This commit is contained in:
emdee 2024-01-04 14:51:14 +00:00
parent ba45bc5a3e
commit e1c072cf16
153 changed files with 19759 additions and 0 deletions

View File

@ -0,0 +1,152 @@
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PROG=gridfire
BOX_OS_FLAVOR="$$(cat /etc/hostname)"
OVERLAY=/var/local/share/genkernel/overlay/
PYVER=3
ROLE=gpgkey
TMPDIR=/mnt/tmp/Pentoo19/pyi
build=${TMPDIR}/build/build-$(BOX_OS_FLAVOR)
dist=dist/dist-$(BOX_OS_FLAVOR)
BINS=\
gridfire \
gridfire.bash \
truecrypt-console.bash \
veracrypt-console.bash \
truecrypt.bash \
veracrypt.bash \
veracrypt-create.bash \
keepassxc-cli.bash \
pinentry_gridfire.bash \
pinentry3.bash \
pyassuan_password.bash \
pyassuan_keepassxc-cli.bash \
gridfire_ansible-vault.py \
gridfire_ansible-vault.bash \
gridfire_keepassxc-cli.bash \
gridfire_keepassxc.bash \
keyring_gridfire.bash \
gridfire_kpsh.bash \
gridfire_openssl.bash \
gridfire_secret-tool.bash \
gridfire_staticgpg.bash \
gridfire_tomb.bash \
gridfire_truecrypt.bash \
gridfire_veracrypt.bash \
gridfire_truecrypt-console.bash \
gridfire_veracrypt-console.bash \
pinentry_gridfire.py \
gpgkey_pinentry_test.exp
refresh:: install_bins
install:: $(dist)/$(PROG).pex
sh pykeepass.bash
python3.sh -c 'from keyring_keyutils import backend' || \
python-keyring-keyutils.bash
cd keepassxc_cmd2 && env PWD=${PWD}/keepassxc_cmd2 $(MAKE) $(FLAGS) $@
# sh pyassuan.bash
[ -f /usr/local/bin/get-info.py -a /usr/local/bin/pinentry.py -a \
-e /usr/local/lib/python3.8/site-packages/pyassuan-0.2-py3.8.egg-info ] || \
( cd /usr/local/src/gridfire/TremilyUsPyassuan && \
python3.sh setup.py install --prefix=/usr/local ) \
2>&1|tee install.log
$(MAKE) $(MFLAGS) overlay
update:: install install_bins pyi # cxFreeze pex
$(PROG).spec.Linux::
[ -f $(PROG).spec ] || pyi-makespec ./$(PROG).py -F -c
[ -f $(PROG).spec.Linux ] || cp -p $(PROG).spec $(PROG).spec.Linux
$(PROG).spec.Msys:: $(PROG).spec.Linux
grep -q $$PWD $(PROG).spec || sed -e "s@pathex=.'.*'.@pathex=['$$PWD']@" \
< $(PROG).spec.Linux > $(PROG).spec.Msys
pyi:: $(dist)/$(PROG).pyi
$(dist)/$(PROG).pyi::
[ -d $(build) ] || mkdir -p $(build)
[ -d $(dist) ] || mkdir -p $(dist)
[ -e $(dist)/$(PROG).pyi -a $(dist)/$(PROG).pyi -nt ./$(PROG).py ] || \
pyinstaller --distpath $(dist) --workpath $(build) \
--exclude tkinter --exclude matplotlib --exclude ctypes \
--exclude twisted --exclude jedi --exclude jaraco \
--exclude sphinx --exclude coverage --exclude nose \
--exclude PIL --exclude numpy --exclude OpenGL \
--exclude PySide2 --exclude PyQt5 --exclude IPython \
--onefile -c --ascii \
--name $(PROG)_pyi-$(BOX_OS_FLAVOR) $(PROG).py \
>> $(dist)/$(PROG).log 2>&1
[ ! -f $(dist)/$(PROG).log ] || ! grep ERROR: $(dist)/$(PROG).log
overlay::
[ -x $(OVERLAY)/bin/$(PROG) -a $(OVERLAY)/bin/$(PROG) -nt $(dist)/$(PROG) ] || \
cp -p $(dist)/$(PROG) $(OVERLAY)/bin/$(PROG)
[ -x $(OVERLAY)/bin/keyctl -a $(OVERLAY)/bin/keyctl -nt /bin/keyctl ] || \
cp -p /bin/keyctl $(OVERLAY)/bin/keyctl
dont_install::
[ -f ../../bin/$(PROG).sh -a ../../bin/$(PROG).sh -nt ./bin/$(PROG).sh ] || \
cp -p ./bin/$(PROG).sh ../../bin/$(PROG).sh
install_bins:: install bins
$(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
bins::
for elt in ${BINS} ; do \
[ -f ../../bin/$$elt -a ../../bin/$$elt -nt bin/$$elt ] || \
{ cp -p bin/$$elt ../../bin/$$elt ; \
echo bin/$$elt ; \
chmod 775 ../../bin/$$elt ; } ; \
done
[ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) ] || \
[ -x $(dist)/$(PROG) -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt $(dist)/$(PROG) ] || \
cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire_pyi-$(BOX_OS_FLAVOR) /usr/local/bin/gridfire3.pyi
# $(dist)/$(PROG) ../../bin/$(PROG)
[ ! -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
[ -x dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex -a -f ../../bin/$(PROG) -a ../../bin/$(PROG) -nt dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
cp -p dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex /usr/local/bin/gridfire.pex
# $(dist)/$(PROG) ../../bin/$(PROG)
cp -p TremilyUsPyassuan/bin/pinentry.py ../../bin/pinentry_.py
[ -d /boot ] || cp -pi bin/gridfire.rc.win ../../bin/gridfire.rc
[ -d /boot ] && cp -ip bin/gridfire.rc.lin ../../bin/gridfire.rc
pex:: # keepassxc_cmd2/keepassxc_cmd2.pex
$(MAKE) $(MFLAGS) -f Makefile.$@
$(MAKE) $(MFLAGS) -C keepassxc_cmd2 $@
test:: # pex
$(MAKE) $(FLAGS) -C keepassxc_cmd2 $@
[ ! -f dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ] || \
{ echo 0 | dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex test ; \
echo INFO tested dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex ; }
sh pykeepass.bash test
$(MAKE) $(FLAGS) doctest
DOC_TESTS=tomb3.txt # keyutils3.txt keyring3.txt pykeepass3.txt keyctl3.txt
doctest::
for file in $(DOC_TESTS) ; do \
/var/local/bin/testforge_python_doctest3.bash \
doc/txt/$$file ; \
done
/var/local/share/doc/txt/pykeepass3.bash
clean::
rm -f */*~ *~
down:: clean
( cd /o/data/TestForge/src/ansible ; \
rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
--exclude _Old --exclude build --exclude dist \
--delete /usr/local/src/gridfire/ \
roles/gpgkey/o*/L*/usr/local/src/gridfire/ )
up::
( rsync -vax --exclude \*.pyc --exclude __pycache__ --exclude \*~ \
--exclude _Old --exclude build --exclude dist \
--exclude /usr/local/src/gridfire/dist \
--exclude /usr/local/src/gridfire/build \
--delete /usr/local/src/gridfire/ \
/q/Pg64/Msys64/usr/local/src/gridfire/ )

View File

@ -0,0 +1,21 @@
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PROG=gridfire
BOX_OS_FLAVOR=`cat /etc/hostname`
cxFreeze:: cxFreeze-$(BOX_OS_FLAVOR)
cxFreeze-$(BOX_OS_FLAVOR):: $(PROG).spec.Linux cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG)
#setup.py::
# cxfreeze-quickstart
cxFreeze-$(BOX_OS_FLAVOR)/exe.linux-x86_64-$(PYTHON_MINOR)/$(PROG):: $(PROG).py # setup.py
[ -d build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) ] || \
mkdir -p build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR)
# python3.bash setup.py build -b cxFreeze-$(BOX_OS_FLAVOR) 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR)_build.log
# TypeError: __init__() missing 1 required positional argument: 'constantsModule'
# cxfreeze --compress $(PROG).py 2>&1|tee cxFreeze-$(BOX_OS_FLAVOR).log
python3 cxfreeze_main.py -c --zip-include-packages \* \
--include-path ${PWD}/pyassuan/bin/ \
--target-dir build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR) \
$(PROG).py 2>&1|tee build/build-$(BOX_OS_FLAVOR)/cxFreeze-$(BOX_OS_FLAVOR).log

View File

@ -0,0 +1,22 @@
pyinstaller_keyring-$(BOX_OS_FLAVOR):: $(dist)_keyring/keyring
$(dist)_keyring/keyring:: Makefile /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py
[ -d $(build)_keyring ] || mkdir $(build)_keyring
[ -d $(dist)_keyring ] || mkdir $(dist)_keyring
[ -f keyring.log -a \
-e $(dist)_keyring/keyring -a \
$(dist)_keyring/keyring -nt /usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py ] || \
python$(PYVER).bash -m PyInstaller --clean \
--distpath $(dist)_keyring --workpath $(build)_keyring \
--onefile -c --ascii \
--name keyring_pyi-$(BOX_OS_FLAVOR) \
--additional-hooks-dir packaging/pyinstaller \
--hidden-import keyring.backends \
--hidden-import keyutils.keys \
--hidden-import keyutils.backend \
--exclude-module macOS \
/usr/lib64/python$(PYTHON_MINOR)/site-packages/keyring/__main__.py \
> keyring.log 2>&1
! grep ERROR: keyring.log
[ -e $(dist)_keyring/keyring -a -e $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) ] || \
ln $(dist)_keyring/keyring_pyi-$(BOX_OS_FLAVOR) $(dist)_keyring/keyring

View File

@ -0,0 +1,55 @@
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PROG=gridfire
BOX_OS_FLAVOR=`cat /etc/hostname`
pex:: gridfire.py Makefile
$(MAKE) $(MFLAGS) -f Makefile.pex dist/dist-$(BOX_OS_FLAVOR)/gridfire.pex
# No bundling of so's - not a freezer
dist/dist-Windows/gridfire.pex:: gridfire.py Makefile
[ -d dist/dist-$(BOX_OS_FLAVOR) ] ||mkdir -p dist/dist-$(BOX_OS_FLAVOR)
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
-r gridfire.reqs --no-index \
--platform windows_x86_64-cp-37-cp37mu
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-$(BOX_OS_FLAVOR)\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
dist/dist-Kick150154/gridfire.pex:: gridfire.py Makefile
/usr/local/bin/python3.sh -c 'import pex' || \
apt-get install python3-pex || \
/usr/local/bin/pip3.sh install pex
[ -d dist/dist-Kick150154/ ]||mkdir -p dist/dist-Kick150154
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
-f /usr/lib/python3/dist-packages/ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-27-cp27mu \
--platform linux_x86_64-cp-37-cp37mu
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-Kick150154\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
dist/dist-pentoo/gridfire.pex:: gridfire.py Makefile
/usr/local/bin/python3.sh -c 'import pex' || /usr/local/bin/pip3.sh install pex
[ -d dist/dist-pentoo/ ]||mkdir -p dist/dist-pentoo
PYTHONPATH=${PWD} /usr/local/bin/pex3.bash -D $(PWD) -m gridfire:iMain -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-27-cp27mu \
--platform linux_x86_64-cp-38-cp38mu
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-pentoo\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
dist/dist-devuan/gridfire.pex:: gridfire.py Makefile
/usr/local/bin/python3.sh -c 'import pex' || apt-get install python3-pex
[ -d dist/dist-devuan/ ]||mkdir -p dist/dist-devuan
/usr/local/bin/pex3.bash -D $(PWD) -m gridfire:main -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-39-cp39mu
zip -d $@ build/build-\*/\* dist/dist-\*/\* cxFreeze-devuan\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
clean::
rm *~
veryclean:: clean
rm -f dist/dist-`cat /etc/hostname`/gridfire.pex

View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

View File

@ -0,0 +1,91 @@
Python module and tools for communicating in the Assuan_ protocol.
There are a number of GnuPG_ wrappers for python `out there`__, but
they mostly work via the ``gpg`` executable. This is an attempt to
cut to the chase and speak directly to ``gpgme-tool`` (source__) over
a well-defined socket protocol.
__ wrappers_
__ gpgme-tool_
Installation
============
Packages
--------
Gentoo
~~~~~~
I've packaged ``pyassuan`` for Gentoo_. You need layman_ and
my `wtk overlay`_. Install with::
# emerge -av app-portage/layman
# layman --add wtk
# emerge -av dev-python/pyassuan
Dependencies
------------
``pyassuan`` is a simple package with no external dependencies outside
the Python 3.3+ standard library.
Installing by hand
------------------
``pyassuan`` is available as a Git_ repository::
$ git clone git://tremily.us/pyassuan.git
See the homepage_ for details. To install the checkout, run the
standard::
$ python setup.py install
Usage
=====
Checkout the docstrings and the examples in ``bin``.
Testing
=======
Run the internal unit tests with `Python 3.2+'s unittest discovery`__::
$ python -m unittest discover
To test running servers by hand, you can use `gpg-connect-agent`_.
Despite the name, this program can connect to any Assuan server::
$ gpg-connect-agent --raw-socket name
__ unittest-discovery_
Licence
=======
This project is distributed under the `GNU General Public License
Version 3`_ or greater.
Author
======
W. Trevor King
wking@tremily.us
.. _Assuan: http://www.gnupg.org/documentation/manuals/assuan/
.. _GnuPG: http://www.gnupg.org/
.. _wrappers: http://wiki.python.org/moin/GnuPrivacyGuard
.. _gpgme-tool:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob;f=src/gpgme-tool.c;hb=HEAD
.. _Gentoo: http://www.gentoo.org/
.. _layman: http://layman.sourceforge.net/
.. _wtk overlay: http://blog.tremily.us/posts/Gentoo_overlay/
.. _Git: http://git-scm.com/
.. _homepage: http://blog.tremily.us/posts/pyassuan/
.. _gpg-connect-agent:
http://www.gnupg.org/documentation/manuals/gnupg-devel/gpg_002dconnect_002dagent.html
.. _unittest-discovery:
https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery
.. _GNU General Public License Version 3: http://www.gnu.org/licenses/gpl.html

View File

@ -0,0 +1,67 @@
#!/usr/bin/env python3
#
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting server info.
"""
from pyassuan import __version__
from pyassuan import client as _client
from pyassuan import common as _common
from pyassuan import error as _error
if __name__ == '__main__':
import argparse
import logging
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'filename',
help="path to server's unix socket")
args = parser.parse_args()
client = _client.AssuanClient(name='get-info', close_on_disconnect=True)
if args.verbose:
client.logger.setLevel(max(
logging.DEBUG, client.logger.level - 10*args.verbose))
client.connect(socket_path=args.filename)
try:
response = client.read_response()
assert response.type == 'OK', response
client.make_request(_common.Request('HELP'))
client.make_request(_common.Request('HELP GETINFO'))
for attribute in ['version', 'pid', 'socket_name', 'ssh_socket_name']:
try:
client.make_request(_common.Request('GETINFO', attribute))
except _error.AssuanError as e:
if e.message.startswith('No data'):
pass
else:
raise
finally:
client.make_request(_common.Request('BYE'))
client.disconnect()

View File

@ -0,0 +1,397 @@
#!/usr/bin/python3.8
#
# Copyright (C) 2012-2017 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Simple pinentry program for getting pins from a terminal.
"""
import copy as _copy
import os as _os
import os.path as _os_path
import pprint as _pprint
import re as _re
import signal as _signal
import sys as _sys
import termios as _termios
from pyassuan import __version__
from pyassuan import server as _server
from pyassuan import common as _common
from pyassuan import error as _error
class PinEntry (_server.AssuanServer):
"""pinentry protocol server
See ``pinentry-0.8.0/doc/pinentry.texi`` at::
ftp://ftp.gnupg.org/gcrypt/pinentry/
http://www.gnupg.org/aegypten/
for details on the pinentry interface.
Alternatively, you can just watch the logs and guess ;). Here's a
trace when driven by GnuPG 2.0.28 (libgcrypt 1.6.3)::
S: OK Your orders please
C: OPTION grab
S: OK
C: OPTION ttyname=/dev/pts/6
S: OK
C: OPTION ttytype=xterm
S: OK
C: OPTION lc-ctype=en_US.UTF-8
S: OK
C: OPTION lc-messages=en_US.UTF-8
S: OK
C: OPTION allow-external-password-cache
S: OK
C: OPTION default-ok=_OK
S: OK
C: OPTION default-cancel=_Cancel
S: OK
C: OPTION default-yes=_Yes
S: OK
C: OPTION default-no=_No
S: OK
C: OPTION default-prompt=PIN:
S: OK
C: OPTION default-pwmngr=_Save in password manager
S: OK
C: OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
S: OK
C: OPTION default-tt-visi=Make passphrase visible
S: OK
C: OPTION default-tt-hide=Hide passphrase
S: OK
C: GETINFO pid
S: D 14309
S: OK
C: SETKEYINFO u/S9464F2C2825D2FE3
S: OK
C: SETDESC Enter passphrase%0A
S: OK
C: SETPROMPT Passphrase
S: OK
C: GETPIN
S: D testing!
S: OK
C: BYE
S: OK closing connection
"""
_digit_regexp = _re.compile(r'\d+')
# from proc(5): pid comm state ppid pgrp session tty_nr tpgid
_tpgrp_regexp = _re.compile(r'\d+ \(\S+\) . \d+ \d+ \d+ \d+ (\d+)')
def __init__(self, name='pinentry', strict_options=False,
single_request=True, **kwargs):
self.strings = {}
self.connection = {}
super(PinEntry, self).__init__(
name=name, strict_options=strict_options,
single_request=single_request, **kwargs)
self.valid_options.append('ttyname')
def reset(self):
super(PinEntry, self).reset()
self.strings.clear()
self.connection.clear()
# user interface
def _connect(self):
self.logger.info('connecting to user')
self.logger.debug('options:\n{}'.format(_pprint.pformat(self.options)))
tty_name = self.options.get('ttyname', None)
if tty_name:
self.connection['tpgrp'] = self._get_pgrp(tty_name)
self.logger.info(
'open to-user output stream for {}'.format(tty_name))
self.connection['to_user'] = open(tty_name, 'w')
self.logger.info(
'open from-user input stream for {}'.format(tty_name))
self.connection['from_user'] = open(tty_name, 'r')
self.logger.info('get current termios line discipline')
self.connection['original termios'] = _termios.tcgetattr(
self.connection['to_user']) # [iflag, oflag, cflag, lflag, ...]
new_termios = _copy.deepcopy(self.connection['original termios'])
# translate carriage return to newline on input
new_termios[0] |= _termios.ICRNL
# do not ignore carriage return on input
new_termios[0] &= ~_termios.IGNCR
# do not echo input characters
new_termios[3] &= ~_termios.ECHO
# echo input characters
#new_termios[3] |= _termios.ECHO
# echo the NL character even if ECHO is not set
new_termios[3] |= _termios.ECHONL
# enable canonical mode
new_termios[3] |= _termios.ICANON
self.logger.info('adjust termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW, new_termios)
self.logger.info('send SIGSTOP to pgrp {}'.format(
self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGSTOP)
_os.kill(-self.connection['tpgrp'], _signal.SIGSTOP)
self.connection['tpgrp stopped'] = True
else:
self.logger.info('no TTY name given; use stdin/stdout for I/O')
self.connection['to_user'] = _sys.stdout
self.connection['from_user'] = _sys.stdin
self.logger.info('connected to user')
self.connection['to_user'].write('\n') # give a clean line to work on
self.connection['active'] = True
def _disconnect(self):
self.logger.info('disconnecting from user')
try:
if self.connection.get('original termios', None):
self.logger.info('restore original termios line discipline')
_termios.tcsetattr(
self.connection['to_user'], _termios.TCSANOW,
self.connection['original termios'])
if self.connection.get('tpgrp stopped', None) is True:
self.logger.info(
'send SIGCONT to pgrp {}'.format(self.connection['tpgrp']))
#_os.killpg(self.connection['tpgrp'], _signal.SIGCONT)
_os.kill(-self.connection['tpgrp'], _signal.SIGCONT)
if self.connection.get('to_user', None) not in [None, _sys.stdout]:
self.logger.info('close to-user output stream')
self.connection['to_user'].close()
if self.connection.get('from_user',None) not in [None,_sys.stdout]:
self.logger.info('close from-user input stream')
self.connection['from_user'].close()
finally:
self.connection = {'active': False}
self.logger.info('disconnected from user')
def _get_pgrp(self, tty_name):
self.logger.info('find process group contolling {}'.format(tty_name))
proc = '/proc'
for name in _os.listdir(proc):
path = _os_path.join(proc, name)
if not (self._digit_regexp.match(name) and _os_path.isdir(path)):
continue # not a process directory
self.logger.debug('checking process {}'.format(name))
fd_path = _os_path.join(path, 'fd', '0')
try:
link = _os.readlink(fd_path)
except OSError as e:
self.logger.debug('not our process: {}'.format(e))
continue # permission denied (not one of our processes)
if link != tty_name:
self.logger.debug('wrong tty: {}'.format(link))
continue # not attached to our target tty
stat_path = _os_path.join(path, 'stat')
stat = open(stat_path, 'r').read()
self.logger.debug('check stat for pgrp: {}'.format(stat))
match = self._tpgrp_regexp.match(stat)
assert match != None, stat
pgrp = int(match.group(1))
self.logger.info('found pgrp {} for {}'.format(pgrp, tty_name))
return pgrp
raise ValueError(tty_name)
def _write(self, string):
"Write text to the user's terminal."
self.connection['to_user'].write(string + '\n')
self.connection['to_user'].flush()
def _read(self):
"Read and return a line from the user's terminal."
# drop trailing newline
return self.connection['from_user'].readline()[:-1]
def _prompt(self, prompt='?', error=None, add_colon=True):
if add_colon:
prompt += ':'
if error:
self.connection['to_user'].write(error)
self.connection['to_user'].write('\n')
self.connection['to_user'].write(prompt)
self.connection['to_user'].write(' ')
self.connection['to_user'].flush()
return self._read()
# assuan handlers
def _handle_GETINFO(self, arg):
if arg == 'pid':
yield _common.Response('D', str(_os.getpid()).encode('ascii'))
elif arg == 'version':
yield _common.Response('D', __version__.encode('ascii'))
else:
raise _error.AssuanError(message='Invalid parameter')
yield _common.Response('OK')
def _handle_SETKEYINFO(self, arg):
self.strings['key info'] = arg
yield _common.Response('OK')
def _handle_CLEARPASSPHRASE(self, arg):
yield _common.Response('OK')
def _handle_SETDESC(self, arg):
self.strings['description'] = arg
yield _common.Response('OK')
def _handle_SETPROMPT(self, arg):
self.strings['prompt'] = arg
yield _common.Response('OK')
def _handle_SETERROR(self, arg):
self.strings['error'] = arg
yield _common.Response('OK')
def _handle_SETTITLE(self, arg):
self.strings['title'] = arg
yield _common.Response('OK')
def _handle_SETOK(self, arg):
self.strings['ok'] = arg
yield _common.Response('OK')
def _handle_SETCANCEL(self, arg):
self.strings['cancel'] = arg
yield _common.Response('OK')
def _handle_SETNOTOK(self, arg):
self.strings['not ok'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR(self, arg):
"""Adds a quality indicator to the GETPIN window.
This indicator is updated as the passphrase is typed. The
clients needs to implement an inquiry named "QUALITY" which
gets passed the current passphrase (percent-plus escaped) and
should send back a string with a single numerical vauelue
between -100 and 100. Negative values will be displayed in
red.
If a custom label for the quality bar is required, just add
that label as an argument as percent escaped string. You will
need this feature to translate the label because pinentry has
no internal gettext except for stock strings from the toolkit
library.
If you want to show a tooltip for the quality bar, you may use
C: SETQUALITYBAR_TT string
S: OK
With STRING being a percent escaped string shown as the tooltip.
Here is a real world example of these commands in use:
C: SETQUALITYBAR Quality%3a
S: OK
C: SETQUALITYBAR_TT The quality of the text entered above.%0aPlease ask your administrator for details about the criteria.
S: OK
"""
self.strings['qualitybar'] = arg
yield _common.Response('OK')
def _handle_SETQUALITYBAR_TT(self, arg):
self.strings['qualitybar_tooltip'] = arg
yield _common.Response('OK')
def _handle_GETPIN(self, arg):
try:
self._connect()
if 'description' in self.strings and self.strings['description'].strip():
self._write(self.strings['description'])
if 'key info' in self.strings:
self._write('key: {}'.format(self.strings['key info']))
if 'qualitybar' in self.strings:
self._write(self.strings['qualitybar'])
pin = self._prompt(
prompt=self.strings.get('prompt','prompt:'),
error=self.strings.get('error'),
add_colon=False)
finally:
self._disconnect()
yield _common.Response('D', pin.encode('ascii'))
yield _common.Response('OK')
def _handle_CONFIRM(self, arg):
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
self._write('2) '+self.strings['not ok'])
value = self._prompt('?')
finally:
self._disconnect()
if value == '1':
yield _common.Response('OK')
else:
raise _error.AssuanError(message='Not confirmed')
def _handle_MESSAGE(self, arg):
self._write(self.strings['description'])
yield _common.Response('OK')
def _handle_CONFIRM(self, args):
assert args == '--one-button', args
try:
self._connect()
self._write(self.strings['description'])
self._write('1) '+self.strings['ok'])
value = self._prompt('?')
finally:
self._disconnect()
assert value == '1', value
yield _common.Response('OK')
if __name__ == '__main__':
import argparse
import logging
import traceback
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
'-v', '--version', action='version',
version='%(prog)s {}'.format(__version__))
parser.add_argument(
'-V', '--verbose', action='count', default=0,
help='increase verbosity')
parser.add_argument(
'--display',
help='set X display (ignored by this implementation)')
args = parser.parse_args()
p = PinEntry()
if args.verbose:
p.logger.setLevel(max(
logging.DEBUG, p.logger.level - 10*args.verbose))
try:
p.run()
except ValueError:
# readline of closed file
pass
except:
p.logger.error(
'exiting due to exception:\n{}'.format(
traceback.format_exc().rstrip()))
raise

View File

@ -0,0 +1,34 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""A Python implementation of the `Assuan protocol`_.
.. _Assuan protocol: http://www.gnupg.org/documentation/manuals/assuan/
"""
import logging as _logging
import logging.handlers as _logging_handlers
__version__ = '0.2'
LOG = _logging.getLogger('pyassuan')
LOG.setLevel(_logging.ERROR)
LOG.addHandler(_logging.StreamHandler())
#LOG.addHandler(_logging.FileHandler('/tmp/pinentry.log'))
#LOG.addHandler(_logging_handlers.SysLogHandler(address='/dev/log'))
LOG.handlers[0].setFormatter(
_logging.Formatter('%(name)s: %(levelname)s: %(message)s'))

View File

@ -0,0 +1,190 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import socket as _socket
import sys as _sys
from . import LOG as _LOG
from . import common as _common
from . import error as _error
class AssuanClient (object):
"""A single-threaded Assuan client based on the `development suggestions`_
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.close_on_disconnect = close_on_disconnect
self.input = self.output = self.socket = None
def connect(self, socket_path=None):
if socket_path:
self.logger.info(
'connect to Unix socket at {}'.format(socket_path))
self.socket = _socket.socket(_socket.AF_UNIX, _socket.SOCK_STREAM)
self.socket.connect(socket_path)
self.input = self.socket.makefile('rb')
self.output = self.socket.makefile('wb')
else:
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
if self.input is not None:
self.input.close()
self.input = None
if self.output is not None:
self.output.close()
self.output = None
if self.socket is not None:
self.socket.shutdown(_socket.SHUT_RDWR)
self.socket.close()
self.socket = None
def raise_error(self, error):
self.logger.error(str(error))
raise(error)
def read_response(self):
line = self.input.readline()
if not line:
self.raise_error(
_error.AssuanError(message='IPC accept call failed'))
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('S: {}'.format(line))
self.raise_error(
_error.AssuanError(message='Invalid response'))
line = line[:-1] # remove trailing newline
response = _common.Response()
try:
response.from_bytes(line)
except _error.AssuanError as e:
self.logger.error(str(e))
raise
self.logger.info('S: {}'.format(response))
return response
def _write_request(self, request):
self.logger.info('C: {}'.format(request))
self.output.write(bytes(request))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
raise
def make_request(self, request, response=True, expect=['OK']):
self._write_request(request=request)
if response:
return self.get_responses(requests=[request], expect=expect)
def get_responses(self, requests=None, expect=['OK']):
responses = list(self.responses())
if responses[-1].type == 'ERR':
eresponse = responses[-1]
fields = eresponse.parameters.split(' ', 1)
code = int(fields[0])
if len(fields) > 1:
message = fields[1].strip()
else:
message = None
error = _error.AssuanError(code=code, message=message)
if requests is not None:
error.requests = requests
error.responses = responses
raise error
if expect:
assert responses[-1].type in expect, [str(r) for r in responses]
data = []
for response in responses:
if response.type == 'D':
data.append(response.parameters)
if data:
data = b''.join(data)
else:
data = None
return (responses, data)
def responses(self):
while True:
response = self.read_response()
yield response
if response.type not in ['S', '#', 'D']:
break
def send_data(self, data=None, response=True, expect=['OK']):
"""Iterate through requests necessary to send ``data`` to a server.
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
"""
requests = []
if data:
encoded_data = _common.encode(data)
start = 0
stop = min(_common.LINE_LENGTH-4, len(encoded_data)) # 'D ', CR, CL
self.logger.debug('sending {} bytes of encoded data'.format(
len(encoded_data)))
while stop > start:
d = encoded_data[start:stop]
request = _common.Request(
command='D', parameters=encoded_data[start:stop],
encoded=True)
requests.append(request)
self.logger.debug('send {} byte chunk'.format(stop-start))
self._write_request(request=request)
start = stop
stop = start + min(_common.LINE_LENGTH-4,
len(encoded_data) - start)
request = _common.Request('END')
requests.append(request)
self._write_request(request=request)
if response:
return self.get_responses(requests=requests, expect=expect)
def send_fds(self, fds):
"""Send a file descriptor over a Unix socket.
"""
msg = '# descriptors in flight: {}\n'.format(fds)
self.logger.info('C: {}'.format(msg.rstrip('\n')))
msg = msg.encode('ascii')
return _common.send_fds(
socket=self.socket, msg=msg, fds=fds, logger=None)
def receive_fds(self, msglen=200, maxfds=10):
"""Receive file descriptors over a Unix socket.
"""
msg,fds = _common.receive_fds(
socket=self.socket, msglen=msglen, maxfds=maxfds, logger=None)
msg = str(msg, 'utf-8')
self.logger.info('S: {}'.format(msg.rstrip('\n')))
return fds

View File

@ -0,0 +1,314 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Items common to both the client and server
"""
import array as _array
import re as _re
import socket as _socket
from . import LOG as _LOG
from . import error as _error
LINE_LENGTH = 1002 # 1000 + [CR,]LF
_ENCODE_PATTERN = '(' + '|'.join(['%', '\r', '\n']) + ')'
_ENCODE_STR_REGEXP = _re.compile(_ENCODE_PATTERN)
_ENCODE_BYTE_REGEXP = _re.compile(_ENCODE_PATTERN.encode('ascii'))
_DECODE_STR_REGEXP = _re.compile('(%[0-9A-Fa-f]{2})')
_DECODE_BYTE_REGEXP = _re.compile(b'(%[0-9A-Fa-f]{2})')
_REQUEST_REGEXP = _re.compile('^(\w+)( *)(.*)\Z')
def encode(data):
r"""
>>> encode('It grew by 5%!\n')
'It grew by 5%25!%0A'
>>> encode(b'It grew by 5%!\n')
b'It grew by 5%25!%0A'
"""
if isinstance(data, bytes):
regexp = _ENCODE_BYTE_REGEXP
else:
regexp = _ENCODE_STR_REGEXP
return regexp.sub(
lambda x : to_hex(x.group()), data)
def decode(data):
r"""
>>> decode('%22Look out!%22%0AWhere%3F')
'"Look out!"\nWhere?'
>>> decode(b'%22Look out!%22%0AWhere%3F')
b'"Look out!"\nWhere?'
"""
if isinstance(data, bytes):
regexp = _DECODE_BYTE_REGEXP
else:
regexp = _DECODE_STR_REGEXP
return regexp.sub(
lambda x : from_hex(x.group()), data)
def from_hex(code):
r"""
>>> from_hex('%22')
'"'
>>> from_hex('%0A')
'\n'
>>> from_hex(b'%0A')
b'\n'
"""
c = chr(int(code[1:], 16))
if isinstance(code, bytes):
c =c.encode('ascii')
return c
def to_hex(char):
r"""
>>> to_hex('"')
'%22'
>>> to_hex('\n')
'%0A'
>>> to_hex(b'\n')
b'%0A'
"""
hx = '%{:02X}'.format(ord(char))
if isinstance(char, bytes):
hx = hx.encode('ascii')
return hx
class Request (object):
"""A client request
http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
>>> r = Request(command='BYE')
>>> str(r)
'BYE'
>>> r = Request(command='OPTION', parameters='testing at 5%')
>>> str(r)
'OPTION testing at 5%25'
>>> bytes(r)
b'OPTION testing at 5%25'
>>> r.from_bytes(b'BYE')
>>> r.command
'BYE'
>>> print(r.parameters)
None
>>> r.from_bytes(b'OPTION testing at 5%25')
>>> r.command
'OPTION'
>>> print(r.parameters)
testing at 5%
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 170 Invalid request
"""
def __init__(self, command=None, parameters=None, encoded=False):
self.command = command
self.parameters = parameters
self.encoded = encoded
def __str__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(self.command, encoded_parameters)
return self.command
def __bytes__(self):
if self.parameters:
if self.encoded:
encoded_parameters = self.parameters
else:
encoded_parameters = encode(self.parameters)
return '{} {}'.format(
self.command, encoded_parameters).encode('utf-8')
return self.command.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
line = str(line, encoding='utf-8')
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
self.command = match.group(1)
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
class Response (object):
"""A server response
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
>>> r = Response(type='OK')
>>> str(r)
'OK'
>>> r = Response(type='ERR', parameters='1 General error')
>>> str(r)
'ERR 1 General error'
>>> bytes(r)
b'ERR 1 General error'
>>> r.from_bytes(b'OK')
>>> r.type
'OK'
>>> print(r.parameters)
None
>>> r.from_bytes(b'ERR 1 General error')
>>> r.type
'ERR'
>>> print(r.parameters)
1 General error
>>> r.from_bytes(b' invalid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
>>> r.from_bytes(b'in-valid')
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 76 Invalid response
"""
types = {
'O': 'OK',
'E': 'ERR',
'S': 'S',
'#': '#',
'D': 'D',
'I': 'INQUIRE',
}
def __init__(self, type=None, parameters=None):
self.type = type
self.parameters = parameters
def __str__(self):
if self.parameters:
return '{} {}'.format(self.type, encode(self.parameters))
return self.type
def __bytes__(self):
if self.parameters:
if self.type == 'D':
return b' '.join((b'D', self.parameters))
else:
return '{} {}'.format(
self.type, encode(self.parameters)).encode('utf-8')
return self.type.encode('utf-8')
def from_bytes(self, line):
if len(line) > 1000: # TODO: byte-vs-str and newlines?
raise _error.AssuanError(message='Line too long')
if line.startswith(b'D'):
self.command = t = 'D'
else:
line = str(line, encoding='utf-8')
t = line[0]
try:
type = self.types[t]
except KeyError:
raise _error.AssuanError(message='Invalid response')
self.type = type
if type == 'D': # data
self.parameters = decode(line[2:])
elif type == '#': # comment
self.parameters = decode(line[2:])
else:
match = _REQUEST_REGEXP.match(line)
if not match:
raise _error.AssuanError(message='Invalid request')
if match.group(3):
if match.group(2):
self.parameters = decode(match.group(3))
else:
raise _error.AssuanError(message='Invalid request')
else:
self.parameters = None
def error_response(error):
"""
>>> from pyassuan.error import AssuanError
>>> error = AssuanError(1)
>>> response = error_response(error)
>>> print(response)
ERR 1 General error
"""
return Response(type='ERR', parameters=str(error))
def send_fds(socket, msg=None, fds=None, logger=_LOG):
"""Send a file descriptor over a Unix socket using ``sendmsg``.
``sendmsg`` suport requires Python >= 3.3.
Code from
http://docs.python.org/dev/library/socket.html#socket.socket.sendmsg
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#function-assuan_005fsendfd
"""
if msg is None:
msg = b''.join(
[b'# descriptors in flight: ', str(fds).encode('ascii'), b'\n'])
if logger is not None:
logger.debug('sending file descriptors {} down {}'.format(fds, socket))
return socket.sendmsg(
[msg],
[(_socket.SOL_SOCKET, _socket.SCM_RIGHTS, _array.array('i', fds))])
def receive_fds(socket, msglen=200, maxfds=10, logger=_LOG):
"""Recieve file descriptors using ``recvmsg``.
``recvmsg`` suport requires Python >= 3.3.
Code from http://docs.python.org/dev/library/socket.html
Assuan equivalent is
http://www.gnupg.org/documentation/manuals/assuan/Client-code.html#fun_002dassuan_005freceivedfd
"""
fds = _array.array('i') # Array of ints
msg,ancdata,flags,addr = socket.recvmsg(
msglen, _socket.CMSG_LEN(maxfds * fds.itemsize))
for cmsg_level,cmsg_type,cmsg_data in ancdata:
if (cmsg_level == _socket.SOL_SOCKET and
cmsg_type == _socket.SCM_RIGHTS):
# Append data, ignoring any truncated integers at the end.
fds.fromstring(
cmsg_data[:len(cmsg_data) - (len(cmsg_data) % fds.itemsize)])
if logger is not None:
logger.debug('receiving file descriptors {} from {} ({})'.format(
fds, socket, msg))
return (msg, list(fds))

View File

@ -0,0 +1,302 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"""Assuan errors as defined in `libgpg-error`_.
The Assuan_ docs_ suggest these error codes.
.. _libgpg-error: http://www.gnupg.org/related_software/libgpg-error/
.. _Assuan:
http://www.gnupg.org/documentation/manuals/assuan/Server-responses.html
.. _docs: http://www.gnupg.org/documentation/manuals/assuan/Error-codes.html
"""
MESSAGE = { # extracted from libgpg-error-1.10/src/err-codes.h and gpg-error.h
0: 'Success',
1: 'General error',
2: 'Unknown packet',
3: 'Unknown version in packet',
4: 'Invalid public key algorithm',
5: 'Invalid digest algorithm',
6: 'Bad public key',
7: 'Bad secret key',
8: 'Bad signature',
9: 'No public key',
10: 'Checksum error',
11: 'Bad passphrase',
12: 'Invalid cipher algorithm',
13: 'Keyring open',
14: 'Invalid packet',
15: 'Invalid armor',
16: 'No user ID',
17: 'No secret key',
18: 'Wrong secret key used',
19: 'Bad session key',
20: 'Unknown compression algorithm',
21: 'Number is not prime',
22: 'Invalid encoding method',
23: 'Invalid encryption scheme',
24: 'Invalid signature scheme',
25: 'Invalid attribute',
26: 'No value',
27: 'Not found',
28: 'Value not found',
29: 'Syntax error',
30: 'Bad MPI value',
31: 'Invalid passphrase',
32: 'Invalid signature class',
33: 'Resources exhausted',
34: 'Invalid keyring',
35: 'Trust DB error',
36: 'Bad certificate',
37: 'Invalid user ID',
38: 'Unexpected error',
39: 'Time conflict',
40: 'Keyserver error',
41: 'Wrong public key algorithm',
42: 'Tribute to D. A.',
43: 'Weak encryption key',
44: 'Invalid key length',
45: 'Invalid argument',
46: 'Syntax error in URI',
47: 'Invalid URI',
48: 'Network error',
49: 'Unknown host',
50: 'Selftest failed',
51: 'Data not encrypted',
52: 'Data not processed',
53: 'Unusable public key',
54: 'Unusable secret key',
55: 'Invalid value',
56: 'Bad certificate chain',
57: 'Missing certificate',
58: 'No data',
59: 'Bug',
60: 'Not supported',
61: 'Invalid operation code',
62: 'Timeout',
63: 'Internal error',
64: 'EOF (gcrypt)',
65: 'Invalid object',
66: 'Provided object is too short',
67: 'Provided object is too large',
68: 'Missing item in object',
69: 'Not implemented',
70: 'Conflicting use',
71: 'Invalid cipher mode',
72: 'Invalid flag',
73: 'Invalid handle',
74: 'Result truncated',
75: 'Incomplete line',
76: 'Invalid response',
77: 'No agent running',
78: 'agent error',
79: 'Invalid data',
80: 'Unspecific Assuan server fault',
81: 'General Assuan error',
82: 'Invalid session key',
83: 'Invalid S-expression',
84: 'Unsupported algorithm',
85: 'No pinentry',
86: 'pinentry error',
87: 'Bad PIN',
88: 'Invalid name',
89: 'Bad data',
90: 'Invalid parameter',
91: 'Wrong card',
92: 'No dirmngr',
93: 'dirmngr error',
94: 'Certificate revoked',
95: 'No CRL known',
96: 'CRL too old',
97: 'Line too long',
98: 'Not trusted',
99: 'Operation cancelled',
100: 'Bad CA certificate',
101: 'Certificate expired',
102: 'Certificate too young',
103: 'Unsupported certificate',
104: 'Unknown S-expression',
105: 'Unsupported protection',
106: 'Corrupted protection',
107: 'Ambiguous name',
108: 'Card error',
109: 'Card reset required',
110: 'Card removed',
111: 'Invalid card',
112: 'Card not present',
113: 'No PKCS15 application',
114: 'Not confirmed',
115: 'Configuration error',
116: 'No policy match',
117: 'Invalid index',
118: 'Invalid ID',
119: 'No SmartCard daemon',
120: 'SmartCard daemon error',
121: 'Unsupported protocol',
122: 'Bad PIN method',
123: 'Card not initialized',
124: 'Unsupported operation',
125: 'Wrong key usage',
126: 'Nothing found',
127: 'Wrong blob type',
128: 'Missing value',
129: 'Hardware problem',
130: 'PIN blocked',
131: 'Conditions of use not satisfied',
132: 'PINs are not synced',
133: 'Invalid CRL',
134: 'BER error',
135: 'Invalid BER',
136: 'Element not found',
137: 'Identifier not found',
138: 'Invalid tag',
139: 'Invalid length',
140: 'Invalid key info',
141: 'Unexpected tag',
142: 'Not DER encoded',
143: 'No CMS object',
144: 'Invalid CMS object',
145: 'Unknown CMS object',
146: 'Unsupported CMS object',
147: 'Unsupported encoding',
148: 'Unsupported CMS version',
149: 'Unknown algorithm',
150: 'Invalid crypto engine',
151: 'Public key not trusted',
152: 'Decryption failed',
153: 'Key expired',
154: 'Signature expired',
155: 'Encoding problem',
156: 'Invalid state',
157: 'Duplicated value',
158: 'Missing action',
159: 'ASN.1 module not found',
160: 'Invalid OID string',
161: 'Invalid time',
162: 'Invalid CRL object',
163: 'Unsupported CRL version',
164: 'Invalid certificate object',
165: 'Unknown name',
166: 'A locale function failed',
167: 'Not locked',
168: 'Protocol violation',
169: 'Invalid MAC',
170: 'Invalid request',
171: 'Unknown extension',
172: 'Unknown critical extension',
173: 'Locked',
174: 'Unknown option',
175: 'Unknown command',
176: 'Not operational',
177: 'No passphrase given',
178: 'No PIN given',
179: 'Not enabled',
180: 'No crypto engine',
181: 'Missing key',
182: 'Too many objects',
183: 'Limit reached',
184: 'Not initialized',
185: 'Missing issuer certificate',
198: 'Operation fully cancelled',
199: 'Operation not yet finished',
200: 'Buffer too short',
201: 'Invalid length specifier in S-expression',
202: 'String too long in S-expression',
203: 'Unmatched parentheses in S-expression',
204: 'S-expression not canonical',
205: 'Bad character in S-expression',
206: 'Bad quotation in S-expression',
207: 'Zero prefix in S-expression',
208: 'Nested display hints in S-expression',
209: 'Unmatched display hints',
210: 'Unexpected reserved punctuation in S-expression',
211: 'Bad hexadecimal character in S-expression',
212: 'Odd hexadecimal numbers in S-expression',
213: 'Bad octal character in S-expression',
257: 'General IPC error',
258: 'IPC accept call failed',
259: 'IPC connect call failed',
260: 'Invalid IPC response',
261: 'Invalid value passed to IPC',
262: 'Incomplete line passed to IPC',
263: 'Line passed to IPC too long',
264: 'Nested IPC commands',
265: 'No data callback in IPC',
266: 'No inquire callback in IPC',
267: 'Not an IPC server',
268: 'Not an IPC client',
269: 'Problem starting IPC server',
270: 'IPC read error',
271: 'IPC write error',
273: 'Too much data for IPC layer',
274: 'Unexpected IPC command',
275: 'Unknown IPC command',
276: 'IPC syntax error',
277: 'IPC call has been cancelled',
278: 'No input source for IPC',
279: 'No output source for IPC',
280: 'IPC parameter error',
281: 'Unknown IPC inquire',
1024: 'User defined error code 1',
1025: 'User defined error code 2',
1026: 'User defined error code 3',
1027: 'User defined error code 4',
1028: 'User defined error code 5',
1029: 'User defined error code 6',
1030: 'User defined error code 7',
1031: 'User defined error code 8',
1032: 'User defined error code 9',
1033: 'User defined error code 10',
1034: 'User defined error code 11',
1035: 'User defined error code 12',
1036: 'User defined error code 13',
1037: 'User defined error code 14',
1038: 'User defined error code 15',
1039: 'User defined error code 16',
16381: 'System error w/o errno',
16382: 'Unknown system error',
16383: 'End of file',
}
UNKNOWN = 'Unknown error code'
CODE = dict((message,code) for code,message in MESSAGE.items())
# TODO: system errors (GPG_ERR_E2BIG = GPG_ERR_SYSTEM_ERROR | 0, etc.)
class AssuanError (Exception):
r"""
>>> e = AssuanError(1)
>>> print(e)
1 General error
>>> e = AssuanError(1024, 'testing!')
>>> print(e)
1024 testing!
>>> e = AssuanError(message='Unknown packet')
>>> print(e)
2 Unknown packet
"""
def __init__(self, code=None, message=None):
if code is None and message is None:
raise ValueError('missing both `code` and `message`')
if message is None:
message = MESSAGE[code]
if code is None:
code = CODE.get(message, UNKNOWN)
self.code = code
self.message = message
super(AssuanError, self).__init__('{} {}'.format(code, message))

View File

@ -0,0 +1,299 @@
# Copyright (C) 2012 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import logging as _logging
import re as _re
import socket as _socket
import sys as _sys
import threading as _threading
import traceback as _traceback
from . import LOG as _LOG
from . import common as _common
from . import error as _error
_OPTION_REGEXP = _re.compile('^-?-?([-\w]+)( *)(=?) *(.*?) *\Z')
class AssuanServer (object):
"""A single-threaded Assuan server based on the `devolpment suggestions`_
Extend by subclassing and adding ``_handle_XXX`` methods for each
command you want to handle.
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
"""
def __init__(self, name, logger=_LOG, use_sublogger=True,
valid_options=None, strict_options=True,
single_request=False, listen_to_quit=False,
close_on_disconnect=False):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
if valid_options is None:
valid_options = []
self.valid_options = valid_options
self.strict_options = strict_options
self.single_request = single_request
self.listen_to_quit = listen_to_quit
self.close_on_disconnect = close_on_disconnect
self.input = self.output = None
self.options = {}
self.reset()
def reset(self):
self.stop = False
self.options.clear()
def run(self):
self.reset()
self.logger.info('running')
self.connect()
try:
self.handle_requests()
finally:
self.disconnect()
self.logger.info('stopping')
def connect(self):
if not self.input:
self.logger.info('read from stdin')
self.input = _sys.stdin.buffer
if not self.output:
self.logger.info('write to stdout')
self.output = _sys.stdout.buffer
def disconnect(self):
if self.close_on_disconnect:
self.logger.info('disconnecting')
self.input = None
self.output = None
def handle_requests(self):
self.send_response(_common.Response('OK', 'Your orders please'))
self.output.flush()
while not self.stop:
line = self.input.readline()
if not line:
break # EOF
if len(line) > _common.LINE_LENGTH:
self.raise_error(
_error.AssuanError(message='Line too long'))
if not line.endswith(b'\n'):
self.logger.info('C: {}'.format(line))
self.send_error_response(
_error.AssuanError(message='Invalid request'))
continue
line = line[:-1] # remove the trailing newline
self.logger.info('C: {}'.format(line))
request = _common.Request()
try:
request.from_bytes(line)
except _error.AssuanError as e:
self.send_error_response(e)
continue
self.handle_request(request)
def handle_request(self, request):
try:
handle = getattr(
self, '_handle_{}'.format(request.command))
except AttributeError:
self.logger.warn('unknown command: {}'.format(request.command))
self.send_error_response(
_error.AssuanError(message='Unknown command'))
return
try:
responses = handle(request.parameters)
for response in responses:
self.send_response(response)
except _error.AssuanError as error:
self.send_error_response(error)
return
except Exception as e:
self.logger.error(
'exception while executing {}:\n{}'.format(
handle, _traceback.format_exc().rstrip()))
self.send_error_response(
_error.AssuanError(message='Unspecific Assuan server fault'))
return
def send_response(self, response):
"""For internal use by ``.handle_requests()``
"""
rstring = str(response)
self.logger.info('S: {}'.format(response))
self.output.write(bytes(response))
self.output.write(b'\n')
try:
self.output.flush()
except IOError:
if not self.stop:
raise
def send_error_response(self, error):
"""For internal use by ``.handle_requests()``
"""
self.send_response(_common.error_response(error))
# common commands defined at
# http://www.gnupg.org/documentation/manuals/assuan/Client-requests.html
def _handle_BYE(self, arg):
if self.single_request:
self.stop = True
yield _common.Response('OK', 'closing connection')
def _handle_RESET(self, arg):
self.reset()
def _handle_END(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_HELP(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_QUIT(self, arg):
if self.listen_to_quit:
self.stop = True
yield _common.Response('OK', 'stopping the server')
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_OPTION(self, arg):
"""
>>> s = AssuanServer(name='test', valid_options=['my-op'])
>>> list(s._handle_OPTION('my-op = 1 ')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '1'}
>>> list(s._handle_OPTION('my-op 2')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '2'}
>>> list(s._handle_OPTION('--my-op 3')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': '3'}
>>> list(s._handle_OPTION('my-op')) # doctest: +ELLIPSIS
[<pyassuan.common.Response object at ...>]
>>> s.options
{'my-op': None}
>>> list(s._handle_OPTION('inv'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 174 Unknown option
>>> list(s._handle_OPTION('in|valid'))
Traceback (most recent call last):
...
pyassuan.error.AssuanError: 90 Invalid parameter
"""
match = _OPTION_REGEXP.match(arg)
if not match:
raise _error.AssuanError(message='Invalid parameter')
name,space,equal,value = match.groups()
if value and not space and not equal:
# need either space or equal to separate value
raise _error.AssuanError(message='Invalid parameter')
if name not in self.valid_options:
if self.strict_options:
raise _error.AssuanError(message='Unknown option')
else:
self.logger.info('skipping invalid option: {}'.format(name))
else:
if not value:
value = None
self.options[name] = value
yield _common.Response('OK')
def _handle_CANCEL(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_AUTH(self, arg):
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
class AssuanSocketServer (object):
"""A threaded server spawning ``AssuanServer``\s for each connection
"""
def __init__(self, name, socket, server, kwargs={}, max_threads=10,
logger=_LOG, use_sublogger=True):
self.name = name
if use_sublogger:
logger = _logging.getLogger('{}.{}'.format(logger.name, self.name))
self.logger = logger
self.socket = socket
self.server = server
assert 'name' not in kwargs, kwargs['name']
assert 'logger' not in kwargs, kwargs['logger']
kwargs['logger'] = self.logger
assert 'use_sublogger' not in kwargs, kwargs['use_sublogger']
kwargs['use_sublogger'] = True
if 'close_on_disconnect' in kwargs:
assert kwargs['close_on_disconnect'] == True, (
kwargs['close_on_disconnect'])
else:
kwargs['close_on_disconnect'] = True
self.kwargs = kwargs
self.max_threads = max_threads
self.threads = []
def run(self):
self.logger.info('listen on socket')
self.socket.listen()
thread_index = 0
while True:
socket,address = self.socket.accept()
self.logger.info('connection from {}'.format(address))
self.cleanup_threads()
if len(threads) > self.max_threads:
self.drop_connection(socket, address)
self.spawn_thread(
'server-thread-{}'.format(thread_index), socket, address)
thread_index = (thread_index + 1) % self.max_threads
def cleanup_threads(self):
i = 0
while i < len(self.threads):
thread = self.threads[i]
thread.join(0)
if thread.is_alive():
self.logger.info('joined thread {}'.format(thread.name))
self.threads.pop(i)
thread.socket.shutdown()
thread.socket.close()
else:
i += 1
def drop_connection(self, socket, address):
self.logger.info('drop connection from {}'.format(address))
# TODO: proper error to send to the client?
def spawn_thread(self, name, socket, address):
server = self.server(name=name, **self.kwargs)
server.input = socket.makefile('rb')
server.output = socket.makefile('wb')
thread = _threading.Thread(target=server.run, name=name)
thread.start()
self.threads.append(thread)

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import common
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(common))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import error
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(error))
return tests

View File

@ -0,0 +1,25 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
import doctest
import unittest
from . import server
def load_tests(loader, tests, ignore):
tests.addTests(doctest.DocTestSuite(server))
return tests

View File

@ -0,0 +1,54 @@
# Copyright (C) 2012-2018 W. Trevor King <wking@tremily.us>
#
# This file is part of pyassuan.
#
# pyassuan is free software: you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# pyassuan is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# pyassuan. If not, see <http://www.gnu.org/licenses/>.
"Python module and tools for communicating in the Assuan protocol."
from distutils.core import setup as _setup
import os.path as _os_path
from pyassuan import __version__
_this_dir = _os_path.dirname(__file__)
_setup(
name='pyassuan',
version=__version__,
maintainer='W. Trevor King',
maintainer_email='wking@tremily.us',
url='http://blog.tremily.us/posts/pyassuan/',
download_url='http://git.tremily.us/?p=pyassuan.git;a=snapshot;h=v{};sf=tgz'.format(__version__),
license = 'GNU General Public License (GPL)',
platforms = ['all'],
description = __doc__,
long_description=open(_os_path.join(_this_dir, 'README'), 'r').read(),
classifiers = [
'Development Status :: 3 - Alpha',
'Intended Audience :: Developers',
'Operating System :: OS Independent',
'License :: OSI Approved :: GNU General Public License (GPL)',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.3',
'Programming Language :: Python :: 3.4',
'Programming Language :: Python :: 3.5',
'Programming Language :: Python :: 3.6',
'Topic :: Security :: Cryptography',
'Topic :: Software Development'
],
scripts = ['bin/get-info.py', 'bin/pinentry.py'],
packages = ['pyassuan'],
provides = ['pyassuan'],
zip_safe=False)

View File

@ -0,0 +1,4 @@
if __name__ == '__main__':
from gridfire import main
main()

View File

@ -0,0 +1,4 @@
if __name__ == '__main__':
from gridfire import main
main()

View File

@ -0,0 +1,152 @@
#!/usr/bin/python3.7
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
########################################################
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
__requires__ = ['ansible']
import os
import shutil
import sys
import traceback
from ansible import context
from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
from ansible.module_utils._text import to_text
# Used for determining if the system is running a new enough python version
# and should only restrict on our documented minimum versions
_PY3_MIN = sys.version_info[:2] >= (3, 5)
_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
_PY_MIN = _PY3_MIN or _PY2_MIN
if not _PY_MIN:
raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
class LastResort(object):
# OUTPUT OF LAST RESORT
def display(self, msg, log_only=None):
print(msg, file=sys.stderr)
def error(self, msg, wrap_text=None):
print(msg, file=sys.stderr)
if __name__ == '__main__':
display = LastResort()
try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
import ansible.constants as C
from ansible.utils.display import Display
except AnsibleOptionsError as e:
display.error(to_text(e), wrap_text=False)
sys.exit(5)
cli = None
me = os.path.basename(sys.argv[0])
try:
display = Display()
display.debug("starting run")
sub = None
target = me.split('-')
if target[-1][0].isdigit():
# Remove any version or python version info as downstreams
# sometimes add that
target = target[:-1]
if len(target) > 1:
sub = target[1]
myclass = "%sCLI" % sub.capitalize()
elif target[0] == 'ansible':
sub = 'adhoc'
myclass = 'AdHocCLI'
else:
raise AnsibleError("Unknown Ansible alias: %s" % me)
try:
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
except ImportError as e:
# ImportError members have changed in py3
if 'msg' in dir(e):
msg = e.msg
else:
msg = e.message
if msg.endswith(' %s' % sub):
raise AnsibleError("Ansible sub-program not implemented: %s" % me)
else:
raise
try:
args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
except UnicodeError:
display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
exit_code = 6
else:
cli = mycli(args)
exit_code = cli.run()
except AnsibleOptionsError as e:
cli.parser.print_help()
display.error(to_text(e), wrap_text=False)
exit_code = 5
except AnsibleParserError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 4
# TQM takes care of these, but leaving comment to reserve the exit codes
# except AnsibleHostUnreachable as e:
# display.error(str(e))
# exit_code = 3
# except AnsibleHostFailed as e:
# display.error(str(e))
# exit_code = 2
except AnsibleError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 1
except KeyboardInterrupt:
display.error("User interrupted execution")
exit_code = 99
except Exception as e:
if C.DEFAULT_DEBUG:
# Show raw stacktraces in debug mode, It also allow pdb to
# enter post mortem mode.
raise
have_cli_options = bool(context.CLIARGS)
display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
log_only = False
if hasattr(e, 'orig_exc'):
display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
why = to_text(e.orig_exc)
if to_text(e) != why:
display.vvv('\noriginal msg: %s' % why)
else:
display.display("to see the full traceback, use -vvv")
log_only = True
display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
exit_code = 250
sys.exit(exit_code)

View File

@ -0,0 +1,87 @@
#!/usr/bin/expect --
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
set ROLE gpgkey
set PREFIX /usr/local
set timeout 30
#? spawn /usr/local/bin/pinentry.py
spawn /usr/local/bin/pinentry_gridfire.py
expect "OK Your orders please"
send_user "OPTION grab\n"
send "OPTION grab\n"
expect "OK"
send_user "OPTION ttyname=/dev/pts/6\n"
send "OPTION ttyname=/dev/pts/6\n"
expect "OK"
send_user "OPTION ttytype=xterm\n"
send "OPTION ttytype=xterm\n"
expect "OK"
send_user "OPTION lc-ctype=en_US.UTF-8\n"
send "OPTION lc-ctype=en_US.UTF-8\n"
expect "OK"
send_user "OPTION lc-messages=en_US.UTF-8\n"
send "OPTION lc-messages=en_US.UTF-8\n"
expect "OK"
send_user "OPTION allow-external-password-cache\n"
send "OPTION allow-external-password-cache\n"
expect "OK"
send_user "OPTION default-ok=_OK\n"
send "OPTION default-ok=_OK\n"
expect "OK"
send_user "OPTION default-cancel=_Cancel\n"
send "OPTION default-cancel=_Cancel\n"
expect "OK"
send_user "OPTION default-yes=_Yes\n"
send "OPTION default-yes=_Yes\n"
expect "OK"
send_user "OPTION default-no=_No\n"
send "OPTION default-no=_No\n"
expect "OK"
send_user "OPTION default-prompt=PIN:\n"
send "OPTION default-prompt=PIN:\n"
expect "OK"
send_user "OPTION default-pwmngr=_Save in password manager\n"
send "OPTION default-pwmngr=_Save in password manager\n"
expect "OK"
send_user "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
send "OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\n"
expect "OK"
send_user "OPTION default-tt-visi=Make passphrase visible\n"
send "OPTION default-tt-visi=Make passphrase visible\n"
expect "OK"
send_user "OPTION default-tt-hide=Hide passphrase\n"
send "OPTION default-tt-hide=Hide passphrase\n"
expect "OK"
send_user "GETINFO pid\n"
send "GETINFO pid\n"
expect "D 14309"
expect "OK"
send_user "SETKEYINFO u/S9464F2C2825D2FE3\n"
send "SETKEYINFO u/S9464F2C2825D2FE3\n"
expect "OK"
send_user "SETDESC Enter passphrase%0A\n"
send "SETDESC Enter passphrase%0A\n"
expect "OK"
send_user "SETPROMPT Passphrase\n"
send "SETPROMPT Passphrase\n"
expect "OK"
send_user "GETPIN\n"
send "GETPIN\n"
expect "D testing!"
expect "OK"
send_user "BYE\n"
send "BYE\n"
expect "OK closing connection"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
}
# expect -r .+ {send "\r"}

View File

@ -0,0 +1,11 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0`
PREFIX=/usr/local
ROLE=gpgkey
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
cd /usr/local/src/gridfire || exit 3
exec /usr/local/bin/python3.sh gridfire.py "$@"

View File

@ -0,0 +1,59 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/gridfire.rc
declare -a ELTS LARGS RARGS
ELTS=(
gridfire_ansible-vault.sh
gridfire_keepassxc-cli.sh
gridfire_keepassxc.sh
gridfire_keyring.sh
gridfire_openssl.sh
gridfire_secret-tool.sh
gridfire_staticgpg.sh
gridfire_truecrypt.sh
gridfire_veracrypt.sh
)
SHORTOPTS="ha:cgulbodfpwm:nv:s:D:P:H:A:"
OARGS="$@"
ARGS=$(getopt --options $SHORTOPTS -- "$@")
[ $? != 0 ] && error 2 "Aborting."
eval set -- "$ARGS"
while true; do
case "$1" in
-h|-c|-g|-u|-l|-b|-o|-d|-f|-p|-w|-n)
LARGS+=($1)
shift;;
-a|-m|-v|-s|-D|-P|-H|-A)
LARGS+=($1)
shift
LARGS+=($1)
shift;;
'--')
shift
RARGS=("$@")
break
;;
esac
done
#echo DEBUG: LARGS ${LARGS[@]}
#echo DEBUG: RARGS ${RARGS[@]}
case ${RARGS[0]} in
ansible-vault|keepassxc-cli|keepassxc|keyring|openssl|secret-tool|staticgpg|truecrypt|veracrypt|foo)
elt=gridfire_${RARGS[0]}.bash
unset ${RARGS[0]}
RARGS[0]=""
exec bash $elt ${LARGS[@]} ${RARGS[@]}
;;
esac
# echo ${RARGS[@]}
exec python3.sh $PREFIX/src/gridfire/gridfire.py "$OARGS"

View File

@ -0,0 +1,6 @@
#!/bin/sh
# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
export PATH='/var/local/bin:'"$PATH"
#export PATH='/usr/local/bin:'"$PATH"
export TMPDIR=/tmp

View File

@ -0,0 +1,11 @@
#!/bin/sh
# -*-mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
export PATH='/q/Pg64/KeePassXC-2.6.6-Win64:'"$PATH"
export PATH='/q/Pg64/VeraCrypt_1.24-Update7:'"$PATH"
# VeraCrypt Legacy Portable 1.24-Update7.exe
export PATH='/w/Pg32/TrueCrypt:'"$PATH"
export PATH='/q/Pg64/TrueCrypt-7.1a:'"$PATH"
export PATH='/usr/local/bin:'"$PATH"
export TMPDIR=/q/tmp

View File

@ -0,0 +1,13 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=gpgkey
PYVER=3
. /usr/local/bin/gridfire.rc
export PYTHONPATH=$PREFIX/src/gridfire
exec $PREFIX/bin/gridfire -H "ansible-vault.py" -- \
$PREFIX/bin/python$PYVER.sh $PREFIX/src/gridfire/ansible-vault.py "$@"

View File

@ -0,0 +1,30 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
root=KeeC
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
EXE=/var/local/bin/keepassxc.bash
# not -k not -p
[[ "$*" =~ "--pw-stdin" ]] || [[ $RARGS =~ "--pw-stdin" ]] || RARGS="--pw-stdin $RARGS"
# not =''
[[ "$*" =~ "--keyfile" ]] || [[ $RARGS =~ "--keyfile" ]] || RARGS="--keyfile '' $RARGS"
DEBUG=1
DEBUG $EXE $RARGS "$@" >> /tmp/${root}$$.log
$EXE $RARGS "$@" 2>/tmp/${root}$$.err >/tmp/${root}$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see /tmp/${root}$$.log
else
WARN see /tmp/${root}$$.err
cat /tmp/${root}$$.err
fi
exit $retval

View File

@ -0,0 +1,174 @@
#!/usr/local/bin/python2.sh
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
########################################################
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
__requires__ = ['ansible']
import os
import shutil
import sys
import traceback
from ansible import context
from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
from ansible.module_utils._text import to_text
from gridfire import getpass
ROLE="proxy"
# Used for determining if the system is running a new enough python version
# and should only restrict on our documented minimum versions
_PY3_MIN = sys.version_info[:2] >= (3, 5)
_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
_PY_MIN = _PY3_MIN or _PY2_MIN
if not _PY_MIN:
raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
class LastResort(object):
# OUTPUT OF LAST RESORT
def display(self, msg, log_only=None):
print(msg, file=sys.stderr)
def error(self, msg, wrap_text=None):
print(msg, file=sys.stderr)
def prompt(self, msg, private=True):
return getpass(msg)
if __name__ == '__main__':
display = LastResort()
try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
import ansible.constants as C
from ansible.utils.display import Display
except AnsibleOptionsError as e:
display.error(to_text(e), wrap_text=False)
sys.exit(5)
_Display = Display
class MyDisplay(_Display):
name = 'getpass'
def prompt(self, prompt, private=True):
return getpass(prompt)
Display = MyDisplay
display = MyDisplay()
from ansible.parsing import vault
vault.display = display
cli = None
me = os.path.basename(sys.argv[0])
try:
display.v("starting run")
sub = None
target = me.split('-')
if target[-1][0].isdigit():
# Remove any version or python version info as downstreams
# sometimes add that
target = target[:-1]
if len(target) > 1:
sub = target[1]
myclass = "%sCLI" % sub.capitalize()
elif target[0] == 'ansible':
sub = 'adhoc'
myclass = 'AdHocCLI'
else:
raise AnsibleError("Unknown Ansible alias: %s" % me)
try:
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
except ImportError as e:
# ImportError members have changed in py3
if 'msg' in dir(e):
msg = e.msg
else:
msg = e.message
if msg.endswith(' %s' % sub):
raise AnsibleError("Ansible sub-program not implemented: %s" % me)
raise
mycli.display = display
try:
args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
except UnicodeError:
display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
exit_code = 6
else:
cli = mycli(args)
cli.parse()
cli.display = display
# import pdb; pdb.set_trace()
exit_code = cli.run()
except AnsibleOptionsError as e:
cli.parser.print_help()
display.error(to_text(e), wrap_text=False)
exit_code = 5
except AnsibleParserError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 4
# TQM takes care of these, but leaving comment to reserve the exit codes
# except AnsibleHostUnreachable as e:
# display.error(str(e))
# exit_code = 3
# except AnsibleHostFailed as e:
# display.error(str(e))
# exit_code = 2
except AnsibleError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 1
except KeyboardInterrupt:
display.error("User interrupted execution")
exit_code = 99
except Exception as e:
if C.DEFAULT_DEBUG:
# Show raw stacktraces in debug mode, It also allow pdb to
# enter post mortem mode.
raise
have_cli_options = bool(context.CLIARGS)
display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
log_only = False
if hasattr(e, 'orig_exc'):
display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
why = to_text(e.orig_exc)
if to_text(e) != why:
display.vvv('\noriginal msg: %s' % why)
else:
display.display("to see the full traceback, use -vvv")
log_only = True
display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
exit_code = 250
finally:
# Remove ansible tmpdir
shutil.rmtree(C.DEFAULT_LOCAL_TMP, True)
sys.exit(exit_code)

View File

@ -0,0 +1,17 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
COMMAND=$1
shift
RARGS="--pw-stdin"
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
exec $PREFIX/bin/gridfire -H "keepassxc-cli.sh $tail" -- \
keepassxc-cli.sh $COMMAND $RARGS "$@"

View File

@ -0,0 +1,20 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
LARGS="--bg"
LARGS=""
RARGS="--pw-stdin"
INFO $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
keepassxc $RARGS "$@"
exec $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
keepassxc $RARGS "$@"

View File

@ -0,0 +1,58 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash || exit 2
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
USAGE:
--password PASSWORD Database password.
--password-command PW_CMD
Password will be obtained from the output of this
command.
--keyfile KEYFILE Key file for unlocking database.
--pinentry PINENTRY Command used to run pinentry.
-c COMMAND, --command COMMAND
Command to execute. If command arguments contain
spaces, they must be enclosed in double quotes. With
this switch, kpsh will be started in non-interactive
mode. A list of available commands can be found by
running 'kpsh -c help':
{open,unlock,lock,db,ls,show,add,edit,delete,move,autotype,exit,echo,sleep,help}
open Change currently opened database.
unlock Unlock currently opened database.
lock Lock a database.
db Query opened database info.
ls List contents of database.
show Show contents of entry.
add Add a new entry if it doesn't exist yet.
edit Edit existing entry
delete Delete entry from database
move Move entry to the new path.
autotype Auto-type sequence of entry fields.
exit Exit shell.
echo Display a message.
sleep Sleep for a given number of seconds.
--prompt PROMPT Text used by shell for prompt.
-d, --daemon Start as a daemon listening on a socket given by
--socket-path
-s SOCKET_PATH, --socket-path SOCKET_PATH
Path to the socket which will be created in daemon
mode (default: /tmp/kpsh-$UID.sock).
USAGE: $0 -- kpsh-args
`basename $0` arguments go before the -- kpsh args go after
EOF
exit 1
fi
# FixMe: nonewline
exec $PREFIX/bin/gridfire -H "kpsh password on stdin" --stdin -- \
kpsh "$@"

View File

@ -0,0 +1,187 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/gridfire.rc
COMMANDS=(
asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec
ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp
passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req
rsa rsautl s_client s_server s_time sess_id smime speed spkac srp
storeutl ts verify version x509 dgst enc
)
# for elt in ${COMMANDS[*]}; do echo INFO: openssl $elt;openssl $elt -help;done
usage () {
echo "USAGE: recognized commands are - ${PASSIN_COMMANDS[*]} ${PASSOUT_COMMANDS[*]} ${PASS_COMMANDS[*]}"
return 0
}
if [ "$#" -eq 0 ] || [ "$1" = '--help' ] || [ "$1" = '-h' ] ; then
echo USAGE: $0 command [options]
cat << EOF
Recognized commands:
-passin commands: -passin pass:stdin
ca \
-passin val Input file pass phrase source
cms
-pwri_password val (No additional info)
-passin val Input file pass phrase source
dgst
-passin val Input file pass phrase source
pkeyutl
-passin val Input file pass phrase source
rsautl
-passin val Input file pass phrase source
smime
-passin val Input file pass phrase source
spkac
-passin val Input file pass phrase source
storeutl
-passin val Input file pass phrase source
ts
-passin val Input file pass phrase source
x509
-passin val Private key password/pass-phrase source
dgst
-passin val Input file pass phrase source
-passout commands: -passout pass:stdin
gendsa
-passout val Output file pass phrase source
genrsa
-passout val Output file pass phrase source
-pass commands: -pass pass:stdin
enc
-pass val Passphrase source
genpkey
-pass val Output file pass phrase source
Options:
pass:stdin
pass:fd0
EOF
exit 1
fi
COMMAND=$1
# FixMe: make sure command is first
if [ $COMMAND = '-help' ] || [ $COMMAND = '--help' ] ; then
usage
echo "USAGE: all openssl commands are - ${COMMANDS[*]}"
exit 0
fi
if [ "${COMMAND:0:1}" = "-" ] ; then
echo "USAGE: command args - command must precede args"
usage
exit 1
fi
case $COMMAND in \
# PASSIN_COMMANDS=(
ca \
| cms \
| dgst \
| pkeyutl \
| rsautl \
| smime \
| spkac \
| storeutl \
| ts \
| x509 \
| dgst \
) # FixMe: check if already there
LARGS="-passin pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSOUT_COMMANDS=(
gendsa \
| genrsa \
) # FixMe: check if already there
LARGS="-passout pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASS_COMMANDS=( \
enc \
| genpkey \
) # FixMe: check if already there
LARGS="-pass pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSNOV_COMMANDS=( \
passwd \
| '-in infile Read passwords from file' \
| '-noverify Never verify when reading password from terminal' \
| '-stdin Read passwords from stdin' \
) # FixMe: check if already there
#? conflicts with -in?
LARGS=" -noverify -stdin"
bash $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSINOUT_COMMANDS=( \
pkcs8 \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
| pkey \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
| rsa \
| '-passout val Output file pass phrase source' \
| '-passin val Input file pass phrase source' \
| srp \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
) # FixMe: check if already there
# FixMe: fd:
LARGS="--passin"
passin=`sh $PREFIX/bin/gridfire -H "openssl $LARGS" `
LARGS="-passin pass:$passin -passout pass:stdin"
bash $PREFIX/bin/gridfire -H "openssl -passout pass:stdin" -- openssl $LARGS "$@" || exit $?
esac
exit 0
# PASSDPASS_COMMANDS=( \
s_server \
# -pass val Private key file pass phrase source \
# -dpass val Second private key file pass phrase source \
) # FixMe: check if already there
# FixMe: fd:
pass=`sh $PREFIX/bin/gridfire.sh`
LARGS="-pass pass:$pass -dpass pass:stdin"
bash $PREFIX/bin/gridfire -- openssl $LARGS "$@" || exit $?
;; # PASSKPASS_COMMANDS=( \
enc \
# -pass val Passphrase source \
# -kfile infile Read passphrase from file \
) # FixMe: check if already there
# FixMe: fd:
#?pass=`sh $PREFIX/bin/gridfire.sh`
#?LARGS="-pass pass:$pass -dpass pass:stdin"
LARGS="-pass pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;; # PASSINOUTWORD_COMMANDS=( \ \
pkcs12 \
# -twopass Separate MAC, encryption passwords \
# -passin val Input file pass phrase source \
# -passout val Output file pass phrase source \
# -password val Set import/export password source \
) # FixMe: check if already there
# FixMe: pass: prefix
$PREFIX/bin/gridfire -H "-passin pass:" --single "passin" -- sh $PREFIX/bin/gridfire -H "-passout stdin" -- openssl "$@" || exit $?
esac

View File

@ -0,0 +1,27 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash || exit 2
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
usage: secret-tool store --label='label' attribute value ...
secret-tool lookup attribute value ...
secret-tool clear attribute value ...
secret-tool search [--all] [--unlock] attribute value ...
USAGE: $0 -- secret-tool-args
`basename $0` arguments go before the -- secret-tool args go after
EOF
exit 1
fi
# FixMe: nonewline
exec $PREFIX/bin/gridfire -H "secret-tool password on stdin" --stdin -- \
secret-tool "$@"

View File

@ -0,0 +1,11 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
#? --pinentry-mode loopback
exec $PREFIX/bin/gridfire -H "staticgpg --passphrase-fd 0" -- \
staticgpg --passphrase-fd 0 "$@"

View File

@ -0,0 +1,104 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
PYVER=3
EXE=/var/local/bin/tomb.bash
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
# ~/.local/share/python_keyring
# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
# or open the keyfile?
# passwd from gridfire or from keepass
usage() {
echo "Syntax: tomb [options] command [arguments]"
echo
echo " // Creation:"
echo " dig create a new empty TOMB file of size -s in MiB"
echo " forge create a new KEY file and set its password"
echo " lock installs a lock on a TOMB to use it with KEY"
echo
echo " // Operations on tombs:"
echo " open open an existing TOMB (-k KEY file or - for stdin)"
echo " index update the search indexes of tombs"
echo " search looks for filenames matching text patterns"
echo " list list of open TOMBs and information on them"
echo " ps list of running processes inside open TOMBs"
echo " close close a specific TOMB (or 'all')"
echo " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && {
echo " resize resize a TOMB to a new size -s (can only grow)"
}
echo
echo " // Operations on keys:"
echo " passwd change the password of a KEY (needs old pass)"
echo " setkey change the KEY locking a TOMB (needs old key and pass)"
echo
[[ $QRENCODE == 1 ]] && {
echo " // Backup on paper:"
echo " engrave makes a QR code of a KEY to be saved on paper"
echo
}
[[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
echo " // Steganography:"
[[ $STEGHIDE == 1 ]] && {
echo " bury hide a KEY inside a JPEG image (for use with -k)"
echo " exhume extract a KEY from a JPEG image (prints to stdout)"
}
[[ $CLOAKIFY == 1 ]] && {
echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
}
[[ $DECLOAKIFY == 1 ]] && {
echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
}
echo
}
echo "Options:"
echo
echo " -s size of the tomb file when creating/resizing one (in MiB)"
echo " -k path to the key to be used ('-k -' to read from stdin)"
echo " -n don't launch the execution hooks found in tomb"
echo " -p preserve the ownership of all files in tomb"
echo " -o options passed to commands: open, lock, forge (see man)"
echo " -f force operation (i.e. even if swap is active)"
echo " -g use a GnuPG key to encrypt a tomb key"
echo " -r provide GnuPG recipients (separated by comma)"
echo " -R provide GnuPG hidden recipients (separated by comma)"
[[ $SPHINX == 1 ]] && {
echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
}
[[ $KDF == 1 ]] && {
echo " --kdf forge keys armored against dictionary attacks"
}
echo
echo " -q run quietly without printing informations"
echo " -D print debugging information at runtime"
}
# FixMe: make sure command is first
if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
# usage
# exit 0
:
fi
LARGS="-H \"tomb $tail\""
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
if [[ "$*" =~ "-- " ]];then
RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
exec $PREFIX/bin/gridfire $LARGS $RARGS
else
exec $PREFIX/bin/gridfire $LARGS -- $EXE "$@"
fi

View File

@ -0,0 +1,32 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
usage () {
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- truecrypt-args
`basename $0` arguments go before the -- truecrypt args go after
MINIMUM of 2 args for truecrypt
EOF
exit 1
}
if [ "$#" -eq 0 ] ; then
usage
fi
if [ "$#" -lt 2 ] ; then
usage
fi
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
RARGS="--non-interactive"
exec $PREFIX/bin/gridfire --double password -E -B -H "truecrypt-console $tail" -- \
$PREFIX/bin/truecrypt-console.sh $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,25 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- truecrypt-args
`basename $0` arguments go before the -- truecrypt args go after
EOF
exit 1
fi
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
exec $PREFIX/bin/gridfire -E --double password -H "truecrypt $tail" -- \
$PREFIX/bin/truecrypt.sh "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,37 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
usage () {
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- veracrypt-args
`basename $0` arguments go before the -- veracrypt args go after
MINIMUM of 2 args for veracrypt
EOF
exit 1
}
if [ "$#" -eq 0 ] ; then
usage
exit 1
fi
if [ "$#" -lt 2 ] ; then
usage
fi
RARGS="--stdin --non-interactive"
[[ "$*" =~ "--stdin" ]] || [[ $RARGS =~ "--stdin" ]] || LARGS="--stdin $LARGS"
#no [[ "$*" =~ "--create" ]] && LARGS="--repeat $LARGS"
#no [[ "$*" =~ "--new-password=" ]] && LARGS="--repeat $LARGS"
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
$PREFIX/bin/gridfire $LARGS -H "veracrypt-console $tail" -- \
$PREFIX/bin/veracrypt-console.sh $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,15 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
exec $PREFIX/bin/gridfire -H "veracrypt $tail" -- \
$PREFIX/bin/veracrypt.sh $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,97 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
root=KeeC
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
EXE=/var/local/bin/keepassxc-cli.bash
#? mayaybe not
if [ "$#" -eq 0 -o "$1" = '--help' ] ; then
echo USAGE: $0 command [options]
cat << EOF
Available commands:
analyze Analyze passwords for weaknesses and problems.
clip Copy an entry's attribute to the clipboard.
close Close the currently opened database.
db-create Create a new database.
db-info Show a database's information.
diceware Generate a new random diceware passphrase.
edit Edit an entry.
estimate Estimate the entropy of a password.
export Exports the content of a database to standard output in the specified format.
generate Generate a new random password.
help Display command help.
import Import the contents of an XML database.
locate Find entries quickly.
ls List database entries.
merge Merge two databases.
mkdir Adds a new group to a database.
mv Moves an entry to a new group.
open Open a database.
rm Remove an entry from the database.
rmdir Removes a group from a database.
show Show an entry's information.
Options:
-k, --key-file <path> Key file of the database.
EOF
exit 1
fi
# [[ "$*" =~ "--pw-stdin" ]] || [[ $LARGS =~ "--pw-stdin" ]] || LARGS="--pw-stdin $LARGS"
if [[ "$*" =~ "db-create" ]] ; then
[[ "$*" =~ "--decryption-time" ]] || [[ $RARGS =~ "--decryption-time" ]] || RARGS="--decryption-time=1000 $RARGS"
# not =''
# [[ "$*" =~ "-k" ]] || [[ $RARGS =~ "-k" ]] || RARGS="-k '' $RARGS"
[ -x $EXE ] || PANIC file not found $EXE
DBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
password=$(cat)
/usr/bin/expect << EOF
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
set ROLE gpgkey
set PREFIX /usr/local
set timeout 30
spawn -noecho $EXE $LARGS $RARGS "$@"
log_user 0
expect "Enter password to encrypt database (optional):"
send "$password\n"
expect "Repeat password:"
send "$password\n"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
}
EOF
retval=$?
DBUG see /tmp/${root}$$.log
exit $retval
fi
DEBUG=1
DEBUG $EXE $LARGS $RARGS "$@" >> /tmp/${root}$$.log
$EXE $LARGS $RARGS "$@" 2>/tmp/${root}$$.err >>/tmp/${root}$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see /tmp/${root}$$.log
cat /tmp/${root}$$.log
else
WARN see /tmp/${root}$$.err /tmp/${root}$$.log
cat /tmp/${root}$$.err
fi
exit $retval

View File

@ -0,0 +1,26 @@
#!/usr/bin/expect --
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
set ROLE gpgkey
set PREFIX /usr/local
set timeout 30
spawn /g/Gpgkey/net/Http/github.com/keepassxreboot/keepassxc/releases/download/2.6.6/KeePassXC-2.6.6-x86_64.AppImage cli db-create -p -k /dev/shm/mausPh4.key /dev/shm/mausA3d_h0.kdbx
expect "Enter password to encrypt database (optional):*"
send_user "AA\n"
send "AA\n"
expect "Repeat password:*"
send_user "AA\n"
send "AA\n"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
}
# expect -r .+ {send "\r"}

View File

@ -0,0 +1,15 @@
=== db-create ===
Usage: keepassxc-cli db-create [options] database
Create a new database.
Options:
-q, --quiet Silence password prompt and other secondary
outputs.
-k, --set-key-file <path> Set the key file for the database.
-p, --set-password Set a password for the database.
-t, --decryption-time <time> Target decryption time in MS for the database.
-h, --help Display this help.
Arguments:
database Path of the database.

View File

@ -0,0 +1,34 @@
INFO: /g/Gpgkey/net/Http/github.com/keepassxreboot/keepassxc/releases/download/2.6.6/KeePassXC-2.6.6-x86_64.AppImage --help
Usage: keepassxc [options] [filename(s)]
KeePassXC - cross-platform password manager
Options:
-h, --help Displays help on commandline options.
--help-all Displays help including Qt specific options.
-v, --version Displays version information.
--config <config> path to a custom config file
--localconfig <localconfig> path to a custom local config file
--lock lock all open databases
--keyfile <keyfile> key file of the database
--pw-stdin read password of the database from stdin
--debug-info Displays debugging information.
Arguments:
filename(s) filenames of the password databases to open
(*.kdbx)
=== db-create ===
Usage: keepassxc-cli db-create [options] database
Create a new database.
Options:
-q, --quiet Silence password prompt and other secondary
outputs.
-k, --set-key-file <path> Set the key file for the database.
-p, --set-password Set a password for the database.
-t, --decryption-time <time> Target decryption time in MS for the database.
-h, --help Display this help.
Arguments:
database Path of the database.

View File

@ -0,0 +1,15 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
PYVER=3
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
# ~/.local/share/python_keyring
exec python$PYVER.sh `which keyring` -p /usr/local/bin/gridfire -b gridfire "$@"

View File

@ -0,0 +1,13 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
root=KeeC
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
exec /usr/local/bin/python3.sh /usr/local/bin/pinentry_.py "$@"

View File

@ -0,0 +1,15 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
[ -e /run ] || exit 1
cd $PREFIX/src/gridfire || exit 3
export PYTHONPATH=$PREFIX/src/gridfire/pyassuan:$PREFIX/src/gridfire:$PWD
exec $PREFIX/bin/python3.sh bin/pinentry_gridfire.py "$@"

View File

@ -0,0 +1,302 @@
#!/usr/bin/env python3
# -*- mode: python; py-indent-offset: 4; indent-tabs-mode: nil; coding: utf-8 -*-
from __future__ import (absolute_import, division, print_function)
#? from future import *
import sys
import os
import socket
import stat
import logging
import argparse
import traceback
ROLE="proxy"
LOG = logging.getLogger(__name__)
# we want to use our version for now
sGDir = os.path.dirname(os.path.dirname(__file__))
if sGDir not in sys.path:
sys.path.insert(0, sGDir)
#print('\n'.join(sys.path))
from gridfire import getpass
sDir=os.path.join(sGDir, 'keepassxc_cmd2')
if sDir not in sys.path: sys.path.insert(0, sDir)
try:
from keepassxc_cmd2.cmd2_ansi import *
except Exception:
def green(s): return s
def info(s): print(green(s))
def red(s): return s
def error(s): print(red(s))
def yellow(s): return s
def warn(s): print(yellow(s))
def blue(s): return s
def debug(s): print(blue(s))
ansi = None
del sGDir
# installed by Makefile install::
sDir=os.path.join('/usr/local/lib/python3.8', 'site-packages')
if sDir not in sys.path: sys.path.insert(0, sDir)
try:
from pyassuan import common as _common
from pyassuan import error as _error
except:
sys.stderr.write('\n'.join(sys.path)+'\n')
raise
del sDir
LOCALE="en_US.UTF-8"
NAME='pinentry_gridfire'
HOST='127.0.0.1'
PORT=6666
INET_SOCKET=False
RUN='/run/user/{}/'.format(os.geteuid()) +NAME +'.{}'.format(os.getpid())
VALID_OPTIONS = (
#? 'grab',
'ttyname', # + os.environ['GPG_TTY']
# 'ttytype', # xterm
'lc-ctype', # " +LOCALE
'lc-messages', # en_US.UTF-8
# 'allow-external-password-cache',
# 'default-ok', # _OK
# 'default-cancel', # _Cancel
# 'default-yes', # _Yes
# 'default-no', # _No
'default-prompt', # 'Passphrase:'
# 'default-pwmngr', # _Save in password manager
'default-cf-visi', # Do you really want to make your passphrase visible on the screen?
'default-tt-visi', # Make passphrase visible
'default-tt-hide', # Hide passphrase
)
VALID_COMMANDS = ('GETINFO', 'OPTION', 'BYE', 'QUIT', 'HELP',)
LOG_FILE = '/tmp/pinentry{}.log'.format(os.getpid())
# from pyassuan import server # AssuanServer , AssuanSocketServer
print('from pyassuan.server import AssuanServer , AssuanSocketServer')
from pyassuan.server import AssuanServer , AssuanSocketServer
class GridfireAssuanServer(AssuanServer):
"""A single-threaded Assuan server based on the `development suggestions`_
Extend by subclassing and adding ``_handle_XXX`` methods for each
command you want to handle.
.. _development suggestions:
http://www.gnupg.org/documentation/manuals/assuan/Server-code.html
"""
valid_options = VALID_OPTIONS
valid_commands = VALID_COMMANDS
def __init__(self, name, logger=LOG, use_sublogger=True,
valid_options=VALID_OPTIONS, strict_options=True,
single_request=False, listen_to_quit=False,
close_on_disconnect=False, args=None):
self.args = args
AssuanServer.__init__(self, name, logger, use_sublogger,
valid_options, strict_options,
single_request, listen_to_quit,
close_on_disconnect)
def reset(self):
self.stop = False
self.options.clear()
if self.args.ttyname:
self.options['ttyname'] = self.args.ttyname
elif 'GPG_TTY' in os.environ:
self.options['ttyname'] = os.environ['GPG_TTY']
else:
self.options['ttyname'] = os.ttyname(sys.stdin.fileno())
if self.args.lc_messages:
self.options['lc-messages'] = self.args.lc_messages
elif 'LC_MESSAGES' in os.environ:
self.options['lc-messages'] = os.environ['LC_MESSAGES']
elif 'LANG' in os.environ:
self.options['lc-ctype'] = os.environ['LANG']
if self.args.lc_ctype:
self.options['lc-ctype'] = self.args.lc_ctype
elif 'LC_CTYPE' in os.environ:
self.options['lc-ctype'] = os.environ['LC_CTYPE']
elif 'LANG' in os.environ:
self.options['lc-ctype'] = os.environ['LANG']
if 'default-prompt' not in self.options:
self.options['default-prompt'] = 'Passphrase:'
def run(self):
self.reset()
self.logger.info('running')
self.connect()
try:
self.handle_requests()
finally:
self.logger.info('stopped running')
self.disconnect()
self.logger.info('stopping')
def init_options(self):
#? if self.listen_to_quit is None: self.listen_to_quit = True
if os.path.isfile(LOG_FILE):
os.chmod(LOG_FILE, stat.S_IRUSR| stat.S_IWUSR)
if os.path.exists(RUN):
os.chmod(RUN, stat.S_IRUSR| stat.S_IWUSR)
def _handle_BYE(self, arg):
if self.single_request:
self.stop = True
yield _common.Response('OK', 'bye connection')
def _handle_GETINFO(self, args):
arg = args.split()[0]
if arg.lower() == 'pid':
yield _common.Response("D", '{}'.format(os.getpid()).encode('ascii'))
yield _common.Response('OK', '')
def _handle_HELP(self, arg):
s = 'COMMANDS: ' +' '.join(self.valid_commands)
yield _common.Response("D", s.encode('ascii'))
s = 'OPTIONS: ' +' '.join(self.valid_options)
yield _common.Response("D", s.encode('ascii'))
yield _common.Response('OK', '')
def _handle_QUIT(self, arg):
if self.listen_to_quit:
self.stop = True
yield _common.Response('OK', 'quitting the server')
else:
raise _error.AssuanError(
code=175, message='Unknown command (reserved)')
def _handle_GETPIN(self, arg):
self.init_options()
main_args = []
if self.args.debug:
main_args += ['--verbosity', "3"]
else:
main_args += ['--verbosity', "1"]
main_args += ['--ttyalert', self.args.ttyalert]
if 'default-tt-hide' in self.options:
#? and self.options['default-tt-visi']
main_args += ['-c']
#? spawn an xterm is DISPLAY is set?
s = getpass(prompt=self.options['default-prompt'],
stream=None,
tty=self.options['ttyname'],
main_args=main_args,
)
yield _common.Response('D', s.encode('ascii'))
yield _common.Response('OK', '')
class GridfireAssuanSocketServer (AssuanSocketServer):
"""A threaded server spawning ``AssuanServer``\s for each connection
"""
def __init__(self, name, socket, server_klass, kwargs={}, max_threads=10,
logger=LOG, use_sublogger=True, args=None):
self.args = args
AssuanSocketServer.__init__(self, name, socket, server_klass, kwargs, max_threads,
logger=logger, use_sublogger=use_sublogger)
def run(self):
self.logger.info('listen on socket')
self.socket.listen()
thread_index = 0
while True:
self.logger.info('threads: ' +repr(self.threads))
socket,address = self.socket.accept()
self.logger.info('connection from {}'.format(address))
self.cleanup_threads()
if len(self.threads) > self.max_threads:
self.drop_connection(socket, address)
self.spawn_thread(
'server-thread-{}'.format(thread_index), socket, address)
thread_index = (thread_index + 1) % self.max_threads
if 'single_request' in self.kwargs:
self.logger.info('single_request: ' +repr(self.kwargs['single_request']))
if self.kwargs['single_request']: break
def make_argparser():
description='''pinentry_gridfire'''
if INET_SOCKET:
description += ' listening on {}:{}'.format(HOST, PORT)
else:
description += ' listening at {}'.format(RUN)
argparser = argparse.ArgumentParser(description=description, add_help=True)
argparser.add_argument('-d', '--debug', action='store_true', help='Turn on debugging output')
# argparser.add_argument('-D', '--display', default=None, help='Set the X display')
argparser.add_argument('-T', '--ttyname', type=str, help='Set the terminal tty')
# argparser.add_argument('-N', '--ttytype NAME', type=str, help='Set the tty terminal type')
argparser.add_argument('-C', '--lc-ctype', type=str, help='Set the tty LC_CTYPE value')
argparser.add_argument('-M', '--lc-messages', type=str, help='Set the tty LC_MESSAGES value')
# argparser.add_argument('-o', '--timeout', type=int, help='Timeout in secs. waiting for input after this many seconds')
# argparser.add_argument('-g', '--no-global-grab', action='store_true', help='Grab keyboard only while window is focused')
# argparser.add_argument('-W', '--parent-wid', type=str, help='Parent window ID (for positioning)')
# argparser.add_argument('-c', '--colors', type=str, help='Set custom colors for ncurses')
argparser.add_argument('-a', '--ttyalert', type=str, default='none', choices=['none', 'beep', 'flash'],
help='Set the alert mode (none, beep or flash)')
return argparser
print( 'iMain '+repr(sys.argv))
def iMain(sys_argv):
argparser = make_argparser()
args = argparser.parse_args(sys_argv)
# Show help and exit if help requested
if hasattr(args, 'help') and args.help:
argparser.print_help(sys.stdout)
sys.exit(0)
if args.debug:
LOG.setLevel(logging.INFO)
else:
LOG.setLevel(logging.WARN)
LOG.addHandler(logging.StreamHandler())
LOG.addHandler(logging.FileHandler(LOG_FILE))
LOG.handlers[0].setFormatter(logging.Formatter('%(name)s: %(levelname)s: %(message)s'))
if INET_SOCKET:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((HOST, PORT))
else:
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind(RUN)
server_klass = GridfireAssuanServer # (NAME, logger=LOG)
server_kwargs = dict(valid_options=server_klass.valid_options,
single_request=True,
close_on_disconnect=True,
listen_to_quit=True,
strict_options=True,
args=args
)
i=0
o = GridfireAssuanSocketServer(NAME, sock, server_klass, logger=LOG, kwargs=server_kwargs, args=args)
o.run()
return i
if __name__ == '__main__':
LOG.info('INFO: Entering iMain sys.argv=' +str(repr(sys.argv)))
try:
i = iMain(sys.argv[1:])
LOG.debug('DEBUG: Leaving iMain exit_code=' + str(i))
except (KeyboardInterrupt, BrokenPipeError,) as e:
i=0
LOG.warn('WARN: Leaving iMain exit_code=0 ' + str(e))
LOG.debug(traceback.format_exc())
except (Exception,) as e:
i=1
LOG.error('ERROR: Leaving iMain exit_code=1 ' + str(e))
LOG.debug(traceback.format_exc())
finally:
if not INET_SOCKET and os.path.exists(RUN):
os.unlink(RUN)
LOG.info('INFO: Leaving iMain exit_code=' +str(i))
sys.exit(i)

View File

@ -0,0 +1,45 @@
# S:OK Your orders please
OPTION grab
# S:OK
OPTION ttyname=/dev/tty3
# S:OK
OPTION ttytype=xterm
# S:OK
OPTION lc-ctype=en_US.UTF-8
# S:OK
OPTION lc-messages=en_US.UTF-8
# S:OK
OPTION allow-external-password-cache
# S:OK
OPTION default-ok=_OK
# S:OK
OPTION default-cancel=_Cancel
# S:OK
OPTION default-yes=_Yes
# S:OK
OPTION default-no=_No
# S:OK
OPTION default-prompt=PIN:
# S:OK
OPTION default-pwmngr=_Save in password manager
# S:OK
OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
# S:OK
OPTION default-tt-visi=Make passphrase visible
# S:OK
OPTION default-tt-hide=Hide passphrase
# S:OK
GETINFO pid
# S:D 14309
# S:OK
SETKEYINFO u/S9464F2C2825D2FE3
# S:OK
SETDESC Enter passphrase%0A
# S:OK
SETPROMPT Passphrase
# S:OK
GETPIN
# S:D testing!
# S:OK
BYE
# S:OK closing connection

View File

@ -0,0 +1,29 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
# DEBUG=1
. /usr/local/bin/usr_local_tput.bash
TTY=`tty`
PASS=`pyassuan_password.sh "$*" "pyassuan_keepassxc-cli"`
retval=$?
if [ $retval = 0 ] ; then
ERROR retval=$retval
exit $retval
fi
# No Gcr System Prompter available
echo $PASS | keepassxc-cli.bash "$@" 2>/tmp/Pyakc$$.err
retval=$?
if [ $retval -eq 0 ] ; then
rm -f /tmp/Pyakc$$.err
else
ERROR retval=$retval `cat /tmp/Pyakc$$.err` >&2
fi

View File

@ -0,0 +1,14 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
# DEBUG=1
. /usr/local/bin/usr_local_tput.bash
TTY=`tty`
PASS=`pyassuan_password.sh "Password for pyassuan_keepassxc-cli" "pyassuan_keepassxc-cli"`
echo $PASS | keepassxc-cli.bash "$@"

View File

@ -0,0 +1,185 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash
[ -n "$GPG_TTY" ] && TTY=$GPG_TTY
[ -x "$GPG_TTY" ] && TTY=`tty`
## _is_found
_is_found() {
# returns 0 if binary is found in path
[[ -z $1 ]] && return 1
command -v "$1" 1>/dev/null 2>/dev/null
return $?
}
# Synopsis: option_is_set -flag [out]
#
# First argument is the commandline flag (e.g., "-s").
# If the second argument is present and set to 'out', print out the
# result: either 'set' or 'unset' (useful for if conditions).
#
# Return 0 if is set, 1 otherwise
## option_is_set
option_is_set() {
local -i r # the return code (0 = set, 1 = unset)
## [[ -n "${(k)OPTS[$1]}" ]];
r=1
return $r;
}
## echo_assuan_getpin
function echo_assuan_getpin() {
# simply prints out commands for pinentry's stdin to activate the
# password dialog
cat << EOF
OPTION ttyname=$TTY
OPTION lc-ctype=$LANG
SETTITLE $title
SETDESC $description
SETPROMPT Password:
GETPIN
EOF
return 0
}
# Ask user for a password
# Wraps around the pinentry command, from the GnuPG project, as it
# provides better security and conveniently use the right toolkit.
## ask_password
ask_password() {
local description="$1"
local title="${2:-Enter password.}"
local output
local password
local gtkrc
local theme
local pass_asked
# Distributions have broken wrappers for pinentry: they do
# implement fallback, but they disrupt the output somehow. We are
# better off relying on less intermediaries, so we implement our
# own fallback mechanisms. Pinentry supported: curses, gtk-2, qt4, qt5
# and x11.
# make sure LANG is set, default to C
export LANG=${LANG:-C}
DBUG "asking password with tty=$TTY lc-ctype=$LANG" >&2
pass_asked=0
if false && [ -n "$TTY" ]; then
DBUG "terminal detected" >&2
if _is_found "gridfire"; then
DBUG "gridfire"
# SETTITLE $title SETDESC $description
output=$(gridfire -H $title)
pass_asked=1
fi
fi
if [[ ! -z $WAYLAND_DISPLAY ]]; then
DBUG "wayland display detected" >&2
if _is_found "pinentry-gnome3" ; then
DBUG "using pinentry-gnome3 on wayland" >&2
output=$(echo_assuan_getpin | pinentry-gnome3|tr '[\n]' '@' )
pass_asked=1
fi
fi
if [[ ! -z $DISPLAY ]] && [[ $pass_asked == 0 ]]; then
DBUG "X11 display detected" >&2
if _is_found "pinentry-qt"; then
DBUG "using pinentry-qt" >&2
output=$(echo_assuan_getpin | pinentry-qt -a beep|tr '[\n]' '@' )
pass_asked=1
elif _is_found "pinentry-qt5"; then
DBUG "using pinentry-qt5" >&2
output=$(echo_assuan_getpin | pinentry-qt5 -a beep|tr '[\n]' '@' )
pass_asked=1
elif _is_found "pinentry-gtk-2"; then
DBUG "using pinentry-gtk2" >&2
output=$(echo_assuan_getpin | pinentry-gtk-2|tr '[\n]' '@' )
pass_asked=1
elif _is_found "pinentry-x11"; then
DBUG "using pinentry-x11" >&2
output=$(echo_assuan_getpin | pinentry-x11|tr '[\n]' '@' )
pass_asked=1
elif _is_found "pinentry-gnome3"; then
DBUG "using pinentry-gnome3 on X11" >&2
output=$(echo_assuan_getpin | pinentry-gnome3|tr '[\n]' '@' )
pass_asked=1
fi
fi
if [[ $pass_asked == 0 ]]; then
DBUG "no display detected" >&2
if _is_found "gridfire"; then
DBUG "gridfire" >&2
# SETTITLE $title SETDESC $description
output=$(gridfire -H $title )
elif _is_found "pinentry-curses"; then
DBUG "using pinentry-curses with no display" >&2
output=$(echo_assuan_getpin | pinentry-curses|tr '[\n]' '@' )
pass_asked=1
fi
fi
[[ $pass_asked == 0 ]] &&
ERROR "Cannot find pinentry-curses or gridfire and no DISPLAY detected." >&2 && \
return 3
# parse the pinentry output
local pinentry_error
sed -e 's/@/\n/g' <<< ${output} | while read i ; do #? (f)
[ -z "$i" ] && continue
key="${i::2}" ; val="${i:2}";
[[ $i =~ ^ERR ]] && {
pinentry_error="${i:4}"
WARN $pinentry_error >&2
continue
}
# here the password is found
if [ "$key" = "D " ] ; then
password="$val"
DBUG $i key="${key}" '#'val="${#val}" >&2
DBUG Password is found >&2
[ -z "$password" ] && {
WARN "Empty password" >&2
return 1
}
echo "$password"
return 0
else
DBUG $i key="${i::2}" val="${i:2}" >&2
fi
done
# if sphinx mode is chosen, use the provided input
# as master password to retrieve the actual password
# if option_is_set --sphx-user || option_is_set --sphx-host; then
# password=$( sphinx_get_password "$password")
# fi
return 0
}
# INFO 0=$0
if [ -x /usr/bin/basename ] && \
[ $( basename -- "$0" .bash ) = $prog \
-o $( basename -- "$0" .sh ) = $prog ] ; then
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
echo USAGE: $0 '[decription [title]]' && exit 0
# echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//' && exit 0
# [ $# -eq 0 ] && set --
ask_password "$@"
exit $?
fi

View File

@ -0,0 +1,85 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
ROLE=gpgkey
base=TruC
TMPDIR=/tmp
EXE=/q/Pg64/TrueCrypt-7.1a/TrueCrypt.exe
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=truecrypt-console.bash
DEBUG=1
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
LARGS="--non-interactive"
if [[ "$*" =~ "--help" ]]; then
cat<<EOF
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
--auto-mount=<str> Auto mount device-hosted/favorite volumes
--backup-headers Backup volume headers
--background-task Start Background Task
-C, --change Change password or keyfiles
-c, --create Create new volume
--create-keyfile Create new keyfile
--delete-token-keyfiles Delete security token keyfiles
-d, --dismount Dismount volume
--display-password Display password while typing
--encryption=<str> Encryption algorithm
--explore Open explorer window for mounted volume
--export-token-keyfile Export keyfile from security token
--filesystem=<str> Filesystem type
-f, --force Force mount/dismount/overwrite
--fs-options=<str> Filesystem mount options
--hash=<str> Hash algorithm
-h, --help Display detailed command line help
--import-token-keyfiles Import keyfiles to security token
-k, --keyfiles=<str> Keyfiles
-l, --list List mounted volumes
--list-token-keyfiles List security token keyfiles
--load-preferences Load user preferences
--mount Mount volume interactively
-m, --mount-options=<str> TrueCrypt volume mount options
--new-keyfiles=<str> New keyfiles
--new-password=<str> New password
--non-interactive Do not interact with user
-p, --password=<str> Password
--protect-hidden=<str> Protect hidden volume
--protection-keyfiles=<str> Keyfiles for protected hidden volume
--protection-password=<str> Password for protected hidden volume
--random-source=<str> Use file as source of random data
--restore-headers Restore volume headers
--save-preferences Save user preferences
--quick Enable quick format
--size=<str> Size in bytes
--slot=<str> Volume slot number
--test Test internal algorithms
-t, --text Use text user interface
--token-lib=<str> Security token library
-v, --verbose Enable verbose output
--version Display version information
--volume-properties Display volume properties
--volume-type=<str> Volume type
EOF
exit 0
elif [[ "$*" =~ "--list" ]]; then
:
else
[[ "$*" =~ "--password" ]] || [[ $LARGS =~ "--password" ]] || {
ERROR --password is required -- $*
exit 3
}
[[ "$*" =~ "--keyfiles" ]] || [[ $LARGS =~ "--keyfiles" ]] || LARGS="--keyfiles '' $LARGS"
fi
DBUG $EXE $LARGS "$@" |tee $TMPDIR/$base$$.tmp
$EXE $LARGS "$@" 2>$TMPDIR/$base$$.err >$TMPDIR/$base$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see $TMPDIR/$base$$.log
else
WARN see $TMPDIR/$base$$.err
cat $TMPDIR/$base$$.err
fi
exit $retval

View File

@ -0,0 +1,85 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
base=TrueC
ROLE=gpgkey
TMPDIR=/tmp
EXE=/q/Pg64/TrueCrypt-7.1a/TrueCrypt.exe
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=truecrypt.bash
DEBUG=1
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
RARGS="--non-interactive -v"
if [[ "$*" =~ "--list" ]]; then
cat<<EOF
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
--auto-mount=<str> Auto mount device-hosted/favorite volumes
--backup-headers Backup volume headers
--background-task Start Background Task
-C, --change Change password or keyfiles
-c, --create Create new volume
--create-keyfile Create new keyfile
--delete-token-keyfiles Delete security token keyfiles
-d, --dismount Dismount volume
--display-password Display password while typing
--encryption=<str> Encryption algorithm
--explore Open explorer window for mounted volume
--export-token-keyfile Export keyfile from security token
--filesystem=<str> Filesystem type
-f, --force Force mount/dismount/overwrite
--fs-options=<str> Filesystem mount options
--hash=<str> Hash algorithm
-h, --help Display detailed command line help
--import-token-keyfiles Import keyfiles to security token
-k, --keyfiles=<str> Keyfiles
-l, --list List mounted volumes
--list-token-keyfiles List security token keyfiles
--load-preferences Load user preferences
--mount Mount volume interactively
-m, --mount-options=<str> TrueCrypt volume mount options
--new-keyfiles=<str> New keyfiles
--new-password=<str> New password
--non-interactive Do not interact with user
-p, --password=<str> Password
--protect-hidden=<str> Protect hidden volume
--protection-keyfiles=<str> Keyfiles for protected hidden volume
--protection-password=<str> Password for protected hidden volume
--random-source=<str> Use file as source of random data
--restore-headers Restore volume headers
--save-preferences Save user preferences
--quick Enable quick format
--size=<str> Size in bytes
--slot=<str> Volume slot number
--test Test internal algorithms
-t, --text Use text user interface
--token-lib=<str> Security token library
-v, --verbose Enable verbose output
--version Display version information
--volume-properties Display volume properties
--volume-type=<str> Volume type
EOF
exit 0
elif [[ "$*" =~ "--list" ]]; then
:
else
[[ "$*" =~ "--password" ]] || [[ $RARGS =~ "--password" ]] || {
ERROR --password is required
exit 3
}
[[ "$*" =~ "--keyfiles" ]] || [[ $RARGS =~ "--keyfiles" ]] || RARGS="--keyfiles='' $RARGS"
fi
DBUG truecrypt.sh $RARGS "$@" >> $TMPDIR/$base$$.tmp
$EXE $RARGS "$@" 2>$TMPDIR/${base}$$.err >/tmp/${base}$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see $TMPDIR/${base}$$.log
else
WARN see $TMPDIR/${base}$$.err
cat $TMPDIR/${base}$$.err
fi
exit $retval

View File

@ -0,0 +1,285 @@
Usage: truecrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-keyfiles <str>] [--new-password <str>] [--non-interactive] [-p <str>] [--protect-hidden <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [--test] [-t] [--token-lib <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [Volume path] [Mount point]
--auto-mount=<str> Auto mount device-hosted/favorite volumes
--backup-headers Backup volume headers
--background-task Start Background Task
-C, --change Change password or keyfiles
-c, --create Create new volume
--create-keyfile Create new keyfile
--delete-token-keyfiles Delete security token keyfiles
-d, --dismount Dismount volume
--display-password Display password while typing
--encryption=<str> Encryption algorithm
--explore Open explorer window for mounted volume
--export-token-keyfile Export keyfile from security token
--filesystem=<str> Filesystem type
-f, --force Force mount/dismount/overwrite
--fs-options=<str> Filesystem mount options
--hash=<str> Hash algorithm
-h, --help Display detailed command line help
--import-token-keyfiles Import keyfiles to security token
-k, --keyfiles=<str> Keyfiles
-l, --list List mounted volumes
--list-token-keyfiles List security token keyfiles
--load-preferences Load user preferences
--mount Mount volume interactively
-m, --mount-options=<str> TrueCrypt volume mount options
--new-keyfiles=<str> New keyfiles
--new-password=<str> New password
--non-interactive Do not interact with user
-p, --password=<str> Password
--protect-hidden=<str> Protect hidden volume
--protection-keyfiles=<str> Keyfiles for protected hidden volume
--protection-password=<str> Password for protected hidden volume
--random-source=<str> Use file as source of random data
--restore-headers Restore volume headers
--save-preferences Save user preferences
--quick Enable quick format
--size=<str> Size in bytes
--slot=<str> Volume slot number
--test Test internal algorithms
-t, --text Use text user interface
--token-lib=<str> Security token library
-v, --verbose Enable verbose output
--version Display version information
--volume-properties Display volume properties
--volume-type=<str> Volume type
Synopsis:
truecrypt [OPTIONS] COMMAND
truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
Commands:
--auto-mount=devices|favorites
Auto mount device-hosted or favorite volumes.
--backup-headers[=VOLUME_PATH]
Backup volume headers to a file. All required options are requested from the
user.
-c, --create[=VOLUME_PATH]
Create a new volume. Most options are requested from the user if not specified
on command line. See also options --encryption, -k, --filesystem, --hash, -p,
--random-source, --quick, --size, --volume-type. Note that passing some of the
options may affect security of the volume (see option -p for more information).
Inexperienced users should use the graphical user interface to create a hidden
volume. When using the text user interface, the following procedure must be
followed to create a hidden volume:
1) Create an outer volume with no filesystem.
2) Create a hidden volume within the outer volume.
3) Mount the outer volume using hidden volume protection.
4) Create a filesystem on the virtual device of the outer volume.
5) Mount the new filesystem and fill it with data.
6) Dismount the outer volume.
If at any step the hidden volume protection is triggered, start again from 1).
--create-keyfile[=FILE_PATH]
Create a new keyfile containing pseudo-random data.
-C, --change[=VOLUME_PATH]
Change a password and/or keyfile(s) of a volume. Most options are requested
from the user if not specified on command line. PKCS-5 PRF HMAC hash
algorithm can be changed with option --hash. See also options -k,
--new-keyfiles, --new-password, -p, --random-source.
-d, --dismount[=MOUNTED_VOLUME]
Dismount a mounted volume. If MOUNTED_VOLUME is not specified, all
volumes are dismounted. See below for description of MOUNTED_VOLUME.
--delete-token-keyfiles
Delete keyfiles from security tokens. See also command --list-token-keyfiles.
--export-token-keyfile
Export a keyfile from a security token. See also command --list-token-keyfiles.
--import-token-keyfiles
Import keyfiles to a security token. See also option --token-lib.
-l, --list[=MOUNTED_VOLUME]
Display a list of mounted volumes. If MOUNTED_VOLUME is not specified, all
volumes are listed. By default, the list contains only volume path, virtual
device, and mount point. A more detailed list can be enabled by verbose
output option (-v). See below for description of MOUNTED_VOLUME.
--list-token-keyfiles
Display a list of all available security token keyfiles. See also command
--import-token-keyfiles.
--mount[=VOLUME_PATH]
Mount a volume. Volume path and other options are requested from the user
if not specified on command line.
--restore-headers[=VOLUME_PATH]
Restore volume headers from the embedded or an external backup. All required
options are requested from the user.
--save-preferences
Save user preferences.
--test
Test internal algorithms used in the process of encryption and decryption.
--version
Display program version.
--volume-properties[=MOUNTED_VOLUME]
Display properties of a mounted volume. See below for description of
MOUNTED_VOLUME.
MOUNTED_VOLUME:
Specifies a mounted volume. One of the following forms can be used:
1) Path to the encrypted TrueCrypt volume.
2) Mount directory of the volume's filesystem (if mounted).
3) Slot number of the mounted volume (requires --slot).
Options:
--display-password
Display password characters while typing.
--encryption=ENCRYPTION_ALGORITHM
Use specified encryption algorithm when creating a new volume.
--filesystem=TYPE
Filesystem type to mount. The TYPE argument is passed to mount(8) command
with option -t. Default type is 'auto'. When creating a new volume, this
option specifies the filesystem to be created on the new volume (only 'FAT'
and 'none' TYPE is allowed). Filesystem type 'none' disables mounting or
creating a filesystem.
--force
Force mounting of a volume in use, dismounting of a volume in use, or
overwriting a file. Note that this option has no effect on some platforms.
--fs-options=OPTIONS
Filesystem mount options. The OPTIONS argument is passed to mount(8)
command with option -o when a filesystem on a TrueCrypt volume is mounted.
This option is not available on some platforms.
--hash=HASH
Use specified hash algorithm when creating a new volume or changing password
and/or keyfiles. This option also specifies the mixing PRF of the random
number generator.
-k, --keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Use specified keyfiles when mounting a volume or when changing password
and/or keyfiles. When a directory is specified, all files inside it will be
used (non-recursively). Multiple keyfiles must be separated by comma.
Use double comma (,,) to specify a comma contained in keyfile's name.
Keyfile stored on a security token must be specified as
token://slot/SLOT_NUMBER/file/FILENAME. An empty keyfile (-k "") disables
interactive requests for keyfiles. See also options --import-token-keyfiles,
--list-token-keyfiles, --new-keyfiles, --protection-keyfiles.
--load-preferences
Load user preferences.
-m, --mount-options=OPTION1[,OPTION2,OPTION3,...]
Specifies comma-separated mount options for a TrueCrypt volume:
headerbak: Use backup headers when mounting a volume.
nokernelcrypto: Do not use kernel cryptographic services.
readonly|ro: Mount volume as read-only.
system: Mount partition using system encryption.
timestamp|ts: Do not restore host-file modification timestamp when a volume
is dismounted (note that the operating system under certain circumstances
does not alter host-file timestamps, which may be mistakenly interpreted
to mean that this option does not work).
See also option --fs-options.
--new-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Add specified keyfiles to a volume. This option can only be used with command
-C.
--new-password=PASSWORD
Specifies a new password. This option can only be used with command -C.
-p, --password=PASSWORD
Use specified password to mount/open a volume. An empty password can also be
specified (-p ""). Note that passing a password on the command line is
potentially insecure as the password may be visible in the process list
(see ps(1)) and/or stored in a command history file or system logs.
--protect-hidden=yes|no
Write-protect a hidden volume when mounting an outer volume. Before mounting
the outer volume, the user will be prompted for a password to open the hidden
volume. The size and position of the hidden volume is then determined and the
outer volume is mounted with all sectors belonging to the hidden volume
protected against write operations. When a write to the protected area is
prevented, the whole volume is switched to read-only mode. Verbose list
(-v -l) can be used to query the state of the hidden volume protection.
Warning message is displayed when a volume switched to read-only is being
dismounted.
--protection-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Use specified keyfiles to open a hidden volume to be protected. This option
may be used only when mounting an outer volume with hidden volume protected.
See also options -k and --protect-hidden.
--protection-password=PASSWORD
Use specified password to open a hidden volume to be protected. This option
may be used only when mounting an outer volume with hidden volume protected.
See also options -p and --protect-hidden.
--quick
Do not encrypt free space when creating a device-hosted volume. This option
must not be used when creating an outer volume.
--random-source=FILE
Use FILE as a source of random data (e.g., when creating a volume) instead
of requiring the user to type random characters.
--slot=SLOT
Use specified slot number when mounting, dismounting, or listing a volume.
--size=SIZE
Use specified size in bytes when creating a new volume.
-t, --text
Use text user interface. Graphical user interface is used by default if
available. This option must be specified as the first argument.
--token-lib=LIB_PATH
Use specified PKCS #11 security token library.
--volume-type=TYPE
Use specified volume type when creating a new volume. TYPE can be 'normal'
or 'hidden'. See option -c for more information on creating hidden volumes.
-v, --verbose
Enable verbose output.
IMPORTANT:
If you want to use TrueCrypt, you must follow the security requirements and
security precautions listed in chapter 'Security Requirements and Precautions'
in the TrueCrypt documentation (file 'TrueCrypt User Guide.pdf').
Examples:
Create a new volume:
truecrypt -t -c
Mount a volume:
truecrypt volume.tc /media/truecrypt1
Mount a volume as read-only, using keyfiles:
truecrypt -m ro -k keyfile1,keyfile2 volume.tc
Mount a volume without mounting its filesystem:
truecrypt --filesystem=none volume.tc
Mount a volume prompting only for its password:
truecrypt -t -k "" --protect-hidden=no volume.tc /media/truecrypt1
Dismount a volume:
truecrypt -d volume.tc
Dismount all mounted volumes:
truecrypt -d

View File

@ -0,0 +1,44 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
TMPDIR=/tmp
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
EXE=veracrypt-console
#? mayaybe not
# text -- Unexpected parameter '--text'
[[ "$*" =~ "--stdin" ]] && \
LARGS="--text --non-interactive"
if [[ "$*" =~ "--create" ]] ; then
. /usr/local/bin/veracrypt-create.sh
elif [[ "$*" =~ "--list" ]] ; then
:
else
[[ "$*" =~ "--pim" ]] || RARGS="--pim=100 $RARGS"
[[ "$*" =~ "--volume-type" ]] || [[ $RARGS =~ "--volume-type" ]] || RARGS="--volume-type=normal $RARGS"
[[ "$*" =~ "--hash" ]] || [[ $RARGS =~ "--hash" ]] || RARGS="--hash=sha512 $RARGS"
[[ "$*" =~ "--encryption" ]] || [[ $RARGS =~ "--encryption" ]] || RARGS="--encryption=Twofish $RARGS"
# not =''
[[ "$*" =~ "--keyfiles" ]] || RARGS="--keyfiles '' $RARGS"
fi
DEBUG=1
DBUG $EXE $LARGS $RARGS "$@" >> $TMPDIR/VerC$$.tmp
$EXE $LARGS $RARGS "$@" 2>$TMPDIR/VerC$$.err >$TMPDIR/VerC$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see $TMPDIR/VerC$$.log
else
WARN see $TMPDIR/VerC$$.err
cat $TMPDIR/VerC$$.err
fi
exit $retval

View File

@ -0,0 +1,63 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
if [[ "$*" =~ "--create" ]] ; then
[[ "$*" =~ "--volume-type" ]] || [[ $RARGS =~ "--volume-type" ]] || RARGS="--volume-type=normal $RARGS"
[[ "$*" =~ "--hash" ]] || [[ $RARGS =~ "--hash" ]] || RARGS="--hash=sha512 $RARGS"
[[ "$*" =~ "--filesystem" ]] || [[ $RARGS =~ "--filesystem" ]] || RARGS="--filesystem=none $RARGS"
[[ "$*" =~ "--size" ]] || [[ $RARGS =~ "--size" ]] || RARGS="--size=1G $RARGS"
[[ "$*" =~ "--encryption" ]] || [[ $RARGS =~ "--encryption" ]] || RARGS="--encryption=Twofish $RARGS"
fi
# root@Ulati:# veracrypt --keyfiles='' --pim=100 --create /tmp/a.tc
# Volume type:
# 1) Normal
# 2) Hidden
# Select [1]:
#
# Enter volume size (sizeK/size[M]/sizeG): 1G
#
# Encryption Algorithm:
# 1) AES
# 2) Serpent
# 3) Twofish
# 4) Camellia
# 5) Kuznyechik
# 6) AES(Twofish)
# 7) AES(Twofish(Serpent))
# 8) Camellia(Kuznyechik)
# 9) Camellia(Serpent)
# 10) Kuznyechik(AES)
# 11) Kuznyechik(Serpent(Camellia))
# 12) Kuznyechik(Twofish)
# 13) Serpent(AES)
# 14) Serpent(Twofish(AES))
# 15) Twofish(Serpent)
# Select [1]: 1
#
# Hash algorithm:
# 1) SHA-512
# 2) Whirlpool
# 3) SHA-256
# 4) Streebog
# Select [1]: 1
#
# Filesystem:
# 1) None
# 2) FAT
# 3) Linux Ext2
# 4) Linux Ext3
# 5) Linux Ext4
# 6) NTFS
# 7) exFAT
# 8) Btrfs
# Select [2]: 2
# gridfire_veracrypt.sh

View File

@ -0,0 +1,49 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=gpgkey
base=VerC
TMPDIR=/tmp
if [ -z "$EXE" ] ; then
EXE='/q/Pg64/VeraCrypt_1.24-Update7/veracrypt.exe'
[ -x "$EXE" -a -n "$MSYSTEM" ] || EXE=veracrypt
fi
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
[[ "$*" =~ --stdin ]] && \
LARGS="--text --non-interactive"
if [[ "$*" =~ --create ]] ; then
. /usr/local/bin/veracrypt-create.sh
elif [[ "$*" =~ --change ]] ; then
:
# [[ "$*" =~ --pim ]] || RARGS="--pim=100 $RARGS"
[[ "$*" =~ --volume-type ]] || RARGS="--volume-type=normal $RARGS"
[[ "$*" =~ --hash ]] || RARGS="--hash=sha512 $RARGS"
[[ "$*" =~ --encryption ]] || RARGS="--encryption=Twofish $RARGS"
elif [[ "$*" =~ --list ]] ; then
:
else
[[ "$*" =~ --pim ]] || RARGS="--pim=100 $RARGS"
[[ "$*" =~ --filesystem ]] || [[ $RARGS =~ "--filesystem" ]] || RARGS="--filesystem=none $RARGS"
[[ "$*" =~ --encryption ]] || RARGS="--encryption=Twofish $RARGS"
[[ "$*" =~ --volume-type ]] || RARGS="--volume-type=normal $RARGS"
[[ "$*" =~ --hash ]] || RARGS="--hash=sha512 $RARGS"
# not =''
[[ "$*" =~ --keyfiles ]] || RARGS="--keyfiles '' $RARGS"
fi
DBUG $EXE $LARGS $RARGS "$@" |tee $TMPDIR/${base}$$.tmp
$EXE $LARGS $RARGS "$@" 2>$TMPDIR/${base}$$.err >$TMPDIR/${base}$$.log
retval=$?
if [ $retval -eq 0 ] ; then
INFO see $TMPDIR/${base}$$.log
else
WARN see $TMPDIR/${base}$$.err
fi
exit $retval

View File

@ -0,0 +1,310 @@
Usage: veracrypt [--auto-mount <str>] [--backup-headers] [--background-task] [-C] [-c] [--create-keyfile] [--delete-token-keyfiles] [-d] [--display-password] [--encryption <str>] [--explore] [--export-token-keyfile] [--filesystem <str>] [-f] [--fs-options <str>] [--hash <str>] [-h] [--import-token-keyfiles] [-k <str>] [-l] [--list-token-keyfiles] [--load-preferences] [--mount] [-m <str>] [--new-hash <str>] [--new-keyfiles <str>] [--new-password <str>] [--new-pim <str>] [--non-interactive] [--stdin] [-p <str>] [--pim <str>] [--protect-hidden <str>] [--protection-hash <str>] [--protection-keyfiles <str>] [--protection-password <str>] [--protection-pim <str>] [--random-source <str>] [--restore-headers] [--save-preferences] [--quick] [--size <str>] [--slot <str>] [-tc] [--test] [-t] [--token-lib <str>] [--token-pin <str>] [-v] [--version] [--volume-properties] [--volume-type <str>] [--no-size-check] [--legacy-password-maxlength] [--use-dummy-sudo-password] [Volume path] [Mount point]
--auto-mount=<str> Auto mount device-hosted/favorite volumes
--backup-headers Backup volume headers
--background-task Start Background Task
-C, --change Change password or keyfiles
-c, --create Create new volume
--create-keyfile Create new keyfile
--delete-token-keyfiles Delete security token keyfiles
-d, --dismount Dismount volume
--display-password Display password while typing
--encryption=<str> Encryption algorithma
--explore Open explorer window for mounted volume
--export-token-keyfile Export keyfile from security token
--filesystem=<str> Filesystem type
-f, --force Force mount/dismount/overwrite
--fs-options=<str> Filesystem mount options
--hash=<str> Hash algorithm
-h, --help Display detailed command line help
--import-token-keyfiles Import keyfiles to security token
-k, --keyfiles=<str> Keyfiles
-l, --list List mounted volumes
--list-token-keyfiles List security token keyfiles
--load-preferences Load user preferences
--mount Mount volume interactively
-m, --mount-options=<str> VeraCrypt volume mount options
--new-hash=<str> New hash algorithm
--new-keyfiles=<str> New keyfiles
--new-password=<str> New password
--new-pim=<str> New PIM
--non-interactive Do not interact with user
--stdin Read password from standard input
-p, --password=<str> Password
--pim=<str> PIM
--protect-hidden=<str> Protect hidden volume
--protection-hash=<str> Hash algorithm for protected hidden volume
--protection-keyfiles=<str> Keyfiles for protected hidden volume
--protection-password=<str> Password for protected hidden volume
--protection-pim=<str> PIM for protected hidden volume
--random-source=<str> Use file as source of random data
--restore-headers Restore volume headers
--save-preferences Save user preferences
--quick Enable quick format
--size=<str> Size in bytes
--slot=<str> Volume slot number
-tc, --truecrypt Enable TrueCrypt mode. Should be put first to avoid issues.
--test Test internal algorithms
-t, --text Use text user interface
--token-lib=<str> Security token library
--token-pin=<str> Security token PIN
-v, --verbose Enable verbose output
--version Display version information
--volume-properties Display volume properties
--volume-type=<str> Volume type
--no-size-check Disable check of container size against disk free space.
--legacy-password-maxlength Use legacy maximum password length (64 UTF-8 bytes)
--use-dummy-sudo-password Use dummy password in sudo to detect if it is already authenticated
Synopsis:
veracrypt [OPTIONS] COMMAND
veracrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]
Commands:
--auto-mount=devices|favorites
Auto mount device-hosted or favorite volumes.
--backup-headers[=VOLUME_PATH]
Backup volume headers to a file. All required options are requested from the
user.
-c, --create[=VOLUME_PATH]
Create a new volume. Most options are requested from the user if not specified
on command line. See also options --encryption, -k, --filesystem, --hash, -p,
--random-source, --quick, --size, --volume-type. Note that passing some of the
options may affect security of the volume (see option -p for more information).
Inexperienced users should use the graphical user interface to create a hidden
volume. When using the text user interface, the following procedure must be
followed to create a hidden volume:
1) Create an outer volume with no filesystem.
2) Create a hidden volume within the outer volume.
3) Mount the outer volume using hidden volume protection.
4) Create a filesystem on the virtual device of the outer volume.
5) Mount the new filesystem and fill it with data.
6) Dismount the outer volume.
If at any step the hidden volume protection is triggered, start again from 1).
--create-keyfile[=FILE_PATH]
Create a new keyfile containing pseudo-random data.
-C, --change[=VOLUME_PATH]
Change a password and/or keyfile(s) of a volume. Most options are requested
from the user if not specified on command line. PKCS-5 PRF HMAC hash
algorithm can be changed with option --hash. See also options -k,
--new-keyfiles, --new-password, -p, --random-source.
-d, --dismount[=MOUNTED_VOLUME]
Dismount a mounted volume. If MOUNTED_VOLUME is not specified, all
volumes are dismounted. See below for description of MOUNTED_VOLUME.
--delete-token-keyfiles
Delete keyfiles from security tokens. See also command --list-token-keyfiles.
--export-token-keyfile
Export a keyfile from a security token. See also command --list-token-keyfiles.
--import-token-keyfiles
Import keyfiles to a security token. See also option --token-lib.
-l, --list[=MOUNTED_VOLUME]
Display a list of mounted volumes. If MOUNTED_VOLUME is not specified, all
volumes are listed. By default, the list contains only volume path, virtual
device, and mount point. A more detailed list can be enabled by verbose
output option (-v). See below for description of MOUNTED_VOLUME.
--list-token-keyfiles
Display a list of all available security token keyfiles. See also command
--import-token-keyfiles.
--mount[=VOLUME_PATH]
Mount a volume. Volume path and other options are requested from the user
if not specified on command line.
--restore-headers[=VOLUME_PATH]
Restore volume headers from the embedded or an external backup. All required
options are requested from the user.
--save-preferences
Save user preferences.
--test
Test internal algorithms used in the process of encryption and decryption.
--version
Display program version.
--volume-properties[=MOUNTED_VOLUME]
Display properties of a mounted volume. See below for description of
MOUNTED_VOLUME.
MOUNTED_VOLUME:
Specifies a mounted volume. One of the following forms can be used:
1) Path to the encrypted VeraCrypt volume.
2) Mount directory of the volume's filesystem (if mounted).
3) Slot number of the mounted volume (requires --slot).
Options:
--display-password
Display password characters while typing.
--encryption=ENCRYPTION_ALGORITHM
Use specified encryption algorithm when creating a new volume.
--filesystem=TYPE
Filesystem type to mount. The TYPE argument is passed to mount(8) command
with option -t. Default type is 'auto'. When creating a new volume, this
option specifies the filesystem to be created on the new volume.
Filesystem type 'none' disables mounting or creating a filesystem.
--force
Force mounting of a volume in use, dismounting of a volume in use, or
overwriting a file. Note that this option has no effect on some platforms.
--fs-options=OPTIONS
Filesystem mount options. The OPTIONS argument is passed to mount(8)
command with option -o when a filesystem on a VeraCrypt volume is mounted.
This option is not available on some platforms.
--hash=HASH
Use specified hash algorithm when creating a new volume or changing password
and/or keyfiles. This option also specifies the mixing PRF of the random
number generator.
-k, --keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Use specified keyfiles when mounting a volume or when changing password
and/or keyfiles. When a directory is specified, all files inside it will be
used (non-recursively). Multiple keyfiles must be separated by comma.
Use double comma (,,) to specify a comma contained in keyfile's name.
Keyfile stored on a security token must be specified as
token://slot/SLOT_NUMBER/file/FILENAME. An empty keyfile (-k "") disables
interactive requests for keyfiles. See also options --import-token-keyfiles,
--list-token-keyfiles, --new-keyfiles, --protection-keyfiles.
--load-preferences
Load user preferences.
-m, --mount-options=OPTION1[,OPTION2,OPTION3,...]
Specifies comma-separated mount options for a VeraCrypt volume:
headerbak: Use backup headers when mounting a volume.
nokernelcrypto: Do not use kernel cryptographic services.
readonly|ro: Mount volume as read-only.
system: Mount partition using system encryption.
timestamp|ts: Do not restore host-file modification timestamp when a volume
is dismounted (note that the operating system under certain circumstances
does not alter host-file timestamps, which may be mistakenly interpreted
to mean that this option does not work).
See also option --fs-options.
--new-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Add specified keyfiles to a volume. This option can only be used with command
-C.
--new-password=PASSWORD
Specifies a new password. This option can only be used with command -C.
--new-pim=PIM
Specifies a new PIM. This option can only be used with command -C.
-p, --password=PASSWORD
Use specified password to mount/open a volume. An empty password can also be
specified (-p ""). Note that passing a password on the command line is
potentially insecure as the password may be visible in the process list
(see ps(1)) and/or stored in a command history file or system logs.
--pim=PIM
Use specified PIM to mount/open a volume. Note that passing a PIM on the
command line is potentially insecure as the PIM may be visible in the process
list (see ps(1)) and/or stored in a command history file or system logs.
--protect-hidden=yes|no
Write-protect a hidden volume when mounting an outer volume. Before mounting
the outer volume, the user will be prompted for a password to open the hidden
volume. The size and position of the hidden volume is then determined and the
outer volume is mounted with all sectors belonging to the hidden volume
protected against write operations. When a write to the protected area is
prevented, the whole volume is switched to read-only mode. Verbose list
(-v -l) can be used to query the state of the hidden volume protection.
Warning message is displayed when a volume switched to read-only is being
dismounted.
--protection-keyfiles=KEYFILE1[,KEYFILE2,KEYFILE3,...]
Use specified keyfiles to open a hidden volume to be protected. This option
may be used only when mounting an outer volume with hidden volume protected.
See also options -k and --protect-hidden.
--protection-password=PASSWORD
Use specified password to open a hidden volume to be protected. This option
may be used only when mounting an outer volume with hidden volume protected.
See also options -p and --protect-hidden.
--quick
Do not encrypt free space when creating a device-hosted volume. This option
must not be used when creating an outer volume.
--random-source=FILE
Use FILE as a source of random data (e.g., when creating a volume) instead
of requiring the user to type random characters.
--slot=SLOT
Use specified slot number when mounting, dismounting, or listing a volume.
--size=SIZE[K|M|G|T]
Use specified size when creating a new volume. If no suffix is indicated,
then SIZE is interpreted in bytes. Suffixes K, M, G or T can be used to
indicate a value in KiB, MiB, GiB or TiB respectively.
-t, --text
Use text user interface. Graphical user interface is used by default if
available. This option must be specified as the first argument.
-tc, --truecrypt
Enable TrueCrypt compatibility mode to enable mounting volumes created
by TrueCrypt 6.x or 7.x. This option must be specified as the first
argument, or immediately after --text.
--token-lib=LIB_PATH
Use specified PKCS #11 security token library.
--volume-type=TYPE
Use specified volume type when creating a new volume. TYPE can be 'normal'
or 'hidden'. See option -c for more information on creating hidden volumes.
-v, --verbose
Enable verbose output.
IMPORTANT:
If you want to use VeraCrypt, you must follow the security requirements and
security precautions listed in chapter 'Security Requirements and Precautions'
in the VeraCrypt documentation (file 'VeraCrypt User Guide.pdf').
Examples:
Create a new volume:
veracrypt -t -c
Mount a volume:
veracrypt volume.hc /media/veracrypt1
Mount a volume as read-only, using keyfiles:
veracrypt -m ro -k keyfile1,keyfile2 volume.hc
Mount a volume without mounting its filesystem:
veracrypt --filesystem=none volume.hc
Mount a volume prompting only for its password:
veracrypt -t -k "" --pim=0 --protect-hidden=no volume.hc /media/veracrypt1
Dismount a volume:
veracrypt -d volume.hc
Dismount all mounted volumes:
veracrypt -d

View File

@ -0,0 +1,51 @@
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
from __future__ import unicode_literals, print_function
import optparse
import os
import sys
import cx_Freeze
from cx_Freeze import cli
ROLE="proxy" # noqa
def main(constants):
# options = cx_Freeze.ParseCommandLine()
parser = cli.prepare_parser()
args = cli.parse_command_line(parser)
executables = [cx_Freeze.Executable(args.script,
args.init_script,
args.base_name,
args.target_name,
args.icon)
]
args.includes += ['wcwidth']
args.excludes += ['numpy', 'sphinx', 'matplotlib', 'numpy', 'PyQt5', 'pandas', 'babel', 'wx', 'pythran', 'scipy', 'notebook', 'PySide2']
args.zip_include_packages='*'
args.zip_exclude_packages=''
freezer = cx_Freeze.Freezer(executables,
includes=args.includes,
excludes=args.excludes,
packages=args.packages,
replacePaths=args.replace_paths,
compress=args.compress,
optimizeFlag=args.optimize_flag,
targetDir=args.target_dir,
includeFiles=args.include_files,
zipIncludes=args.zip_includes,
silent=args.silent,
zipIncludePackages=args.zip_include_packages,
zipExcludePackages=args.zip_exclude_packages,
)
freezer.Freeze()
return 0
if __name__ == '__main__':
from cx_Freeze import freezer
constants = freezer.ConstantsModule()
try:
i = main(constants)
except KeyboardInterrupt:
i =0
sys.exit(i)

View File

@ -0,0 +1,95 @@
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
=== Keyctl Binary ===
/bin/keyctl
>>> import os,sys
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
0
>>> os.system('file /bin/keyctl') #doctest: +ELLIPSIS
0
>>> from os import system as S
=== Add a key to a keyring ===
keyctl add <type> <desc> <data> <keyring>
keyctl padd <type> <desc> <keyring>
This command creates a key of the specified type and description; in
stantiates it with the given data and attaches it to the specified
keyring. It then prints the new key's ID on stdout:
>>> S('keyctl add user mykey stuff @u')
0
26
=== Create a keyring ===
keyctl newring <name> <keyring>
This command creates a new keyring of the specified name and attaches
it to the specified keyring. The ID of the new keyring will be printed
to stdout if successful.
>>> S('keyctl newring gridfire @us > /tmp/newring.id')
0
>>> sys.stderr.write(open('/tmp/newring.id', 'r').read() +'\n')
1...
== /var/local/src/python-keyring-keyutils ==
>>> gridfire_service = 'gridfire service'
>>> from keyring.core import load_keyring
>>> keyring = load_keyring('keyring_keyutils.backend.KeyutilsKeyringBackend')
>>> keyring.set_password(gridfire_service, 'username foo', 'password bar')
>>> keyring.get_password(gridfire_service, 'username foo')
'password bar'
>>> keyring.set_password(gridfire_service, 'foobar', 'secret')
>>> import keyutils # different beast
>>> iSess = keyutils.join_session_keyring()
>>> os.system("keyctl setperm $(keyctl search @s user 'gridfire service:foobar') 0x003f0000")
512
This shoul have been zero but maybe the ssushell
>>> description = gridfire_service+':'+ 'foobar'
>>> i = keyutils.search(iSess, description.encode(), destination=0, keyType=b"user")
>>> i is not None and type(i) == int and i > 0
False
This should have been the id
>>> os.system("keyctl search @s user 'gridfire service:foobar'")
>>> dir(keyutils)
[...'absolute_import', 'add_key', 'clear', 'describe_key', 'join_session_keyring', 'link', 'read_key', 'request_key', 'revoke', 'search', 'session_to_parent', 'set_perm', 'set_timeout', 'unlink', 'update_key']
>>> keyutils.set_perm
<function...
>>> keyring.delete_password(gridfire_service, 'username foo')
>>> os.system(' keyctl show @s')
0
marcus@linux:~/python-keyring-keyutils> keyctl show @s
Keyring
46297307 --alswrv 1000 100 keyring: _ses
990208180 --alswrv 1000 65534 \_ keyring: _uid.1000
750093164 --alswrv 1000 100 \_ keyring: python-keyring-keyutils
22790318 --alswrv 1000 100 \_ user: some service:foobar
keyctl show @s
marcus@linux:~/python-keyring-keyutils> keyctl print 22790318
secret
>>> os.system('''/var/local/bin/python3.bash -c "from keyring.core import load_keyring; keyring = load_keyring('keyring_keyutils.backend.KeyutilsKeyringBackend'); print(keyring.get_password('gridfire service', 'foobar'))" > /tmp/passwd.tmp''')
0
The file /tmp/passwd.tmp shoudl have the asswd secret
>>> sys.stderr.write(open('/tmp/passwd.tmp', 'r').read() +'\n')
8

View File

@ -0,0 +1,97 @@
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
== Local Keyrings ==
This is a Python doctest file that is executable documentation.
>>> import keyring
=== Keyring Binary ===
/bin/keyctl
>>> import os
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
0
>>> os.system('file /bin/keyctl') #doctest: +ELLIPSIS
0
=== Keyring Config ===
>>> import keyring.util.platform_
Was .../.local/share/python_keyring
>>> print(keyring.util.platform_.config_root()) #doctest: +ELLIPSIS
/.../.config/python_keyring
The config file is keyringrc.cfg
=== Kernel Keyring ===
>>> from keyutils.keys import Key, Keyring, session_keyring
>>> Keyring.join_session_keyring() #doctest: +ELLIPSIS
<keyutils.keys.Keyring object at ...>
>>> key = Key.create_or_update('user', 'some description', 'my payload', session_keyring)
>>> key.serial >= 0
True
>>> b'my payload' == key.payload()
True
>>> from keyring.core import load_keyring
>>> keyring = load_keyring('keyutils.backend.KeyutilsKeyringBackend')
>>> keyring.set_password('service X', 'username foo', 'password bar')
>>> keyring.get_password('service X', 'username foo')
'password bar'
>>> keyring.set_password('some service', 'foobar', 'secret')
>>> keyring.get_password('some service', 'foobar')
'secret'
>>> keyring.delete_password('service X', 'username foo')
https://rtfm.co.ua/en/what-is-linux-keyring-gnome-keyring-secret-service-and-d-bus/
Let's see which keyrings are available for my current session:
>>> from sh import keyctl
>>> keyctl('show', '@s') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
Keyring
... --alswrv ... keyring: _ses
... --alswrv ... \_ user: some description
... --alswrv ... \_ keyring: python-keyring-keyutils
... --alswrv ... \_ user: some service:foobar
<BLANKLINE>
Also, in the /proc/key-users you can get information about all
keyrings and their statistics by each user:
>>> from sh import cat
>>> cat('/proc/key-users') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
0: ...
...
<BLANKLINE>
Or for my user:
>>> keyctl('show', '@u') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
Keyring
... --alswrv ... keyring: _uid...
Or for my user session:
>>> keyctl('show', '@us') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
Keyring
... --alswrv ... keyring: _uid...
=== Gnome Keyring ===
Check D-Bus services - look for the org.freedesktop.secrets:
>>> from sh import dbus_send
>>> dbus_send('--session', '--dest=org.freedesktop.DBus', '--type=method_call', '--print-reply', '/org/freedesktop/DBus', 'org.freedesktop.DBus.ListNames') #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE
method return ...
...
string "org.freedesktop.secrets"
...
<BLANKLINE>
FixMe: maybe gnome-keyring is not installed and org.freedesktop.DBus is in the
answer instead.

View File

@ -0,0 +1,118 @@
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
== Keyutils ==
This is a Python doctest file that is executable documentation.
/mnt/linuxPen19/usr/local/src/python-keyutils/README.rst
>>> import keyutils
# NOTE: only pass `bytes` to the keyutils API:
name = b'foo'
value = b'bar'
ring = keyutils.KEY_SPEC_PROCESS_KEYRING
key_id = keyutils.add_key(name, value, ring)
assert keyutils.request_key(name, ring) == key_id
assert keyutils.read_key(key_id) == value
# set timeout to 5 seconds, wait and then... it's gone:
keyutils.set_timeout(key_id, 5)
from time import sleep
sleep(6)
assert keyutils.request_key(name, ring) == None
=== Keyutils ===
>>> import keyutils
>>> dir(keyutils)
['__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__path__', '__spec__']
=== Kernel Keyring ===
>>> from keyutils.backend import KeyutilsKeyringBackend
>>> dir(KeyutilsKeyringBackend)
['__abstractmethods__', ... 'delete_password', 'get_credential', 'get_password', 'get_viable_backends', 'name', 'priority', 'set_password', 'set_properties_from_env', 'viable']
>>> from keyutils import keys
>>> dir (keys)
['Key', 'KeyEntity', 'Keyring', '__builtins__', '__cached__', '__doc__', '__file__', '__loader__', '__name__', '__package__', '__spec__', 'errno', 'group_keyring', 'process_keyring', 'raw', 'session_keyring', 'thread_keyring', 'user_keyring', 'user_session_keyring']
>>> from keyutils.keys import session_keyring
>>> dir( session_keyring)
[...'add_key', 'create', 'from_serial', 'invalidate', 'join_session_keyring', 'revoke', 'search', 'serial']
>>> session_keyring.serial
-...
>>> from keyutils.keys import group_keyring
>>> from keyutils.keys import process_keyring
>>> service = b'ser\xffvice'
>>> username = b'user\xdcname'
>>> password = b'\xdc\0\xff\0pass\x7f'
test_backend.py
>>> parent = process_keyring
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@p', parent_keyring=parent, payload_encoding=None)
>>> assert oKeyring.get_password(service, username) is None
>>> oKeyring.set_password(service, username, password)
>>> actual_password = oKeyring.get_password(service, username)
>>> assert password == actual_password
>>> from keyutils.keys import user_session_keyring
>>> dir( user_session_keyring)
[... 'add_key', 'create', 'from_serial', 'invalidate', 'join_session_keyring', 'revoke', 'search', 'serial']
>>> from keyutils.keys import user_keyring
=== user_keyring ===
>>> parent = user_keyring
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@u', parent_keyring=parent, payload_encoding=None)
>>> assert oKeyring.get_password(service, username) is None
>>> oKeyring.set_password(service, username, password)
>>> actual_password = oKeyring.get_password(service, username)
>>> assert password == actual_password
=== user_session_keyring ===
>>> parent = user_session_keyring
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar@us', parent_keyring=parent, payload_encoding=None)
Zap is possible.
>>> plen = len(actual_password)
>>> for i in range(plen):
... actual_password[i] = 0
>>> bytes(plen) == actual_password
True
>>> for elt in ['group_keyring', 'process_keyring', 'session_keyring', 'thread_keyring', 'user_keyring', 'user_session_keyring']:
... assert __import__('keyutils.keys' , elt)
=== parent = process_keyring ===
>>> parent = process_keyring
>>> oKeyring = KeyutilsKeyringBackend(keyring_name='foobar', parent_keyring=parent, payload_encoding=None)
>>> assert oKeyring.get_password(service, username) is None
>>> oKeyring.set_password(service, username, password)
>>> actual_password = oKeyring.get_password(service, username)
>>> assert password == actual_password
== /usr/local/src/python-keyutils/test/ ==
>>> os.chdir('/usr/local/src/python-keyutils/test/')
>>> os.system('python3.sh keyutils_test.py')
marcus@linux:~/python-keyring-keyutils> keyctl print 22790318
secret

View File

@ -0,0 +1,207 @@
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
== PyKeepass ==
>>> import os,sys # doctest: +REPORT_ONLY_FIRST_FAILURE
This library allows you to write entries to a KeePass database.
Come chat at `#pykeepass`_ on Freenode or `#pykeepass:matrix.org`_ on Matrix.
.. _#pykeepass: irc://irc.freenode.net
.. _#pykeepass\:matrix.org: https://matrix.to/#/%23pykeepass:matrix.org
>>> import pykeepass
>>> password = 'password'
>>> key = '12345678'
>>> new_key_file = '/var/tmp/keyf.txt'
>>> new_file = '/tmp/twofish.kdbx'
>>> os.system('rm -f ' +new_file)
0
>>> with open(new_key_file, 'wt') as oFd:
... oFd.write(key)
8
=== Test Construct ===
You can test if this is an error in Construct
>>> from construct import Struct, Bytes
>>> s = Struct("field1" / Bytes(16))
>>> parsed = s.parse(b'\x00' * 16)
>>> s.build_file(parsed, '/tmp/file.' +str(os.getpid()))
>>> parsed = s.parse_file('/tmp/file.' +str(os.getpid()))
=== run tests ===
>>> import pykeepass
>>> tests_dir = os.path.join(os.path.dirname(pykeepass.__file__), 'tests')
>>> os.chdir('/var/local/src/pykeepass/tests')
>>> _=sys.stderr.write( 'Running tests in ' +tests_dir +'\n')
>>> os.system('python3.bash tests.py')
0
>>> os.system('ls -1f *4*x|grep -v hex|while read file ;do echo ' +password
... +'| keepassxc-cli db-info -k test4.key $file;done')
0
>>> os.system('ls -1f *4*x|grep hex|while read file ;do echo password| keepassxc-cli db-info -k test4_hex.key $file;done')
0
=== create_database ===
Assume has boon run
>>> import pykeepass
... # os.path.dirname(pykeepass.__file__),
>>> egg_dir = '/usr/local/lib/python3.8/site-packages/pykeepass-3.2.0-py3.8.egg/pykeepass'
>>> blank_database = os.path.join(egg_dir, 'tests', 'blank_twofish.kdbx')
>>> assert os.path.exists(blank_database), \
... 'blank_database not found ' +blank_database
>>> os.system('cp ' + blank_database +' ' +new_file)
0
>>> assert os.path.exists(new_file), 'File not found ' +new_file
>>> old_key_file = os.path.join(os.path.dirname(pykeepass.__file__),
... 'tests', 'test4.key')
>>> from pykeepass import PyKeePass
>>> kp = PyKeePass(new_file, password=password, keyfile=old_key_file)
>>> kp.filename = new_file
>>> kp.password = password
>>> kp.keyfile = None
>>> kp.save()
... # keepass_instance.save(transformed_key)
>>> _=sys.stderr.write( 'File created, keyfile reset ' +new_file +'\n')
=== CLI ===
>>> import sh
>>> from sh import keepassxc_cli
... if False:
... old_file = '/var/tmp/test.kdbx'
... os.path.exists(old_file): os.unlink(old_file)
... keepassxc_cli('db-create', '-k', new_key_file, old_file,
... _in=password, _tty_in=True, _tty_out=False ) #doctest: +NORMALIZE_WHITESPACE
... # Successfully created new database.
... # <BLANKLINE>
>>> if True:
... old_key_file = os.path.join(tests_dir, 'test4.key')
... old_file = os.path.join(tests_dir, 'test4_twofish.kdbx')
>>> _=sys.stderr.write( 'Using ' +old_file +'\n')
=== Example ===
Load the database that we just created.
>>> from pykeepass import PyKeePass
>>> kp = PyKeePass(old_file, password=password, keyfile=old_key_file)
>>> assert kp
>>> _=sys.stderr.write( 'Opened ' +old_file +'\n')
Save database again.
>>> kp.filename = new_file
>>> kp.keyfile = None
>>> kp.save(new_file)
>>> _=sys.stderr.write( 'Saved with no keyfile ' +new_file +'\n')
Delete old groups.
>>> for group in kp.groups:
... if group == kp.root_group: continue
... _=sys.stderr.write( 'deleting group ' +str(group) +'\n')
... kp.delete_group(group)
Delete old entries
>>> for group in kp.groups:
... if group != kp.root_group: continue
... group.name = 'New Twofish' # yes
... group.notes = 'New Notes' # yes
... entries = kp.entries
... for entry in entries:
... _=sys.stderr.write( 'deleted entries ' +str(entry) +'\n')
... entry.delete()
Create a new group.
>>> group = kp.add_group(kp.root_group, 'email')
>>> assert group
Create a new entry.
>>> kp.add_entry(group, 'gmail', 'myusername', 'myPassw0rdXX')
Entry: "email/gmail (myusername)"
Save the modified database.
>>> kp.save()
>>> assert os.path.exists(old_file)
>>> os.system("ls -l " +old_file)
0
Find any group by its name.
>>> group = kp.find_groups(name='email', first=True)
Get the entries in a group.
>>> group.entries
[Entry: "email/gmail (myusername)"]
Find any entry by its title.
>>> entry = kp.find_entries(title='gmail', first=True)
>>> assert entry is not None, 'gmail'
>>> entry.username == 'myusername'
True
Retrieve the associated password.
>>> entry.password
'myPassw0rdXX'
Update an entry.
>>> import base64
>>> entry.notes = 'primary gmail account'
>>> kp.save()
>>> _=sys.stderr.write( 'Saved with entry.notes ' +new_file +'\n')
>>> kp.title = 'TwoFish Twofish' # nope
>>> _=sys.stderr.write( 'Saved with Tmp kp.kdbx ' \
... +repr(dir(kp.kdbx)) +'\n')
>>> _=sys.stderr.write( ' with kp.kdbx.header.data ' \
... +base64.b64encode(kp.kdbx.header.data).decode() +'\n')
>>> x = kp._xpath('/KeePassFile/Meta/DatabaseName')[0]
>>> x.text = 'TwoFishName' # yes
>>> x = kp._xpath('/KeePassFile/Meta/DatabaseDescription')[0]
>>> x.text = 'TwoFishDescription' # yes
>>> kp.save()
>>> _=sys.stderr.write( 'Saved with TwoFishDb ' +'\n')
>>> binaries = kp._xpath('/KeePassFile/Meta/Binaries', first=True)
>>> kp.add_binary('123'.encode(), compressed=False)
0
>>> kp.add_binary('456'.encode(), compressed=False)
1
>>> kp.save()
>>> _=sys.stderr.write( 'Saved with a binary ' +'\n')
>>> kp.binaries
[b'123', b'456']
>>> xml_file = '/tmp/twofish.xml'
>>> kp.dump_xml(xml_file)
>>> _=sys.stderr.write( 'Saved xml ' +xml_file +'\n')
>>> _=sys.stderr.write( ' with kp ' +repr(dir(kp)))

View File

@ -0,0 +1,13 @@
# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
=== Keyctl Binary ===
/bin/keyctl
>>> import os,sys
>>> os.system('/bin/keyctl --version') #doctest: +ELLIPSIS
0
>>> import os,sys
>>> os.system('/var/local/bin/gpgkey_tomber_test.bash') #doctest: +ELLIPSIS
0

View File

@ -0,0 +1,4 @@
dev-python/connect
dev-python/argon2_cffi
dev-python/future
dev-python/pycryptodome

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,898 @@
#!/usr/bin/env python3
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
# https://github.com/reid-k/gridfire
from __future__ import unicode_literals, print_function
__program__ = "Gridfire"
__version__ = "v0.5+testforge"
__doc__ = """
Gridfire is inspired by gpggrid, a security tool included in
Tinfoil Hat Linux, intended to resist shoulder-surfing and keylogging.
For more information on the project, see the README file distributed with Gridfire.
Gridfire is named after a fictional superweapon in Iain M Banks' Culture novels.
See http://everything2.com/title/Gridfire for more.
RIP Iain M Banks (1954-02-16 to 2013-06-09)
usage: gridfire.py [-h] [-a TTYALERT] [-c] [-g] [-u] [-l] [-b] [-o] [-d] [-f]
[-p] [-w] [-m METHOD] [-n] [-v VERBOSITY]
[-S SINGLE] [-D DOUBLE] [-R REPEAT ]
[ -P POS] [-H HEADER] [-A ANSWER] [-O fd]
[STDIN COMMAND [STDIN ARGS ...]]
positional arguments:
STDIN COMMAND Arguments to run a subprocess wih the password in stdin.
optional arguments:
-h, --help show this help message and exit
-a TTYALERT, --ttyalert TTYALERT
Set the alert mode (none, beep or flash)
-c Force concealment of entered text.
-g, --grid Ignore other options and behave like gpggrid.
-u Allow uppercase letters [A-Z].
-l Allow lowercase letters [a-z].
-b Allow binary numbers [0-1].
-o Allow octal numbers [0-7].
-d Allow decimal numbers [0-9].
-f Allow hexadecimal numbers [0-9][a-f][A-F].
-p Allow punctuation.
-w Allow whitespace.
-m METHOD, --method METHOD
Specify indexing method (0-3, higher is more secure,
default=3)
-n Append N newlines on output.
-v VERBOSITY, --verbosity VERBOSITY
Specify verbosity (0-5, higher is verbose, default=3)
-S SINGLE, --single SINGLE
Arg to pass to a subprocess with -SINGLE=password.
-D DOUBLE, --double DOUBLE
Arg to pass to a subprocess with --DOUBLE=password.
-R, --repeat
Repeat the password with a newline to a subprocess.
-P POS, --pos POS Position to place the Arg to a subprocess with
--DOUBLE/SINGLE=password.
-H HEADER, --header HEADER
Header line as a prompt (default "").
-A ANSWER, --answer ANSWER
Skip the grid and give the answer (for testing only).
"""
#Learn more about Tinfoil Hat Linux:
#Homepage: http://tinfoilhat.shmoo.com/
#Wikipedia: https://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#TODO: Decide whether or not implement method 4
#TODO: Fix row index for non-default charsets
import os
import sys
import signal
import curses
import locale
import string
import random
import argparse
import _curses
from io import StringIO
import subprocess
from time import sleep
PY3 = sys.version_info[0] == 3
VERBOSE = 3
#
# 0: stdin
# 1: stdout
# 2: stderr
iOUT_FD = sys.stdout
try:
from pinentry import PinEntry
except ImportError:
PinEntry = None
oPinEntry = None
try:
from dialog import Dialog
except ImportError:
Dialog = None
oDIALOG = None
oLAST_DIR = '/tmp/'
# Allow stderr for the caller to use
def debug(message):
if VERBOSE <= 4: return
sys.stdout.write('DEBUG: ' + repr(message) +'\n')
pass
def info(message):
if VERBOSE <= 3: return
sys.stdout.write('INFO: ' + repr(message) +'\n')
pass
def warn(message):
if VERBOSE <= 2: return
sys.stdout.write('WARN: ' + repr(message) +'\n')
pass
def error(message):
if VERBOSE <= 1: return
sys.stdout.write('ERROR: ' + message +'\n')
pass
class DummyContextManager:
def __enter__(self):
return self
def __exit__(self, *exc):
return False
#Helps curses play nice
locale.setlocale(locale.LC_ALL, '')
code = locale.getpreferredencoding()
##### Defaults & Initial variables #####
charsets = ''
min_x, min_y = 55, 17
upperchar = ''
lowerchar = ''
out = ''
hide_out = 0
newline = 1
def spaceout(s):
i=len(s)-1 #number of spaces to be inserted
while i >= 1:
s = s[:-i]+" "+s[-i:]
i -= 1
return s
def make_parser():
"""Argument parsing"""
global VERBOSE
parser = argparse.ArgumentParser(add_help=True)
parser.add_argument('-a', '--ttyalert', type=str, help='Set the alert mode (none, beep or flash)')
parser.add_argument('-c', help="Force concealment of entered text.", action="store_true")
parser.add_argument('-g', '--grid', help="Ignore other options and behave like gpggrid.", action="store_true")
#~ parser.add_argument('-u', dest='char_u', action='store_true')
parser.add_argument('-u', help="Allow uppercase letters [A-Z].", action="store_true")
parser.add_argument('-l', help="Allow lowercase letters [a-z].", action="store_true")
parser.add_argument('-b', help="Allow binary numbers [0-1].", action="store_true")
parser.add_argument('-o', help="Allow octal numbers [0-7].", action="store_true")
parser.add_argument('-d', help="Allow decimal numbers [0-9].", action="store_true")
parser.add_argument('-f', help="Allow hexadecimal numbers [0-9][a-f][A-F].", action="store_true")
parser.add_argument('-p', help="Allow punctuation.", action="store_true")
parser.add_argument('-w', help="Allow whitespace.", action="store_true")
parser.add_argument('-m', '--method', help='Specify indexing method (0-3, higher is more secure, default=3)', dest='method', type=int, default=3)
parser.add_argument('-n', help="Append newlines on output.", dest='newline', type=int, default=1)
parser.add_argument('-v', '--verbosity', help='Specify verbosity (0-5, higher is verbose, default=3)', type=int, default=3)
parser.add_argument('-S', '--single', help="Arg to pass to a subprocess with -SINGLE=password.", dest="single", default='')
parser.add_argument('-D', '--double', help="Arg to pass to a subprocess with --DOUBLE=password.", dest="double", default='')
parser.add_argument('-R', '--repeat', help="Repeat the password with a newline to a subprocess", action="store_true")
parser.add_argument('-P', '--pos', help="Position to place the Arg to a subprocess with --DOUBLE/SINGLE=password.", dest="pos", type=int, default=1)
parser.add_argument('-H', '--header', help="Header line as a prompt (default \"\").", dest="header", default='')
parser.add_argument('-A', '--answer', help="Skip the grid and give the answer (for testing only).", dest="answer", default='')
parser.add_argument('-O', '--output_fd', help="Output file descriptor to print the answer (default 1).", dest="output_fd", type=int, default=1)
parser.add_argument('sargs', help="Arguments to run a subprocess wih the password in stdin.", type=str, default='', nargs='*') # metavar='STDIN COMMAND',
return parser
def make_grid(args):
"""Define character sets"""
punct = spaceout(string.punctuation)
punct2 = punct[52:]
punct = punct[:52]
whitespace = spaceout(string.whitespace)
#Select character sets
#TODO: Can this be simplified? args['u'+'l'] or whatnot?
#use_uppercases = (-1 != charsets.find("u"))
use_uppercases = args['u']
use_lowercases = args['l']
use_bindigits = args['b']
use_octdigits = args['o']
use_decdigits = args['d']
use_hexdigits = args['f']
use_punct = args['p']
use_whitespace = args['w']
_setcount = args['u']+args['l']+args['b']+args['o']+args['d']+args['f']+args['p']+args['w']
#if use_uppercases+use_lowercases+use_bindigits+use_octdigits+use_decdigits+use_hexdigits+use_punct+use_whitespace == 0:
if _setcount == 0:
use_uppercases = 1
use_lowercases = 1
use_decdigits = 1
use_punct = 1
use_whitespace = 1
use_numbers = 0
numbers = ''
if use_bindigits+use_octdigits+use_decdigits+use_hexdigits: use_numbers = 1
if use_bindigits: numbers = '0 1'
if use_octdigits: numbers = spaceout(string.octdigits)
if use_decdigits: numbers = spaceout(string.digits)
if use_hexdigits: numbers = spaceout(string.hexdigits)
##### Build static grid #####
grid = []
if use_uppercases:
if PY3:
grid.append(spaceout(string.ascii_uppercase))
else:
grid.append(spaceout(string.uppercase))
if use_lowercases:
if PY3:
grid.append(spaceout(string.ascii_lowercase))
else:
grid.append(spaceout(string.lowercase))
if use_numbers: grid.append(numbers)
if use_punct:
grid.append(punct)
grid.append(punct2)
return (use_uppercases,
use_lowercases,
use_decdigits,
use_punct,
use_whitespace,
punct,
punct2,
whitespace,
numbers,
grid, )
##### Build user interface #####
usagebanner = "Choose from grid by typing letter pairs like eF or Dg"
#? not hasattr(sys, 'frozen') and
if Dialog is not None and os.path.isfile('/usr/bin/dialog'):
shortcuts = "4:Shell 5:FName 6:FContents 7:Delete 8:Show/Hide 9:Quit 0:Done"
else:
shortcuts = "7:Delete 8:Show/Hide 9:Quit 0:Done"
def total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct):
return use_lowercases+use_uppercases+use_decdigits+use_whitespace+use_punct+use_punct+1
def iMain(lSysArgv):
global password, exit_code, VERBOSE, iOUT_FD, oDIALOG, oLAST_DIR
global min_x, min_y, upperchar, lowerchar, out, hide_out
global oLAST_DIR
padpos = 0
stdscr = None
password = ''
exit_code = -1
out = ''
upperchar = ''
lowerchar = ''
if PY3:
uppercase = string.ascii_uppercase
lowercase = string.ascii_lowercase
else:
uppercase = string.uppercase
lowercase = string.lowercase
# Check for required size before continuing
def check_size(stdscr):
(size_y,size_x) = stdscr.getmaxyx()
if ((size_x < min_x)|(size_y < min_y)):
error( __program__+" needs a "+str(min_x)+"x"+str(min_y)+" character area to function.\n")
error( "please adjust your terminal size and restart "+__program__+".")
sys.exit(1)
def pad_draw(stdscr, pad, ly, lx, hy, hx, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title):
rv = __program__ +" "+ __version__
pad.addstr(0,0," "*(hx+1),curses.A_REVERSE)
pad.addstr(0,2,rv,curses.A_REVERSE)
pad.addstr(1,0," "*min_x)
#~ pad.addstr(0,40," ")
pad.addstr(0,40,lowerchar,curses.A_REVERSE)
pad.addstr(0,41,upperchar,curses.A_REVERSE)
pad.addstr(0,73,"SHOW")
if hide_out:
pad.addstr(0,73,"HIDE")
pad.addstr(1,0,header)
pad.addstr(2,0,">>")
pad.addstr(2,4," "*(len(out)+1))
disp_out = out
if hide_out:
disp_out = len(out)*"*"
pad.addstr(2,4,disp_out)
##Draw the grid
global gridrow
gridrow = 6
gridoffset = 4
#Grid Indexes
pad.addstr(gridrow-2,gridoffset,spaceout(col_index))
for t in range(0, total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct)):
pad.addstr(gridrow+t,1,row_index[t])
t += 1
#Index selection highlighting
if len(upperchar):
stdscr.addstr(gridrow-2,4+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
if len(lowerchar):
stdscr.addstr(gridrow+row_index.find(lowerchar),1,lowerchar,curses.A_REVERSE)
#Static grid elements
### New grid draw method ###
r = 0
for s in grid:
pad.addstr(gridrow,gridoffset,grid[r])
r += 1
gridrow += 1
if use_whitespace:
#Draw the whitespace row
pad.addstr(gridrow,gridoffset," :Space :Tab :Enter")
pad.addstr(gridrow,gridoffset,col_index[0])
pad.addstr(gridrow,9+gridoffset,col_index[1])
pad.addstr(gridrow,18+gridoffset,col_index[2])
#If the corresponding columns are selected, highlight them
if len(upperchar)&(upperchar==col_index[0]):
stdscr.addstr(gridrow,4+col_index.find(upperchar),upperchar,curses.A_REVERSE)
if len(upperchar)&(upperchar==col_index[1]):
stdscr.addstr(gridrow,11+col_index.find(upperchar),upperchar,curses.A_REVERSE)
if len(upperchar)&(upperchar==col_index[2]):
stdscr.addstr(gridrow,19+col_index.find(upperchar),upperchar,curses.A_REVERSE)
gridrow += 1
#Draw the 'done' line, and highlight column if selected
pad.addstr(gridrow,gridoffset," :Ignore")
pad.addstr(gridrow,gridoffset,col_index[0])
# pad.addstr(gridrow,9+gridoffset,col_index[1])
# pad.addstr(gridrow,18+gridoffset,col_index[2])
if len(upperchar)&(upperchar==col_index[0]):
stdscr.addstr(gridrow,4+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
if len(upperchar)&(upperchar==col_index[1]):
stdscr.addstr(gridrow,10+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
if len(upperchar)&(upperchar==col_index[2]):
stdscr.addstr(gridrow,17+spaceout(col_index).find(upperchar),upperchar,curses.A_REVERSE)
#Help banners
pad.addstr(14,0,title)
pad.addstr(15,0,usagebanner)
# (1+hx-len(shortcuts))*' '+
pad.addstr(16,0,shortcuts,curses.A_REVERSE)
pad.refresh(padpos, 0, ly, lx, hy, hx)
def main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title):
(max_y, max_x,) = stdscr.getmaxyx()
pad_draw(stdscr, pad, 0, 0, (max_y-2), (max_x-1), use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title)
stdscr.move(max_y-1,0)
try:
curses.curs_set(0)
except:
pass
stdscr.refresh()
def cycle_index(cyclemethod=3): #Argument specifies method, default is 3
global col_index, row_index
if PY3:
uppercase = string.ascii_uppercase
lowercase = string.ascii_lowercase
else:
uppercase = string.uppercase
lowercase = string.lowercase
#Method 0: Ordered letters and numbers, no randomization
#This method has 1 possible state and provides no security.
#Included to allow gridfire's use to limit possible symbols entered.
#For example, hex digits only when entering a WEP key.
if cyclemethod==0:
col_index = uppercase
row_index = lowercase
#Method 1: Ordered letters, random offset (as with gpggrid)
#The math might differ from gpggrid
#This method has 676 or 26^2 possible states
if cyclemethod==1:
offset = random.randint(0,25)
col_index = uppercase[offset:]+uppercase[:offset]
offset = random.randint(0,25)
row_index = lowercase[offset:]+lowercase[:offset]
#Method 2: use random.shuffle() to shuffle one index in place
#This might not work very well, see module documentation on
#issues with small len(x) exceeding period of RNGs
# http://docs.python.org/2/library/random.html
##This method has:
##403,291,461,126,605,635,584,000,000
##or 26! possible states (403.3 septillion)
if cyclemethod==2:
col_index = uppercase
colcycle = list(uppercase)
random.shuffle(colcycle)
col_index = ''.join(colcycle)
row_index = col_index.lower()
#Method 3: use random.shuffle() to shuffle indices in place
#This might not work very well, see module documentation on
#issues with small len(x) exceeding period of RNGs
# http://docs.python.org/2/library/random.html
#This method has:
#162,644,002,617,632,464,507,038,883,409,628,607,021,056,000,000,000,000
##or 26!^2 possible states (162.6 sexdecillion).
if cyclemethod==3:
col_index = uppercase
colcycle = list(uppercase)
random.shuffle(colcycle)
col_index = ''.join(colcycle)
row_index = lowercase
rowcycle = list(lowercase)
random.shuffle(rowcycle)
row_index = ''.join(rowcycle)
#TODO: Implement method 4 (mixed cases in row/column indexes)
# (This would require redoing input handling to recognize same-case pairs)
#Method 4 would have:
#80,658,175,170,943,878,571,660,636,856,403,766,975,289,505,440,883,277,824,000,000,000,000
#or 52! possible states (80.6 Unvigintillion).
def quit_scr(leave_message = "", exit_status= 0):
global password, exit_code
stdscr.keypad(0)
curses.echo()
curses.nocbreak()
curses.endwin()
# print leave_message
password = leave_message
exit_code = exit_status
parser = make_parser()
args = vars(parser.parse_args(lSysArgv))
debug('args.keys() ' +repr(args.keys()))
VERBOSE = args['verbosity']
cyclemethod = args['method'] or 3
header = args['header'] or ''
answer = args['answer'] or ''
output_fd = args['output_fd'] or 1
sargs = args['sargs']
if output_fd != 1:
iOUT_FD = os.fdopen(int(output_fd), 'w')
info('DEBUG: sargs=' + repr(sargs))
(use_uppercases,
use_lowercases,
use_decdigits,
use_punct,
use_whitespace,
punct,
punct2,
whitespace,
numbers,
grid ) = make_grid(args)
if answer:
# for testing - bypass the grid and accept the answer
password = answer
exit_code = 0
else:
if not stdscr:
stdscr = curses.initscr()
curses.noecho()
curses.start_color()
try:
curses.use_default_colors()
except:
pass
stdscr.keypad(1)
for key, value in _curses.__dict__.items():
if key[0:4] == 'ACS_' or key in ('LINES', 'COLS'):
if key == 'LINES':
value = value - 3
setattr(curses, key, value)
curses.flushinp ()
check_size(stdscr)
pad = curses.newpad(100,100)
if args['ttyalert'] == 'beep':
curses.beep()
elif args['ttyalert'] == 'flash':
curses.flash()
##### MAIN LOOP: draw the interface and handle user input #####
cycle_index(cyclemethod) #Don't start the program with unrandomized indexes
# If this isn't done, the program initially shows nothing
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
_previous_sigcont_handler = None
while exit_code == -1:
if hasattr(sys.stderr, 'getvalue'):
title = sys.stderr.getvalue().strip()
sys.stderr.buf = ''
else:
title = ''
if title:
title = title.split('\n')[-1]
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, title)
curses.noecho()
curses.cbreak()
sys.stderr.flush()
sys.stdout.flush()
if not _previous_sigcont_handler:
_previous_sigcont_handler = signal.getsignal(signal.SIGCONT)
try:
c = stdscr.getkey()
except:
quit_scr()
break
if c == '0':
quit_scr(out) #on 'Done', write output and exit
break
if c in ['', '9', chr(27)]: # Quit
quit_scr() #on 'Cancel', exit without writing output
break
if c == '8': # Hide
hide_out -= hide_out+hide_out
hide_out += 1
elif ((c == '7')&(len(out)>=1)) or ((c == 'KEY_BACKSPACE')&(len(out)>=1)):
out = out[:len(out)-1] # Delete
elif Dialog is not None and c == '6': # File Contents
# you will first need to save the tty modes with a call to def_prog_mode()
# and then call endwin() to end the curses mode. This will leave you in the
# original tty mode. To get back to curses once you are done, call
# reset_prog_mode() . This function returns the tty to the state stored by
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
_curses.def_prog_mode() ; _curses.endwin()
sBut, sCode = lDialogFselect(oLAST_DIR, height=10, width=50, help_button=False)
if sBut == 'ok':
sOut = sCode
else:
return
sBut = 'ok'; sCode = '='
if sOut and out:
sText = sOut # "New text at Beginning, Replace or End"
sBut, sCode = lDialogCode(sText)
if sBut != 'ok':
pass
elif sCode == '<':
out = sOut + ' ' + out
elif sCode == '>':
out = out + ' ' + sOut
elif sCode == '=':
out = sOut
elif sCode == '':
out = ''
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +sCode, height=8, width=40)
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
_curses.reset_prog_mode()
stdscr.refresh()
elif Dialog is not None and c == '5': # File Name
# you will first need to save the tty modes with a call to def_prog_mode()
# and then call endwin() to end the curses mode. This will leave you in the
# original tty mode. To get back to curses once you are done, call
# reset_prog_mode() . This function returns the tty to the state stored by
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
_curses.def_prog_mode() ; _curses.endwin()
sOut = sDialogFget()
sBut = 'ok'; sCode = '='
if sOut and out:
sText = sOut # "New text at Beginning, Replace or End"
sBut, sCode = lDialogCode(sText)
if sBut != 'ok':
pass
elif sCode == '<':
out = sOut + ' ' + out
elif sCode == '>':
out = out + ' ' + sOut
elif sCode == '=':
out = sOut
elif sCode == '':
out = ''
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +sCode, height=8, width=40)
main_draw(stdscr, pad, use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct, header, '')
_curses.reset_prog_mode()
stdscr.refresh()
elif Dialog is not None and c == '4': # Shell
if oDIALOG is None:
oDIALOG = Dialog()
sCode = '='
sOut = ''
yStdoutdata = yStderrdata = b''
# you will first need to save the tty modes with a call to def_prog_mode()
# and then call endwin() to end the curses mode. This will leave you in the
# original tty mode. To get back to curses once you are done, call
# reset_prog_mode() . This function returns the tty to the state stored by
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
_curses.def_prog_mode() ; _curses.endwin()
sCode, sAnswer = oDIALOG.inputbox("Run command (erase to cancel)",
init='')
if sCode == 'ok' and sAnswer:
try:
devnull = subprocess.DEVNULL
except AttributeError: # Python < 3.3
devnull_context = devnull = open(os.devnull, "wb")
else:
devnull_context = DummyContextManager()
with devnull_context:
p = subprocess.Popen(sAnswer,
stdout=subprocess.PIPE,
stderr=devnull, close_fds=True)
if True:
( yStdoutdata, yStderrdata ) = p.communicate()
retcode = p.returncode
oDIALOG.scrollbox(yStdoutdata.decode().strip(),
15,50)
else:
retcode = p.wait()
ystdoutdata = p.stdout.read()
# One could use title=... instead of text=... to put the text
# in the title bar.
oDIALOG.programbox(fd=p.stdout.fileno(),
text="Output of command: " +sAnswer)
# oDIALOG.msgbox("Bug Alert: If the screen goes black, suspend to shell with ^Z and then use fg to come back to Gridfire " +str(retcode), height=8, width=40)
if retcode == 0:
sOut = yStdoutdata.decode().strip()
sBut = 'ok'; sCode = '='
if sOut and out:
sText = sOut # "New text at Beginning, Replace or End"
sBut, sCode = lDialogCode(sText)
if sBut != 'ok':
pass
elif sCode == '<':
out = sOut + ' ' + out
elif sCode == '>':
out = out + ' ' + sOut
elif sCode == '=':
out = sOut
elif sCode == '':
out = ''
_curses.reset_prog_mode()
stdscr.refresh()
elif c == '3': # was Ignore
# now 'Ignore' is a keypair to fool keystroke counting
pass
elif PinEntry is not None and c == '2': # unused
if oPinEntry is None:
oPinEntry = PinEntry()
oPinEntry.run()
# unfinished
#handle row/column selections
elif (uppercase.find(c)+1):
upperchar = c
elif (row_index[:total_rows(use_lowercases, use_uppercases, use_decdigits, use_whitespace, use_punct)].find(c)+1):
lowerchar = c
#if selection completes a pair, find choice, add to output, reset selection
if len(upperchar)&len(lowerchar):
#if selected pair chooses 'Done' or 'Cancel'
if((upperchar==col_index[0])&(lowerchar==row_index[len(grid)+1])):
#on 'Ignore', do nothing
pass
# :Space :Tab :Enter
elif((upperchar==col_index[0])&(lowerchar==row_index[len(grid)])):
out += ' ' #on 'Space'
elif((upperchar==col_index[1])&(lowerchar==row_index[len(grid)])):
out += ' ' #on 'Tab'
elif((upperchar==col_index[2])&(lowerchar==row_index[len(grid)])):
out += '\n' #on 'Enter'
# elif((upperchar==col_index[2])&(lowerchar==row_index[len(grid)])):
# out = out[:len(out)-1] #on 'Delete'
else:
rowchoice = row_index.find(lowerchar)
if rowchoice < len(grid):
if (grid[rowchoice].find("A") == 0):
out += uppercase[col_index.find(upperchar)]
if (grid[rowchoice].find("a") == 0):
out += lowercase[col_index.find(upperchar)]
if (grid[rowchoice].find("0") == 0)&(spaceout(col_index).find(upperchar) < len(numbers)):
out += numbers[spaceout(col_index).find(upperchar)]
if (grid[rowchoice].find("!") == 0):
out += punct[spaceout(col_index).find(upperchar)]
if (grid[rowchoice].find("_") == 0)&(spaceout(col_index).find(upperchar) < len(punct2)):
out += punct2[spaceout(col_index).find(upperchar)]
upperchar = ''
lowerchar = ''
cycle_index(cyclemethod)
single = args['single'] or ''
double = args['double'] or ''
repeat = args['repeat'] or ''
if single:
thing = ['-'+single, password]
sStdIn = None
elif double:
thing = ['--'+double, password]
sStdIn = None
elif repeat:
thing = []
sStdIn = password +'\n' +password
else:
thing = []
sStdIn = password
if exit_code == 0 and sargs and password:
# sys.stderr.write('EXIT: ' + repr(password) + '\n')
if type(sargs) == str:
#? quote
largs = sargs.split(' ')
elif type(sargs) == list and len(sargs) == 1 and sargs[0].find(' ') > 0:
largs = sargs[0].strip().split()
elif type(sargs) == list and len(sargs) > 1:
largs = sargs
else:
raise RuntimeError('ERROR: not list or str type(sargs) ' + str(type(sargs) ))
if thing:
pos = args['pos']
if pos == -1:
largs.append(thing)
else:
largs.insert(pos, thing)
shell = False
executable = '' # largs[0] sargs = ' '.join(largs[1:])
(exit_code, password,) = lSubprocess(largs, shell, executable, sStdIn=sStdIn)
else:
debug('len(password)=%d' % len(password))
# del password, exit_code
stdscr = None
cycle_index(cyclemethod) #Don't start the program with unrandomized indexes
retval = [exit_code, password][:]
out = ''
exit_code = -1
return retval
# should be getpass.getpass compatible
def getpass(prompt="", stream=None, tty=None, main_args=None):
# what should stream be if curses should be a tty
if tty is not None:
pass
elif stream is not None:
tty = os.ttyname(stream.fileno())
elif 'GPG_TTY' in os.environ:
tty = os.environ['GPG_TTY']
else:
tty = os.ttyname(sys.stdin.fileno())
with open(tty, 'r') as fd:
assert fd.isatty(), "The input stream must be a tty: %r" % (tty,)
if not hasattr(sys, '_stderr'):
sys._stderr = sys.stderr
sys.stderr = StringIO()
password = ''
exit_code = -1
if main_args is None:
main_args = ['-H', prompt]
else:
main_args += ['-H', prompt]
try:
(exit_code, password,) = main(main_args)
info('EXIT: getpass ' + prompt +' ' + repr(password))
except KeyboardInterrupt:
info('EXIT: getpass KeyboardInterrupt')
if hasattr(sys, '_stderr'):
sys.stderr = sys._stderr
return password
def sDialogFget():
global oLAST_DIR
sBut, sCode = lDialogFselect(oLAST_DIR, height=10, width=50, help_button=False)
sOut = ''
if sBut == 'ok':
sFile = sCode
try:
with open( sFile, 'rt') as iFd:
sOut = iFd.read().strip()
except Exception as e:
# dunno
pass
else:
if os.path.isdir(sFile):
oLAST_DIR = sFile
else:
oLAST_DIR = os.path.dirname(sFile)
oLAST_DIR = oLAST_DIR + '/'
return sOut
def lDialogFselect(sLastDir=None, height=10, width=50, help_button=False, prompt=None):
global oDIALOG, oLAST_DIR
if oDIALOG is None:
oDIALOG = Dialog()
if not sLastDir:
sLastDir = oLAST_DIR
sBut, sCode = oDIALOG.fselect(sLastDir, height, width, help_button=False)
return (sBut, sCode,)
def lDialogCode(sText):
lChoices = [("<", "Begin - Add the text at the beginning"),
("=", "All - Replace all with the text"),
(">", "End - Add the text at the end")]
sCode = '='
sBut, sCode = oDIALOG.menu(sText, height=16, width=50,
choices=lChoices,
title="Replace the buffer with file contents",
help_button=False)
return (sBut, sCode,)
def lSubprocess(largs, shell=False, executable='', sStdIn=''):
env = os.environ.copy()
if 'PYTHONPATH' in env:
del env['PYTHONPATH']
debug('executable=' + repr(executable) +' largs=' + repr(largs) ) # + ' len(password)=%d' % len(password)
yStdoutData = stderrdata = ''
try:
oProcess = subprocess.Popen(largs,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=env,
shell=shell)
sleep(3)
except Exception as e:
error('Popen executable=' + repr(executable) +' largs=' + repr(largs) + '\n' + str(e))
exit_code = 1
sStdOut = ''
else:
if sStdIn:
(yStdoutData, stderrdata,) = oProcess.communicate(sStdIn.encode())
else:
#? wait
(yStdoutData, stderrdata,) = oProcess.communicate()
#? oProcess.close()
if stderrdata:
sys.stderr.write(stderrdata.decode() + '\n')
exit_code = oProcess.returncode
sStdOut = yStdoutData.decode()
return (exit_code, sStdOut,)
def main():
sargs = sys.argv[1:]
if type(sargs) == list and len(sargs) == 1 and sargs[0].find(' ') > 0:
lSysArgv = sargs[0].strip().split()
else:
lSysArgv = sargs
# print('DEBUG: ' +repr(sys.argv[1:]) +' ' +repr(type(sys.argv[1:])))
if hasattr(sys, 'frozen') and hasattr(sys, '_MEIPASS'):
print('DEBUG: running in a PyInstaller bundle')
(exit_code, password,) = iMain(lSysArgv)
iOUT_FD.write(password+('\n'*newline))
password = ''
sys.stderr.flush()
return exit_code
if __name__ == '__main__':
sys.exit(main())

View File

@ -0,0 +1 @@
curses

View File

@ -0,0 +1,29 @@
# -*- mode: python -*-
block_cipher = None
a = Analysis(['./gridfire.py'],
pathex=['/usr/local/src/gridfire'],
binaries=None,
datas=None,
hiddenimports=[],
hookspath=[],
runtime_hooks=[],
excludes=[],
win_no_prefer_redirects=False,
win_private_assemblies=False,
cipher=block_cipher)
pyz = PYZ(a.pure, a.zipped_data,
cipher=block_cipher)
exe = EXE(pyz,
a.scripts,
a.binaries,
a.zipfiles,
a.datas,
name='gridfire',
debug=False,
strip=False,
upx=True,
console=True )

View File

@ -0,0 +1,47 @@
Gridfire is inspired by gpggrid, a security tool included in Tinfoil Hat Linux
(http://tinfoilhat.shmoo.com) intended to resist shoulder-surfing and keylogging.
For more information on the project, see the README file distributed with Gridfire.
Gridfire is named after a fictional superweapon in Iain M Banks' Culture novels.
See http://everything2.com/title/Gridfire for more.
RIP Iain M Banks (1954-02-16 to 2013-06-09)
usage: gridfire.py [-h] [-a TTYALERT] [-c] [-g] [-u] [-l] [-b] [-o] [-d] [-f]
[-p] [-w] [-m METHOD] [-n] [-v VERBOSITY] [-S SINGLE]
[-D DOUBLE] [-P POS] [-H HEADER] [-A ANSWER] [-O fd]
[STDIN COMMAND [STDIN ARGS ...]]
positional arguments:
STDIN COMMAND Arguments to run a subprocess wih the password in stdin.
optional arguments:
-h, --help show this help message and exit
-a TTYALERT, --ttyalert TTYALERT
Set the alert mode (none, beep or flash)
-c Force concealment of entered text.
-g, --grid Ignore other options and behave like gpggrid.
-u Allow uppercase letters [A-Z].
-l Allow lowercase letters [a-z].
-b Allow binary numbers [0-1].
-o Allow octal numbers [0-7].
-d Allow decimal numbers [0-9].
-f Allow hexadecimal numbers [0-9][a-f][A-F].
-p Allow punctuation.
-w Allow whitespace.
-m METHOD, --method METHOD
Specify indexing method (0-3, higher is more secure,
default=3)
-n Append a newline on output.
-v VERBOSITY, --verbosity VERBOSITY
Specify verbosity (0-5, higher is verbose, default=3)
-S SINGLE, --single SINGLE
Arg to pass to a subprocess with -SINGLE=password.
-D DOUBLE, --double DOUBLE
Arg to pass to a subprocess with --DOUBLE=password.
-P POS, --pos POS Position to place the Arg to a subprocess with
--DOUBLE/SINGLE=password.
-H HEADER, --header HEADER
Header line as a prompt (default "").
-A ANSWER, --answer ANSWER
Skip the grid and give the answer (for testing only).

View File

@ -0,0 +1,16 @@
Reading package lists...
Building dependency tree...
Reading state information...
The following packages were automatically installed and are no longer required:
arc-theme bsdtar dkms libayatana-appindicator3-1 libshp2 spl-dkms tirdad
tirdad-dkms vm-config-dist
Use 'sudo apt autoremove' to remove them.
Suggested packages:
python3-doc
The following NEW packages will be installed:
python-dialog python3-dialog
0 upgraded, 2 newly installed, 0 to remove and 5 not upgraded.
1 not fully installed or removed.
Need to get 84.7 kB/1,480 kB of archives.
After this operation, 3,303 kB of additional disk space will be used.
'tor+https://deb.debian.org/debian/pool/main/p/python2-pythondialog/python-dialog_3.3.0-3_amd64.deb' python-dialog_3.3.0-3_amd64.deb 84692 MD5Sum:bdd3168f237ff90677a814e3059e23b0

View File

@ -0,0 +1,105 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0`
PREFIX=/usr/local
ROLE=gpgkey
PYVER=3
EXE=/var/local/bin/tomb.bash
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
# ~/.local/share/python_keyring
# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
# or open the keyfile?
# passwd from gridfire or from keepass
usage() {
echo "Syntax: tomb [options] command [arguments]"
echo
echo " // Creation:"
echo " dig create a new empty TOMB file of size -s in MiB"
echo " forge create a new KEY file and set its password"
echo " lock installs a lock on a TOMB to use it with KEY"
echo
echo " // Operations on tombs:"
echo " open open an existing TOMB (-k KEY file or - for stdin)"
echo " index update the search indexes of tombs"
echo " search looks for filenames matching text patterns"
echo " list list of open TOMBs and information on them"
echo " ps list of running processes inside open TOMBs"
echo " close close a specific TOMB (or 'all')"
echo " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && {
echo " resize resize a TOMB to a new size -s (can only grow)"
}
echo
echo " // Operations on keys:"
echo " passwd change the password of a KEY (needs old pass)"
echo " setkey change the KEY locking a TOMB (needs old key and pass)"
echo
[[ $QRENCODE == 1 ]] && {
echo " // Backup on paper:"
echo " engrave makes a QR code of a KEY to be saved on paper"
echo
}
[[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
echo " // Steganography:"
[[ $STEGHIDE == 1 ]] && {
echo " bury hide a KEY inside a JPEG image (for use with -k)"
echo " exhume extract a KEY from a JPEG image (prints to stdout)"
}
[[ $CLOAKIFY == 1 ]] && {
echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
}
[[ $DECLOAKIFY == 1 ]] && {
echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
}
echo
}
echo "Options:"
echo
echo " -s size of the tomb file when creating/resizing one (in MiB)"
echo " -k path to the key to be used ('-k -' to read from stdin)"
echo " -n don't launch the execution hooks found in tomb"
echo " -p preserve the ownership of all files in tomb"
echo " -o options passed to commands: open, lock, forge (see man)"
echo " -f force operation (i.e. even if swap is active)"
echo " -g use a GnuPG key to encrypt a tomb key"
echo " -r provide GnuPG recipients (separated by comma)"
echo " -R provide GnuPG hidden recipients (separated by comma)"
[[ $SPHINX == 1 ]] && {
echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
}
[[ $KDF == 1 ]] && {
echo " --kdf forge keys armored against dictionary attacks"
}
echo
echo " -q run quietly without printing informations"
echo " -D print debugging information at runtime"
}
# FixMe: make sure command is first
if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
# usage
# exit 0
:
fi
LARGS="-H \"tomb $tail\""
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
if [[ "$*" =~ "-- " ]];then
RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
exec $PREFIX/bin/gridfire $LARGS $RARGS
else
exec $PREFIX/bin/gridfiremake: *** No rule to make target 'up'. Stop.
$LARGS -- $EXE "$@"
fi

View File

@ -0,0 +1,6 @@
# /e/tmp/To/KeePassXC PAM loing manager integration GitHub.html
dbus-send --print-reply --dest=org.keepassxc.KeePassXC.MainWindow \
/keepassxc \
org.keepassxc.MainWindow.openDatabase \
string:Documents/Passwords.kdbx \
string:$(keyctl print $key)

View File

@ -0,0 +1,122 @@
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PROG=keepassxc_cmd2
BOX_OS_FLAVOR=`cat /etc/hostname`
TMPDIR=/var/tmp
OVERLAY=/var/local/share/genkernel/overlay/
PYVER=3
PYMVER=38
PLAT=linux
# pex broken
# PYMVER=37
# PLAT=windows
build=build-$(BOX_OS_FLAVOR)
dist=dist-$(BOX_OS_FLAVOR)
refresh::
update:: install
install:: pex bins # pyi
pyi:: pyinstaller_$(PROG)-$(BOX_OS_FLAVOR)
pyinstaller_$(PROG)-$(BOX_OS_FLAVOR):: $(dist)_$(PROG)/$(PROG)
$(dist)_$(PROG)/$(PROG):: Makefile $(PWD)/keepassxc_cmd2.py
[ -d $(build)_$(PROG) ] || mkdir $(build)_$(PROG)
[ -d $(dist)_$(PROG) ] || mkdir $(dist)_$(PROG)
[ -f $(PROG).log -a \
-e $(dist)_$(PROG)/$(PROG) -a \
$(dist)_$(PROG)/$(PROG) -nt $(PWD)/keepassxc_cmd2.py ] || \
python$(PYVER).bash -m PyInstaller --clean \
--distpath $(dist)_$(PROG) --workpath $(build)_$(PROG) \
--onefile -c --ascii \
--name $(PROG)_pyi-$(BOX_OS_FLAVOR) \
--additional-hooks-dir packaging/pyinstaller \
--hidden-import wcwidth \
--exclude-module macOS \
$(PWD)/keepassxc_cmd2.py \
> $(PROG).log 2>&1
! grep ERROR: $(PROG).log
[ -e $(dist)_$(PROG)/$(PROG) -a -e $(dist)_$(PROG)/$(PROG)_pyi-$(BOX_OS_FLAVOR) ] || \
ln $(dist)_$(PROG)/$(PROG)_pyi-$(BOX_OS_FLAVOR) $(dist)_$(PROG)/$(PROG)
cxFreeze:: cxFreeze-$(BOX_OS_FLAVOR)
cxFreeze-$(BOX_OS_FLAVOR)::
[ -e cxfreeze_main.py ] || ln -s ../cxfreeze_main.py
[ -f $(PROG).spec ] || pyi-makespec ./$(PROG).py -F -c
[ -f $(PROG).spec.Linux ] || cp -p $(PROG).spec $(PROG).spec.Linux
[ -d cxFreeze-$(BOX_OS_FLAVOR) ] || mkdir cxFreeze-$(BOX_OS_FLAVOR)
python3 ./cxfreeze_main.py -c \
--target-dir cxFreeze-$(BOX_OS_FLAVOR) $(PROG).py \
>cxFreeze-$(BOX_OS_FLAVOR).log 2>&1
# No bundling of so's - not a freezer
pex:: clean
[ -d dist/dist-$(BOX_OS_FLAVOR)/ ] || mkdir -p dist/dist-$(BOX_OS_FLAVOR)
[ -n "${MSYSTEM}" ] || $(MAKE) $(MFLAGS) dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex
dist/dist-Windows/$(PROG).pex:: Makefile $(PROG).py
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
--platform windows_x86_64-cp-27-cp27mu \
--platform windows_x86_64-cp-37-cp37mu
zip -d $@ build-\*/\* dist-\*/\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
# ERROR: No matching distribution found for wcwidth (from -r keepassxc_cmd2.reqs (line 1))
# -r $(PROG).reqs
dist/dist-Kick150154/$(PROG).pex:: Makefile $(PROG).py
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
-f /usr/lib/python3/dist-packages/ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-27-cp27mu \
--platform linux_x86_64-cp-37-cp37mu
zip -d $@ build-\*/\* dist-\*/\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
dist/dist-pentoo/$(PROG).pex:: Makefile $(PROG).py
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-27-cp27mu \
--platform linux_x86_64-cp-38-cp38mu
zip -d $@ build-\*/\* dist-\*/\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
dist/dist-devuan/$(PROG).pex:: Makefile $(PROG).py
env PYTHONPATH=/usr/lib/python3/dist-packages:/usr/local/src \
/usr/local/bin/pex3.bash -D $(PWD) -m $(PROG):main -o $@ \
--no-index --ignore-errors --inherit-path=prefer \
--platform linux_x86_64-cp-39-cp39mu
zip -d $@ build-\*/\* dist-\*/\* \
\*/.git/\* \*.log __pycache__/\* >/dev/null
bins:: pex
[ -f dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex -a \
../../../bin/$(PROG).pex -nt dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ] || \
cp -p dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ../../../bin
test::
# ./keepassxc_cmd2.py < *2 keepassxc_cmd2.cmd2
[ -f ${TMPDIR}/test4.kdbx -o -f ${TMPDIR}/test4.key ] || \
cp -p ../pykeepass/tests/*y ../pykeepass/tests/*x ${TMPDIR}
/usr/local/bin/python3.sh $(PROG).py < keepassxc_kpy.cmd2
/usr/local/bin/python3.sh $(PROG).py run_script keepassxc_cli.cmd2
echo -n password | /usr/local/bin/python3.sh $(PROG).py \
run_script keepassxc_stdin.cmd2
[ ! -f dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ] || \
{ dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex < keepassxc_kpy.cmd2 ; \
echo INFO: tested dist/dist-$(BOX_OS_FLAVOR)/$(PROG).pex ; }
clean::
rm -f */*~ *~
up:: clean
$(MAKE) $(MFLAGS) -C .. $@
down:: clean
$(MAKE) $(MFLAGS) -C .. $@

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,26 @@
#!/usr/local/bin/python3.sh
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
import os,sys
# if not hasattr(sys, 'frozen'):
try:
#keepassxc_cmd2
from . import ansi
Fg=ansi.Fg
Bg=ansi.Bg
except Exception:
def green(s): return s
def red(s): return s
def yellow(s): return s
def blue(s): return s
ansi = None
else:
def green(s): return f"{Fg.GREEN}{s} {Fg.RESET}"
def red(s): return f"{Fg.RED}{s} {Fg.RESET}"
def yellow(s): return f"{Fg.YELLOW}{s} {Fg.RESET}"
def blue(s): return f"{Fg.LIGHT_BLUE}{s} {Fg.RESET}"
def info(s): return green(s)
def error(s): return red(s)
def warn(s): return yellow(s)
def debug(s): return blue(s)

View File

@ -0,0 +1,59 @@
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
import optparse
import os
import sys
import cx_Freeze
from cx_Freeze import cli
def main(constants):
# options = cx_Freeze.ParseCommandLine()
parser = cli.prepare_parser()
args = cli.parse_command_line(parser)
executables = [cx_Freeze.Executable(args.script,
args.init_script,
args.base_name,
args.target_name,
args.icon)
]
args.includes += ['wcwidth']
args.excludes += ['numpy', 'sphinx', 'matplotlib', 'numpy', 'PyQt5', 'pandas', 'babel', 'wx', 'pythran', 'scipy', 'notebook', 'PySide2']
# 11704 cxFreeze-Pentoo/lib/sphinx/
# 14544 cxFreeze-Pentoo/lib/matplotlib/
# 18972 cxFreeze-Pentoo/lib/numpy/
# 21744 cxFreeze-Pentoo/lib/PyQt5/
# 29188 cxFreeze-Pentoo/lib/pandas/
# 29784 cxFreeze-Pentoo/lib/babel/
# 32468 cxFreeze-Pentoo/lib/wx/
# 36256 cxFreeze-Pentoo/lib/pythran/
# 49152 cxFreeze-Pentoo/lib/scipy/
# 218816 cxFreeze-Pentoo/lib/notebook/
# 407960 cxFreeze-Pentoo/lib/PySide2/
args.zip_include_packages='*'
args.zip_exclude_packages=''
freezer = cx_Freeze.Freezer(executables,
includes=args.includes,
excludes=args.excludes,
packages=args.packages,
replacePaths=args.replace_paths,
compress=args.compress,
optimizeFlag=args.optimize_flag,
targetDir=args.target_dir,
includeFiles=args.include_files,
zipIncludes=args.zip_includes,
silent=args.silent,
zipIncludePackages=args.zip_include_packages,
zipExcludePackages=args.zip_exclude_packages,
)
freezer.Freeze()
return 0
if __name__ == '__main__':
from cx_Freeze import freezer
constants = freezer.ConstantsModule()
try:
i = main(constants)
except KeyboardInterrupt:
i =0
sys.exit(i)

View File

@ -0,0 +1,25 @@
Available commands:
add Add a new entry to a database.
analyze Analyze passwords for weaknesses and problems.
clip Copy an entry's attribute to the clipboard.
close Close the currently opened database.
db-create Create a new database.
db-info Show a database's information.
diceware Generate a new random diceware passphrase.
edit Edit an entry.
estimate Estimate the entropy of a password.
export Exports the content of a database to standard output in the specified format.
generate Generate a new random password.
help Display command help.
import Import the contents of an XML database.
locate Find entries quickly.
ls List database entries.
merge Merge two databases.
mkdir Adds a new group to a database.
mv Moves an entry to a new group.
open Open a database.
rm Remove an entry from the database.
rmdir Removes a group from a database.
show Show an entry's information.

View File

@ -0,0 +1,40 @@
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set debug true
cli generate
cli diceware -- -q --words 3
get_kdbx /var/tmp/test4.kdbx
cli db-info
get_pass password
get_keyfile /var/tmp/test4.key
# no arguments
cli db-info
cli ls
cli help
shell rm -f /var/tmp/test4.xml
shell cp /var/tmp/test4.kdbx /var/tmp/cli4.kdbx
get_kdbx /var/tmp/cli4.kdbx
get_keyfile /var/tmp/test4.key
get_pass password
cli db-info
cli mkdir email
# --url http://goo.gl
# cli add email/gmail -u foo --generate --length 8
cli add email/gmail
cli show email/gmail
cli show -s email/gmail
# set sPassword
set sKeyfile
set sKdbx
help
#help cli
#help kpy

View File

@ -0,0 +1,503 @@
#!/var/local/bin/python3.bash
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
from __future__ import unicode_literals, print_function
"""
"""
import os,sys,io
import argparse
import random
import base64
import curses
from keepassxc_doc import (dCLI_HELP, dKPY_HELP,)
try:
from dialog import Dialog
except ImportError:
Dialog = None
oDIALOG = None
oLAST_DIR = '/tmp/'
try:
import keyutils
except ImportError:
keyutils = None
oKP=None
sGridDir = '/usr/local/src/gridfire'
if os.path.isdir(sGridDir):
sGridDir in sys.path or sys.path.append(sGridDir)
lCLI_WORDS_key_dbx = [ 'add', 'analyze', 'clip', 'close',
'db-create', 'db-info',
'edit', 'estimate', 'export', 'format',
'import', 'locate', 'ls', 'merge', 'mkdir',
'mv', 'open', 'rm', 'rmdir', 'show']
lCLI_WORDS_nokey_nodbx = ['help', 'generate', 'diceware',]
cli_item_strs = lCLI_WORDS_nokey_nodbx + lCLI_WORDS_key_dbx
kpy_choices = ['open', 'eval', 'save', 'close', 'dump_xml', 'help']
kpy_new = ['add_binary_base64', 'get_binary_base64', 'get_binary_file']
kpy_methods = ['add_binary', 'add_entry', 'add_group', 'attachments', 'binaries', 'delete_binary', 'delete_entry', 'delete_group', 'deref', 'dump_xml', 'encryption_algorithm', 'entries', 'filename', 'find_attachments', 'find_entries', 'find_entries_by_notes', 'find_entries_by_password', 'find_entries_by_path', 'find_entries_by_string', 'find_entries_by_title', 'find_entries_by_url', 'find_entries_by_username', 'find_entries_by_uuid', 'find_groups', 'find_groups_by_name', 'find_groups_by_notes', 'find_groups_by_path', 'find_groups_by_uuid', 'groups', 'kdbx', 'kdf_algorithm', 'keyfile', 'move_entry', 'move_group', 'password', 'read', 'root_group', 'save', 'transformed_key', 'tree', 'version', 'xml'] + kpy_new
sGridDir = '/usr/local/src/cmd2'
if os.path.isdir(sGridDir):
sGridDir in sys.path or sys.path.append(sGridDir)
import cmd2
from cmd2_ansi import *
oSCR=None
class CmdLineApp(cmd2.Cmd):
"""keepassxc cmd2 application using keepassxc-cli and pykeepass."""
# Setting this true makes it run a shell command if a cmd2/cmd command doesn't exist
# default_to_shell = True
def __init__(self):
self.sPassword = ''
self.sKeyfile = ''
self.sKdbx = ''
self.sGridfire = ''
self.oPyKdbx = ''
shortcuts = dict(cmd2.DEFAULT_SHORTCUTS)
shortcuts.update({'&': 'kpy'})
super().__init__(allow_cli_args=False, multiline_commands=['orate'], shortcuts=shortcuts)
self.self_in_py = True
# Make sPassword settable at runtime
self.add_settable(cmd2.Settable('sPassword', str, 'password for keepassxc', self))
# Make sKeyfile settable at runtime
self.add_settable(cmd2.Settable('sKeyfile', str, 'keyfile for keepassxc', self))
# Make sKdbx settable at runtime
self.add_settable(cmd2.Settable('sKdbx', str, 'kdbx for keepassxc', self))
# Make sGridfire settable at runtime
self.add_settable(cmd2.Settable('sGridfire', str, 'gridfire for keepassxc', self))
# Should ANSI color output be allowed
if not hasattr(sys, 'frozen') and ansi:
self.allow_style = ansi.AllowStyle.TERMINAL
clean_parser = cmd2.Cmd2ArgumentParser()
clean_parser.add_argument('-r', '--recycle', type=int, help='Just clean the recycle bin')
@cmd2.with_argparser(clean_parser)
def do_clean_kdbx(self, args):
"""Cleans all of the entries and groups from a kdbx"""
if self.oPyKdbx == '':
self.poutput(red('cle: ! ') + 'Open database first' )
return
kp = self.oPyKdbxf
for group in kp.groups:
if group != kp.root_group:
_=sys.stderr.write( 'deleting group ' +str(group) +'\n')
kp.delete_group(group)
else:
entries = kp.entries
for entry in entries:
_=sys.stderr.write( 'deleted entries ' +str(entry) +'\n')
entry.delete()
getpass_parser = cmd2.Cmd2ArgumentParser()
getpass_parser.add_argument('words', nargs='*', help='arguments')
@cmd2.with_argparser(getpass_parser)
def do_get_pass(self, args):
"""Get the password, and set the variable sPassword."""
if args.words:
if args.words[0] == '-':
self.sPassword = sys.stdin.read()
else:
self.sPassword = args.words[0]
self.poutput(green('Pas: . ') +self.sPassword)
return
from gridfire import getpass
if self.sKdbx:
sPrompt = 'Password for ' +self.sKdbx
else:
sPrompt = 'Password for keepassxc_cmd2'
oTty = os.ttyname(sys.__stdin__.fileno())
oRet = getpass(prompt=sPrompt, stream=None, tty=oTty, main_args=None)
if oRet:
self.sPassword = oRet
self.poutput(green('Pas: . ') +self.sPassword)
do_get_sPassword = do_get_pass
getkeyfile_parser = cmd2.Cmd2ArgumentParser()
getkeyfile_parser.add_argument('words', nargs='*', help='arguments')
@cmd2.with_argparser(getkeyfile_parser)
def do_get_keyfile(self, args):
"""Get the name of the key file, and set the variable sKeyfile."""
if len(args.words) and os.path.isfile(args.words[0]):
self.sKeyfile = args.words[0]
self.poutput(green('Key: . ') +str(self.sKeyfile))
return
# you will first need to save the tty modes with a call to def_prog_mode()
# and then call endwin() to end the curses mode. This will leave you in the
# original tty mode. To get back to curses once you are done, call
# reset_prog_mode() . This function returns the tty to the state stored by
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
from gridfire import lDialogFselect
oRet = lDialogFselect()
try:
curses.def_prog_mode()
curses.endwin()
except Exception as e:
# must call initscr() first
# global oSCR; if oSCR is none: oSCR=curses.initscr()
pass
if len(oRet) == 2 and oRet[0] == 'ok':
self.sKeyfile = oRet[1]
self.poutput(green('key: . ') +str(self.sKeyfile))
do_get_sKeyfile = do_get_keyfile
getkdbx_parser = cmd2.Cmd2ArgumentParser()
getkdbx_parser.add_argument('words', nargs='*', help='arguments')
@cmd2.with_argparser(getkdbx_parser)
def do_get_kdbx(self, args):
"""Get the name of the kdbx database file, and set the variable sKbx."""
if len(args.words):
self.sKdbx = args.words[0]
if os.path.isfile(args.words[0]):
self.poutput(green('Kdb: . ') +str(self.sKdbx))
else:
self.poutput(red('Kdb: ! File not found ') +str(self.sKdbx))
return
from gridfire import curses
# you will first need to save the tty modes with a call to def_prog_mode()
# and then call endwin() to end the curses mode. This will leave you in the
# original tty mode. To get back to curses once you are done, call
# reset_prog_mode() . This function returns the tty to the state stored by
# def_prog_mode(). Then do refresh(), and you are back to the curses mode.
from gridfire import lDialogFselect
oRet = lDialogFselect()
try:
# Is this needed? Between FSelect and gridfire is the idea
# but it errors with initscr() not called when called here
curses.def_prog_mode(); curses.endwin()
except Exception: pass
if len(oRet) == 2 and oRet[0] == 'ok':
self.sKdbx = oRet[1]
self.poutput(green('dbx: . ') +str(self.sKdbx))
do_get_sKdbx = do_get_kdbx
def cli_help(sel, sElt):
if sElt and sElt in dCLI_HELP:
self.poutput(green('cli: help ') +sElt +dCLI_HELP[sElt])
else:
self.poutput(green('kpy: help ') +'one of: ' \
+' '.join(dCLI_HELP.keys()))
qdbus_parser = cmd2.Cmd2ArgumentParser()
qdbus_parser.add_argument('words', nargs='*', help='arguments')
@cmd2.with_argparser(qdbus_parser)
def do_qdbus(self, args):
"""."""
MainWindow='org.keepassxc.KeePassXC.MainWindow'
def qdbus(s): os.system('qdbus ' +s)
if not args.words or args.words[0] == "help":
self.poutput(green('bus: ? ') +'one of: ' \
'open close exit')
return
sCommand = args.words[0]
if sCommand == "open":
# Open keepassxc database: without password and key file
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx
elif sCommand == "open":
# Open keepassxc database: with password but without key file
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx passwd
elif sCommand == "open":
# Open keepassxc database: with password and key file
qdbus # MainWindow +' /keepassxc ' +MainWindow.openDatabase /path/to/database.kdbx passwd /path/to/key
elif sCommand == "lock":
# Lock all keepassxc databases
qdbus # MainWindow +' /keepassxc ' +MainWindow.lockAllDatabases
elif sCommand == "close":
# Close all keepassxc databases
qdbus # MainWindow +' /keepassxc ' +MainWindow.closeAllDatabases
elif sCommand == "exit":
# Exit keepassxc
qdbus(MainWindow +' /keepassxc ' +MainWindow +'.exit')
return
cli_parser = cmd2.Cmd2ArgumentParser()
cli_parser.add_argument('cli', help='Enter name cli command', choices=cli_item_strs)
cli_parser.add_argument('words', nargs='*', help='cli command arguments')
@cmd2.with_argparser(cli_parser)
def do_cli(self, args):
"""Call keepassxc-cli with the kdbx database file and a cli command."""
sStdIn = ''
if args.cli in ['help', '--help', ]:
if args.words and args.words[0] in dCLI_HELP:
sElt = args.words[0]
self.poutput(green('cli: ? ') +sElt +dCLI_HELP[sElt])
else:
self.poutput(green('cli: ? ') +'one of: ' \
+' '.join(dCLI_HELP.keys()))
return
if args.words and args.words[0] in ['help', '--help', ]:
sElt = args.cli
return
if args.cli in lCLI_WORDS_nokey_nodbx:
largs = ['keepassxc-cli.bash', args.cli] + args.words
elif args.cli in lCLI_WORDS_key_dbx:
if self.sPassword == '':
self.poutput(red('cli: ! ') + 'We require a password using get_pass' )
return
sStdIn = self.sPassword
if not self.sKdbx or not os.path.isfile(self.sKdbx):
self.poutput(red('cli: ! ') + 'We require a kbx file using get_kdbx' )
return
if not self.sKeyfile or not os.path.isfile(self.sKeyfile):
self.poutput(yellow('cli: = ') + 'Not using a keyfile' )
largs = ['keepassxc-cli.bash', args.cli]
else:
largs = ['keepassxc-cli.bash', args.cli, '-k', self.sKeyfile]
largs += ['-q', self.sKdbx] +args.words
if len(sStdIn):
self.poutput(blue('cli: . ') +' Using a password of len' +str(len(sStdIn)))
from gridfire import lSubprocess
self.poutput(blue('cli: < ') +' Calling ' +' '.join(largs))
shell = False
executable = '' # largs[0] sargs = ' '.join(largs[1:])
(exit_code, sStdout,) = lSubprocess(largs, shell, executable, sStdIn)
if exit_code == 0:
if sStdout is not None:
if sStdout.find('\n') > 0:
for sLine in sStdout.split('\n'):
self.poutput(green('cli: > ') +sLine)
else:
self.poutput(green('cli: > ') +repr(sStdout))
else:
if sStdout is not None:
self.poutput(red('cli: > ') +repr(sStdout))
kpy_parser = cmd2.Cmd2ArgumentParser()
clean_parser.add_argument('-K', '--session_add_key', type=str,
help='session_add_key some-description')
kpy_parser.add_argument('kpy', help='Enter name kpy command',
choices=kpy_choices+kpy_methods+['_xpath'])
kpy_parser.add_argument('words', nargs='*', help='kpy command arguments')
@cmd2.with_argparser(kpy_parser)
def do_kpy(self, args):
"""Call the Python oKP with the database and a kpy method or attribute."""
global oKP
if args.kpy in ['help', '--help', ]:
if args.words and args.words[0] in dKPY_HELP:
sElt = args.words[0]
self.poutput(green('kpy: help ') +sElt +' - ' +dKPY_HELP[sElt])
else:
self.poutput(green('kpy: help ') +'one of: ' \
+' '.join(dKPY_HELP.keys()))
return
if args.words and args.words[0] in ['help', '--help', ]:
sElt = args.kpy
if sElt and sElt in dKPY_HELP:
self.poutput(green('kpy: help ') +sElt +' - ' +dKPY_HELP[sElt])
else:
self.poutput(green('kpy: help ') +'one of: ' \
+' '.join(dKPY_HELP.keys()))
return
if args.kpy == 'open' and self.oPyKdbx != '':
self.poutput(red('kpy: ! ') + 'Close the open database first' )
return
if args.kpy == 'open' and self.oPyKdbx == '':
if not self.sKdbx or not os.path.isfile(self.sKdbx):
self.poutput(red('kpy: ! ') + 'We require a kbx file using get_kdbx' )
return
if self.sPassword == '':
self.poutput(red('kpy: ! ') + 'We require a password using get_pass' )
return
if not self.sKeyfile or not os.path.isfile(self.sKeyfile):
self.poutput(yellow('kpy: = ') + 'Not using a keyfile' )
from pykeepass import PyKeePass
try:
oKP = PyKeePass(self.sKdbx, password=self.sPassword, keyfile=self.sKeyfile or None)
except Exception as e:
self.poutput(red('kpy: ! ') + 'Failed opening a database ' +str(e))
return
oKP.filename = self.sKdbx
oKP.password = self.sPassword
oKP.keyfile = self.sKeyfile or None
# oKP.save()
self.oPyKdbx = oKP
self.poutput(green('kpy: . ') + 'Opened a database ' +repr(oKP))
if args.session_add_key:
yVal = self.password.encode()
yDesc = args.session_add_key.encode()
session_add_key(yDesc, yVal)
g`< self.poutput(green('kpy: . ') + 'Added session key ' +args.session_add_key)
return
if args.kpy in ['close', 'save']+kpy_methods and not self.oPyKdbx:
self.poutput(red('kpy: ! ') + 'Open a database before using ' +args.kpy )
return
if args.kpy == 'close' and self.oPyKdbx:
self.oPyKdbx = oKP = None
self.poutput(green('kpy: . ') + 'Closed the open database' )
return
if args.kpy in ['read', 'dump_xml'] and self.oPyKdbx:
if len(args.words) < 1:
self.poutput(red('kpy: ! ') + 'Filename required to ' +args.kpy +' a database' )
return
sLine = args.words[0]
if args.kpy in ['read']:
self.poutput(blue('kpy: . ') +args.kpy +' kdbx from '+sLine)
elif args.kpy in ['dump_xml']:
self.poutput(blue('kpy: . ') +args.kpy +' kdbx to '+sLine)
oMeth = getattr(self.oPyKdbx, args.kpy)
o = oMeth(*args.words)
self.poutput(green('kpy: < ') + args.kpy +' ' +repr(o))
return
if args.kpy in kpy_methods+['_xpath'] and self.oPyKdbx: # 'save'
if args.kpy in [ 'add_entry', 'add_group']:
self.poutput(yellow('kpy: = ') + 'Unsupported: ' +args.kpy )
return
if args.kpy == 'get_binary_base64':
oMeth = getattr(self.oPyKdbx, 'binaries')[int(args.words[0])]
oMeth = base64.b64encode(oMeth)
elif args.kpy == 'add_binary_base64':
args.kpy = 'add_binary'
oMeth = getattr(self.oPyKdbx, args.kpy)
args.words = [base64.b64decode(args.words[0])]
# compressed=True, protected=True
elif args.kpy == 'add_binary_file':
args.kpy = 'add_binary'
oMeth = getattr(self.oPyKdbx, args.kpy)
with open(args.words[0], 'rb') as iFd:
oMeth = iFd.read()
# compressed=True, protected=True
else:
oMeth = getattr(self.oPyKdbx, args.kpy)
if args.kpy == 'delete_binary':
args.words = [int(args.words[0])]
if not callable(oMeth):
o = oMeth
elif len(args.words):
o = oMeth(*args.words)
else:
o = oMeth()
if type(o) is type(None) or o is None:
s = ''
elif type(o) in [list, tuple] and len(o):
# xpath
if 'text' in dir(o[0]):
# lxml.etree._Element
s = o[0].text
else:
s = repr(list(map(str,o)))
elif type(o) == str:
s = o
else:
s = repr(o)
self.poutput(green('kpy: < ') +args.kpy +': ' +s )
return
if args.kpy in ['exec', 'eval'] and not self.oPyKdbx:
self.poutput(yellow('kpy: = ') + 'Usually open a database first' )
if args.kpy == 'eval':
from io import StringIO
sLine = ' '.join(args.words)
self.poutput(blue('kpy: > ') +str(sLine))
old = sys.stdout
exit_code = 0
try:
sys.stdout = StringIO()
dLocals = {}
dLocals['oKP'] = oKP
if True:
# sStdout = eval(compile(sLine, 'single', 'exec'), globals(), dLocals)
sStdout = eval(sLine, globals(), dLocals)
else:
exec(compile(sLine, 'single', 'exec'))
sys.stdout.seek(0)
sStdout = sys.stdout.read()
finally:
sys.stdout = old
if not sStdout:
pass
elif exit_code == 0:
self.poutput(green('kpy: < ') +str(sStdout))
else:
self.poutput(red('kpy: ! ') +str(sStdout))
def session_add_key(yDesc,yVal):
from keyutils import join_session_keyring, add_key, request_key, set_perm
iSk=join_session_keyring()
assert type(iSk) == int
iKey = add_key(yDesc, yVal, iSk)
assert iKey >= 0
key_id=request_key(yDesc, iSk)
assert key_id > 0
set_perm(key_id, 0x3f1f0000)
info('session_add_key(' +yDesc +')')
def main(argv=None):
"""Run when invoked from the operating system shell"""
parser = cmd2.Cmd2ArgumentParser(description='Commands as arguments')
command_help = 'optional command to run, if no command given, enter an interactive shell'
parser.add_argument('command', nargs='?', help=command_help)
arg_help = 'optional arguments for command'
parser.add_argument('command_args', nargs=argparse.REMAINDER, help=arg_help)
args = parser.parse_args(argv)
c = CmdLineApp()
sys_exit_code = 0
if args.command:
# we have a command, run it and then exit
c.onecmd_plus_hooks('{} {}'.format(args.command, ' '.join(args.command_args)))
else:
# we have no command, drop into interactive mode
sys_exit_code = c.cmdloop()
return sys_exit_code
if __name__ == '__main__':
try:
sys.exit(main())
except io.UnsupportedOperation:
pass

View File

@ -0,0 +1,4 @@
wcwidth
cmd2
typing-extensions>=3.6.4
importlib-metadata>=4.6.1

View File

@ -0,0 +1,33 @@
# -*- mode: python ; coding: utf-8 -*-
block_cipher = None
a = Analysis(['keepassxc_cmd2.py'],
pathex=['/usr/local/src/gridfire/keepassxc_cmd2'],
binaries=[],
datas=[],
hiddenimports=[],
hookspath=[],
runtime_hooks=[],
excludes=[],
win_no_prefer_redirects=False,
win_private_assemblies=False,
cipher=block_cipher,
noarchive=False)
pyz = PYZ(a.pure, a.zipped_data,
cipher=block_cipher)
exe = EXE(pyz,
a.scripts,
a.binaries,
a.zipfiles,
a.datas,
[],
name='keepassxc_cmd2',
debug=False,
bootloader_ignore_signals=False,
strip=False,
upx=True,
upx_exclude=[],
runtime_tmpdir=None,
console=True )

View File

@ -0,0 +1,76 @@
#!/var/local/bin/python3.bash
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
dCLI_HELP = {
"add": "Add a new entry to a database",
"analyze": "Analyze passwords for weaknesses and problems",
"clip": "Copy an entry's attribute to the clipboard",
"close": "Close the currently opened database",
"db-create": "Create a new database",
"db-info": "Show a database's information",
"diceware": "Generate a new random diceware passphrase",
"edit": "Edit an entry",
"estimate": "Estimate the entropy of a password",
"export": "Exports the content of a database to standard output in the specified format",
"generate": "Generate a new random password",
"help": "Display command help",
"import": "Import the contents of an XML database",
"locate": "Find entries quickly",
"ls": "List database entries",
"merge": "Merge two databases",
"mkdir": "Adds a new group to a database",
"mv": "Moves an entry to a new group",
"open": "Open a database",
"rm": "Remove an entry from the database",
"rmdir": "Removes a group from a database",
"show": "Show an entry's information",
}
dKPY_HELP = {
'add_binary': 'add binary',
'add_entry': 'add entry',
'add_group': 'add group',
'attachments': 'attachments',
'binaries': 'binaries (property)',
'delete_binary': 'delete binary',
'delete_entry': 'delete entry',
'delete_group': 'delete group',
'deref': 'deref',
'dump_xml': 'dump xml',
'encryption algorithm': 'encryption_algorithm (property)',
'entries': 'entries (property)',
'filename': 'filename (property)',
'find_attachments': 'find attachments',
'find_entries': 'find entries',
'find_entries by_notes': 'find entries by notes',
'find_entries_by_password': 'find entries by password',
'find_entries_by_path': 'find entries by path',
'find_entries_by_string': 'find entries by string',
'find_entries_by_title': 'find entries by title',
'find_entries_by url': 'find entries by url',
'find_entries_by_username': 'find entries by username',
'find_entries_by_uuid': 'find entries by uuid',
'find_groups': 'find groups',
'find_groups_by_name': 'find groups by name',
'find_groups_by_notes': 'find groups by notes',
'find_groups_by_path': 'find groups by path',
'find_groups_by_uuid': 'find groups by uuid',
'groups': 'groups',
'kdbx': 'kdbx (property)',
'kdf_algorithm': 'kdf algorithm (property)',
'keyfile': 'keyfile (property)',
'move_entry': 'move entry',
'move_group': 'move group',
'password': 'password (property)',
'read': 'read',
'root_group': 'root group',
'save': 'save',
'transformed_key': 'transformed key',
'tree': 'tree',
'version': 'version (property)',
'xml': 'xml',
'add_binary_base64': 'add binary base64',
'get_binary_base64': 'get binary base64',
}

View File

@ -0,0 +1,63 @@
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set debug true
shell rm -f /var/tmp/test4.xml
shell cp /var/tmp/test4.kdbx /var/tmp/kpy4.kdbx
get_kdbx /var/tmp/kpy4.kdbx
get_keyfile /var/tmp/test4.key
get_pass password
kpy open
# properties
kpy attachments
kpy binaries
kpy encryption_algorithm
kpy filename
kpy groups
kpy kdf_algorithm
kpy keyfile
kpy version
# destination_group, group_name
kpy add_group email Email
# destination_group, title, username,assword, url=None, notes=None,
## AttributeError: 'str' object has no attribute '_element'
kpy add_entry email/gmail Gmail foo password url=http://goo.gl notes=""
# KGFbaSozMjppKjMyKzMxXS5yZXBsYWNlKHMsJycpLmVuY29kZSgpKQ
kpy add_binary_base64 AAAAAAAAAAAAAAAAAAAAAA==
kpy binaries
kpy get_binary_base64 0
kpy delete_binary 0
kpy binaries
kpy _xpath /KeePassFile/Meta/Generator
# KeePass
kpy _xpath /KeePassFile/Meta/RecycleBinEnabled
# True
kpy _xpath /KeePassFile/Root/Group/UUID
# o0mwbJwv11og+n6KjBcVjw==
# kpy root_group
# kpy tree
# kpy xml
kpy save
kpy dump_xml /var/tmp/test4.xml
shell ls -l /var/tmp/test4.xml
kpy eval 1+1
kpy eval [ x for x in dir(oKP) if not x.startswith('_')]
kpy close
# set sPassword
set sKeyfile
set sKdbx
help
#help cli
#help kpy

View File

@ -0,0 +1,28 @@
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set debug true
shell rm -f /var/tmp/test4.xml
shell cp /var/tmp/test4.kdbx /var/tmp/kpy4.kdbx
get_kdbx /var/tmp/kpy4.kdbx
get_keyfile /var/tmp/test4.key
get_pass password
qdbus help
shell echo password | /var/local/bin/keepassxc.bash --pw-stdin --keyfile /var/tmp/test4.key /var/tmp/kpy4.kdbx &
kpy eval 1+1
kpy eval [ x for x in dir(oKP) if not x.startswith('_')]
qdbus exit
# set sPassword
set sKeyfile
set sKdbx
#help cli
#help kpy
qdbus help

View File

@ -0,0 +1,17 @@
#!/usr/local/src/gridfire/keepassxc_cmd2/keepassxc_cmd2.py
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set debug true
cli generate
cli diceware -- -q --words 3
get_kdbx /var/tmp/test4.kdbx
cli db-info
get_pass -
get_keyfile /var/tmp/test4.key
# no arguments
cli db-info
cli ls
cli help

View File

@ -0,0 +1,2 @@
ailed to spawn a job for DistributionTarget(platform=Platform(platform='windows_x86_64', impl='cp', version='37', abi='cp37mu')): [Errno 2] No such file or directory: '/home/foo/.pex/venvs/c143f2812d31f0fdcd4da39bae5848b0eb481a90/d6df6f3ad8beb1fab8b495c2fade3bcb54b2cde9' -> '/home/foo/.pex/venvs/short/94a7fad2'
d

View File

@ -0,0 +1,17 @@
#-----------------------------------------------------------------------------
# Copyright (c) 2014-2020, PyInstaller Development Team.
#
# Distributed under the terms of the GNU General Public License (version 2
# or later) with exception for distributing the bootloader.
#
# The full license is in the file COPYING.txt, distributed with this software.
#
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
#-----------------------------------------------------------------------------
# Tested with keyring 3.7 on MacOS.
from PyInstaller.utils.hooks import collect_submodules
# .KeyutilsKeyringBackend
hiddenimports = collect_submodules('keyutils.keys.*')

View File

@ -0,0 +1,16 @@
#-----------------------------------------------------------------------------
# Copyright (c) 2014-2020, PyInstaller Development Team.
#
# Distributed under the terms of the GNU General Public License (version 2
# or later) with exception for distributing the bootloader.
#
# The full license is in the file COPYING.txt, distributed with this software.
#
# SPDX-License-Identifier: (GPL-2.0-or-later WITH Bootloader-exception)
#-----------------------------------------------------------------------------
# Tested with keyring 3.7 on MacOS.
from PyInstaller.utils.hooks import collect_submodules
hiddenimports = collect_submodules('keyutils.keys.*')

View File

@ -0,0 +1,27 @@
from __future__ import absolute_import
import os
import sys
ROLE="proxy" # noqa
# Remove '' and current working directory from the first entry
# of sys.path, if present to avoid using current directory
# in pip commands check, freeze, install, list and show,
# when invoked as python -m pip <command>
if sys.path[0] in ('', os.getcwd()):
sys.path.pop(0)
# If we are running from a wheel, add the wheel to sys.path
# This allows the usage python pip-*.whl/pip install pip-*.whl
if __package__ == '':
# __file__ is pip-*.whl/pip/__main__.py
# first dirname call strips of '/__main__.py', second strips off '/pip'
# Resulting path is the name of the wheel itself
# Add that to sys.path so we can import pip
path = os.path.dirname(os.path.dirname(__file__))
sys.path.insert(0, path)
from gridfire.gridfire import main as _main # isort:skip # noqa
if __name__ == '__main__':
sys.exit(_main())

View File

@ -0,0 +1,288 @@
usage: __main__.py [-o OUTPUT.PEX] [options] [-- arg1 arg2 ...]
__main__.py builds a PEX (Python Executable) file based on the given specifications: sources, requirements, their dependencies and other options.
Command-line options can be provided in one or more files by prefixing the filenames with an @ symbol. These files must contain one argument per line.
positional arguments:
requirements Requirements to add to the pex (default: None)
optional arguments:
-h, --help show this help message and exit
-V, --version show program's version number and exit
--pex-repository FILE
Resolve requirements from the given PEX file instead
of from --index servers or --find-links repos.
(default: None)
-o PEX_NAME, --output-file PEX_NAME
The name of the generated .pex file: Omitting this
will run PEX immediately and not save it to a file.
(default: None)
-p FILE, --preamble-file FILE
The name of a file to be included as the preamble for
the generated .pex file (default: None)
-D DIR, --sources-directory DIR
Add a directory containing sources and/or resources to
be packaged into the generated .pex file. This option
can be used multiple times. (default: [])
-R DIR, --resources-directory DIR
Add resources directory to be packaged into the
generated .pex file. This option can be used multiple
times. DEPRECATED: Use -D/--sources-directory instead.
(default: [])
-r FILE or URL, --requirement FILE or URL
Add requirements from the given requirements file.
This option can be used multiple times. (default: [])
--constraints FILE or URL
Add constraints from the given constraints file. This
option can be used multiple times. (default: [])
--requirements-pex FILE
Add requirements from the given .pex file. This option
can be used multiple times. (default: [])
-v Turn on logging verbosity, may be specified multiple
times. (default: 0)
--emit-warnings, --no-emit-warnings
Emit runtime UserWarnings on stderr. If false, only
emit them when PEX_VERBOSE is set. (default: True)
--pex-root PEX_ROOT Specify the pex root used in this invocation of pex
(if unspecified, uses /root/.pex). (default: None)
--tmpdir TMPDIR Specify the temporary directory Pex and its
subprocesses should use. (default: /var/tmp)
--seed [{none,args,verbose}]
Seed local Pex caches for the generated PEX and print
out the command line to run directly from the seed
with (args) or else a json object including the
'pex_root' path, the 'python' binary path and the
seeded 'pex' path (verbose). (default: none)
--no-seed Deprecated: Use --seed=none instead. (default: None)
--help-variables Print out help about the various environment variables
used to change the behavior of a running PEX file.
(default: None)
Resolver options:
Tailor how to find, resolve and translate the packages that get put into
the PEX environment.
--resolver-version {pip-legacy-resolver,pip-2020-resolver}
The dependency resolver version to use. Read more at
https://pip.pypa.io/en/stable/user_guide/#resolver-
changes-2020 (default: pip-legacy-resolver)
--pypi, --no-pypi, --no-index
Whether to use PyPI to resolve dependencies. (default:
True)
--pex-path PEX_PATH A colon separated list of other pex files to merge
into the runtime environment. (default: None)
-f PATH/URL, --find-links PATH/URL, --repo PATH/URL
Additional repository path (directory or URL) to look
for requirements. (default: [])
-i URL, --index URL, --index-url URL
Additional cheeseshop indices to use to satisfy
requirements. (default: None)
--cache-ttl DEPRECATED
Deprecated: No longer used. (default: None)
--retries RETRIES Maximum number of retries each connection should
attempt. (default: 5)
--timeout SECS Set the socket timeout in seconds. (default: 15)
-H DEPRECATED, --header DEPRECATED
Deprecated: No longer used. (default: None)
--proxy PROXY Specify a proxy in the form
[user:passwd@]proxy.server:port. (default: None)
--cert PATH Path to alternate CA bundle. (default: None)
--client-cert PATH Path to an SSL client certificate which should be a
single file containing the private key and the
certificate in PEM format. (default: None)
--pre, --no-pre Whether to include pre-release and development
versions of requirements. (default: False)
--disable-cache Disable caching in the pex tool entirely. (default:
False)
--cache-dir CACHE_DIR
DEPRECATED: Use --pex-root instead. The local cache
directory to use for speeding up requirement lookups.
(default: None)
--wheel, --no-wheel, --no-use-wheel
Whether to allow wheel distributions. (default: True)
--build, --no-build Whether to allow building of distributions from
source. (default: True)
--manylinux MANYLINUX, --no-manylinux MANYLINUX, --no-use-manylinux MANYLINUX
Whether to allow resolution of manylinux wheels for
linux target platforms. (default: manylinux2014)
--transitive, --no-transitive, --intransitive
Whether to transitively resolve requirements.
(default: True)
-j JOBS, --jobs JOBS The maximum number of parallel jobs to use when
resolving, building and installing distributions. You
might want to increase the maximum number of parallel
jobs to potentially improve the latency of the pex
creation process at the expense of otherprocesses on
your system. (default: 4)
PEX output options:
Tailor the behavior of the emitted .pex file if -o is specified.
--include-tools Whether to include runtime tools in the pex file. If
included, these can be run by exporting PEX_TOOLS=1
and following the usage and --help information.
(default: False)
--zip-safe, --not-zip-safe
Whether or not the sources in the pex file are zip
safe. If they are not zip safe, they will be written
to disk prior to execution. Also see --unzip which
will cause the complete pex file, including
dependencies, to be unzipped. (default: True)
--unzip, --no-unzip Whether or not the pex file should be unzipped before
executing it. If the pex file will be run multiple
times under a stable runtime PEX_ROOT the unzipping
will only be performed once and subsequent runs will
enjoy lower startup latency. (default: False)
--venv [{prepend,append}]
Convert the pex file to a venv before executing it. If
'prepend' or 'append' is specified, then all scripts
and console scripts provided by distributions in the
pex file will be added to the PATH in the
corresponding position. If the the pex file will be
run multiple times under a stable runtime PEX_ROOT,
the venv creation will only be done once and
subsequent runs will enjoy lower startup latency.
(default: False)
--venv-copies, --no-venv-copies
If --venv is specified, create the venv using copies
of base interpreter files instead of symlinks.
(default: False)
--always-write-cache Always write the internally cached distributions to
disk prior to invoking the pex source code. This can
use less memory in RAM constrained environments.
(default: False)
--ignore-errors Ignore requirement resolution solver errors when
building pexes and later invoking them. (default:
False)
--inherit-path {false,prefer,fallback}
Inherit the contents of sys.path (including site-
packages, user site-packages and PYTHONPATH) running
the pex. Possible values: 'false' (does not inherit
sys.path), 'fallback' (inherits sys.path after
packaged dependencies), 'prefer' (inherits sys.path
before packaged dependencies), No value (alias for
prefer, for backwards compatibility). (default: false)
--compile, --no-compile
Compiling means that the built pex will include .pyc
files, which will result in slightly faster startup
performance. However, compiling means that the
generated pex likely will not be reproducible, meaning
that if you were to run `./pex -o` with the same
inputs then the new pex would not be byte-for-byte
identical to the original. (default: False)
--use-system-time, --no-use-system-time
Use the current system time to generate timestamps for
the new pex. Otherwise, Pex will use midnight on
January 1, 1980. By using system time, the generated
pex will not be reproducible, meaning that if you were
to run `./pex -o` with the same inputs then the new
pex would not be byte-for-byte identical to the
original. (default: False)
--runtime-pex-root RUNTIME_PEX_ROOT
Specify the pex root to be used in the generated .pex
file (if unspecified, uses ~/.pex). (default: None)
--strip-pex-env, --no-strip-pex-env
Strip all `PEX_*` environment variables used to
control the pex runtime before handing off control to
the pex entrypoint. You might want to set this to
`False` if the new pex executes other pexes (or the
Pex CLI itself) and you want the executed pex to be
controllable via `PEX_*` environment variables.
(default: True)
PEX environment options:
Tailor the interpreter and platform targets for the PEX environment.
--python PYTHON The Python interpreter to use to build the PEX
(default: current interpreter). This cannot be used
with `--interpreter-constraint`, which will instead
cause PEX to search for valid interpreters. Either
specify an absolute path to an interpreter, or specify
a binary accessible on $PATH like `python3.7`. This
option can be passed multiple times to create a multi-
interpreter compatible PEX. (default: [])
--python-path PYTHON_PATH
Colon-separated paths to search for interpreters when
`--interpreter-constraint` and/or `--resolve-local-
platforms` are specified (default: $PATH). Each
element can be the absolute path of an interpreter
binary or a directory containing interpreter binaries.
(default: None)
--interpreter-constraint INTERPRETER_CONSTRAINT
Constrain the selected Python interpreter. Specify
with Requirement-style syntax, e.g. "CPython>=2.7,<3"
(A CPython interpreter with version >=2.7 AND version
<3), ">=2.7,<3" (Any Python interpreter with version
>=2.7 AND version <3) or "PyPy" (A PyPy interpreter of
any version). This argument may be repeated multiple
times to OR the constraints. Try `PEX_TOOLS=1
/usr/bin/python3.8 /usr/local/lib/python3.8/site-
packages/pex/__main__.py interpreter --verbose
--indent 4` to find the exact interpreter constraints
of /usr/bin/python3.8 and `PEX_TOOLS=1
/usr/local/lib/python3.8/site-packages/pex/__main__.py
interpreter --all --verbose --indent 4` to find out
the interpreter constraints of all Python interpreters
on the $PATH. (default: [])
--rcfile RC_FILE An additional path to a pexrc file to read during
configuration parsing, in addition to reading
`/etc/pexrc` and `~/.pexrc`. If
`PEX_IGNORE_RCFILES=true`, then all rc files will be
ignored. (default: None)
--python-shebang PYTHON_SHEBANG
The exact shebang (#!...) line to add at the top of
the PEX file minus the #!. This overrides the default
behavior, which picks an environment Python
interpreter compatible with the one used to build the
PEX file. (default: None)
--platform PLATFORMS The platform for which to build the PEX. This option
can be passed multiple times to create a multi-
platform pex. To use the platform corresponding to the
current interpreter you can pass `current`. To target
any other platform you pass a string composed of
fields: <platform>-<python impl abbr>-<python
version>-<abi>. These fields stem from wheel name
conventions as outlined in
https://www.python.org/dev/peps/pep-0427#file-name-
convention and influenced by
https://www.python.org/dev/peps/pep-0425. For the
current interpreter at /usr/bin/python3.8 the full
platform string is manylinux_2_33_x86_64-cp-38-cp38.
To find out more, try `PEX_TOOLS=1
/usr/local/lib/python3.8/site-packages/pex/__main__.py
interpreter --all --verbose --indent 4` to print out
the platform for all interpreters on the $PATH or
`PEX_TOOLS=1 /usr/bin/python3.8
/usr/local/lib/python3.8/site-packages/pex/__main__.py
interpreter --verbose --indent 4` to inspect the
single interpreter /usr/bin/python3.8. (default: [])
--resolve-local-platforms
When --platforms are specified, attempt to resolve a
local interpreter that matches each platform
specified. If found, use the interpreter to resolve
distributions; if not (or if this option is not
specified), resolve for each platform only allowing
matching binary distributions and failing if only
sdists or non-matching binary distributions can be
found. (default: False)
PEX entry point options:
Specify what target/module the PEX should invoke if any.
-m MODULE[:SYMBOL], -e MODULE[:SYMBOL], --entry-point MODULE[:SYMBOL]
Set the entry point to module or module:symbol. If
just specifying module, pex behaves like python -m,
e.g. python -m SimpleHTTPServer. If specifying
module:symbol, pex assume symbol is a n0-arg callable
and imports that symbol and invokes it as if via
`sys.exit(symbol())`. (default: None)
-c SCRIPT_NAME, --script SCRIPT_NAME, --console-script SCRIPT_NAME
Set the entry point as to the script or console_script
as defined by a any of the distributions in the pex.
For example: "pex -c fab fabric" or "pex -c mturk
boto". (default: None)
--validate-entry-point
Validate the entry point by importing it in separate
process. Warning: this could have side effects. For
example, entry point `a.b.c:m` will translate to `from
a.b.c import m` during validation. (default: False)

View File

@ -0,0 +1,66 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=gpgkey
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
MOD="pyassuan"
DIR="${MOD}"
BINS="get-info pinentry"
GIT_HUB=http-git.tremily.us
GIT_DIR=pyassuan
cd $PREFIX/src/gridfire || exit 2
WD=$PWD
# http://http-git.tremily.us/pyassuan.git
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route | grep -q '^default' || { echo DEBUG: not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://$GIT_HUB/$GIT_DIR.git" ) \
|| exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || exit 3
fi
cd "$DIR" || exit 4
if [ ! -f setup.py.dst ] ; then
cp -p setup.py setup.py.dst
sed -e 's@^ )@ zip_safe=False)@' -i setup.py
fi
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
"$PYTHON_EXE_MSYS" setup.py install >> install.log 2>&1 || {
echo "ERROR: code $?" ; cat install.log ; exit 6 ;
}
"$PYTHON_EXE_MSYS" -c "import $MOD" || exit 10
cd ..
for elt in ${BINS} ; do \
[ -f ../../bin/$$elt -a ../../bin/$$elt -nt bin/$$elt ] || \
{ cp -p bin/$$elt ../../bin/$$elt ; \
chmod 775 ../../bin/$$elt ; } ; \
done
[ "$#" -eq 0 ] && exit 0
if [ "$1" = 'test' ] ; then
cd $WD/DIR
$PYTHON_EXE_MSYS -m unittest discover || exit 11
fi

View File

@ -0,0 +1,45 @@
# S:OK Your orders please
OPTION grab
# S:OK
OPTION ttyname=/dev/tty3
# S:OK
OPTION ttytype=xterm
# S:OK
OPTION lc-ctype=en_US.UTF-8
# S:OK
OPTION lc-messages=en_US.UTF-8
# S:OK
OPTION allow-external-password-cache
# S:OK
OPTION default-ok=_OK
# S:OK
OPTION default-cancel=_Cancel
# S:OK
OPTION default-yes=_Yes
# S:OK
OPTION default-no=_No
# S:OK
OPTION default-prompt=PIN:
# S:OK
OPTION default-pwmngr=_Save in password manager
# S:OK
OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
# S:OK
OPTION default-tt-visi=Make passphrase visible
# S:OK
OPTION default-tt-hide=Hide passphrase
# S:OK
GETINFO pid
# S:D 14309
# S:OK
SETKEYINFO u/S9464F2C2825D2FE3
# S:OK
SETDESC Enter passphrase%0A
# S:OK
SETPROMPT Passphrase
# S:OK
GETPIN
# S:D testing!
# S:OK
BYE
# S:OK closing connection

View File

@ -0,0 +1,72 @@
#!/usr/bin/env python3
# -*-mode: python; py-indent-offset: 4; indent-tabs-mode: nil; coding: utf-8 -*-
import sys
import os
import pexpect
ROLE="proxy" # noqa
KEY="u/S9464F2C2825D2FE3"
PASS="foo"
LOCALE="en_US.UTF-8"
p = pexpect.spawnu('sh /var/local/bin/pinentry3.bash')
p.logfile = sys.stdout
p.timeout = 1
print(dir(p))
p.expect("OK .*\r")
p.send("OPTION grab\r")
p.expect("OK.*")
p.send("OPTION ttyname=" + os.environ['GPG_TTY'] +"\r")
p.expect("OK.*")
p.send("OPTION ttytype=xterm\r")
p.expect("OK.*")
p.send("OPTION lc-ctype=" +LOCALE +"\r")
p.expect("OK.*")
p.send("OPTION lc-messages=en_US.UTF-8\r")
p.expect("OK.*")
p.send("OPTION allow-external-password-cache\r")
p.expect("OK.*")
p.send("OPTION default-ok=_OK\r")
p.expect("OK.*")
p.send("OPTION default-cancel=_Cancel\r")
p.expect("OK.*")
p.send("OPTION default-yes=_Yes\r")
p.expect("OK.*")
p.send("OPTION default-no=_No\r")
p.expect("OK.*")
p.send("OPTION default-prompt=PIN:\r")
p.expect("OK.*")
p.send("OPTION default-pwmngr=_Save in password manager\r")
p.expect("OK.*")
p.send("OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?\r")
p.expect("OK.*")
p.send("OPTION default-tt-visi=Make passphrase visible\r")
p.expect("OK.*")
p.send("OPTION default-tt-hide=Hide passphrase\r")
p.expect("OK.*")
p.send("GETINFO pid\r")
p.expect("OK.*")
# if str(p.match).find("D " +str(os.getpid())) < 0: raise RuntimeError(p.match)
print(str(p.match))
p.send("SETKEYINFO "+ KEY +"\r")
p.expect("OK.*")
p.send("SETDESC Enter passphrase%0A\r")
p.expect("OK.*")
p.send("SETPROMPT Passphrase\r")
p.expect("OK.*")
p.send("GETPIN\r")
# p.expect("Enter passphrase")
#p.expect("key: " +KEY)
p.expect("Passphrase")
p.send(PASS +"\r")
#p.expect("D " +PASS +"\r\nOK.*")
p.expect("OK.*")
print(str(p.before))
p.send("BYE\r")
p.expect("OK closing connection\r")
p.expect(pexpect.EOF)
p.kill(0)

Some files were not shown because too many files have changed in this diff Show More