[catacomb-python] / pwsafe

#! /usr/bin/python
### -*-python-*-
###
### Tool for maintaining a secure-ish password database
###
### (c) 2005 Straylight/Edgeware
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the Python interface to Catacomb.
###
### Catacomb/Python is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### Catacomb/Python is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with Catacomb/Python; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

###---------------------------------------------------------------------------
### Imported modules.

from __future__ import with_statement

from os import environ
from sys import argv, exit, stdin, stdout, stderr
from getopt import getopt, GetoptError
from fnmatch import fnmatch
import re

import catacomb as C
from catacomb.pwsafe import *

###--------------------------------------------------------------------------
### Utilities.

## The program name.
prog = re.sub(r'^.*[/\\]', '', argv[0])

def moan(msg):
  """Issue a warning message MSG."""
  print >>stderr, '%s: %s' % (prog, msg)

def die(msg):
  """Report MSG as a fatal error, and exit."""
  moan(msg)
  exit(1)

###--------------------------------------------------------------------------
### Subcommand implementations.

def cmd_create(av):

  ## Default crypto-primitive selections.
  cipher = 'blowfish-cbc'
  hash = 'rmd160'
  mac = None

  ## Parse the options.
  try:
    opts, args = getopt(av, 'c:d:h:m:',
                        ['cipher=', 'database=', 'mac=', 'hash='])
  except GetoptError:
    return 1
  dbty = 'flat'
  for o, a in opts:
    if o in ('-c', '--cipher'): cipher = a
    elif o in ('-m', '--mac'): mac = a
    elif o in ('-h', '--hash'): hash = a
    elif o in ('-d', '--database'): dbty = a
    else: raise 'Barf!'
  if len(args) > 2: return 1
  if len(args) >= 1: tag = args[0]
  else: tag = 'pwsafe'

  ## Set up the database.
  if mac is None: mac = hash + '-hmac'
  try: dbcls = StorageBackend.byname(dbty)
  except KeyError: die("Unknown database backend `%s'" % dbty)
  PW.create(dbcls, file, tag,
            C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])

def cmd_changepp(av):
  if len(av) != 0: return 1
  with PW(file, writep = True) as pw: pw.changepp()

def cmd_find(av):
  if len(av) != 1: return 1
  with PW(file) as pw:
    try: print pw[av[0]]
    except KeyError, exc: die("Password `%s' not found" % exc.args[0])

def cmd_store(av):
  if len(av) < 1 or len(av) > 2: return 1
  tag = av[0]
  with PW(file, writep = True) as pw:
    if len(av) < 2:
      pp = C.getpass("Enter passphrase `%s': " % tag)
      vpp = C.getpass("Confirm passphrase `%s': " % tag)
      if pp != vpp: die("passphrases don't match")
    elif av[1] == '-':
      pp = stdin.readline().rstrip('\n')
    else:
      pp = av[1]
    pw[av[0]] = pp

def cmd_copy(av):
  if len(av) < 1 or len(av) > 2: return 1
  with PW(file) as pw_in:
    with PW(av[0], writep = True) as pw_out:
      if len(av) >= 3: pat = av[1]
      else: pat = None
      for k in pw_in:
        if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]

def cmd_list(av):
  if len(av) > 1: return 1
  with PW(file) as pw:
    if len(av) >= 1: pat = av[0]
    else: pat = None
    for k in pw:
      if pat is None or fnmatch(k, pat): print k

def cmd_topixie(av):
  if len(av) > 2: return 1
  with PW(file) as pw:
    pix = C.Pixie()
    if len(av) == 0:
      for tag in pw: pix.set(tag, pw[tag])
    else:
      tag = av[0]
      if len(av) >= 2: pptag = av[1]
      else: pptag = av[0]
      pix.set(pptag, pw[tag])

def cmd_del(av):
  if len(av) != 1: return 1
  with PW(file, writep = True) as pw:
    tag = av[0]
    try: del pw[tag]
    except KeyError, exc: die("Password `%s' not found" % exc.args[0])

def cmd_xfer(av):

  ## Parse the command line.
  try: opts, args = getopt(av, 'd:', ['database='])
  except GetoptError: return 1
  dbty = 'flat'
  for o, a in opts:
    if o in ('-d', '--database'): dbty = a
    else: raise 'Barf!'
  if len(args) != 1: return 1
  try: dbcls = StorageBackend.byname(dbty)
  except KeyError: die("Unknown database backend `%s'" % dbty)

  ## Create the target database.
  with StorageBackend.open(file) as db_in:
    with dbcls.create(args[0]) as db_out:
      for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
      for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)

commands = { 'create': [cmd_create,
                        '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
             'find' : [cmd_find, 'LABEL'],
             'store' : [cmd_store, 'LABEL [VALUE]'],
             'list' : [cmd_list, '[GLOB-PATTERN]'],
             'changepp' : [cmd_changepp, ''],
             'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
             'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
             'delete' : [cmd_del, 'TAG'],
             'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }

###--------------------------------------------------------------------------
### Command-line handling and dispatch.

def version():
  print '%s 1.0.0' % prog
  print 'Backend types: %s' % \
      ' '.join([c.NAME for c in StorageBackend.classes()])

def usage(fp):
  print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog

def help():
  version()
  print
  usage(stdout)
  print '''
Maintains passwords or other short secrets securely.

Options:

-h, --help		Show this help text.
-v, --version		Show program version number.
-u, --usage		Show short usage message.

-f, --file=FILE		Where to find the password-safe file.

Commands provided:
'''
  for c in sorted(commands):
    print '%s %s' % (c, commands[c][1])

## Choose a default database file.
if 'PWSAFE' in environ:
  file = environ['PWSAFE']
else:
  file = '%s/.pwsafe' % environ['HOME']

## Parse the command-line options.
try:
  opts, argv = getopt(argv[1:], 'hvuf:',
                      ['help', 'version', 'usage', 'file='])
except GetoptError:
  usage(stderr)
  exit(1)
for o, a in opts:
  if o in ('-h', '--help'):
    help()
    exit(0)
  elif o in ('-v', '--version'):
    version()
    exit(0)
  elif o in ('-u', '--usage'):
    usage(stdout)
    exit(0)
  elif o in ('-f', '--file'):
    file = a
  else:
    raise 'Barf!'
if len(argv) < 1:
  usage(stderr)
  exit(1)

## Dispatch to a command handler.
if argv[0] in commands:
  c = argv[0]
  argv = argv[1:]
else:
  c = 'find'
try:
  if commands[c][0](argv):
    print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
    exit(1)
except DecryptError:
  die("decryption failure")

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
24b3d57b	1	#! /usr/bin/python
d1c45f5c MW	2	### --python--
	3	###
	4	### Tool for maintaining a secure-ish password database
	5	###
	6	### (c) 2005 Straylight/Edgeware
	7	###
	8
	9	###----- Licensing notice ---------------------------------------------------
	10	###
	11	### This file is part of the Python interface to Catacomb.
	12	###
	13	### Catacomb/Python is free software; you can redistribute it and/or modify
	14	### it under the terms of the GNU General Public License as published by
	15	### the Free Software Foundation; either version 2 of the License, or
	16	### (at your option) any later version.
	17	###
	18	### Catacomb/Python is distributed in the hope that it will be useful,
	19	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	20	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	### GNU General Public License for more details.
	22	###
	23	### You should have received a copy of the GNU General Public License
	24	### along with Catacomb/Python; if not, write to the Free Software Foundation,
	25	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	26
	27	###---------------------------------------------------------------------------
	28	### Imported modules.
d7ab1bab	29
85f15f07 MW	30	from __future__ import with_statement
85f15f07 MW	31
43c09851	32	from os import environ
d7ab1bab	33	from sys import argv, exit, stdin, stdout, stderr
d7ab1bab	34	from getopt import getopt, GetoptError
d7ab1bab	35	from fnmatch import fnmatch
80dc9c94	36	import re
2e6a3fda	37
d1c45f5c MW	38	import catacomb as C
	39	from catacomb.pwsafe import *
	40
	41	###--------------------------------------------------------------------------
	42	### Utilities.
	43
	44	## The program name.
2e6a3fda	45	prog = re.sub(r'^.*[/\\]', '', argv[0])
d1c45f5c	46
2e6a3fda	47	def moan(msg):
d1c45f5c	48	"""Issue a warning message MSG."""
2e6a3fda	49	print >>stderr, '%s: %s' % (prog, msg)
d1c45f5c	50
2e6a3fda	51	def die(msg):
d1c45f5c	52	"""Report MSG as a fatal error, and exit."""
2e6a3fda	53	moan(msg)
2e6a3fda	54	exit(1)
d7ab1bab	55
d1c45f5c MW	56	###--------------------------------------------------------------------------
d1c45f5c MW	57	### Subcommand implementations.
d7ab1bab	58
d7ab1bab	59	def cmd_create(av):
d1c45f5c MW	60
d1c45f5c MW	61	## Default crypto-primitive selections.
d7ab1bab	62	cipher = 'blowfish-cbc'
	63	hash = 'rmd160'
	64	mac = None
d1c45f5c MW	65
d1c45f5c MW	66	## Parse the options.
d7ab1bab	67	try:
6baae405 MW	68	opts, args = getopt(av, 'c:d:h:m:',
6baae405 MW	69	['cipher=', 'database=', 'mac=', 'hash='])
d7ab1bab	70	except GetoptError:
d7ab1bab	71	return 1
8501dc39	72	dbty = 'flat'
d7ab1bab	73	for o, a in opts:
9d0d0a7b MW	74	if o in ('-c', '--cipher'): cipher = a
	75	elif o in ('-m', '--mac'): mac = a
	76	elif o in ('-h', '--hash'): hash = a
6baae405	77	elif o in ('-d', '--database'): dbty = a
9d0d0a7b MW	78	else: raise 'Barf!'
	79	if len(args) > 2: return 1
	80	if len(args) >= 1: tag = args[0]
	81	else: tag = 'pwsafe'
d1c45f5c	82
09b8041d MW	83	## Set up the database.
09b8041d MW	84	if mac is None: mac = hash + '-hmac'
6baae405 MW	85	try: dbcls = StorageBackend.byname(dbty)
	86	except KeyError: die("Unknown database backend `%s'" % dbty)
	87	PW.create(dbcls, file, tag,
	88	C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])
d7ab1bab	89
d7ab1bab	90	def cmd_changepp(av):
9d0d0a7b	91	if len(av) != 0: return 1
5bf6e9f5	92	with PW(file, writep = True) as pw: pw.changepp()
d7ab1bab	93
d7ab1bab	94	def cmd_find(av):
9d0d0a7b	95	if len(av) != 1: return 1
5bf6e9f5 MW	96	with PW(file) as pw:
	97	try: print pw[av[0]]
	98	except KeyError, exc: die("Password `%s' not found" % exc.args[0])
d7ab1bab	99
d7ab1bab	100	def cmd_store(av):
5bf6e9f5	101	if len(av) < 1 or len(av) > 2: return 1
d7ab1bab	102	tag = av[0]
5bf6e9f5 MW	103	with PW(file, writep = True) as pw:
	104	if len(av) < 2:
	105	pp = C.getpass("Enter passphrase `%s': " % tag)
	106	vpp = C.getpass("Confirm passphrase `%s': " % tag)
	107	if pp != vpp: die("passphrases don't match")
	108	elif av[1] == '-':
63ba6dfa	109	pp = stdin.readline().rstrip('\n')
5bf6e9f5 MW	110	else:
5bf6e9f5 MW	111	pp = av[1]
63ba6dfa	112	pw[av[0]] = pp
d7ab1bab	113
d7ab1bab	114	def cmd_copy(av):
9d0d0a7b	115	if len(av) < 1 or len(av) > 2: return 1
5bf6e9f5 MW	116	with PW(file) as pw_in:
	117	with PW(av[0], writep = True) as pw_out:
	118	if len(av) >= 3: pat = av[1]
	119	else: pat = None
	120	for k in pw_in:
	121	if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]
d7ab1bab	122
d7ab1bab	123	def cmd_list(av):
9d0d0a7b	124	if len(av) > 1: return 1
5bf6e9f5 MW	125	with PW(file) as pw:
	126	if len(av) >= 1: pat = av[0]
	127	else: pat = None
	128	for k in pw:
	129	if pat is None or fnmatch(k, pat): print k
d7ab1bab	130
d7ab1bab	131	def cmd_topixie(av):
9d0d0a7b	132	if len(av) > 2: return 1
5bf6e9f5 MW	133	with PW(file) as pw:
	134	pix = C.Pixie()
	135	if len(av) == 0:
	136	for tag in pw: pix.set(tag, pw[tag])
	137	else:
	138	tag = av[0]
	139	if len(av) >= 2: pptag = av[1]
	140	else: pptag = av[0]
	141	pix.set(pptag, pw[tag])
d7ab1bab	142
3aa33042	143	def cmd_del(av):
9d0d0a7b	144	if len(av) != 1: return 1
5bf6e9f5 MW	145	with PW(file, writep = True) as pw:
	146	tag = av[0]
	147	try: del pw[tag]
	148	except KeyError, exc: die("Password `%s' not found" % exc.args[0])
3aa33042	149
dab03511 MW	150	def cmd_xfer(av):
	151
	152	## Parse the command line.
	153	try: opts, args = getopt(av, 'd:', ['database='])
	154	except GetoptError: return 1
	155	dbty = 'flat'
	156	for o, a in opts:
	157	if o in ('-d', '--database'): dbty = a
	158	else: raise 'Barf!'
	159	if len(args) != 1: return 1
	160	try: dbcls = StorageBackend.byname(dbty)
	161	except KeyError: die("Unknown database backend `%s'" % dbty)
	162
	163	## Create the target database.
	164	with StorageBackend.open(file) as db_in:
	165	with dbcls.create(args[0]) as db_out:
	166	for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
	167	for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)
	168
d7ab1bab	169	commands = { 'create': [cmd_create,
6baae405	170	'[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
d1c45f5c MW	171	'find' : [cmd_find, 'LABEL'],
	172	'store' : [cmd_store, 'LABEL [VALUE]'],
	173	'list' : [cmd_list, '[GLOB-PATTERN]'],
	174	'changepp' : [cmd_changepp, ''],
	175	'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
	176	'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
dab03511 MW	177	'delete' : [cmd_del, 'TAG'],
dab03511 MW	178	'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }
d1c45f5c MW	179
	180	###--------------------------------------------------------------------------
	181	### Command-line handling and dispatch.
d7ab1bab	182
d7ab1bab	183	def version():
2e6a3fda	184	print '%s 1.0.0' % prog
6baae405 MW	185	print 'Backend types: %s' % \
6baae405 MW	186	' '.join([c.NAME for c in StorageBackend.classes()])
d1c45f5c	187
d7ab1bab	188	def usage(fp):
2e6a3fda	189	print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
d1c45f5c	190
d7ab1bab	191	def help():
	192	version()
	193	print
b2687a0a	194	usage(stdout)
d7ab1bab	195	print '''
	196	Maintains passwords or other short secrets securely.
	197
	198	Options:
	199
	200	-h, --help Show this help text.
	201	-v, --version Show program version number.
	202	-u, --usage Show short usage message.
	203
2e6a3fda	204	-f, --file=FILE Where to find the password-safe file.
2e6a3fda	205
d7ab1bab	206	Commands provided:
d7ab1bab	207	'''
05a82542	208	for c in sorted(commands):
d7ab1bab	209	print '%s %s' % (c, commands[c][1])
d7ab1bab	210
d1c45f5c MW	211	## Choose a default database file.
	212	if 'PWSAFE' in environ:
	213	file = environ['PWSAFE']
	214	else:
	215	file = '%s/.pwsafe' % environ['HOME']
	216
	217	## Parse the command-line options.
d7ab1bab	218	try:
d1c45f5c MW	219	opts, argv = getopt(argv[1:], 'hvuf:',
d1c45f5c MW	220	['help', 'version', 'usage', 'file='])
d7ab1bab	221	except GetoptError:
	222	usage(stderr)
	223	exit(1)
	224	for o, a in opts:
	225	if o in ('-h', '--help'):
	226	help()
	227	exit(0)
	228	elif o in ('-v', '--version'):
	229	version()
	230	exit(0)
	231	elif o in ('-u', '--usage'):
	232	usage(stdout)
	233	exit(0)
	234	elif o in ('-f', '--file'):
	235	file = a
	236	else:
	237	raise 'Barf!'
	238	if len(argv) < 1:
	239	usage(stderr)
	240	exit(1)
	241
d1c45f5c	242	## Dispatch to a command handler.
d7ab1bab	243	if argv[0] in commands:
	244	c = argv[0]
	245	argv = argv[1:]
	246	else:
	247	c = 'find'
40b16f0c MW	248	try:
	249	if commands[c][0](argv):
	250	print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
	251	exit(1)
	252	except DecryptError:
	253	die("decryption failure")
d1c45f5c MW	254
d1c45f5c MW	255	###----- That's all, folks --------------------------------------------------