From 2efb67526023decffad9756f735d325fd6dc7b54 Mon Sep 17 00:00:00 2001 From: girst Date: Sat, 13 Feb 2016 21:05:18 +0100 Subject: [PATCH] removed pass-modified; added patcher and installer --- COPYING_passwordstore | 355 ------------------------- hardpass-demo.sh | 10 +- pass-modified | 603 ------------------------------------------ 3 files changed, 5 insertions(+), 963 deletions(-) delete mode 100644 COPYING_passwordstore delete mode 100755 pass-modified diff --git a/COPYING_passwordstore b/COPYING_passwordstore deleted file mode 100644 index bacd3ea..0000000 --- a/COPYING_passwordstore +++ /dev/null @@ -1,355 +0,0 @@ -Password Store is Copyright (C) 2012 Jason A. Donenfeld . All Rights Reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. - - diff --git a/hardpass-demo.sh b/hardpass-demo.sh index 2e75514..2999918 100644 --- a/hardpass-demo.sh +++ b/hardpass-demo.sh @@ -3,11 +3,11 @@ # this is a demo that fetches a password from the password store (must be initialized) and types it over the usb-hid interface to the host computer. # see github.com/girst/hardpass -> readme for how to initialize the driver. - sudo ./scan /dev/hidg0 2 2 $(PASS_GPG_PHRASE=123456789 pass show github.com/girst|head -n 1) -#`--´ `----´ `--------´ ^ ^ `-------´ `--------------´ `-------´ -# | | | | | | | | -# | | | | | | | '>make sure to only fetch the first line (containing the password) -# | | | | |'>unicode method '>demo password '>passwordstore-entry + sudo ./scan /dev/hidg0 2 2 $(PASSWORD_STORE_GPG_OPTS="--passphrase 123456789" pass show github.com/girst|head -n 1) +#`--´ `----´ `--------´ ^ ^ `-------´ `--------------´ `-------´ +# | | | | | | | | +# | | | | | | | '>make sure to only fetch the first line (containing the password) +# | | | | |'>unicode method '>demo password '>passwordstore-entry # | | | '>keyboard layout # | | '>device file created by the libcomposite driver # | '>name of the executable i wrote diff --git a/pass-modified b/pass-modified deleted file mode 100755 index 567c2cd..0000000 --- a/pass-modified +++ /dev/null @@ -1,603 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (C) 2012 - 2014 Jason A. Donenfeld . All Rights Reserved. -# This file is licensed under the GPLv2+. Please see COPYING for more information. - -# modified by tobias girstmair for the hardpass project at github.com/girst/hardpass -# pass show displays a 'flat' list of all passwords, for easier scripting and uses a -# new variable $PASS_GPG_PHRASE which can handle the master password instead of gpg- -# agent, which is hard to script. Usage: PASS_GPG_PHRASE='Pa$$w0rd' pass show github/girst - -umask "${PASSWORD_STORE_UMASK:-077}" -set -o pipefail - -GPG_OPTS=( "--quiet" "--yes" "--compress-algo=none" "--no-encrypt-to" "--passphrase" $PASS_GPG_PHRASE) -GPG="gpg" -export GPG_TTY="${GPG_TTY:-$(tty 2>/dev/null)}" -which gpg2 &>/dev/null && GPG="gpg2" -[[ -n $GPG_AGENT_INFO || $GPG == "gpg2" ]] && GPG_OPTS+=( "--batch" "--use-agent" ) - -PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" -X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" -CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" - -export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git" -export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}" - -# -# BEGIN helper functions -# - -git_add_file() { - [[ -d $GIT_DIR ]] || return - git add "$1" || return - [[ -n $(git status --porcelain "$1") ]] || return - git_commit "$2" -} -git_commit() { - local sign="" - [[ -d $GIT_DIR ]] || return - [[ $(git config --bool --get pass.signcommits) == "true" ]] && sign="-S" - git commit $sign -m "$1" -} -yesno() { - [[ -t 0 ]] || return 0 - local response - read -r -p "$1 [y/N] " response - [[ $response == [yY] ]] || exit 1 -} -die() { - echo "$@" >&2 - exit 1 -} -set_gpg_recipients() { - GPG_RECIPIENT_ARGS=( ) - GPG_RECIPIENTS=( ) - - if [[ -n $PASSWORD_STORE_KEY ]]; then - for gpg_id in $PASSWORD_STORE_KEY; do - GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" ) - GPG_RECIPIENTS+=( "$gpg_id" ) - done - return - fi - - local current="$PREFIX/$1" - while [[ $current != "$PREFIX" && ! -f $current/.gpg-id ]]; do - current="${current%/*}" - done - current="$current/.gpg-id" - - if [[ ! -f $current ]]; then - cat >&2 <<-_EOF - Error: You must run: - $PROGRAM init your-gpg-id - before you may use the password store. - - _EOF - cmd_usage - exit 1 - fi - - local gpg_id - while read -r gpg_id; do - GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" ) - GPG_RECIPIENTS+=( "$gpg_id" ) - done < "$current" -} - -reencrypt_path() { - local prev_gpg_recipients="" gpg_keys="" current_keys="" index passfile - local groups="$($GPG --list-config --with-colons | grep "^cfg:group:.*")" - while read -r -d "" passfile; do - local passfile_dir="${passfile%/*}" - passfile_dir="${passfile_dir#$PREFIX}" - passfile_dir="${passfile_dir#/}" - local passfile_display="${passfile#$PREFIX/}" - passfile_display="${passfile_display%.gpg}" - local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" - - set_gpg_recipients "$passfile_dir" - if [[ $prev_gpg_recipients != "${GPG_RECIPIENTS[*]}" ]]; then - for index in "${!GPG_RECIPIENTS[@]}"; do - local group="$(sed -n "s/^cfg:group:$(sed 's/[\/&]/\\&/g' <<<"${GPG_RECIPIENTS[$index]}"):\\(.*\\)\$/\\1/p" <<<"$groups" | head -n 1)" - [[ -z $group ]] && continue - IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 - unset GPG_RECIPIENTS[$index] - done - gpg_keys="$($GPG --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" - fi - current_keys="$($GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" - - if [[ $gpg_keys != "$current_keys" ]]; then - echo "$passfile_display: reencrypting to ${gpg_keys//$'\n'/ }" - $GPG -d "${GPG_OPTS[@]}" "$passfile" | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}" && - mv "$passfile_temp" "$passfile" || rm -f "$passfile_temp" - fi - prev_gpg_recipients="${GPG_RECIPIENTS[*]}" - done < <(find "$1" -iname '*.gpg' -print0) -} -check_sneaky_paths() { - local path - for path in "$@"; do - [[ $path =~ /\.\.$ || $path =~ ^\.\./ || $path =~ /\.\./ || $path =~ ^\.\.$ ]] && die "Error: You've attempted to pass a sneaky path to pass. Go home." - done -} - -# -# END helper functions -# - -# -# BEGIN platform definable -# - -clip() { - # This base64 business is because bash cannot store binary data in a shell - # variable. Specifically, it cannot store nulls nor (non-trivally) store - # trailing new lines. - local sleep_argv0="password store sleep on display $DISPLAY" - pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5 - local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)" - echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard" - ( - ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" ) - local now="$(xclip -o -selection "$X_SELECTION" | base64)" - [[ $now != $(echo -n "$1" | base64) ]] && before="$now" - - # It might be nice to programatically check to see if klipper exists, - # as well as checking for other common clipboard managers. But for now, - # this works fine -- if qdbus isn't there or if klipper isn't running, - # this essentially becomes a no-op. - # - # Clipboard managers frequently write their history out in plaintext, - # so we axe it here: - qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null - - echo "$before" | base64 -d | xclip -selection "$X_SELECTION" - ) 2>/dev/null & disown - echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds." -} -tmpdir() { - [[ -n $SECURE_TMPDIR ]] && return - local warn=1 - [[ $1 == "nowarn" ]] && warn=0 - local template="$PROGRAM.XXXXXXXXXXXXX" - if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then - SECURE_TMPDIR="$(mktemp -d "/dev/shm/$template")" - remove_tmpfile() { - rm -rf "$SECURE_TMPDIR" - } - trap remove_tmpfile INT TERM EXIT - else - [[ $warn -eq 1 ]] && yesno "$(cat <<-_EOF - Your system does not have /dev/shm, which means that it may - be difficult to entirely erase the temporary non-encrypted - password file after editing. - - Are you sure you would like to continue? - _EOF - )" - SECURE_TMPDIR="$(mktemp -d "${TMPDIR:-/tmp}/$template")" - shred_tmpfile() { - find "$SECURE_TMPDIR" -type f -exec $SHRED {} + - rm -rf "$SECURE_TMPDIR" - } - trap shred_tmpfile INT TERM EXIT - fi - -} -GETOPT="getopt" -SHRED="shred -f -z" - - -# -# END platform definable -# - - -# -# BEGIN subcommand functions -# - -cmd_version() { - cat <<-_EOF - ============================================ - = pass: the standard unix password manager = - = = - = v1.6.5 = - = = - = Jason A. Donenfeld = - = Jason@zx2c4.com = - = = - = http://www.passwordstore.org/ = - ============================================ - _EOF -} - -cmd_usage() { - cmd_version - echo - cat <<-_EOF - Usage: - $PROGRAM init [--path=subfolder,-p subfolder] gpg-id... - Initialize new password storage and use gpg-id for encryption. - Selectively reencrypt existing passwords using new gpg-id. - $PROGRAM [ls] [subfolder] - List passwords. - $PROGRAM find pass-names... - List passwords that match pass-names. - $PROGRAM [show] [--clip,-c] pass-name - Show existing password and optionally put it on the clipboard. - If put on the clipboard, it will be cleared in $CLIP_TIME seconds. - $PROGRAM grep search-string - Search for password files containing search-string when decrypted. - $PROGRAM insert [--echo,-e | --multiline,-m] [--force,-f] pass-name - Insert new password. Optionally, echo the password back to the console - during entry. Or, optionally, the entry may be multiline. Prompt before - overwriting existing password unless forced. - $PROGRAM edit pass-name - Insert a new password or edit an existing password using ${EDITOR:-vi}. - $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name pass-length - Generate a new password of pass-length with optionally no symbols. - Optionally put it on the clipboard and clear board after $CLIP_TIME seconds. - Prompt before overwriting existing password unless forced. - Optionally replace only the first line of an existing file with a new password. - $PROGRAM rm [--recursive,-r] [--force,-f] pass-name - Remove existing password or directory, optionally forcefully. - $PROGRAM mv [--force,-f] old-path new-path - Renames or moves old-path to new-path, optionally forcefully, selectively reencrypting. - $PROGRAM cp [--force,-f] old-path new-path - Copies old-path to new-path, optionally forcefully, selectively reencrypting. - $PROGRAM git git-command-args... - If the password store is a git repository, execute a git command - specified by git-command-args. - $PROGRAM help - Show this text. - $PROGRAM version - Show version information. - - More information may be found in the pass(1) man page. - _EOF -} - -cmd_init() { - local opts id_path="" - opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -p|--path) id_path="$2"; shift 2 ;; - --) shift; break ;; - esac done - - [[ $err -ne 0 || $# -lt 1 ]] && die "Usage: $PROGRAM $COMMAND [--path=subfolder,-p subfolder] gpg-id..." - [[ -n $id_path ]] && check_sneaky_paths "$id_path" - [[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: $PREFIX/$id_path exists but is not a directory." - - local gpg_id="$PREFIX/$id_path/.gpg-id" - - if [[ $# -eq 1 && -z $1 ]]; then - [[ ! -f "$gpg_id" ]] && die "Error: $gpg_id does not exist and so cannot be removed." - rm -v -f "$gpg_id" || exit 1 - if [[ -d $GIT_DIR ]]; then - git rm -qr "$gpg_id" - git_commit "Deinitialize ${gpg_id}." - fi - rmdir -p "${gpg_id%/*}" 2>/dev/null - else - mkdir -v -p "$PREFIX/$id_path" - printf "%s\n" "$@" > "$gpg_id" - local id_print="$(printf "%s, " "$@")" - echo "Password store initialized for ${id_print%, }" - git_add_file "$gpg_id" "Set GPG id to ${id_print%, }." - fi - - reencrypt_path "$PREFIX/$id_path" - git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }." -} - -cmd_show() { - local opts clip=0 - opts="$($GETOPT -o c -l clip -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -c|--clip) clip=1; shift ;; - --) shift; break ;; - esac done - - [[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--clip,-c] [pass-name]" - - local path="$1" - local passfile="$PREFIX/$path.gpg" - check_sneaky_paths "$path" - if [[ -f $passfile ]]; then - if [[ $clip -eq 0 ]]; then - $GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $? - else - local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | head -n 1)" - [[ -n $pass ]] || exit 1 - clip "$pass" "$path" - fi - elif [[ -d $PREFIX/$path ]]; then - if [[ -z $path ]]; then - echo "Password Store">/dev/null - else - echo "${path%\/}" - fi - #tree -C -l --noreport "$PREFIX/$path" | tail -n +2 | sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' # remove .gpg at end of line, but keep colors - - tree -f -i -l --noreport "$PREFIX/$path" | tail -n +2 |grep "\.gpg"| sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' | sed "s|$PREFIX/||g" - - #find "$PREFIX/$path" -type f \( ! -iname ".*" \) not -iwholename '*.git*' | tail -n +2 | sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' | sed 's|'$PREFIX'/||' # remove .gpg at end of line, but keep colors - elif [[ -z $path ]]; then - die "Error: password store is empty. Try \"pass init\"." - else - die "Error: $path is not in the password store." - fi -} - -cmd_find() { - [[ -z "$@" ]] && die "Usage: $PROGRAM $COMMAND pass-names..." - IFS="," eval 'echo "Search Terms: $*"' - local terms="*$(printf '%s*|*' "$@")" - tree -n -f -i -l --noreport -P "${terms%|*}" --prune --matchdirs --ignore-case "$PREFIX" | tail -n +2 | sed 's/\.gpg\(\x1B\[[0-9]\+m\)\{0,1\}\( ->\|$\)/\1\2/g' -} - -cmd_grep() { - [[ $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND search-string" - local search="$1" passfile grepresults - while read -r -d "" passfile; do - grepresults="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | grep --color=always "$search")" - [ $? -ne 0 ] && continue - passfile="${passfile%.gpg}" - passfile="${passfile#$PREFIX/}" - local passfile_dir="${passfile%/*}/" - [[ $passfile_dir == "${passfile}/" ]] && passfile_dir="" - passfile="${passfile##*/}" - printf "\e[94m%s\e[1m%s\e[0m:\n" "$passfile_dir" "$passfile" - echo "$grepresults" - done < <(find -L "$PREFIX" -iname '*.gpg' -print0) -} - -cmd_insert() { - local opts multiline=0 noecho=1 force=0 - opts="$($GETOPT -o mef -l multiline,echo,force -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -m|--multiline) multiline=1; shift ;; - -e|--echo) noecho=0; shift ;; - -f|--force) force=1; shift ;; - --) shift; break ;; - esac done - - [[ $err -ne 0 || ( $multiline -eq 1 && $noecho -eq 0 ) || $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND [--echo,-e | --multiline,-m] [--force,-f] pass-name" - local path="$1" - local passfile="$PREFIX/$path.gpg" - check_sneaky_paths "$path" - - [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" - - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" - - if [[ $multiline -eq 1 ]]; then - echo "Enter contents of $path and press Ctrl+D when finished:" - echo - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" - elif [[ $noecho -eq 1 ]]; then - local password password_again - while true; do - read -r -p "Enter password for $path: " -s password || exit 1 - echo - read -r -p "Retype password for $path: " -s password_again || exit 1 - echo - if [[ $password == "$password_again" ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" - break - else - echo "Error: the entered passwords do not match." - fi - done - else - local password - read -r -p "Enter password for $path: " -e password - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$password" - fi - git_add_file "$passfile" "Add given password for $path to store." -} - -cmd_edit() { - [[ $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND pass-name" - - local path="$1" - check_sneaky_paths "$path" - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" - local passfile="$PREFIX/$path.gpg" - - tmpdir #Defines $SECURE_TMPDIR - local tmp_file="$(mktemp -u "$SECURE_TMPDIR/XXXXX")-${path//\//-}.txt" - - - local action="Add" - if [[ -f $passfile ]]; then - $GPG -d -o "$tmp_file" "${GPG_OPTS[@]}" "$passfile" || exit 1 - action="Edit" - fi - ${EDITOR:-vi} "$tmp_file" - [[ -f $tmp_file ]] || die "New password not saved." - $GPG -d -o - "${GPG_OPTS[@]}" "$passfile" | diff - "$tmp_file" &>/dev/null && die "Password unchanged." - while ! $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" "$tmp_file"; do - yesno "GPG encryption failed. Would you like to try again?" - done - git_add_file "$passfile" "$action password for $path using ${EDITOR:-vi}." -} - -cmd_generate() { - local opts clip=0 force=0 symbols="-y" inplace=0 - opts="$($GETOPT -o ncif -l no-symbols,clip,in-place,force -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -n|--no-symbols) symbols=""; shift ;; - -c|--clip) clip=1; shift ;; - -f|--force) force=1; shift ;; - -i|--in-place) inplace=1; shift ;; - --) shift; break ;; - esac done - - [[ $err -ne 0 || $# -ne 2 || ( $force -eq 1 && $inplace -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name pass-length" - local path="$1" - local length="$2" - check_sneaky_paths "$path" - [[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must be a number." - mkdir -p -v "$PREFIX/$(dirname "$path")" - set_gpg_recipients "$(dirname "$path")" - local passfile="$PREFIX/$path.gpg" - - [[ $inplace -eq 0 && $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" - - local pass="$(pwgen -s $symbols $length 1)" - [[ -n $pass ]] || exit 1 - if [[ $inplace -eq 0 ]]; then - $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" - else - local passfile_temp="${passfile}.tmp.${RANDOM}.${RANDOM}.${RANDOM}.${RANDOM}.--" - if $GPG -d "${GPG_OPTS[@]}" "$passfile" | sed $'1c \\\n'"$(sed 's/[\/&]/\\&/g' <<<"$pass")"$'\n' | $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile_temp" "${GPG_OPTS[@]}"; then - mv "$passfile_temp" "$passfile" - else - rm -f "$passfile_temp" - die "Could not reencrypt new password." - fi - fi - local verb="Add" - [[ $inplace -eq 1 ]] && verb="Replace" - git_add_file "$passfile" "$verb generated password for ${path}." - - if [[ $clip -eq 0 ]]; then - printf "\e[1m\e[37mThe generated password for \e[4m%s\e[24m is:\e[0m\n\e[1m\e[93m%s\e[0m\n" "$path" "$pass" - else - clip "$pass" "$path" - fi -} - -cmd_delete() { - local opts recursive="" force=0 - opts="$($GETOPT -o rf -l recursive,force -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -r|--recursive) recursive="-r"; shift ;; - -f|--force) force=1; shift ;; - --) shift; break ;; - esac done - [[ $# -ne 1 ]] && die "Usage: $PROGRAM $COMMAND [--recursive,-r] [--force,-f] pass-name" - local path="$1" - check_sneaky_paths "$path" - - local passfile="$PREFIX/${path%/}" - if [[ ! -d $passfile ]]; then - passfile="$PREFIX/$path.gpg" - [[ ! -f $passfile ]] && die "Error: $path is not in the password store." - fi - - [[ $force -eq 1 ]] || yesno "Are you sure you would like to delete $path?" - - rm $recursive -f -v "$passfile" - if [[ -d $GIT_DIR && ! -e $passfile ]]; then - git rm -qr "$passfile" - git_commit "Remove $path from store." - fi - rmdir -p "${passfile%/*}" 2>/dev/null -} - -cmd_copy_move() { - local opts move=1 force=0 - [[ $1 == "copy" ]] && move=0 - shift - opts="$($GETOPT -o f -l force -n "$PROGRAM" -- "$@")" - local err=$? - eval set -- "$opts" - while true; do case $1 in - -f|--force) force=1; shift ;; - --) shift; break ;; - esac done - [[ $# -ne 2 ]] && die "Usage: $PROGRAM $COMMAND [--force,-f] old-path new-path" - check_sneaky_paths "$@" - local old_path="$PREFIX/${1%/}" - local new_path="$PREFIX/$2" - local old_dir="$old_path" - - if [[ ! -d $old_path ]]; then - old_dir="${old_path%/*}" - old_path="${old_path}.gpg" - [[ ! -f $old_path ]] && die "Error: $1 is not in the password store." - fi - - mkdir -p -v "${new_path%/*}" - [[ -d $old_path || -d $new_path || $new_path =~ /$ ]] || new_path="${new_path}.gpg" - - local interactive="-i" - [[ ! -t 0 || $force -eq 1 ]] && interactive="-f" - - if [[ $move -eq 1 ]]; then - mv $interactive -v "$old_path" "$new_path" || exit 1 - [[ -e "$new_path" ]] && reencrypt_path "$new_path" - - if [[ -d $GIT_DIR && ! -e $old_path ]]; then - git rm -qr "$old_path" - git_add_file "$new_path" "Rename ${1} to ${2}." - fi - rmdir -p "$old_dir" 2>/dev/null - else - cp $interactive -r -v "$old_path" "$new_path" || exit 1 - [[ -e "$new_path" ]] && reencrypt_path "$new_path" - git_add_file "$new_path" "Copy ${1} to ${2}." - fi -} - -cmd_git() { - if [[ $1 == "init" ]]; then - git "$@" || exit 1 - git_add_file "$PREFIX" "Add current contents of password store." - - echo '*.gpg diff=gpg' > "$PREFIX/.gitattributes" - git_add_file .gitattributes "Configure git repository for gpg file diff." - git config --local diff.gpg.binary true - git config --local diff.gpg.textconv "$GPG -d ${GPG_OPTS[*]}" - elif [[ -d $GIT_DIR ]]; then - tmpdir nowarn #Defines $SECURE_TMPDIR. We don't warn, because at most, this only copies encrypted files. - export TMPDIR="$SECURE_TMPDIR" - git "$@" - else - die "Error: the password store is not a git repository. Try \"$PROGRAM git init\"." - fi -} - -# -# END subcommand functions -# - -PROGRAM="${0##*/}" -COMMAND="$1" - -case "$1" in - init) shift; cmd_init "$@" ;; - help|--help) shift; cmd_usage "$@" ;; - version|--version) shift; cmd_version "$@" ;; - show|ls|list) shift; cmd_show "$@" ;; - find|search) shift; cmd_find "$@" ;; - grep) shift; cmd_grep "$@" ;; - insert|add) shift; cmd_insert "$@" ;; - edit) shift; cmd_edit "$@" ;; - generate) shift; cmd_generate "$@" ;; - delete|rm|remove) shift; cmd_delete "$@" ;; - rename|mv) shift; cmd_copy_move "move" "$@" ;; - copy|cp) shift; cmd_copy_move "copy" "$@" ;; - git) shift; cmd_git "$@" ;; - *) COMMAND="show"; cmd_show "$@" ;; -esac -exit 0 -- 2.39.3