#! /usr/bin/python2.2 # -*-python-*- import catacomb as C from catacomb.pwsafe import * import gdbm as G from os import environ from sys import argv, exit, stdin, stdout, stderr from getopt import getopt, GetoptError from fnmatch import fnmatch if 'PWSAFE' in environ: file = environ['PWSAFE'] else: file = '%s/.pwsafe' % environ['HOME'] def cmd_create(av): cipher = 'blowfish-cbc' hash = 'rmd160' mac = None try: opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash=']) except GetoptError: return 1 for o, a in opts: if o in ('-c', '--cipher'): cipher = a elif o in ('-m', '--mac'): mac = a elif o in ('-h', '--hash'): hash = a else: raise 'Barf!' if len(args) > 2: return 1 if len(args) >= 1: tag = args[0] else: tag = 'pwsafe' db = G.open(file, 'n', 0600) pp = C.ppread(tag, C.PMODE_VERIFY) if not mac: mac = hash + '-hmac' c = C.gcciphers[cipher] h = C.gchashes[hash] m = C.gcmacs[mac] ppk = PW.PPK(pp, c, h, m) ck = C.rand.block(c.keysz.default) mk = C.rand.block(m.keysz.default) k = Crypto(c, h, m, ck, mk) db['tag'] = tag db['salt'] = ppk.salt db['cipher'] = cipher db['hash'] = hash db['mac'] = mac db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk)) db['magic'] = k.encrypt(C.rand.block(h.hashsz)) def chomp(pp): if len(pp) > 0 and pp[-1] == '\n': pp = pp[:-1] return pp def cmd_changepp(av): if len(av) != 0: return 1 pw = PW(file, 'w') pw.changepp() def cmd_find(av): if len(av) != 1: return 1 pw = PW(file) print pw[av[0]] def cmd_store(av): if len(av) < 1 or len(av) > 2: return 1 tag = av[0] if len(av) < 2: pp = C.getpass("Enter passphrase `%s': " % tag) vpp = C.getpass("Confirm passphrase `%s': " % tag) if pp != vpp: raise ValueError, "passphrases don't match" elif av[1] == '-': pp = stdin.readline() else: pp = av[1] pw = PW(file, 'w') pw[av[0]] = chomp(pp) def cmd_copy(av): if len(av) < 1 or len(av) > 2: return 1 pw_in = PW(file) pw_out = PW(av[0], 'w') if len(av) >= 3: pat = av[1] else: pat = None for k in pw_in: if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k] def cmd_list(av): if len(av) > 1: return 1 pw = PW(file) if len(av) >= 1: pat = av[0] else: pat = None for k in pw: if pat is None or fnmatch(k, pat): print k def cmd_topixie(av): if len(av) > 2: return 1 pw = PW(file) pix = C.Pixie() if len(av) == 0: for tag in pw: pix.set(tag, pw[tag]) else: tag = av[0] if len(av) >= 2: pptag = av[1] else: pptag = av[0] pix.set(pptag, pw[tag]) def cmd_del(av): if len(av) != 1: return 1 pw = PW(file, 'w') tag = av[0] del pw[tag] def asciip(s): for ch in s: if ch < ' ' or ch > '~': return False return True def present(s): if asciip(s): return s return C.ByteString(s) def cmd_dump(av): db = gdbm.open(file, 'r') k = db.firstkey() while True: if k is None: break print '%r: %r' % (present(k), present(db[k])) k = db.nextkey(k) commands = { 'create': [cmd_create, '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'], 'find' : [cmd_find, 'LABEL'], 'store' : [cmd_store, 'LABEL [VALUE]'], 'list' : [cmd_list, '[GLOB-PATTERN]'], 'changepp' : [cmd_changepp, ''], 'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'], 'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'], 'delete' : [cmd_del, 'TAG'], 'dump' : [cmd_dump, '']} def version(): print 'pwsafe 1.0.0' def usage(fp): print >>fp, 'Usage: pwsafe COMMAND [ARGS...]' def help(): version() print usage(stdout) print ''' Maintains passwords or other short secrets securely. Options: -h, --help Show this help text. -v, --version Show program version number. -u, --usage Show short usage message. Commands provided: ''' for c in commands: print '%s %s' % (c, commands[c][1]) try: opts, argv = getopt(argv[1:], 'hvuf:', ['help', 'version', 'usage', 'file=']) except GetoptError: usage(stderr) exit(1) for o, a in opts: if o in ('-h', '--help'): help() exit(0) elif o in ('-v', '--version'): version() exit(0) elif o in ('-u', '--usage'): usage(stdout) exit(0) elif o in ('-f', '--file'): file = a else: raise 'Barf!' if len(argv) < 1: usage(stderr) exit(1) if argv[0] in commands: c = argv[0] argv = argv[1:] else: c = 'find' if commands[c][0](argv): print >>stderr, 'Usage: pwsafe %s %s' % (c, commands[c][1]) exit(1)