def _load_pwdb(self):
####################################################################
"""reload passworddb"""
####################################################################
LOGGER.info("Reloading Password Database")
self.pwdb = PasswordDB()
self.pwdb.load_from_directory(self.args["pwstore"])
def _decrypt_password_entry(self, password, distributor):
####################################################################
"""This decrypts a given password entry"""
####################################################################
plaintext_pw = password.decrypt_entry(
identity=self.identity,
passphrase=self.passphrase,
card_slot=self.args["card_slot"],
)
if not self.args["noverify"]:
result = password.verify_entry(
self.identity["name"],
self.identities,
distributor,
self.session.query(Recipient)
.filter(Recipient.name == distributor)
.first()
.certs,
)
if not result["sigOK"]:
LOGGER.warning(
"Could not verify that %s correctly signed your password entry.",
result["distributor"],
)
if not result["certOK"]:
LOGGER.warning(
"Could not verify the certificate authenticity of user '%s'.",
result["distributor"],
)
return f"{self.color_print(password.metadata['name'], 'first_level')}: {plaintext_pw}"
def default(self, line):
####################################################################
"""If we don't have a proper subcommand passed"""
####################################################################
LOGGER.error(
"Command '%s' not found, see help (?) for available commands",
line)
return False
def _flat_file(self, passwords):
####################################################################
"""This function handles the simple key:value pair"""
####################################################################
LOGGER.info(
"Flat password file detected, using 'imported' as description \
you can manually change the description in the file if you would like"
)
for password in tqdm(passwords):
psplit = password.split(":")
fname = psplit[0].strip()
pvalue = psplit[1].strip()
self.args["pwname"] = fname
self.create_or_update_pass(pvalue, "imported", self.args["identity"])
def _run_command_setup(self, parsedargs):
##################################################################
"""Passes the argparse Namespace object of parsed arguments"""
##################################################################
self.args = collect_args(parsedargs)
self.session = sessionmaker(bind=self.args["db"]["engine"])()
self._validate_combinatorial_args()
self._validate_args()
# Build the list of recipients that this command will act on
self._build_recipient_list()
# If there are defined repositories of keys and certificates, load them
self.identities.args = self.args
self.identities.cabundle = self.args["cabundle"]
self.identities.load_certs_from_directory(
self.args["certpath"],
connectmap=self.args["connect"],
nocache=self.args["no_cache"],
)
if self.args["keypath"]:
self.identities.load_keys_from_directory(self.args["keypath"])
self.identity = (
self.session.query(Recipient)
.filter(Recipient.name == self.args["identity"])
.first()
)
self._validate_identities()
self.identity = dict(self.identity)
if (
self.args["subparser_name"]
in ["list", "interpreter", "distribute", "export"]
and not self.pwdbcached
):
self.passworddb.load_from_directory(self.args["pwstore"])
if "pwname" in self.args and self.args["pwname"]:
self._resolve_directory_path()
self.args["card_slot"] = self.args["card_slot"] if self.args["card_slot"] else 0
if "nopassphrase" in self.selected_args and not self.args["nopassphrase"]:
for mesg in print_card_info(
self.args["card_slot"],
self.identity,
self.args["verbosity"],
self.args["color"],
self.args["theme_map"],
):
LOGGER.info(mesg)
self.passphrase = getpass.getpass("Enter Pin/Passphrase: ")
def do_fn(self, _):
############################################
"""Use -h or --help for information"""
############################################
try:
pk_class = [
o for o in getmembers(globals()[module_name], isclass)
if str(o[0]) == class_name
][0][1]
pk_class(self, pwdb=self.pwdb)
for mesg in self.actions[swap_name].run(self.parser.parse_args()):
if mesg:
print(mesg)
return False
except PKPassError as err:
LOGGER.error(err)
return False
except SystemExit:
return False
def _walk_dir(self, directory, password, ignore_decrypt=False):
####################################################################
"""Walk our directory searching for passwords"""
####################################################################
# walk returns root, dirs, and files we just need files
for root, _, pwnames in walk(directory):
trim_root = root.replace(self.args["pwstore"], "").lstrip("/")
for pwname in pwnames:
if self.args["pwname"] is None or fnmatch(
path.join(trim_root, pwname), self.args["pwname"]
):
try:
yield from self._decrypt_wrapper(root, password, pwname)
except DecryptionError as err:
if ignore_decrypt:
LOGGER.err(err)
continue
raise
except (NotARecipientError, TypeError):
continue
def _reload_config(self):
####################################################################
"""Change affected globals in interpreter"""
####################################################################
# We still need to be able to reload other things like recipients
# database
config = self.args["config"]
config_args = self.args
try:
config_args = collect_args({"config": config})
if not config_args:
config_args = self.args
except ParserError:
LOGGER.error("Error parsing config file")
config_args = self.args
finally:
self.args = config_args
self.args["config"] = config
self.args = handle_filepath_args(self.args)
self._change_pwstore()
self._load_pwdb()
def _run_command_execution(self):
####################################################################
"""Run function for class."""
####################################################################
password = PasswordEntry()
password.read_password_data(
path.join(self.args["pwstore"], self.args["pwname"]))
distributor = password.recipients[self.identity["name"]]["distributor"]
plaintext_pw = password.decrypt_entry(
identity=self.identity,
passphrase=self.passphrase,
card_slot=self.args["card_slot"],
)
if not self.args["noverify"]:
result = password.verify_entry(
self.identity["name"],
self.identities,
distributor,
self.session.query(Recipient).filter(
Recipient.name == distributor).first().certs,
)
if not result["sigOK"]:
LOGGER.warning(
"Could not verify that %s correctly signed your password entry.",
result["distributor"],
)
if not result["certOK"]:
LOGGER.warning(
"Could not verify the certificate authenticity of user '%s'.",
result["distributor"],
)
oldclip = paste()
try:
copy(plaintext_pw)
yield f"Password copied into paste buffer for {self.args['time']} seconds"
sleep(self.args["time"])
finally:
copy(oldclip)
def _confirm_recipients(self):
not_in_db = []
in_db = [x.name for x in self.session.query(Recipient).all()]
for recipient in self.recipient_list:
if recipient not in in_db:
not_in_db.append(recipient)
if not_in_db:
LOGGER.warning(
"The following recipients are not in the db, removing %s",
", ".join(not_in_db),
)
self.recipient_list = [
x for x in self.recipient_list if x not in not_in_db
]
yield "The following users will receive the password: "******", ".join(sort(self.recipient_list))
correct = input("Are these correct? (y/N) ")
if not correct or correct.lower()[0] == "n":
self.recipient_list = input(
"Please enter a comma delimited list: ")
self.recipient_list = list(
{x.strip()
for x in self.recipient_list.split(",")})
yield from self._confirm_recipients()
def _run_command_execution(self):
####################################################################
"""Run function for class."""
####################################################################
LOGGER.info("Certificate store: %s", self.args["certpath"])
LOGGER.info("Key store: %s", self.args["keypath"])
LOGGER.info("CA Bundle file: %s", self.args["cabundle"])
LOGGER.info("Looking for Key Extension: %s",
self.identities.extensions["key"])
LOGGER.info(
"Looking for Certificate Extension: %s",
self.identities.extensions["certificate"],
)
LOGGER.info("Loaded %s identities",
len(self.session.query(Recipient).all()))
if "filter" in self.args and self.args["filter"]:
identities = self.session.query(Recipient).filter(
Recipient.name.like(self.args["filter"].replace("*", "%")))
else:
identities = self.session.query(Recipient).all()
for identity in identities:
yield self._print_identity(
identity,
self.session.query(Cert).filter(
Cert.recipients.contains(identity)).all(),
)