def _load_pwdb(self): #################################################################### """reload passworddb""" #################################################################### LOGGER.info("Reloading Password Database") self.pwdb = PasswordDB() self.pwdb.load_from_directory(self.args["pwstore"])
def _decrypt_password_entry(self, password, distributor): #################################################################### """This decrypts a given password entry""" #################################################################### plaintext_pw = password.decrypt_entry( identity=self.identity, passphrase=self.passphrase, card_slot=self.args["card_slot"], ) if not self.args["noverify"]: result = password.verify_entry( self.identity["name"], self.identities, distributor, self.session.query(Recipient) .filter(Recipient.name == distributor) .first() .certs, ) if not result["sigOK"]: LOGGER.warning( "Could not verify that %s correctly signed your password entry.", result["distributor"], ) if not result["certOK"]: LOGGER.warning( "Could not verify the certificate authenticity of user '%s'.", result["distributor"], ) return f"{self.color_print(password.metadata['name'], 'first_level')}: {plaintext_pw}"
def default(self, line): #################################################################### """If we don't have a proper subcommand passed""" #################################################################### LOGGER.error( "Command '%s' not found, see help (?) for available commands", line) return False
def _flat_file(self, passwords): #################################################################### """This function handles the simple key:value pair""" #################################################################### LOGGER.info( "Flat password file detected, using 'imported' as description \ you can manually change the description in the file if you would like" ) for password in tqdm(passwords): psplit = password.split(":") fname = psplit[0].strip() pvalue = psplit[1].strip() self.args["pwname"] = fname self.create_or_update_pass(pvalue, "imported", self.args["identity"])
def _run_command_setup(self, parsedargs): ################################################################## """Passes the argparse Namespace object of parsed arguments""" ################################################################## self.args = collect_args(parsedargs) self.session = sessionmaker(bind=self.args["db"]["engine"])() self._validate_combinatorial_args() self._validate_args() # Build the list of recipients that this command will act on self._build_recipient_list() # If there are defined repositories of keys and certificates, load them self.identities.args = self.args self.identities.cabundle = self.args["cabundle"] self.identities.load_certs_from_directory( self.args["certpath"], connectmap=self.args["connect"], nocache=self.args["no_cache"], ) if self.args["keypath"]: self.identities.load_keys_from_directory(self.args["keypath"]) self.identity = ( self.session.query(Recipient) .filter(Recipient.name == self.args["identity"]) .first() ) self._validate_identities() self.identity = dict(self.identity) if ( self.args["subparser_name"] in ["list", "interpreter", "distribute", "export"] and not self.pwdbcached ): self.passworddb.load_from_directory(self.args["pwstore"]) if "pwname" in self.args and self.args["pwname"]: self._resolve_directory_path() self.args["card_slot"] = self.args["card_slot"] if self.args["card_slot"] else 0 if "nopassphrase" in self.selected_args and not self.args["nopassphrase"]: for mesg in print_card_info( self.args["card_slot"], self.identity, self.args["verbosity"], self.args["color"], self.args["theme_map"], ): LOGGER.info(mesg) self.passphrase = getpass.getpass("Enter Pin/Passphrase: ")
def do_fn(self, _): ############################################ """Use -h or --help for information""" ############################################ try: pk_class = [ o for o in getmembers(globals()[module_name], isclass) if str(o[0]) == class_name ][0][1] pk_class(self, pwdb=self.pwdb) for mesg in self.actions[swap_name].run(self.parser.parse_args()): if mesg: print(mesg) return False except PKPassError as err: LOGGER.error(err) return False except SystemExit: return False
def _walk_dir(self, directory, password, ignore_decrypt=False): #################################################################### """Walk our directory searching for passwords""" #################################################################### # walk returns root, dirs, and files we just need files for root, _, pwnames in walk(directory): trim_root = root.replace(self.args["pwstore"], "").lstrip("/") for pwname in pwnames: if self.args["pwname"] is None or fnmatch( path.join(trim_root, pwname), self.args["pwname"] ): try: yield from self._decrypt_wrapper(root, password, pwname) except DecryptionError as err: if ignore_decrypt: LOGGER.err(err) continue raise except (NotARecipientError, TypeError): continue
def _reload_config(self): #################################################################### """Change affected globals in interpreter""" #################################################################### # We still need to be able to reload other things like recipients # database config = self.args["config"] config_args = self.args try: config_args = collect_args({"config": config}) if not config_args: config_args = self.args except ParserError: LOGGER.error("Error parsing config file") config_args = self.args finally: self.args = config_args self.args["config"] = config self.args = handle_filepath_args(self.args) self._change_pwstore() self._load_pwdb()
def _run_command_execution(self): #################################################################### """Run function for class.""" #################################################################### password = PasswordEntry() password.read_password_data( path.join(self.args["pwstore"], self.args["pwname"])) distributor = password.recipients[self.identity["name"]]["distributor"] plaintext_pw = password.decrypt_entry( identity=self.identity, passphrase=self.passphrase, card_slot=self.args["card_slot"], ) if not self.args["noverify"]: result = password.verify_entry( self.identity["name"], self.identities, distributor, self.session.query(Recipient).filter( Recipient.name == distributor).first().certs, ) if not result["sigOK"]: LOGGER.warning( "Could not verify that %s correctly signed your password entry.", result["distributor"], ) if not result["certOK"]: LOGGER.warning( "Could not verify the certificate authenticity of user '%s'.", result["distributor"], ) oldclip = paste() try: copy(plaintext_pw) yield f"Password copied into paste buffer for {self.args['time']} seconds" sleep(self.args["time"]) finally: copy(oldclip)
def _confirm_recipients(self): not_in_db = [] in_db = [x.name for x in self.session.query(Recipient).all()] for recipient in self.recipient_list: if recipient not in in_db: not_in_db.append(recipient) if not_in_db: LOGGER.warning( "The following recipients are not in the db, removing %s", ", ".join(not_in_db), ) self.recipient_list = [ x for x in self.recipient_list if x not in not_in_db ] yield "The following users will receive the password: "******", ".join(sort(self.recipient_list)) correct = input("Are these correct? (y/N) ") if not correct or correct.lower()[0] == "n": self.recipient_list = input( "Please enter a comma delimited list: ") self.recipient_list = list( {x.strip() for x in self.recipient_list.split(",")}) yield from self._confirm_recipients()
def _run_command_execution(self): #################################################################### """Run function for class.""" #################################################################### LOGGER.info("Certificate store: %s", self.args["certpath"]) LOGGER.info("Key store: %s", self.args["keypath"]) LOGGER.info("CA Bundle file: %s", self.args["cabundle"]) LOGGER.info("Looking for Key Extension: %s", self.identities.extensions["key"]) LOGGER.info( "Looking for Certificate Extension: %s", self.identities.extensions["certificate"], ) LOGGER.info("Loaded %s identities", len(self.session.query(Recipient).all())) if "filter" in self.args and self.args["filter"]: identities = self.session.query(Recipient).filter( Recipient.name.like(self.args["filter"].replace("*", "%"))) else: identities = self.session.query(Recipient).all() for identity in identities: yield self._print_identity( identity, self.session.query(Cert).filter( Cert.recipients.contains(identity)).all(), )