#! /usr/bin/python
-# -*-python-*-
+### -*-python-*-
+###
+### Tool for maintaining a secure-ish password database
+###
+### (c) 2005 Straylight/Edgeware
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the Python interface to Catacomb.
+###
+### Catacomb/Python is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### Catacomb/Python is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with Catacomb/Python; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+###---------------------------------------------------------------------------
+### Imported modules.
+
+from __future__ import with_statement
-import catacomb as C
-from catacomb.pwsafe import *
-import gdbm as G
from os import environ
from sys import argv, exit, stdin, stdout, stderr
from getopt import getopt, GetoptError
from fnmatch import fnmatch
-import sre as re
+import re
+
+import catacomb as C
+from catacomb.pwsafe import *
+
+###--------------------------------------------------------------------------
+### Utilities.
+## The program name.
prog = re.sub(r'^.*[/\\]', '', argv[0])
+
def moan(msg):
+ """Issue a warning message MSG."""
print >>stderr, '%s: %s' % (prog, msg)
+
def die(msg):
+ """Report MSG as a fatal error, and exit."""
moan(msg)
exit(1)
-if 'PWSAFE' in environ:
- file = environ['PWSAFE']
-else:
- file = '%s/.pwsafe' % environ['HOME']
+###--------------------------------------------------------------------------
+### Subcommand implementations.
def cmd_create(av):
+
+ ## Default crypto-primitive selections.
cipher = 'blowfish-cbc'
hash = 'rmd160'
mac = None
+
+ ## Parse the options.
try:
- opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash='])
+ opts, args = getopt(av, 'c:d:h:m:',
+ ['cipher=', 'database=', 'mac=', 'hash='])
except GetoptError:
return 1
+ dbty = 'flat'
for o, a in opts:
- if o in ('-c', '--cipher'):
- cipher = a
- elif o in ('-m', '--mac'):
- mac = a
- elif o in ('-h', '--hash'):
- hash = a
- else:
- raise 'Barf!'
- if len(args) > 2:
- return 1
- if len(args) >= 1:
- tag = args[0]
- else:
- tag = 'pwsafe'
- db = G.open(file, 'n', 0600)
- pp = C.ppread(tag, C.PMODE_VERIFY)
- if not mac: mac = hash + '-hmac'
- c = C.gcciphers[cipher]
- h = C.gchashes[hash]
- m = C.gcmacs[mac]
- ppk = PW.PPK(pp, c, h, m)
- ck = C.rand.block(c.keysz.default)
- mk = C.rand.block(m.keysz.default)
- k = Crypto(c, h, m, ck, mk)
- db['tag'] = tag
- db['salt'] = ppk.salt
- db['cipher'] = cipher
- db['hash'] = hash
- db['mac'] = mac
- db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk))
- db['magic'] = k.encrypt(C.rand.block(h.hashsz))
-
-def chomp(pp):
- if len(pp) > 0 and pp[-1] == '\n':
- pp = pp[:-1]
- return pp
+ if o in ('-c', '--cipher'): cipher = a
+ elif o in ('-m', '--mac'): mac = a
+ elif o in ('-h', '--hash'): hash = a
+ elif o in ('-d', '--database'): dbty = a
+ else: raise 'Barf!'
+ if len(args) > 2: return 1
+ if len(args) >= 1: tag = args[0]
+ else: tag = 'pwsafe'
+
+ ## Set up the database.
+ if mac is None: mac = hash + '-hmac'
+ try: dbcls = StorageBackend.byname(dbty)
+ except KeyError: die("Unknown database backend `%s'" % dbty)
+ PW.create(dbcls, file, tag,
+ C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])
def cmd_changepp(av):
- if len(av) != 0:
- return 1
- pw = PW(file, 'w')
- pw.changepp()
+ if len(av) != 0: return 1
+ with PW(file, writep = True) as pw: pw.changepp()
def cmd_find(av):
- if len(av) != 1:
- return 1
- pw = PW(file)
- try:
- print pw[av[0]]
- except KeyError, exc:
- die('Password `%s\' not found.' % exc.args[0])
+ if len(av) != 1: return 1
+ with PW(file) as pw:
+ try: print pw[av[0]]
+ except KeyError, exc: die("Password `%s' not found" % exc.args[0])
def cmd_store(av):
- if len(av) < 1 or len(av) > 2:
- return 1
+ if len(av) < 1 or len(av) > 2: return 1
tag = av[0]
- if len(av) < 2:
- pp = C.getpass("Enter passphrase `%s': " % tag)
- vpp = C.getpass("Confirm passphrase `%s': " % tag)
- if pp != vpp:
- raise ValueError, "passphrases don't match"
- elif av[1] == '-':
- pp = stdin.readline()
- else:
- pp = av[1]
- pw = PW(file, 'w')
- pw[av[0]] = chomp(pp)
+ with PW(file, writep = True) as pw:
+ if len(av) < 2:
+ pp = C.getpass("Enter passphrase `%s': " % tag)
+ vpp = C.getpass("Confirm passphrase `%s': " % tag)
+ if pp != vpp: die("passphrases don't match")
+ elif av[1] == '-':
+ pp = stdin.readline().rstrip('\n')
+ else:
+ pp = av[1]
+ pw[av[0]] = pp
def cmd_copy(av):
- if len(av) < 1 or len(av) > 2:
- return 1
- pw_in = PW(file)
- pw_out = PW(av[0], 'w')
- if len(av) >= 3:
- pat = av[1]
- else:
- pat = None
- for k in pw_in:
- if pat is None or fnmatch(k, pat):
- pw_out[k] = pw_in[k]
+ if len(av) < 1 or len(av) > 2: return 1
+ with PW(file) as pw_in:
+ with PW(av[0], writep = True) as pw_out:
+ if len(av) >= 3: pat = av[1]
+ else: pat = None
+ for k in pw_in:
+ if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]
def cmd_list(av):
- if len(av) > 1:
- return 1
- pw = PW(file)
- if len(av) >= 1:
- pat = av[0]
- else:
- pat = None
- for k in pw:
- if pat is None or fnmatch(k, pat):
- print k
+ if len(av) > 1: return 1
+ with PW(file) as pw:
+ if len(av) >= 1: pat = av[0]
+ else: pat = None
+ for k in pw:
+ if pat is None or fnmatch(k, pat): print k
def cmd_topixie(av):
- if len(av) > 2:
- return 1
- pw = PW(file)
- pix = C.Pixie()
- if len(av) == 0:
- for tag in pw:
- pix.set(tag, pw[tag])
- else:
- tag = av[0]
- if len(av) >= 2:
- pptag = av[1]
+ if len(av) > 2: return 1
+ with PW(file) as pw:
+ pix = C.Pixie()
+ if len(av) == 0:
+ for tag in pw: pix.set(tag, pw[tag])
else:
- pptag = av[0]
- pix.set(pptag, pw[tag])
+ tag = av[0]
+ if len(av) >= 2: pptag = av[1]
+ else: pptag = av[0]
+ pix.set(pptag, pw[tag])
def cmd_del(av):
- if len(av) != 1:
- return 1
- pw = PW(file, 'w')
- tag = av[0]
- try:
- del pw[tag]
- except KeyError, exc:
- die('Password `%s\' not found.' % exc.args[0])
-
-def asciip(s):
- for ch in s:
- if ch < ' ' or ch > '~': return False
- return True
-def present(s):
- if asciip(s): return s
- return C.ByteString(s)
-def cmd_dump(av):
- db = gdbm.open(file, 'r')
- k = db.firstkey()
- while True:
- if k is None: break
- print '%r: %r' % (present(k), present(db[k]))
- k = db.nextkey(k)
+ if len(av) != 1: return 1
+ with PW(file, writep = True) as pw:
+ tag = av[0]
+ try: del pw[tag]
+ except KeyError, exc: die("Password `%s' not found" % exc.args[0])
+
+def cmd_xfer(av):
+
+ ## Parse the command line.
+ try: opts, args = getopt(av, 'd:', ['database='])
+ except GetoptError: return 1
+ dbty = 'flat'
+ for o, a in opts:
+ if o in ('-d', '--database'): dbty = a
+ else: raise 'Barf!'
+ if len(args) != 1: return 1
+ try: dbcls = StorageBackend.byname(dbty)
+ except KeyError: die("Unknown database backend `%s'" % dbty)
+
+ ## Create the target database.
+ with StorageBackend.open(file) as db_in:
+ with dbcls.create(args[0]) as db_out:
+ for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
+ for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)
commands = { 'create': [cmd_create,
- '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'],
+ '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],
'find' : [cmd_find, 'LABEL'],
'store' : [cmd_store, 'LABEL [VALUE]'],
'list' : [cmd_list, '[GLOB-PATTERN]'],
'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
'delete' : [cmd_del, 'TAG'],
- 'dump' : [cmd_dump, '']}
+ 'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }
+
+###--------------------------------------------------------------------------
+### Command-line handling and dispatch.
def version():
print '%s 1.0.0' % prog
+ print 'Backend types: %s' % \
+ ' '.join([c.NAME for c in StorageBackend.classes()])
+
def usage(fp):
print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
+
def help():
version()
print
- usage(stdout)
+ usage(stdout)
print '''
Maintains passwords or other short secrets securely.
Commands provided:
'''
- for c in commands:
+ for c in sorted(commands):
print '%s %s' % (c, commands[c][1])
+## Choose a default database file.
+if 'PWSAFE' in environ:
+ file = environ['PWSAFE']
+else:
+ file = '%s/.pwsafe' % environ['HOME']
+
+## Parse the command-line options.
try:
- opts, argv = getopt(argv[1:],
- 'hvuf:',
+ opts, argv = getopt(argv[1:], 'hvuf:',
['help', 'version', 'usage', 'file='])
except GetoptError:
usage(stderr)
usage(stderr)
exit(1)
+## Dispatch to a command handler.
if argv[0] in commands:
c = argv[0]
argv = argv[1:]
else:
c = 'find'
-if commands[c][0](argv):
- print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
- exit(1)
+try:
+ if commands[c][0](argv):
+ print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
+ exit(1)
+except DecryptError:
+ die("decryption failure")
+
+###----- That's all, folks --------------------------------------------------