[catacomb-python] / pwsafe

#! /usr/bin/python
### -*-python-*-
###
### Tool for maintaining a secure-ish password database
###
### (c) 2005 Straylight/Edgeware
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the Python interface to Catacomb.
###
### Catacomb/Python is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### Catacomb/Python is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with Catacomb/Python; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

###---------------------------------------------------------------------------
### Imported modules.

from __future__ import with_statement

from os import environ
from sys import argv, exit, stdin, stdout, stderr
from getopt import getopt, GetoptError
from fnmatch import fnmatch
import re

import catacomb as C
from catacomb.pwsafe import *

###--------------------------------------------------------------------------
### Utilities.

## The program name.
prog = re.sub(r'^.*[/\\]', '', argv[0])

def moan(msg):
  """Issue a warning message MSG."""
  print >>stderr, '%s: %s' % (prog, msg)

def die(msg):
  """Report MSG as a fatal error, and exit."""
  moan(msg)
  exit(1)

###--------------------------------------------------------------------------
### Subcommand implementations.

def cmd_create(av):

  ## Default crypto-primitive selections.
  cipher = 'blowfish-cbc'
  hash = 'rmd160'
  mac = None

  ## Parse the options.
  try:
    opts, args = getopt(av, 'c:d:h:m:',
                        ['cipher=', 'database=', 'mac=', 'hash='])
  except GetoptError:
    return 1
  dbty = 'flat'
  for o, a in opts:
    if o in ('-c', '--cipher'): cipher = a
    elif o in ('-m', '--mac'): mac = a
    elif o in ('-h', '--hash'): hash = a
    elif o in ('-d', '--database'): dbty = a
    else: raise 'Barf!'
  if len(args) > 2: return 1
  if len(args) >= 1: tag = args[0]
  else: tag = 'pwsafe'

  ## Set up the database.
  if mac is None: mac = hash + '-hmac'
  try: dbcls = StorageBackend.byname(dbty)
  except KeyError: die("Unknown database backend `%s'" % dbty)
  PW.create(dbcls, file, tag,
            C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])

def cmd_changepp(av):
  if len(av) != 0: return 1
  with PW(file, writep = True) as pw: pw.changepp()

def cmd_find(av):
  if len(av) != 1: return 1
  with PW(file) as pw:
    try: print pw[av[0]]
    except KeyError, exc: die("Password `%s' not found" % exc.args[0])

def cmd_store(av):
  if len(av) < 1 or len(av) > 2: return 1
  tag = av[0]
  with PW(file, writep = True) as pw:
    if len(av) < 2:
      pp = C.getpass("Enter passphrase `%s': " % tag)
      vpp = C.getpass("Confirm passphrase `%s': " % tag)
      if pp != vpp: die("passphrases don't match")
    elif av[1] == '-':
      pp = stdin.readline().rstrip('\n')
    else:
      pp = av[1]
    pw[av[0]] = pp

def cmd_copy(av):
  if len(av) < 1 or len(av) > 2: return 1
  with PW(file) as pw_in:
    with PW(av[0], writep = True) as pw_out:
      if len(av) >= 3: pat = av[1]
      else: pat = None
      for k in pw_in:
        if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]

def cmd_list(av):
  if len(av) > 1: return 1
  with PW(file) as pw:
    if len(av) >= 1: pat = av[0]
    else: pat = None
    for k in pw:
      if pat is None or fnmatch(k, pat): print k

def cmd_topixie(av):
  if len(av) > 2: return 1
  with PW(file) as pw:
    pix = C.Pixie()
    if len(av) == 0:
      for tag in pw: pix.set(tag, pw[tag])
    else:
      tag = av[0]
      if len(av) >= 2: pptag = av[1]
      else: pptag = av[0]
      pix.set(pptag, pw[tag])

def cmd_del(av):
  if len(av) != 1: return 1
  with PW(file, writep = True) as pw:
    tag = av[0]
    try: del pw[tag]
    except KeyError, exc: die("Password `%s' not found" % exc.args[0])

commands = { 'create': [cmd_create,
                        '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
             'find' : [cmd_find, 'LABEL'],
             'store' : [cmd_store, 'LABEL [VALUE]'],
             'list' : [cmd_list, '[GLOB-PATTERN]'],
             'changepp' : [cmd_changepp, ''],
             'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
             'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
             'delete' : [cmd_del, 'TAG']}

###--------------------------------------------------------------------------
### Command-line handling and dispatch.

def version():
  print '%s 1.0.0' % prog
  print 'Backend types: %s' % \
      ' '.join([c.NAME for c in StorageBackend.classes()])

def usage(fp):
  print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog

def help():
  version()
  print
  usage(stdout)
  print '''
Maintains passwords or other short secrets securely.

Options:

-h, --help		Show this help text.
-v, --version		Show program version number.
-u, --usage		Show short usage message.

-f, --file=FILE		Where to find the password-safe file.

Commands provided:
'''
  for c in sorted(commands):
    print '%s %s' % (c, commands[c][1])

## Choose a default database file.
if 'PWSAFE' in environ:
  file = environ['PWSAFE']
else:
  file = '%s/.pwsafe' % environ['HOME']

## Parse the command-line options.
try:
  opts, argv = getopt(argv[1:], 'hvuf:',
                      ['help', 'version', 'usage', 'file='])
except GetoptError:
  usage(stderr)
  exit(1)
for o, a in opts:
  if o in ('-h', '--help'):
    help()
    exit(0)
  elif o in ('-v', '--version'):
    version()
    exit(0)
  elif o in ('-u', '--usage'):
    usage(stdout)
    exit(0)
  elif o in ('-f', '--file'):
    file = a
  else:
    raise 'Barf!'
if len(argv) < 1:
  usage(stderr)
  exit(1)

## Dispatch to a command handler.
if argv[0] in commands:
  c = argv[0]
  argv = argv[1:]
else:
  c = 'find'
try:
  if commands[c][0](argv):
    print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
    exit(1)
except DecryptError:
  die("decryption failure")

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
24b3d57b	1	#! /usr/bin/python
d1c45f5c MW	2	### --python--
	3	###
	4	### Tool for maintaining a secure-ish password database
	5	###
	6	### (c) 2005 Straylight/Edgeware
	7	###
	8
	9	###----- Licensing notice ---------------------------------------------------
	10	###
	11	### This file is part of the Python interface to Catacomb.
	12	###
	13	### Catacomb/Python is free software; you can redistribute it and/or modify
	14	### it under the terms of the GNU General Public License as published by
	15	### the Free Software Foundation; either version 2 of the License, or
	16	### (at your option) any later version.
	17	###
	18	### Catacomb/Python is distributed in the hope that it will be useful,
	19	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	20	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	### GNU General Public License for more details.
	22	###
	23	### You should have received a copy of the GNU General Public License
	24	### along with Catacomb/Python; if not, write to the Free Software Foundation,
	25	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	26
	27	###---------------------------------------------------------------------------
	28	### Imported modules.
d7ab1bab	29
85f15f07 MW	30	from __future__ import with_statement
85f15f07 MW	31
43c09851	32	from os import environ
d7ab1bab	33	from sys import argv, exit, stdin, stdout, stderr
d7ab1bab	34	from getopt import getopt, GetoptError
d7ab1bab	35	from fnmatch import fnmatch
80dc9c94	36	import re
2e6a3fda	37
d1c45f5c MW	38	import catacomb as C
	39	from catacomb.pwsafe import *
	40
	41	###--------------------------------------------------------------------------
	42	### Utilities.
	43
	44	## The program name.
2e6a3fda	45	prog = re.sub(r'^.*[/\\]', '', argv[0])
d1c45f5c	46
2e6a3fda	47	def moan(msg):
d1c45f5c	48	"""Issue a warning message MSG."""
2e6a3fda	49	print >>stderr, '%s: %s' % (prog, msg)
d1c45f5c	50
2e6a3fda	51	def die(msg):
d1c45f5c	52	"""Report MSG as a fatal error, and exit."""
2e6a3fda	53	moan(msg)
2e6a3fda	54	exit(1)
d7ab1bab	55
d1c45f5c MW	56	###--------------------------------------------------------------------------
d1c45f5c MW	57	### Subcommand implementations.
d7ab1bab	58
d7ab1bab	59	def cmd_create(av):
d1c45f5c MW	60
d1c45f5c MW	61	## Default crypto-primitive selections.
d7ab1bab	62	cipher = 'blowfish-cbc'
	63	hash = 'rmd160'
	64	mac = None
d1c45f5c MW	65
d1c45f5c MW	66	## Parse the options.
d7ab1bab	67	try:
6baae405 MW	68	opts, args = getopt(av, 'c:d:h:m:',
6baae405 MW	69	['cipher=', 'database=', 'mac=', 'hash='])
d7ab1bab	70	except GetoptError:
d7ab1bab	71	return 1
8501dc39	72	dbty = 'flat'
d7ab1bab	73	for o, a in opts:
9d0d0a7b MW	74	if o in ('-c', '--cipher'): cipher = a
	75	elif o in ('-m', '--mac'): mac = a
	76	elif o in ('-h', '--hash'): hash = a
6baae405	77	elif o in ('-d', '--database'): dbty = a
9d0d0a7b MW	78	else: raise 'Barf!'
	79	if len(args) > 2: return 1
	80	if len(args) >= 1: tag = args[0]
	81	else: tag = 'pwsafe'
d1c45f5c	82
09b8041d MW	83	## Set up the database.
09b8041d MW	84	if mac is None: mac = hash + '-hmac'
6baae405 MW	85	try: dbcls = StorageBackend.byname(dbty)
	86	except KeyError: die("Unknown database backend `%s'" % dbty)
	87	PW.create(dbcls, file, tag,
	88	C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])
d7ab1bab	89
d7ab1bab	90	def cmd_changepp(av):
9d0d0a7b	91	if len(av) != 0: return 1
5bf6e9f5	92	with PW(file, writep = True) as pw: pw.changepp()
d7ab1bab	93
d7ab1bab	94	def cmd_find(av):
9d0d0a7b	95	if len(av) != 1: return 1
5bf6e9f5 MW	96	with PW(file) as pw:
	97	try: print pw[av[0]]
	98	except KeyError, exc: die("Password `%s' not found" % exc.args[0])
d7ab1bab	99
d7ab1bab	100	def cmd_store(av):
5bf6e9f5	101	if len(av) < 1 or len(av) > 2: return 1
d7ab1bab	102	tag = av[0]
5bf6e9f5 MW	103	with PW(file, writep = True) as pw:
	104	if len(av) < 2:
	105	pp = C.getpass("Enter passphrase `%s': " % tag)
	106	vpp = C.getpass("Confirm passphrase `%s': " % tag)
	107	if pp != vpp: die("passphrases don't match")
	108	elif av[1] == '-':
63ba6dfa	109	pp = stdin.readline().rstrip('\n')
5bf6e9f5 MW	110	else:
5bf6e9f5 MW	111	pp = av[1]
63ba6dfa	112	pw[av[0]] = pp
d7ab1bab	113
d7ab1bab	114	def cmd_copy(av):
9d0d0a7b	115	if len(av) < 1 or len(av) > 2: return 1
5bf6e9f5 MW	116	with PW(file) as pw_in:
	117	with PW(av[0], writep = True) as pw_out:
	118	if len(av) >= 3: pat = av[1]
	119	else: pat = None
	120	for k in pw_in:
	121	if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]
d7ab1bab	122
d7ab1bab	123	def cmd_list(av):
9d0d0a7b	124	if len(av) > 1: return 1
5bf6e9f5 MW	125	with PW(file) as pw:
	126	if len(av) >= 1: pat = av[0]
	127	else: pat = None
	128	for k in pw:
	129	if pat is None or fnmatch(k, pat): print k
d7ab1bab	130
d7ab1bab	131	def cmd_topixie(av):
9d0d0a7b	132	if len(av) > 2: return 1
5bf6e9f5 MW	133	with PW(file) as pw:
	134	pix = C.Pixie()
	135	if len(av) == 0:
	136	for tag in pw: pix.set(tag, pw[tag])
	137	else:
	138	tag = av[0]
	139	if len(av) >= 2: pptag = av[1]
	140	else: pptag = av[0]
	141	pix.set(pptag, pw[tag])
d7ab1bab	142
3aa33042	143	def cmd_del(av):
9d0d0a7b	144	if len(av) != 1: return 1
5bf6e9f5 MW	145	with PW(file, writep = True) as pw:
	146	tag = av[0]
	147	try: del pw[tag]
	148	except KeyError, exc: die("Password `%s' not found" % exc.args[0])
3aa33042	149
d7ab1bab	150	commands = { 'create': [cmd_create,
6baae405	151	'[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
d1c45f5c MW	152	'find' : [cmd_find, 'LABEL'],
	153	'store' : [cmd_store, 'LABEL [VALUE]'],
	154	'list' : [cmd_list, '[GLOB-PATTERN]'],
	155	'changepp' : [cmd_changepp, ''],
	156	'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
	157	'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
85f15f07	158	'delete' : [cmd_del, 'TAG']}
d1c45f5c MW	159
	160	###--------------------------------------------------------------------------
	161	### Command-line handling and dispatch.
d7ab1bab	162
d7ab1bab	163	def version():
2e6a3fda	164	print '%s 1.0.0' % prog
6baae405 MW	165	print 'Backend types: %s' % \
6baae405 MW	166	' '.join([c.NAME for c in StorageBackend.classes()])
d1c45f5c	167
d7ab1bab	168	def usage(fp):
2e6a3fda	169	print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
d1c45f5c	170
d7ab1bab	171	def help():
	172	version()
	173	print
b2687a0a	174	usage(stdout)
d7ab1bab	175	print '''
	176	Maintains passwords or other short secrets securely.
	177
	178	Options:
	179
	180	-h, --help Show this help text.
	181	-v, --version Show program version number.
	182	-u, --usage Show short usage message.
	183
2e6a3fda	184	-f, --file=FILE Where to find the password-safe file.
2e6a3fda	185
d7ab1bab	186	Commands provided:
d7ab1bab	187	'''
05a82542	188	for c in sorted(commands):
d7ab1bab	189	print '%s %s' % (c, commands[c][1])
d7ab1bab	190
d1c45f5c MW	191	## Choose a default database file.
	192	if 'PWSAFE' in environ:
	193	file = environ['PWSAFE']
	194	else:
	195	file = '%s/.pwsafe' % environ['HOME']
	196
	197	## Parse the command-line options.
d7ab1bab	198	try:
d1c45f5c MW	199	opts, argv = getopt(argv[1:], 'hvuf:',
d1c45f5c MW	200	['help', 'version', 'usage', 'file='])
d7ab1bab	201	except GetoptError:
	202	usage(stderr)
	203	exit(1)
	204	for o, a in opts:
	205	if o in ('-h', '--help'):
	206	help()
	207	exit(0)
	208	elif o in ('-v', '--version'):
	209	version()
	210	exit(0)
	211	elif o in ('-u', '--usage'):
	212	usage(stdout)
	213	exit(0)
	214	elif o in ('-f', '--file'):
	215	file = a
	216	else:
	217	raise 'Barf!'
	218	if len(argv) < 1:
	219	usage(stderr)
	220	exit(1)
	221
d1c45f5c	222	## Dispatch to a command handler.
d7ab1bab	223	if argv[0] in commands:
	224	c = argv[0]
	225	argv = argv[1:]
	226	else:
	227	c = 'find'
40b16f0c MW	228	try:
	229	if commands[c][0](argv):
	230	print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
	231	exit(1)
	232	except DecryptError:
	233	die("decryption failure")
d1c45f5c MW	234
d1c45f5c MW	235	###----- That's all, folks --------------------------------------------------