[catacomb-python] / pwsafe

#! /usr/bin/python2.2
# -*-python-*-

import catacomb as C
from catacomb.pwsafe import *
import gdbm as G
from os import environ
from sys import argv, exit, stdin, stdout, stderr
from getopt import getopt, GetoptError
from fnmatch import fnmatch

if 'PWSAFE' in environ:
  file = environ['PWSAFE']
else:
  file = '%s/.pwsafe' % environ['HOME']

def cmd_create(av):
  cipher = 'blowfish-cbc'
  hash = 'rmd160'
  mac = None
  try:
    opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash='])
  except GetoptError:
    return 1
  for o, a in opts:
    if o in ('-c', '--cipher'):
      cipher = a
    elif o in ('-m', '--mac'):
      mac = a
    elif o in ('-h', '--hash'):
      hash = a
    else:
      raise 'Barf!'
  if len(args) > 2:
    return 1
  if len(args) >= 1:
    tag = args[0]
  else:
    tag = 'pwsafe'
  db = G.open(file, 'n', 0600)
  pp = C.ppread(tag, C.PMODE_VERIFY)
  if not mac: mac = hash + '-hmac'
  c = C.gcciphers[cipher]
  h = C.gchashes[hash]
  m = C.gcmacs[mac]
  ppk = PW.PPK(pp, c, h, m)
  ck = C.rand.block(c.keysz.default)
  mk = C.rand.block(m.keysz.default)
  k = Crypto(c, h, m, ck, mk)
  db['tag'] = tag
  db['salt'] = ppk.salt
  db['cipher'] = cipher
  db['hash'] = hash
  db['mac'] = mac
  db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk))
  db['magic'] = k.encrypt(C.rand.block(h.hashsz))

def chomp(pp):
  if len(pp) > 0 and pp[-1] == '\n':
    pp = pp[:-1]
  return pp

def cmd_changepp(av):
  if len(av) != 0:
    return 1
  pw = PW(file, 'w')
  pw.changepp()

def cmd_find(av):
  if len(av) != 1:
    return 1
  pw = PW(file)
  print pw[av[0]]

def cmd_store(av):
  if len(av) < 1 or len(av) > 2:
    return 1
  tag = av[0]
  if len(av) < 2:
    pp = C.getpass("Enter passphrase `%s': " % tag)
    vpp = C.getpass("Confirm passphrase `%s': " % tag)
    if pp != vpp:
      raise ValueError, "passphrases don't match"
  elif av[1] == '-':
    pp = stdin.readline()
  else:
    pp = av[1]
  pw = PW(file, 'w')
  pw[av[0]] = chomp(pp)

def cmd_copy(av):
  if len(av) < 1 or len(av) > 2:
    return 1
  pw_in = PW(file)
  pw_out = PW(av[0], 'w')
  if len(av) >= 3:
    pat = av[1]
  else:
    pat = None
  for k in pw_in:
    if pat is None or fnmatch(k, pat):
      pw_out[k] = pw_in[k]

def cmd_list(av):
  if len(av) > 1:
    return 1
  pw = PW(file)
  if len(av) >= 1:
    pat = av[0]
  else:
    pat = None
  for k in pw:
    if pat is None or fnmatch(k, pat):
      print k

def cmd_topixie(av):
  if len(av) > 2:
    return 1
  pw = PW(file)
  pix = C.Pixie()
  if len(av) == 0:
    for tag in pw:
      pix.set(tag, pw[tag])
  else:
    tag = av[0]
    if len(av) >= 2:
      pptag = av[1]
    else:
      pptag = av[0]
    pix.set(pptag, pw[tag])

def cmd_del(av):
  if len(av) != 1:
    return 1
  pw = PW(file, 'w')
  tag = av[0]
  del pw[tag]

def asciip(s):
  for ch in s:
    if ch < ' ' or ch > '~': return False
  return True
def present(s):
  if asciip(s): return s
  return C.ByteString(s)
def cmd_dump(av):
  db = gdbm.open(file, 'r')
  k = db.firstkey()
  while True:
    if k is None: break
    print '%r: %r' % (present(k), present(db[k]))
    k = db.nextkey(k)

commands = { 'create': [cmd_create,
                        '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'],
             'find' : [cmd_find, 'LABEL'],
             'store' : [cmd_store, 'LABEL [VALUE]'],
             'list' : [cmd_list, '[GLOB-PATTERN]'],
             'changepp' : [cmd_changepp, ''],
             'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
             'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
             'delete' : [cmd_del, 'TAG'],
             'dump' : [cmd_dump, '']}

def version():
  print 'pwsafe 1.0.0'
def usage(fp):
  print >>fp, 'Usage: pwsafe COMMAND [ARGS...]'
def help():
  version()
  print
  usage(stdout)  
  print '''
Maintains passwords or other short secrets securely.

Options:

-h, --help		Show this help text.
-v, --version		Show program version number.
-u, --usage		Show short usage message.

Commands provided:
'''
  for c in commands:
    print '%s %s' % (c, commands[c][1])

try:
  opts, argv = getopt(argv[1:],
                      'hvuf:',
                      ['help', 'version', 'usage', 'file='])
except GetoptError:
  usage(stderr)
  exit(1)
for o, a in opts:
  if o in ('-h', '--help'):
    help()
    exit(0)
  elif o in ('-v', '--version'):
    version()
    exit(0)
  elif o in ('-u', '--usage'):
    usage(stdout)
    exit(0)
  elif o in ('-f', '--file'):
    file = a
  else:
    raise 'Barf!'
if len(argv) < 1:
  usage(stderr)
  exit(1)

if argv[0] in commands:
  c = argv[0]
  argv = argv[1:]
else:
  c = 'find'
if commands[c][0](argv):
  print >>stderr, 'Usage: pwsafe %s %s' % (c, commands[c][1])
  exit(1)
Commit	Line	Data
d7ab1bab	1	#! /usr/bin/python2.2
3aa33042	2	# --python--
d7ab1bab	3
d7ab1bab	4	import catacomb as C
43c09851	5	from catacomb.pwsafe import *
	6	import gdbm as G
	7	from os import environ
d7ab1bab	8	from sys import argv, exit, stdin, stdout, stderr
d7ab1bab	9	from getopt import getopt, GetoptError
d7ab1bab	10	from fnmatch import fnmatch
d7ab1bab	11
3aa33042	12	if 'PWSAFE' in environ:
	13	file = environ['PWSAFE']
	14	else:
	15	file = '%s/.pwsafe' % environ['HOME']
d7ab1bab	16
d7ab1bab	17	def cmd_create(av):
	18	cipher = 'blowfish-cbc'
	19	hash = 'rmd160'
	20	mac = None
	21	try:
	22	opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash='])
	23	except GetoptError:
	24	return 1
	25	for o, a in opts:
	26	if o in ('-c', '--cipher'):
	27	cipher = a
	28	elif o in ('-m', '--mac'):
	29	mac = a
	30	elif o in ('-h', '--hash'):
	31	hash = a
	32	else:
	33	raise 'Barf!'
	34	if len(args) > 2:
	35	return 1
	36	if len(args) >= 1:
	37	tag = args[0]
	38	else:
	39	tag = 'pwsafe'
43c09851	40	db = G.open(file, 'n', 0600)
d7ab1bab	41	pp = C.ppread(tag, C.PMODE_VERIFY)
	42	if not mac: mac = hash + '-hmac'
	43	c = C.gcciphers[cipher]
	44	h = C.gchashes[hash]
	45	m = C.gcmacs[mac]
43c09851	46	ppk = PW.PPK(pp, c, h, m)
d7ab1bab	47	ck = C.rand.block(c.keysz.default)
	48	mk = C.rand.block(m.keysz.default)
	49	k = Crypto(c, h, m, ck, mk)
	50	db['tag'] = tag
	51	db['salt'] = ppk.salt
	52	db['cipher'] = cipher
	53	db['hash'] = hash
	54	db['mac'] = mac
	55	db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk))
	56	db['magic'] = k.encrypt(C.rand.block(h.hashsz))
	57
43c09851	58	def chomp(pp):
	59	if len(pp) > 0 and pp[-1] == '\n':
	60	pp = pp[:-1]
	61	return pp
	62
d7ab1bab	63	def cmd_changepp(av):
	64	if len(av) != 0:
	65	return 1
	66	pw = PW(file, 'w')
	67	pw.changepp()
	68
	69	def cmd_find(av):
	70	if len(av) != 1:
	71	return 1
	72	pw = PW(file)
	73	print pw[av[0]]
	74
	75	def cmd_store(av):
	76	if len(av) < 1 or len(av) > 2:
	77	return 1
	78	tag = av[0]
	79	if len(av) < 2:
	80	pp = C.getpass("Enter passphrase `%s': " % tag)
	81	vpp = C.getpass("Confirm passphrase `%s': " % tag)
	82	if pp != vpp:
	83	raise ValueError, "passphrases don't match"
	84	elif av[1] == '-':
	85	pp = stdin.readline()
	86	else:
	87	pp = av[1]
	88	pw = PW(file, 'w')
43c09851	89	pw[av[0]] = chomp(pp)
d7ab1bab	90
	91	def cmd_copy(av):
	92	if len(av) < 1 or len(av) > 2:
	93	return 1
	94	pw_in = PW(file)
	95	pw_out = PW(av[0], 'w')
	96	if len(av) >= 3:
	97	pat = av[1]
	98	else:
	99	pat = None
	100	for k in pw_in:
	101	if pat is None or fnmatch(k, pat):
	102	pw_out[k] = pw_in[k]
	103
	104	def cmd_list(av):
	105	if len(av) > 1:
	106	return 1
	107	pw = PW(file)
	108	if len(av) >= 1:
	109	pat = av[0]
	110	else:
	111	pat = None
	112	for k in pw:
	113	if pat is None or fnmatch(k, pat):
	114	print k
	115
	116	def cmd_topixie(av):
43c09851	117	if len(av) > 2:
d7ab1bab	118	return 1
d7ab1bab	119	pw = PW(file)
43c09851	120	pix = C.Pixie()
	121	if len(av) == 0:
	122	for tag in pw:
	123	pix.set(tag, pw[tag])
d7ab1bab	124	else:
43c09851	125	tag = av[0]
	126	if len(av) >= 2:
	127	pptag = av[1]
	128	else:
	129	pptag = av[0]
	130	pix.set(pptag, pw[tag])
d7ab1bab	131
3aa33042	132	def cmd_del(av):
	133	if len(av) != 1:
	134	return 1
	135	pw = PW(file, 'w')
	136	tag = av[0]
	137	del pw[tag]
	138
d7ab1bab	139	def asciip(s):
	140	for ch in s:
	141	if ch < ' ' or ch > '~': return False
	142	return True
	143	def present(s):
	144	if asciip(s): return s
	145	return C.ByteString(s)
	146	def cmd_dump(av):
	147	db = gdbm.open(file, 'r')
	148	k = db.firstkey()
	149	while True:
	150	if k is None: break
	151	print '%r: %r' % (present(k), present(db[k]))
	152	k = db.nextkey(k)
	153
	154	commands = { 'create': [cmd_create,
	155	'[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'],
	156	'find' : [cmd_find, 'LABEL'],
	157	'store' : [cmd_store, 'LABEL [VALUE]'],
	158	'list' : [cmd_list, '[GLOB-PATTERN]'],
	159	'changepp' : [cmd_changepp, ''],
	160	'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
43c09851	161	'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
3aa33042	162	'delete' : [cmd_del, 'TAG'],
d7ab1bab	163	'dump' : [cmd_dump, '']}
	164
	165	def version():
	166	print 'pwsafe 1.0.0'
	167	def usage(fp):
	168	print >>fp, 'Usage: pwsafe COMMAND [ARGS...]'
	169	def help():
	170	version()
	171	print
	172	usage(stdout)
	173	print '''
	174	Maintains passwords or other short secrets securely.
	175
	176	Options:
	177
	178	-h, --help Show this help text.
	179	-v, --version Show program version number.
	180	-u, --usage Show short usage message.
	181
	182	Commands provided:
	183	'''
	184	for c in commands:
	185	print '%s %s' % (c, commands[c][1])
	186
	187	try:
	188	opts, argv = getopt(argv[1:],
	189	'hvuf:',
	190	['help', 'version', 'usage', 'file='])
	191	except GetoptError:
	192	usage(stderr)
	193	exit(1)
	194	for o, a in opts:
	195	if o in ('-h', '--help'):
	196	help()
	197	exit(0)
	198	elif o in ('-v', '--version'):
	199	version()
	200	exit(0)
	201	elif o in ('-u', '--usage'):
	202	usage(stdout)
	203	exit(0)
	204	elif o in ('-f', '--file'):
	205	file = a
	206	else:
	207	raise 'Barf!'
	208	if len(argv) < 1:
	209	usage(stderr)
	210	exit(1)
	211
	212	if argv[0] in commands:
	213	c = argv[0]
	214	argv = argv[1:]
	215	else:
	216	c = 'find'
	217	if commands[c][0](argv):
	218	print >>stderr, 'Usage: pwsafe %s %s' % (c, commands[c][1])
	219	exit(1)