#! /usr/bin/python ### -*-python-*- ### ### Tool for maintaining a secure-ish password database ### ### (c) 2005 Straylight/Edgeware ### ###----- Licensing notice --------------------------------------------------- ### ### This file is part of the Python interface to Catacomb. ### ### Catacomb/Python is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### Catacomb/Python is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with Catacomb/Python; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ###--------------------------------------------------------------------------- ### Imported modules. from __future__ import with_statement from os import environ from sys import argv, exit, stdin, stdout, stderr from getopt import getopt, GetoptError from fnmatch import fnmatch import re import catacomb as C from catacomb.pwsafe import * ###-------------------------------------------------------------------------- ### Utilities. ## The program name. prog = re.sub(r'^.*[/\\]', '', argv[0]) def moan(msg): """Issue a warning message MSG.""" print >>stderr, '%s: %s' % (prog, msg) def die(msg): """Report MSG as a fatal error, and exit.""" moan(msg) exit(1) def chomp(pp): """Return the string PP, without its trailing newline if it has one.""" if len(pp) > 0 and pp[-1] == '\n': pp = pp[:-1] return pp ###-------------------------------------------------------------------------- ### Subcommand implementations. def cmd_create(av): ## Default crypto-primitive selections. cipher = 'blowfish-cbc' hash = 'rmd160' mac = None ## Parse the options. try: opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash=']) except GetoptError: return 1 for o, a in opts: if o in ('-c', '--cipher'): cipher = a elif o in ('-m', '--mac'): mac = a elif o in ('-h', '--hash'): hash = a else: raise 'Barf!' if len(args) > 2: return 1 if len(args) >= 1: tag = args[0] else: tag = 'pwsafe' ## Set up the database. if mac is None: mac = hash + '-hmac' PW.create(file, C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac], tag) def cmd_changepp(av): if len(av) != 0: return 1 pw = PW(file, writep = True) pw.changepp() def cmd_find(av): if len(av) != 1: return 1 pw = PW(file) try: print pw[av[0]] except KeyError, exc: die('Password `%s\' not found.' % exc.args[0]) def cmd_store(av): if len(av) < 1 or len(av) > 2: return 1 tag = av[0] if len(av) < 2: pp = C.getpass("Enter passphrase `%s': " % tag) vpp = C.getpass("Confirm passphrase `%s': " % tag) if pp != vpp: raise ValueError, "passphrases don't match" elif av[1] == '-': pp = stdin.readline() else: pp = av[1] pw = PW(file, writep = True) pw[av[0]] = chomp(pp) def cmd_copy(av): if len(av) < 1 or len(av) > 2: return 1 pw_in = PW(file) pw_out = PW(av[0], 'w') if len(av) >= 3: pat = av[1] else: pat = None for k in pw_in: if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k] def cmd_list(av): if len(av) > 1: return 1 pw = PW(file) if len(av) >= 1: pat = av[0] else: pat = None for k in pw: if pat is None or fnmatch(k, pat): print k def cmd_topixie(av): if len(av) > 2: return 1 pw = PW(file) pix = C.Pixie() if len(av) == 0: for tag in pw: pix.set(tag, pw[tag]) else: tag = av[0] if len(av) >= 2: pptag = av[1] else: pptag = av[0] pix.set(pptag, pw[tag]) def cmd_del(av): if len(av) != 1: return 1 pw = PW(file, writep = True) tag = av[0] try: del pw[tag] except KeyError, exc: die('Password `%s\' not found.' % exc.args[0]) commands = { 'create': [cmd_create, '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'], 'find' : [cmd_find, 'LABEL'], 'store' : [cmd_store, 'LABEL [VALUE]'], 'list' : [cmd_list, '[GLOB-PATTERN]'], 'changepp' : [cmd_changepp, ''], 'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'], 'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'], 'delete' : [cmd_del, 'TAG']} ###-------------------------------------------------------------------------- ### Command-line handling and dispatch. def version(): print '%s 1.0.0' % prog def usage(fp): print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog def help(): version() print usage(stdout) print ''' Maintains passwords or other short secrets securely. Options: -h, --help Show this help text. -v, --version Show program version number. -u, --usage Show short usage message. -f, --file=FILE Where to find the password-safe file. Commands provided: ''' for c in sorted(commands): print '%s %s' % (c, commands[c][1]) ## Choose a default database file. if 'PWSAFE' in environ: file = environ['PWSAFE'] else: file = '%s/.pwsafe' % environ['HOME'] ## Parse the command-line options. try: opts, argv = getopt(argv[1:], 'hvuf:', ['help', 'version', 'usage', 'file=']) except GetoptError: usage(stderr) exit(1) for o, a in opts: if o in ('-h', '--help'): help() exit(0) elif o in ('-v', '--version'): version() exit(0) elif o in ('-u', '--usage'): usage(stdout) exit(0) elif o in ('-f', '--file'): file = a else: raise 'Barf!' if len(argv) < 1: usage(stderr) exit(1) ## Dispatch to a command handler. if argv[0] in commands: c = argv[0] argv = argv[1:] else: c = 'find' try: if commands[c][0](argv): print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1]) exit(1) except DecryptError: die("decryption failure") ###----- That's all, folks --------------------------------------------------