4 ### Tool for maintaining a secure-ish password database
6 ### (c) 2005 Straylight/Edgeware
9 ###----- Licensing notice ---------------------------------------------------
11 ### This file is part of the Python interface to Catacomb.
13 ### Catacomb/Python is free software; you can redistribute it and/or modify
14 ### it under the terms of the GNU General Public License as published by
15 ### the Free Software Foundation; either version 2 of the License, or
16 ### (at your option) any later version.
18 ### Catacomb/Python is distributed in the hope that it will be useful,
19 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
20 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ### GNU General Public License for more details.
23 ### You should have received a copy of the GNU General Public License
24 ### along with Catacomb/Python; if not, write to the Free Software Foundation,
25 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 ###---------------------------------------------------------------------------
31 from os import environ
32 from sys import argv, exit, stdin, stdout, stderr
33 from getopt import getopt, GetoptError
34 from fnmatch import fnmatch
38 from catacomb.pwsafe import *
40 ###--------------------------------------------------------------------------
44 prog = re.sub(r'^.*[/\\]', '', argv[0])
47 """Issue a warning message MSG."""
48 print >>stderr, '%s: %s' % (prog, msg)
51 """Report MSG as a fatal error, and exit."""
56 """Return the string PP, without its trailing newline if it has one."""
57 if len(pp) > 0 and pp[-1] == '\n':
62 """Answer whether all of the characters of S are plain ASCII."""
64 if ch < ' ' or ch > '~': return False
69 Return a presentation form of the string S.
71 If S is plain ASCII, then return S unchanged; otherwise return it as one of
72 Catacomb's ByteString objects.
74 if asciip(s): return s
75 return C.ByteString(s)
77 ###--------------------------------------------------------------------------
78 ### Subcommand implementations.
82 ## Default crypto-primitive selections.
83 cipher = 'blowfish-cbc'
89 opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash='])
93 if o in ('-c', '--cipher'):
95 elif o in ('-m', '--mac'):
97 elif o in ('-h', '--hash'):
108 ## Choose a passphrase, and generate master keys.
109 pp = C.ppread(tag, C.PMODE_VERIFY)
110 if not mac: mac = hash + '-hmac'
111 c = C.gcciphers[cipher]
114 ppk = PW.PPK(pp, c, h, m)
115 ck = C.rand.block(c.keysz.default)
116 mk = C.rand.block(m.keysz.default)
117 k = Crypto(c, h, m, ck, mk)
119 ## Set up the database, storing the basic information we need.
120 db = G.open(file, 'n', 0600)
122 db['salt'] = ppk.salt
123 db['cipher'] = cipher
126 db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk))
127 db['magic'] = k.encrypt(C.rand.block(h.hashsz))
129 def cmd_changepp(av):
141 except KeyError, exc:
142 die('Password `%s\' not found.' % exc.args[0])
145 if len(av) < 1 or len(av) > 2:
149 pp = C.getpass("Enter passphrase `%s': " % tag)
150 vpp = C.getpass("Confirm passphrase `%s': " % tag)
152 raise ValueError, "passphrases don't match"
154 pp = stdin.readline()
158 pw[av[0]] = chomp(pp)
161 if len(av) < 1 or len(av) > 2:
164 pw_out = PW(av[0], 'w')
170 if pat is None or fnmatch(k, pat):
182 if pat is None or fnmatch(k, pat):
192 pix.set(tag, pw[tag])
199 pix.set(pptag, pw[tag])
208 except KeyError, exc:
209 die('Password `%s\' not found.' % exc.args[0])
212 db = gdbm.open(file, 'r')
216 print '%r: %r' % (present(k), present(db[k]))
219 commands = { 'create': [cmd_create,
220 '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'],
221 'find' : [cmd_find, 'LABEL'],
222 'store' : [cmd_store, 'LABEL [VALUE]'],
223 'list' : [cmd_list, '[GLOB-PATTERN]'],
224 'changepp' : [cmd_changepp, ''],
225 'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
226 'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
227 'delete' : [cmd_del, 'TAG'],
228 'dump' : [cmd_dump, '']}
230 ###--------------------------------------------------------------------------
231 ### Command-line handling and dispatch.
234 print '%s 1.0.0' % prog
237 print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
244 Maintains passwords or other short secrets securely.
248 -h, --help Show this help text.
249 -v, --version Show program version number.
250 -u, --usage Show short usage message.
252 -f, --file=FILE Where to find the password-safe file.
257 print '%s %s' % (c, commands[c][1])
259 ## Choose a default database file.
260 if 'PWSAFE' in environ:
261 file = environ['PWSAFE']
263 file = '%s/.pwsafe' % environ['HOME']
265 ## Parse the command-line options.
267 opts, argv = getopt(argv[1:], 'hvuf:',
268 ['help', 'version', 'usage', 'file='])
273 if o in ('-h', '--help'):
276 elif o in ('-v', '--version'):
279 elif o in ('-u', '--usage'):
282 elif o in ('-f', '--file'):
290 ## Dispatch to a command handler.
291 if argv[0] in commands:
296 if commands[c][0](argv):
297 print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
300 ###----- That's all, folks --------------------------------------------------