
121 except KeyError: die("Password `%s' not found" %
_excval().args
[0])
124 if len(av
) < 1 or len(av
) > 2: return 1
126 with
PW(file, writep
= True) as pw
:
128 pp
= C
.getpass("Enter passphrase `%s': " % tag
)
129 vpp
= C
.getpass("Confirm passphrase `%s': " % tag
)
130 if pp
!= vpp
: die("passphrases don't match")
132 pp
= _bin(stdin
.readline().rstrip('\n'))
138 if len(av
) < 1 or len(av
) > 2: return 1
139 with
PW(file) as pw_in
:
140 with
PW(av
[0], writep
= True) as pw_out
:
141 if len(av
) >= 3: pat
= av
[1]
145 if pat
is None or fnmatch(ktext
, pat
): pw_out
[k
] = pw_in
[k
]
148 if len(av
) > 1: return 1
150 if len(av
) >= 1: pat
= av
[0]
154 if pat
is None or fnmatch(ktext
, pat
): print(ktext
)
157 if len(av
) > 2: return 1
161 for tag
in pw
: pix
.set(tag
, pw
[_bin(tag
)])
164 if len(av
) >= 2: pptag
= av
[1]
166 pix
.set(pptag
, pw
[tag
])
169 if len(av
) != 1: return 1
170 with
PW(file, writep
= True) as pw
:
173 except KeyError: die("Password `%s' not found" %
_excval().args
[0])
177 ## Parse the command line.
178 try: opts
, args
= getopt(av
, 'd:', ['database='])
179 except GetoptError
: return 1
182 if o
in ('-d', '--database'): dbty
= a
183 else: raise Exception("barf")
184 if len(args
) != 1: return 1
185 try: dbcls
= StorageBackend
.byname(dbty
)
186 except KeyError: die("Unknown database backend `%s'" % dbty
)
188 ## Create the target database.
189 with StorageBackend
.open(file) as db_in
:
190 with dbcls
.create(args
[0]) as db_out
:
191 for k
, v
in db_in
.iter_meta(): db_out
.put_meta(k
, v
)
192 for k
, v
in db_in
.iter_passwds(): db_out
.put_passwd(k
, v
)
194 commands
= { 'create': [cmd_create
,
195 '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
196 'find' : [cmd_find
, 'LABEL'],
197 'store' : [cmd_store
, 'LABEL [VALUE]'],
198 'list' : [cmd_list
, '[GLOB-PATTERN]'],
199 'changepp' : [cmd_changepp
, ''],
200 'copy' : [cmd_copy
, 'DEST-FILE [GLOB-PATTERN]'],
201 'to-pixie' : [cmd_topixie
, '[TAG [PIXIE-TAG]]'],
202 'delete' : [cmd_del
, 'TAG'],
203 'xfer': [cmd_xfer
, '[-d DBTYPE] DEST-FILE'] }
205 ###--------------------------------------------------------------------------
206 ### Command-line handling and dispatch.
209 print('%s 1.0.0' % prog
)
210 print('Backend types: %s' %
211 ' '.join([c
.NAME
for c
in StorageBackend
.classes()]))
214 fp
.write('Usage: %s COMMAND [ARGS...]\n' % prog
)
221 Maintains passwords or other short secrets securely.
225 -h, --help Show this help text.
226 -v, --version Show program version number.
227 -u, --usage Show short usage message.
229 -f, --file=FILE Where to find the password-safe file.
233 for c
in sorted(commands
):
234 print('%s %s' %
(c
, commands
[c
][1]))
236 ## Choose a default database file.
237 if 'PWSAFE' in environ
:
238 file = environ
['PWSAFE']
240 file = '%s/.pwsafe' % environ
['HOME']
242 ## Parse the command-line options.
244 opts
, argv
= getopt(argv
[1:], 'hvuf:',
245 ['help', 'version', 'usage', 'file='])
250 if o
in ('-h', '--help'):
253 elif o
in ('-v', '--version'):
256 elif o
in ('-u', '--usage'):
259 elif o
in ('-f', '--file'):
262 raise Exception("barf")
267 ## Dispatch to a command handler.
268 if argv
[0] in commands
:
274 if commands
[c
][0](argv
):
275 stderr
.write('Usage: %s %s %s\n' %
(prog
, c
, commands
[c
][1]))
278 die("decryption failure")
280 ###----- That's all, folks --------------------------------------------------