def moveKeys(db, crypt):
try:
if args.keys is None:
logger.error("Must specify key file for key manipulation")
return 1
clientId = db.getConfigValue('ClientID')
salt, vkey = db.getSrpValues()
#(db, _) = getDB(crypt)
if args.extract:
(f, c) = db.getKeys()
if not (f and c):
raise Exception("Unable to retrieve keys from server. Aborting.")
Util.saveKeys(args.keys, clientId, f, c)
if args.deleteKeys:
db.setKeys(salt, vkey, None, None)
elif args.insert:
(f, c) = Util.loadKeys(args.keys, clientId)
logger.info("Keys: F: %s C: %s", f, c)
if not (f and c):
raise Exception("Unable to retrieve keys from key database. Aborting.")
db.setKeys(salt, vkey, f, c)
if args.deleteKeys:
Util.saveKeys(args.keys, clientId, None, None)
return 0
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
return 1
except Exception as e:
logger.error(e)
exceptionLogger.log(e)
return 1
def changePassword(crypt, crypt2):
try:
(db, _) = getDB(crypt)
# Load the keys, and insert them into the crypt object, to decyrpt them
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue("ClientID"))
else:
(f, c) = db.getKeys()
crypt.setKeys(f, c)
# Grab the keys from one crypt object.
# Need to do this because getKeys/setKeys assumes they're encrypted, and we need the raw
# versions
crypt2._filenameKey = crypt._filenameKey
crypt2._contentKey = crypt._contentKey
# Now get the encrypted versions
(f, c) = crypt2.getKeys()
if args.keys:
db.beginTransaction()
db.setToken(crypt2.createToken())
Util.saveKeys(args.keys, db.getConfigValue("ClientID"), f, c)
db.commit()
else:
db.setKeys(crypt2.createToken(), f, c)
db.close()
return 0
except Exception as e:
logger.error(e)
return 1
def moveKeys(db, crypt):
try:
if args.keys is None:
logger.error("Must specify key file for key manipulation")
return 1
clientId = db.getConfigValue("ClientID")
token = crypt.createToken()
(db, _) = getDB(crypt)
if args.extract:
(f, c) = db.getKeys()
if not (f and c):
raise Exception("Unable to retrieve keys from server. Aborting.")
Util.saveKeys(args.keys, clientId, f, c)
if args.deleteKeys:
db.setKeys(token, None, None)
elif args.insert:
(f, c) = Util.loadKeys(args.keys, clientId)
logger.info("Keys: F: %s C: %s", f, c)
if not (f and c):
raise Exception("Unable to retrieve keys from key database. Aborting.")
db.setKeys(token, f, c)
if args.deleteKeys:
Util.saveKeys(args.keys, clientId, None, None)
return 0
except Exception as e:
logger.error(e)
logger.exception(e)
return 1
def moveKeys(db, crypt):
try:
if args.keys is None:
logger.error("Must specify key file for key manipulation")
return 1
clientId = db.getConfigValue('ClientID')
token = crypt.createToken()
#(db, _) = getDB(crypt)
if args.extract:
(f, c) = db.getKeys()
if not (f and c):
raise Exception(
"Unable to retrieve keys from server. Aborting.")
Util.saveKeys(args.keys, clientId, f, c)
if args.deleteKeys:
db.setKeys(token, None, None)
elif args.insert:
(f, c) = Util.loadKeys(args.keys, clientId)
logger.info("Keys: F: %s C: %s", f, c)
if not (f and c):
raise Exception(
"Unable to retrieve keys from key database. Aborting.")
db.setKeys(token, f, c)
if args.deleteKeys:
Util.saveKeys(args.keys, clientId, None, None)
return 0
except Exception as e:
logger.error(e)
logger.exception(e)
return 1
def changePassword(crypt, crypt2):
try:
(db, _) = getDB(crypt)
# Load the keys, and insert them into the crypt object, to decyrpt them
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue('ClientID'))
else:
(f, c) = db.getKeys()
crypt.setKeys(f, c)
# Grab the keys from one crypt object.
# Need to do this because getKeys/setKeys assumes they're encrypted, and we need the raw
# versions
crypt2._filenameKey = crypt._filenameKey
crypt2._contentKey = crypt._contentKey
# Now get the encrypted versions
(f, c) = crypt2.getKeys()
if args.keys:
db.beginTransaction()
db.setToken(crypt2.createToken())
Util.saveKeys(args.keys, db.getConfigValue('ClientID'), f, c)
db.commit()
else:
db.setKeys(crypt2.createToken(), f, c)
return 0
except Exception as e:
logger.error(e)
return 1
def moveKeys(db, crypt):
try:
if args.keys is None:
logger.error("Must specify key file for key manipulation")
return 1
clientId = db.getConfigValue('ClientID')
salt, vkey = db.getSrpValues()
#(db, _) = getDB(crypt)
if args.extract:
(f, c) = db.getKeys()
if not (f and c):
raise Exception("Unable to retrieve keys from server. Aborting.")
Util.saveKeys(args.keys, clientId, f, c)
if args.deleteKeys:
db.setKeys(salt, vkey, None, None)
elif args.insert:
(f, c) = Util.loadKeys(args.keys, clientId)
logger.info("Keys: F: %s C: %s", f, c)
if not (f and c):
raise Exception("Unable to retrieve keys from key database. Aborting.")
db.setKeys(salt, vkey, f, c)
if args.deleteKeys:
Util.saveKeys(args.keys, clientId, None, None)
return 0
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
return 1
except Exception as e:
logger.error(e)
if args.exceptions:
logger.exception(e)
return 1
def changePassword(crypt, oldpw):
try:
(db, _, crypt) = getDB(oldpw)
# Get the new password
try:
newpw = Util.getPassword(args.newpw,
args.newpwf,
args.newpwp,
prompt="New Password for %s: " %
(args.client),
allowNone=False,
confirm=True,
strength=True)
except Exception as e:
logger.critical(str(e))
if args.exceptions:
logger.exception(e)
return -1
scheme = db.getConfigValue('CryptoScheme', 1)
crypt2 = TardisCrypto.getCrypto(scheme, newpw, args.client)
# Load the keys, and insert them into the crypt object, to decyrpt them
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue('ClientID'))
# No need to check here, loadKeys() throws exception if nothing set.
else:
(f, c) = db.getKeys()
if f is None or c is None:
logger.critical(
"No keys loaded from database. Please specify --keys as appropriate"
)
raise Exception("No keys loaded")
crypt.setKeys(f, c)
# Grab the keys from one crypt object.
# Need to do this because getKeys/setKeys assumes they're encrypted, and we need the raw
# versions
crypt2._filenameKey = crypt._filenameKey
crypt2._contentKey = crypt._contentKey
# Now get the encrypted versions
(f, c) = crypt2.getKeys()
(salt, vkey) = srp.create_salted_verification_key(args.client, newpw)
if args.keys:
db.beginTransaction()
db.setSrpValues(salt, vkey)
Util.saveKeys(args.keys, db.getConfigValue('ClientID'), f, c)
db.commit()
else:
db.setKeys(salt, vkey, f, c)
return 0
except Exception as e:
logger.error(str(e))
if args.exceptions:
logger.exception(e)
return 1
def changePassword(crypt, oldpw) :
try:
(db, _, crypt) = getDB(crypt, oldpw)
# Get the new password
try:
newpw = Util.getPassword(args.newpw, args.newpwf, args.newpwp, prompt="New Password for %s: " % (args.client),
allowNone=False, confirm=True, strength=True)
except Exception as e:
logger.critical(str(e))
if args.exceptions:
logger.exception(e)
return -1
crypt2 = TardisCrypto.TardisCrypto(newpw, args.client)
# Load the keys, and insert them into the crypt object, to decyrpt them
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue('ClientID'))
# No need to check here, loadKeys() throws exception if nothing set.
else:
(f, c) = db.getKeys()
if f is None or c is None:
logger.critical("No keys loaded from database. Please specify --keys as appropriate")
raise Exception("No keys loaded")
crypt.setKeys(f, c)
# Grab the keys from one crypt object.
# Need to do this because getKeys/setKeys assumes they're encrypted, and we need the raw
# versions
crypt2._filenameKey = crypt._filenameKey
crypt2._contentKey = crypt._contentKey
# Now get the encrypted versions
(f, c) = crypt2.getKeys()
(salt, vkey) = srp.create_salted_verification_key(args.client, newpw)
if args.keys:
db.beginTransaction()
db.setSrpValues(salt, vkey)
Util.saveKeys(args.keys, db.getConfigValue('ClientID'), f, c)
db.commit()
else:
db.setKeys(salt, vkey, f, c)
return 0
except Exception as e:
logger.error(str(e))
if args.exceptions:
logger.exception(e)
return 1
def main():
global logger, exceptionLogger, args
parseArgs()
logger = Util.setupLogging(args.verbose)
exceptionLogger = Util.ExceptionLogger(logger, args.exceptions)
# Commands which cannot be executed on remote databases
allowRemote = args.command not in ['create', 'upgrade']
db = None
crypt = None
cache = None
try:
confirm = args.command in ['setpass', 'create']
allowNone = args.command not in ['setpass', 'chpass']
try:
password = Util.getPassword(args.password, args.passwordfile, args.passwordprog, prompt="Password for %s: " % (args.client), allowNone=allowNone, confirm=confirm)
except Exception as e:
logger.critical(str(e))
exceptionLogger.log(e)
return -1
if password:
crypt = TardisCrypto.TardisCrypto(password, args.client)
args.password = None
if args.command == 'create':
return createClient(crypt, password)
if args.command == 'setpass':
if not Util.checkPasswordStrength(password):
return -1
if not crypt:
logger.error("No password specified")
return -1
return setPassword(crypt, password)
if args.command == 'chpass':
return changePassword(crypt, password)
upgrade = (args.command == 'upgrade')
try:
(db, cache) = getDB(crypt, password, allowRemote=allowRemote, allowUpgrade=upgrade)
if crypt and args.command != 'keys':
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue('ClientID'))
else:
(f, c) = db.getKeys()
crypt.setKeys(f, c)
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
exceptionLogger.log(e)
sys.exit(1)
except Exception as e:
logger.critical("Unable to connect to database: %s", e)
exceptionLogger.log(e)
sys.exit(1)
if args.command == 'keys':
return moveKeys(db, crypt)
elif args.command == 'list':
return listBSets(db, crypt, cache)
elif args.command == 'files':
return listFiles(db, crypt)
elif args.command == 'info':
return bsetInfo(db)
elif args.command == 'purge':
return purge(db, cache)
elif args.command == 'delete':
return deleteBsets(db, cache)
elif args.command == 'priority':
return setPriority(db)
elif args.command == 'rename':
return renameSet(db)
elif args.command == 'getconfig':
return getConfig(db)
elif args.command == 'setconfig':
return setConfig(db)
elif args.command == 'orphans':
return removeOrphans(db, cache)
elif args.command == 'upgrade':
return
except KeyboardInterrupt:
pass
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
sys.exit(1)
except Exception as e:
logger.error("Caught exception: %s", str(e))
exceptionLogger.log(e)
finally:
if db:
db.close()
def main():
global logger
parseArgs()
logger = Util.setupLogging(args.verbose)
# Commands which cannot be executed on remote databases
allowRemote = args.command not in ['create']
db = None
crypt = None
cache = None
try:
password = Util.getPassword(args.password,
args.passwordfile,
args.passwordprog,
prompt="Password for %s: " % (args.client),
allowNone=(args.command != 'setPass'))
if args.command in ['setpass', 'create']:
if password and not checkPasswordStrength(password):
return -1
if args.password:
pw2 = Util.getPassword(args.password,
args.passwordfile,
args.passwordprog,
prompt='Confirm Password: '******'t match")
return -1
pw2 = None
if password:
crypt = TardisCrypto.TardisCrypto(password, args.client)
password = None
args.password = None
if args.command == 'create':
return createClient(crypt)
if args.command == 'setpass':
if not crypt:
logger.error("No password specified")
return -1
return setToken(crypt)
if args.command == 'chpass':
newpw = Util.getPassword(args.newpw,
args.newpwf,
args.newpwp,
prompt="New Password for %s: " %
(args.client),
allowNone=False)
if not checkPasswordStrength(newpw):
return -1
if args.newpw is True:
newpw2 = Util.getPassword(args.newpw,
args.newpwf,
args.newpwp,
prompt="New Password for %s: " %
(args.client),
allowNone=False)
if newpw2 != newpw:
logger.error("Passwords don't match")
return -1
newpw2 = None
crypt2 = TardisCrypto.TardisCrypto(newpw, args.client)
newpw = None
args.newpw = None
return changePassword(crypt, crypt2)
try:
(db, cache) = getDB(crypt, allowRemote=allowRemote)
if crypt:
if args.keys:
(f, c) = Util.loadKeys(args.keys,
db.getConfigValue('ClientID'))
else:
(f, c) = db.getKeys()
crypt.setKeys(f, c)
except Exception as e:
logger.critical("Unable to connect to database: %s", e)
sys.exit(1)
if args.command == 'keys':
return moveKeys(db, crypt)
elif args.command == 'list':
return listBSets(db)
elif args.command == 'files':
return listFiles(db, crypt)
elif args.command == 'info':
return bsetInfo(db)
elif args.command == 'purge':
return purge(db, cache)
elif args.command == 'delete':
return deleteBsets(db, cache)
elif args.command == 'getconfig':
return getConfig(db)
elif args.command == 'setconfig':
return setConfig(db)
elif args.command == 'orphans':
return removeOrphans(db, cache)
except KeyboardInterrupt:
pass
except Exception as e:
logger.error("Caught exception: %s", str(e))
logger.exception(e)
finally:
if db:
db.close()
def main():
global logger
parseArgs()
logger = Util.setupLogging(args.verbose)
# Commands which cannot be executed on remote databases
allowRemote = args.command not in ['create', 'upgrade']
db = None
crypt = None
cache = None
try:
confirm = args.command in ['setpass', 'create']
allowNone = args.command not in ['setpass', 'chpass']
try:
password = Util.getPassword(args.password, args.passwordfile, args.passwordprog, prompt="Password for %s: " % (args.client), allowNone=allowNone, confirm=confirm)
except Exception as e:
logger.critical(str(e))
if args.exceptions:
logger.exception(e)
return -1
if password:
crypt = TardisCrypto.TardisCrypto(password, args.client)
args.password = None
if args.command == 'create':
return createClient(crypt, password)
if args.command == 'setpass':
if not Util.checkPasswordStrength(password):
return -1
if not crypt:
logger.error("No password specified")
return -1
return setPassword(crypt, password)
if args.command == 'chpass':
return changePassword(crypt, password)
upgrade = (args.command == 'upgrade')
try:
(db, cache, crypt) = getDB(crypt, password, allowRemote=allowRemote, allowUpgrade=upgrade)
if crypt and args.command != 'keys':
if args.keys:
(f, c) = Util.loadKeys(args.keys, db.getConfigValue('ClientID'))
else:
(f, c) = db.getKeys()
crypt.setKeys(f, c)
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
if args.exceptions:
logger.exception(e)
sys.exit(1)
except Exception as e:
logger.critical("Unable to connect to database: %s", e)
if args.exceptions:
logger.exception(e)
sys.exit(1)
if args.command == 'keys':
return moveKeys(db, crypt)
elif args.command == 'list':
return listBSets(db, crypt, cache)
elif args.command == 'files':
return listFiles(db, crypt)
elif args.command == 'info':
return bsetInfo(db)
elif args.command == 'purge':
return purge(db, cache)
elif args.command == 'delete':
return deleteBsets(db, cache)
elif args.command == 'priority':
return setPriority(db)
elif args.command == 'rename':
return renameSet(db)
elif args.command == 'getconfig':
return getConfig(db)
elif args.command == 'setconfig':
return setConfig(db)
elif args.command == 'orphans':
return removeOrphans(db, cache)
elif args.command == 'upgrade':
return
except KeyboardInterrupt:
pass
except TardisDB.AuthenticationException as e:
logger.error("Authentication failed. Bad password")
sys.exit(1)
except Exception as e:
logger.error("Caught exception: %s", str(e))
if args.exceptions:
logger.exception(e)
finally:
if db:
db.close()
