Merge remote-tracking branch 'origin/HEAD'

[catacomb-python] / pwsafe

diff --git a/pwsafe b/pwsafe
old mode 100755 (executable)
new mode 100644 (file)
index 3485b08..c12f856
--- a/pwsafe
+++ b/pwsafe
@@ -1,172 +1,173 @@
-#! /usr/bin/python2.2
-# -*-python-*-
+#! /usr/bin/python
+### -*-python-*-
+###
+### Tool for maintaining a secure-ish password database
+###
+### (c) 2005 Straylight/Edgeware
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the Python interface to Catacomb.
+###
+### Catacomb/Python is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### Catacomb/Python is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with Catacomb/Python; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+###---------------------------------------------------------------------------
+### Imported modules.
+
+from __future__ import with_statement

 
 

-import catacomb as C
-from catacomb.pwsafe import *
-import gdbm as G

 from os import environ
 from sys import argv, exit, stdin, stdout, stderr
 from getopt import getopt, GetoptError
 from fnmatch import fnmatch
 from os import environ
 from sys import argv, exit, stdin, stdout, stderr
 from getopt import getopt, GetoptError
 from fnmatch import fnmatch

-import sre as re
+import re
+
+import catacomb as C
+from catacomb.pwsafe import *
+
+###--------------------------------------------------------------------------
+### Utilities.

 
 

+## The program name.

 prog = re.sub(r'^.*[/\\]', '', argv[0])
 prog = re.sub(r'^.*[/\\]', '', argv[0])

+

 def moan(msg):
 def moan(msg):

+  """Issue a warning message MSG."""

   print >>stderr, '%s: %s' % (prog, msg)
   print >>stderr, '%s: %s' % (prog, msg)

+

 def die(msg):
 def die(msg):

+  """Report MSG as a fatal error, and exit."""

   moan(msg)
   exit(1)
 
   moan(msg)
   exit(1)
 

-if 'PWSAFE' in environ:
-  file = environ['PWSAFE']
-else:
-  file = '%s/.pwsafe' % environ['HOME']
+###--------------------------------------------------------------------------
+### Subcommand implementations.

 
 def cmd_create(av):
 
 def cmd_create(av):

+
+  ## Default crypto-primitive selections.

   cipher = 'blowfish-cbc'
   hash = 'rmd160'
   mac = None
   cipher = 'blowfish-cbc'
   hash = 'rmd160'
   mac = None

+
+  ## Parse the options.

   try:
   try:

-    opts, args = getopt(av, 'c:h:m:', ['cipher=', 'mac=', 'hash='])
+    opts, args = getopt(av, 'c:d:h:m:',
+                        ['cipher=', 'database=', 'mac=', 'hash='])

   except GetoptError:
     return 1
   except GetoptError:
     return 1

+  dbty = 'flat'

   for o, a in opts:
   for o, a in opts:

-    if o in ('-c', '--cipher'):
-      cipher = a
-    elif o in ('-m', '--mac'):
-      mac = a
-    elif o in ('-h', '--hash'):
-      hash = a
-    else:
-      raise 'Barf!'
-  if len(args) > 2:
-    return 1
-  if len(args) >= 1:
-    tag = args[0]
-  else:
-    tag = 'pwsafe'
-  db = G.open(file, 'n', 0600)
-  pp = C.ppread(tag, C.PMODE_VERIFY)
-  if not mac: mac = hash + '-hmac'
-  c = C.gcciphers[cipher]
-  h = C.gchashes[hash]
-  m = C.gcmacs[mac]
-  ppk = PW.PPK(pp, c, h, m)
-  ck = C.rand.block(c.keysz.default)
-  mk = C.rand.block(m.keysz.default)
-  k = Crypto(c, h, m, ck, mk)
-  db['tag'] = tag
-  db['salt'] = ppk.salt
-  db['cipher'] = cipher
-  db['hash'] = hash
-  db['mac'] = mac
-  db['key'] = ppk.encrypt(wrapstr(ck) + wrapstr(mk))
-  db['magic'] = k.encrypt(C.rand.block(h.hashsz))
-
-def chomp(pp):
-  if len(pp) > 0 and pp[-1] == '\n':
-    pp = pp[:-1]
-  return pp
+    if o in ('-c', '--cipher'): cipher = a
+    elif o in ('-m', '--mac'): mac = a
+    elif o in ('-h', '--hash'): hash = a
+    elif o in ('-d', '--database'): dbty = a
+    else: raise 'Barf!'
+  if len(args) > 2: return 1
+  if len(args) >= 1: tag = args[0]
+  else: tag = 'pwsafe'
+
+  ## Set up the database.
+  if mac is None: mac = hash + '-hmac'
+  try: dbcls = StorageBackend.byname(dbty)
+  except KeyError: die("Unknown database backend `%s'" % dbty)
+  PW.create(dbcls, file, tag,
+            C.gcciphers[cipher], C.gchashes[hash], C.gcmacs[mac])

 
 def cmd_changepp(av):
 
 def cmd_changepp(av):

-  if len(av) != 0:
-    return 1
-  pw = PW(file, 'w')
-  pw.changepp()
+  if len(av) != 0: return 1
+  with PW(file, writep = True) as pw: pw.changepp()

 
 def cmd_find(av):
 
 def cmd_find(av):

-  if len(av) != 1:
-    return 1
-  pw = PW(file)
-  try:
-    print pw[av[0]]
-  except KeyError, exc:
-    die('Password `%s\' not found.' % exc.args[0])
+  if len(av) != 1: return 1
+  with PW(file) as pw:
+    try: print pw[av[0]]
+    except KeyError, exc: die("Password `%s' not found" % exc.args[0])

 
 def cmd_store(av):
 
 def cmd_store(av):

-  if len(av) < 1 or len(av) > 2:
-    return 1
+  if len(av) < 1 or len(av) > 2: return 1

   tag = av[0]
   tag = av[0]

-  if len(av) < 2:
-    pp = C.getpass("Enter passphrase `%s': " % tag)
-    vpp = C.getpass("Confirm passphrase `%s': " % tag)
-    if pp != vpp:
-      raise ValueError, "passphrases don't match"
-  elif av[1] == '-':
-    pp = stdin.readline()
-  else:
-    pp = av[1]
-  pw = PW(file, 'w')
-  pw[av[0]] = chomp(pp)
+  with PW(file, writep = True) as pw:
+    if len(av) < 2:
+      pp = C.getpass("Enter passphrase `%s': " % tag)
+      vpp = C.getpass("Confirm passphrase `%s': " % tag)
+      if pp != vpp: die("passphrases don't match")
+    elif av[1] == '-':
+      pp = stdin.readline().rstrip('\n')
+    else:
+      pp = av[1]
+    pw[av[0]] = pp

 
 def cmd_copy(av):
 
 def cmd_copy(av):

-  if len(av) < 1 or len(av) > 2:
-    return 1
-  pw_in = PW(file)
-  pw_out = PW(av[0], 'w')
-  if len(av) >= 3:
-    pat = av[1]
-  else:
-    pat = None
-  for k in pw_in:
-    if pat is None or fnmatch(k, pat):
-      pw_out[k] = pw_in[k]
+  if len(av) < 1 or len(av) > 2: return 1
+  with PW(file) as pw_in:
+    with PW(av[0], writep = True) as pw_out:
+      if len(av) >= 3: pat = av[1]
+      else: pat = None
+      for k in pw_in:
+        if pat is None or fnmatch(k, pat): pw_out[k] = pw_in[k]

 
 def cmd_list(av):
 
 def cmd_list(av):

-  if len(av) > 1:
-    return 1
-  pw = PW(file)
-  if len(av) >= 1:
-    pat = av[0]
-  else:
-    pat = None
-  for k in pw:
-    if pat is None or fnmatch(k, pat):
-      print k
+  if len(av) > 1: return 1
+  with PW(file) as pw:
+    if len(av) >= 1: pat = av[0]
+    else: pat = None
+    for k in pw:
+      if pat is None or fnmatch(k, pat): print k

 
 def cmd_topixie(av):
 
 def cmd_topixie(av):

-  if len(av) > 2:
-    return 1
-  pw = PW(file)
-  pix = C.Pixie()
-  if len(av) == 0:
-    for tag in pw:
-      pix.set(tag, pw[tag])
-  else:
-    tag = av[0]
-    if len(av) >= 2:
-      pptag = av[1]
+  if len(av) > 2: return 1
+  with PW(file) as pw:
+    pix = C.Pixie()
+    if len(av) == 0:
+      for tag in pw: pix.set(tag, pw[tag])

     else:
     else:

-      pptag = av[0]
-    pix.set(pptag, pw[tag])
+      tag = av[0]
+      if len(av) >= 2: pptag = av[1]
+      else: pptag = av[0]
+      pix.set(pptag, pw[tag])

 
 def cmd_del(av):
 
 def cmd_del(av):

-  if len(av) != 1:
-    return 1
-  pw = PW(file, 'w')
-  tag = av[0]
-  try:
-    del pw[tag]
-  except KeyError, exc:
-    die('Password `%s\' not found.' % exc.args[0])
-
-def asciip(s):
-  for ch in s:
-    if ch < ' ' or ch > '~': return False
-  return True
-def present(s):
-  if asciip(s): return s
-  return C.ByteString(s)
-def cmd_dump(av):
-  db = gdbm.open(file, 'r')
-  k = db.firstkey()
-  while True:
-    if k is None: break
-    print '%r: %r' % (present(k), present(db[k]))
-    k = db.nextkey(k)
+  if len(av) != 1: return 1
+  with PW(file, writep = True) as pw:
+    tag = av[0]
+    try: del pw[tag]
+    except KeyError, exc: die("Password `%s' not found" % exc.args[0])
+
+def cmd_xfer(av):
+
+  ## Parse the command line.
+  try: opts, args = getopt(av, 'd:', ['database='])
+  except GetoptError: return 1
+  dbty = 'flat'
+  for o, a in opts:
+    if o in ('-d', '--database'): dbty = a
+    else: raise 'Barf!'
+  if len(args) != 1: return 1
+  try: dbcls = StorageBackend.byname(dbty)
+  except KeyError: die("Unknown database backend `%s'" % dbty)
+
+  ## Create the target database.
+  with StorageBackend.open(file) as db_in:
+    with dbcls.create(args[0]) as db_out:
+      for k, v in db_in.iter_meta(): db_out.put_meta(k, v)
+      for k, v in db_in.iter_passwds(): db_out.put_passwd(k, v)

 
 commands = { 'create': [cmd_create,
 
 commands = { 'create': [cmd_create,

-                        '[-c CIPHER] [-h HASH] [-m MAC] [PP-TAG]'],
+                        '[-c CIPHER] [-d DBTYPE] [-h HASH] [-m MAC] [PP-TAG]'],

              'find' : [cmd_find, 'LABEL'],
              'store' : [cmd_store, 'LABEL [VALUE]'],
              'list' : [cmd_list, '[GLOB-PATTERN]'],
              'find' : [cmd_find, 'LABEL'],
              'store' : [cmd_store, 'LABEL [VALUE]'],
              'list' : [cmd_list, '[GLOB-PATTERN]'],


@@ -174,16 +175,23 @@ commands = { 'create': [cmd_create,
              'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
              'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
              'delete' : [cmd_del, 'TAG'],
              'copy' : [cmd_copy, 'DEST-FILE [GLOB-PATTERN]'],
              'to-pixie' : [cmd_topixie, '[TAG [PIXIE-TAG]]'],
              'delete' : [cmd_del, 'TAG'],

-             'dump' : [cmd_dump, '']}
+             'xfer': [cmd_xfer, '[-d DBTYPE] DEST-FILE'] }
+
+###--------------------------------------------------------------------------
+### Command-line handling and dispatch.

 
 def version():
   print '%s 1.0.0' % prog
 
 def version():
   print '%s 1.0.0' % prog

+  print 'Backend types: %s' % \
+      ' '.join([c.NAME for c in StorageBackend.classes()])
+

 def usage(fp):
   print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog
 def usage(fp):
   print >>fp, 'Usage: %s COMMAND [ARGS...]' % prog

+

 def help():
   version()
   print
 def help():
   version()
   print

-  usage(stdout)  
+  usage(stdout)

   print '''
 Maintains passwords or other short secrets securely.
 
   print '''
 Maintains passwords or other short secrets securely.
 


@@ -197,12 +205,18 @@ Options:
 
 Commands provided:
 '''
 
 Commands provided:
 '''

-  for c in commands:
+  for c in sorted(commands):

     print '%s %s' % (c, commands[c][1])
 
     print '%s %s' % (c, commands[c][1])
 

+## Choose a default database file.
+if 'PWSAFE' in environ:
+  file = environ['PWSAFE']
+else:
+  file = '%s/.pwsafe' % environ['HOME']
+
+## Parse the command-line options.

 try:
 try:

-  opts, argv = getopt(argv[1:],
-                      'hvuf:',
+  opts, argv = getopt(argv[1:], 'hvuf:',

                       ['help', 'version', 'usage', 'file='])
 except GetoptError:
   usage(stderr)
                       ['help', 'version', 'usage', 'file='])
 except GetoptError:
   usage(stderr)


@@ -225,11 +239,17 @@ if len(argv) < 1:
   usage(stderr)
   exit(1)
 
   usage(stderr)
   exit(1)
 

+## Dispatch to a command handler.

 if argv[0] in commands:
   c = argv[0]
   argv = argv[1:]
 else:
   c = 'find'
 if argv[0] in commands:
   c = argv[0]
   argv = argv[1:]
 else:
   c = 'find'

-if commands[c][0](argv):
-  print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
-  exit(1)
+try:
+  if commands[c][0](argv):
+    print >>stderr, 'Usage: %s %s %s' % (prog, c, commands[c][1])
+    exit(1)
+except DecryptError:
+  die("decryption failure")
+
+###----- That's all, folks --------------------------------------------------