def cmd_set(vfname: str, vpass: bytes, salt: bytes, v: vault.Vault) -> None:
"""Create or update vault entry."""
try:
d = {}
d['credname'] = input(f'{"credential:":<20}')
d['username'] = input(f'{"username:"******"password:"******"password:"******"description:":<20}')
except EOFError:
print('\ncancelled')
credname = d['credname']
if credname in v.list():
print(f'\nreplacing: {v.get(credname)}\n')
v.set(**d)
with open(vfname, 'wb') as fp:
util.save_vault(fp, vpass, salt, v)
def cmd_rekey(v: vault.Vault, vfname: str) -> None:
"""Change secret key and salt on vault."""
while True:
newpass = util.get_password('new vault key? ')
confirm = util.get_password('new vault key? ')
if newpass == confirm:
break
print('\npasswords do not match\n')
new_salt = util.make_salt()
with open(vfname, 'wb') as fp:
util.save_vault(fp, newpass, new_salt, v)
print('vault key changed')
def open(self, filename=None):
"""Opens the journal file defined in the config and parses it into a list of Entries.
Entries have the form (date, title, body)."""
filename = filename or self.config['journal']
if self.config['encrypt']:
with open(filename, "rb") as f:
journal_encrypted = f.read()
def validate_password(password):
self.make_key(password)
return self._decrypt(journal_encrypted)
# Soft-deprecated:
journal = None
if 'password' in self.config:
journal = validate_password(self.config['password'])
if journal is None:
journal = util.get_password(keychain=self.name,
validator=validate_password)
else:
with codecs.open(filename, "r", "utf-8") as f:
journal = f.read()
self.entries = self._parse(journal)
self.sort()
def _get_key(self):
# EKE algorithm
client_key = Random.get_random_bytes(16)
password = get_password(self._filename)
ciphertext = encrypt(password, client_key)
self._send(ciphertext)
# Get session key double encrypted
ciphertext = self._recv(80)
ciphertext = decrypt(password, ciphertext)
self._key = decrypt(client_key, ciphertext)
# Check key
r_a = Random.get_random_bytes(16)
ciphertext = encrypt(self._key, r_a)
self._send(ciphertext)
ciphertext = self._recv(64)
r_ab = decrypt(self._key, ciphertext)
if r_ab[:16] != r_a:
raise ValueError('r_a invalid')
r_b = r_ab[16:]
ciphertext = encrypt(self._key, r_b)
self._send(ciphertext)
print('Secure connection established')
def process_register():
email = request.form.get("email")
passwd = get_password(email)
if len(passwd) > 0:
return redirect(url_for('register_error', error='already exists'))
pass1 = request.form.get("pass1")
pass2 = request.form.get("pass2")
# validate email
schema = {'email': {'type': 'string', 'regex': '^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$'}}
document = {'email': email}
v = Validator(schema)
if not v.validate(document):
return redirect(url_for('register_error', error='email'))
if not pass1 == pass2:
return redirect(url_for('register_error', error='pass'))
from util import escape_sql_characters
email = escape_sql_characters(email)
pass1 = escape_sql_characters(pass1)
insert_query = f"INSERT INTO user_data (email, password) VALUES ('{email}','{pass1}')"
sql(insert_query, db=db, rollback=True)
return redirect(url_for('register_success'))
def cmd_init(vfname: str) -> None:
"""Create new empty vault."""
while True:
vpass = util.get_password('vault key? ')
confirm = util.get_password('vault key? ')
if vpass == confirm:
break
print('\npasswords do not match\n')
v = vault.Vault()
try:
with open(vfname, 'xb') as fp:
util.save_vault(fp, vpass, util.make_salt(), v)
except FileExistsError:
print('\nvault with that name already exists\n', file=sys.stderr)
sys.exit(1)
print(f'\ninitialized new vault: {vfname}\n')
fullpath = os.path.abspath(vfname)
print(f'you will want: export PMAN_VAULT={fullpath}\n')
def authenticate():
password_from_req = request.form.get('password')
user_id = request.form.get('user_id')
distance = request.form.get('distance')
real_password = get_password(user_id)
if real_password == password_from_req:
average_vectors(user_id,
np.load(paths.VECTORS_TO_AVERAGE + user_id + '.npy'))
#response_body = {'user_id': user_id, 'user_name': get_name_by_id(user_id)}
response = Response(status=httplib.ACCEPTED, mimetype='text/plain')
response.headers['user_id'] = user_id
response.headers['user_name'] = get_name_by_id(user_id)
response.headers['distance'] = distance
return response
# Delete stored voice vector.
os.remove(paths.VECTORS_TO_AVERAGE + user_id + '.npy')
return Response(status=httplib.FORBIDDEN, mimetype='text/plain')
def main() -> None:
"""Main entry point."""
cmd, args = parse_args()
# no stacktrace on ctrl-c
signal.signal(signal.SIGINT, signal_handler)
# no core dumps
resource.setrlimit(resource.RLIMIT_CORE, (0, 0))
# only cmd not requiring vault
if cmd == 'init':
cmd_init(**args)
sys.exit(0)
# PMAN_VAULT environment var dictates location
if 'PMAN_VAULT' not in os.environ:
print('\nPMAN_VAULT environment variable must point to vault file\n',
file=sys.stderr)
sys.exit(1)
vpass = util.get_password('vault key? ')
vfname = os.environ['PMAN_VAULT']
try:
with open(vfname, 'rb') as fp:
v, salt = util.load_vault(fp, vpass)
except Exception as e:
print(f'\nunable to load vault: {e}\n')
sys.exit(1)
if cmd == 'list':
cmd_list(v)
elif cmd == 'set':
cmd_set(vfname, vpass, salt, v)
elif cmd == 'get':
cmd_get(v, **args)
elif cmd == 'search':
cmd_search(v, **args)
elif cmd == 'remove':
cmd_remove(vfname, vpass, salt, v, **args)
elif cmd == 'rekey':
cmd_rekey(v, vfname)
else:
raise RuntimeError('unhandled command')
def process_login():
email = str(request.form.get("email"))
passwd= request.form.get("password")
password = get_password(email, db=db)
if len(password) == 0:
message = "Sorry, the email does not exist in our records. Please register."
return render_template('login_error.html',
nav_1="Login", nav_1_link="login",
nav_2="Register", nav_2_link="register",
message=message)
pass
else:
if passwd == password[0][0]:
session['username'] = email[:email.rfind('@')]
return redirect(url_for('home_books'))
pass
else:
message = "The password entered is incorrect. Please try again."
return render_template('login_error.html',
nav_1="Login", nav_1_link="login",
nav_2="Register", nav_2_link="register",
message=message)
pass
def open(self, filename=None):
"""Opens the journal file defined in the config and parses it into a list of Entries.
Entries have the form (date, title, body)."""
filename = filename or self.config['journal']
if self.config['encrypt']:
with open(filename, "rb") as f:
journal_encrypted = f.read()
def validate_password(password):
self.make_key(password)
return self._decrypt(journal_encrypted)
# Soft-deprecated:
journal = None
if 'password' in self.config:
journal = validate_password(self.config['password'])
if not journal:
journal = util.get_password(keychain=self.name, validator=validate_password)
else:
with codecs.open(filename, "r", "utf-8") as f:
journal = f.read()
return journal
def __init__(self, address, filename: str):
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self._address = address
self._password = get_password(filename)
import sys
import os
from fabric.api import sudo, hosts, env, task, run, cd, roles
from fabric.decorators import runs_once
from fabric.operations import put
from fabric.contrib.files import exists, contains
from util import get_nodes, get_user, get_password
env.user = get_user()
env.password = get_password()
env.warn_only = True
nodes = get_nodes()
env.roledefs.update({
'nodes': nodes
})
widget_file = "/home/andrew/work/applications/head/widget.rb"
template_file = "/home/andrew/work/applications/head/template.file"
@task
@roles('nodes')
def apt_install(pkg):
apt_update()
sudo("apt-get -q -y install %s" % pkg)