2015-07-03 18:59:27 +00:00
|
|
|
#!/usr/bin/env bash
|
2015-07-02 02:03:55 +00:00
|
|
|
#
|
2015-10-31 04:08:51 +00:00
|
|
|
# Script for managing passwords in a GunPG symmetrically encrypted file.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
set -o errtrace
|
2015-07-02 02:03:55 +00:00
|
|
|
set -o nounset
|
2015-07-03 02:56:16 +00:00
|
|
|
set -o pipefail
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-10-31 04:08:51 +00:00
|
|
|
filter="$(command -v grep) --invert-match --regexp"
|
|
|
|
gpg="$(command -v gpg || command -v gpg2)"
|
|
|
|
safe="${PWDSH_SAFE:=pwd.sh.safe}"
|
2015-07-02 02:03:55 +00:00
|
|
|
|
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
fail () {
|
|
|
|
# Print an error message and exit.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 16:37:16 +00:00
|
|
|
tput setaf 1 ; echo "Error: ${1}" ; tput sgr0
|
2015-07-03 02:56:16 +00:00
|
|
|
exit 1
|
|
|
|
}
|
2015-07-02 02:03:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
get_pass () {
|
2015-07-03 02:56:16 +00:00
|
|
|
# Prompt for a password.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 13:07:54 +00:00
|
|
|
password=''
|
2015-07-03 02:56:16 +00:00
|
|
|
prompt="${1}"
|
2015-07-31 04:53:28 +00:00
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
while IFS= read -p "${prompt}" -r -s -n 1 char ; do
|
2015-07-03 13:07:54 +00:00
|
|
|
if [[ ${char} == $'\0' ]] ; then
|
|
|
|
break
|
2015-07-03 17:05:06 +00:00
|
|
|
elif [[ ${char} == $'\177' ]] ; then
|
|
|
|
if [[ -z "${password}" ]] ; then
|
|
|
|
prompt=""
|
2015-07-03 13:07:54 +00:00
|
|
|
else
|
|
|
|
prompt=$'\b \b'
|
|
|
|
password="${password%?}"
|
2015-07-02 02:03:55 +00:00
|
|
|
fi
|
2015-07-03 13:07:54 +00:00
|
|
|
else
|
2015-07-03 17:05:06 +00:00
|
|
|
prompt="*"
|
2015-07-03 02:56:16 +00:00
|
|
|
password+="${char}"
|
2015-07-03 13:07:54 +00:00
|
|
|
fi
|
2015-07-02 02:03:55 +00:00
|
|
|
done
|
2015-07-03 02:56:16 +00:00
|
|
|
|
2015-10-31 04:08:51 +00:00
|
|
|
if [[ -z "${password}" ]] ; then
|
2015-07-03 02:56:16 +00:00
|
|
|
fail "No password provided"
|
|
|
|
fi
|
2015-07-02 02:03:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
decrypt () {
|
2015-07-03 02:56:16 +00:00
|
|
|
# Decrypt with a password.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 18:08:15 +00:00
|
|
|
echo "${1}" | ${gpg} \
|
2015-07-02 02:03:55 +00:00
|
|
|
--decrypt --armor --batch \
|
2015-07-03 18:08:15 +00:00
|
|
|
--passphrase-fd 0 "${2}" 2>/dev/null
|
2015-07-02 02:03:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
encrypt () {
|
2015-07-03 02:56:16 +00:00
|
|
|
# Encrypt with a password.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 18:16:53 +00:00
|
|
|
${gpg} \
|
2015-07-03 02:56:16 +00:00
|
|
|
--symmetric --armor --batch --yes \
|
2015-07-03 18:54:08 +00:00
|
|
|
--passphrase-fd 3 \
|
|
|
|
--output "${2}" "${3}" 3< <(echo "${1}")
|
2015-07-02 02:03:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
read_pass () {
|
2015-07-03 02:56:16 +00:00
|
|
|
# Read a password from safe.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-08-07 18:11:11 +00:00
|
|
|
if [[ ! -s ${safe} ]] ; then
|
|
|
|
fail "No passwords found"
|
|
|
|
fi
|
|
|
|
|
2015-07-31 04:08:43 +00:00
|
|
|
if [[ -z "${2+x}" ]] ; then
|
|
|
|
read -p "
|
|
|
|
Username to read? (default: all) " username
|
|
|
|
else
|
2015-08-07 18:11:11 +00:00
|
|
|
username="${2}"
|
2015-07-31 04:08:43 +00:00
|
|
|
fi
|
|
|
|
|
2015-10-31 04:08:51 +00:00
|
|
|
if [[ -z "${username}" || "${username}" == "all" ]] ; then
|
2015-07-03 04:16:37 +00:00
|
|
|
username=""
|
|
|
|
fi
|
|
|
|
|
2015-08-07 18:11:11 +00:00
|
|
|
get_pass "
|
2015-07-03 21:03:26 +00:00
|
|
|
Enter password to unlock ${safe}: "
|
2015-08-07 18:11:11 +00:00
|
|
|
printf "\n\n"
|
|
|
|
decrypt ${password} ${safe} | grep " ${username}" || fail "Decryption failed"
|
2015-07-02 02:03:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
gen_pass () {
|
|
|
|
# Generate a password.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 21:03:26 +00:00
|
|
|
len=50
|
2015-07-03 15:49:38 +00:00
|
|
|
max=100
|
2015-07-31 04:35:35 +00:00
|
|
|
|
|
|
|
if [[ -z "${3+x}" ]] ; then
|
|
|
|
read -p "
|
2015-07-03 21:03:26 +00:00
|
|
|
Password length? (default: ${len}, max: ${max}) " length
|
2015-07-31 04:35:35 +00:00
|
|
|
else
|
|
|
|
length="${3}"
|
|
|
|
fi
|
2015-07-02 02:31:38 +00:00
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
if [[ ${length} =~ ^[0-9]+$ ]] ; then
|
|
|
|
len=${length}
|
2015-07-02 02:03:55 +00:00
|
|
|
fi
|
2015-07-03 02:56:16 +00:00
|
|
|
|
2015-07-03 04:29:12 +00:00
|
|
|
# base64: 4 characters for every 3 bytes
|
2015-10-31 04:08:51 +00:00
|
|
|
${gpg} --gen-random --armor 0 "$((${max} * 3/4))" | cut -c -${len}
|
2015-08-07 18:24:08 +00:00
|
|
|
}
|
2015-07-02 02:31:38 +00:00
|
|
|
|
|
|
|
|
|
|
|
write_pass () {
|
2015-07-03 02:56:16 +00:00
|
|
|
# Write a password in safe.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
# If no password provided, clear the entry by writing an empty line.
|
2015-10-31 04:08:51 +00:00
|
|
|
if [[ -z "${userpass+x}" ]] ; then
|
|
|
|
entry=" "
|
2015-07-03 02:56:16 +00:00
|
|
|
else
|
2015-10-31 04:08:51 +00:00
|
|
|
entry="${userpass} ${username}"
|
2015-07-02 02:31:38 +00:00
|
|
|
fi
|
|
|
|
|
2015-07-03 21:03:26 +00:00
|
|
|
get_pass "
|
|
|
|
Enter password to unlock ${safe}: " ; echo
|
2015-07-03 02:56:16 +00:00
|
|
|
|
|
|
|
# If safe exists, decrypt it and filter out username, or bail on error.
|
2015-10-31 04:08:51 +00:00
|
|
|
# If successful, append entry, or blank line.
|
2015-07-03 02:56:16 +00:00
|
|
|
# Filter out any blank lines.
|
|
|
|
# Finally, encrypt it all to a new safe file, or fail.
|
|
|
|
# If successful, update to new safe file.
|
2015-10-31 04:08:51 +00:00
|
|
|
( if [[ -f "${safe}" ]] ; then
|
2015-07-03 02:56:16 +00:00
|
|
|
decrypt ${password} ${safe} | \
|
2015-10-31 04:08:51 +00:00
|
|
|
${filter} " ${username}$" || return
|
2015-07-03 02:56:16 +00:00
|
|
|
fi ; \
|
2015-10-31 04:08:51 +00:00
|
|
|
echo "${entry}") | \
|
|
|
|
${filter} "^[[:space:]]*$" | \
|
2015-07-03 02:56:16 +00:00
|
|
|
encrypt ${password} ${safe}.new - || fail "Write to safe failed"
|
|
|
|
mv ${safe}.new ${safe}
|
2015-07-02 02:03:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-03 02:56:16 +00:00
|
|
|
create_username () {
|
2015-10-31 04:08:51 +00:00
|
|
|
# Create username with password.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-31 04:08:43 +00:00
|
|
|
if [[ -z "${2+x}" ]] ; then
|
2015-07-31 04:53:28 +00:00
|
|
|
read -p "
|
2015-07-03 21:03:26 +00:00
|
|
|
Username: " username
|
2015-07-31 04:35:35 +00:00
|
|
|
else
|
2015-07-31 04:53:28 +00:00
|
|
|
username="${2}"
|
2015-07-31 04:35:35 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ -z "${3+x}" ]] ; then
|
2015-07-31 04:53:28 +00:00
|
|
|
read -p "
|
2015-07-03 21:03:26 +00:00
|
|
|
Generate password? (y/n, default: y) " rand_pass
|
2015-07-31 04:08:43 +00:00
|
|
|
else
|
2015-07-31 04:53:28 +00:00
|
|
|
rand_pass=""
|
2015-07-31 04:08:43 +00:00
|
|
|
fi
|
2015-07-03 21:03:26 +00:00
|
|
|
|
2015-07-08 08:19:04 +00:00
|
|
|
if [[ "${rand_pass}" =~ ^([nN][oO]|[nN])$ ]]; then
|
2015-07-03 21:03:26 +00:00
|
|
|
get_pass "
|
|
|
|
Enter password for \"${username}\": " ; echo
|
2015-08-07 18:24:08 +00:00
|
|
|
userpass=${password}
|
2015-07-02 02:03:55 +00:00
|
|
|
else
|
2015-07-31 04:35:35 +00:00
|
|
|
userpass=$(gen_pass "$@")
|
2015-08-07 18:20:21 +00:00
|
|
|
if [[ -z "${4+x}" || ! "${4}" =~ ^([qQ])$ ]] ; then
|
|
|
|
echo "
|
2015-07-03 21:03:26 +00:00
|
|
|
Password: ${userpass}"
|
2015-08-07 18:20:21 +00:00
|
|
|
fi
|
2015-07-02 02:03:55 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
sanity_check () {
|
2015-10-31 04:08:51 +00:00
|
|
|
# Make sure required programs are installed and are executable.
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-02 21:47:32 +00:00
|
|
|
if [[ -z ${gpg} && ! -x ${gpg} ]] ; then
|
2015-07-03 02:56:16 +00:00
|
|
|
fail "GnuPG is not available"
|
2015-07-02 02:03:55 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-07-02 21:47:32 +00:00
|
|
|
sanity_check
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-31 04:08:43 +00:00
|
|
|
if [[ -z "${1+x}" ]] ; then
|
2015-07-31 04:53:28 +00:00
|
|
|
read -n 1 -p "
|
2015-07-31 04:08:43 +00:00
|
|
|
Read, write, or delete password? (r/w/d, default: r) " action
|
2015-07-31 04:53:28 +00:00
|
|
|
printf "\n"
|
2015-07-27 11:58:43 +00:00
|
|
|
else
|
2015-07-31 04:53:28 +00:00
|
|
|
action="${1}"
|
2015-07-27 11:58:43 +00:00
|
|
|
fi
|
2015-07-03 02:56:16 +00:00
|
|
|
|
2015-07-08 08:19:04 +00:00
|
|
|
if [[ "${action}" =~ ^([wW])$ ]] ; then
|
2015-07-31 04:08:43 +00:00
|
|
|
create_username "$@"
|
|
|
|
write_pass
|
|
|
|
|
2015-07-08 08:19:04 +00:00
|
|
|
elif [[ "${action}" =~ ^([dD])$ ]] ; then
|
2015-07-31 04:08:43 +00:00
|
|
|
if [[ -z "${2+x}" ]] ; then
|
|
|
|
read -p "
|
|
|
|
Username to delete? " username
|
|
|
|
else
|
2015-07-31 04:53:28 +00:00
|
|
|
username="${2}"
|
2015-07-31 04:08:43 +00:00
|
|
|
fi
|
|
|
|
write_pass
|
|
|
|
|
2015-07-02 21:47:32 +00:00
|
|
|
else
|
2015-07-31 04:08:43 +00:00
|
|
|
read_pass "$@"
|
2015-07-02 21:47:32 +00:00
|
|
|
fi
|
2015-07-02 02:03:55 +00:00
|
|
|
|
2015-07-03 21:03:26 +00:00
|
|
|
tput setaf 2 ; echo "
|
|
|
|
Done" ; tput sgr0
|
2015-07-03 02:56:16 +00:00
|
|
|
|