blob: 8b9a45f5a0daca530bb2ec835e0680e5faa2913a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
#!/bin/bash
# pwgrep v0.4 (c) 2009 by Dipl.-Inform. (FH) Paul C. Buetow
# pwgrep helps you to manage all your passwords using GnuGP
# for encryption and a versioning system (subversion by default)
# for keeping track all changes of your password database. In
# combination to GnuPG you should use the versioning system in
# combination with SSL or SSH encryption.
# If you are using a *BSD, you may want to edit the shebang line.
#
# Usage:
#
# Searching for a database value:
# ./pwgrep.sh searchstring
#
# Editing the database (same but without args):
# ./pwgrep.sh
#
# For more reasonable commands the following symlinks are recommended:
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwgrep
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwedit
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfls
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfcat
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfadd
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfdel
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/fwipe
# Replace ?.? with the version of pwgrep you want to use. Your PATH variable
# should also include ~/bin then.
# You can overwrite the default values by setting env. variables
# or by just editing this file.
[ -z $PWGREPDB] && PWGREPDB=database.gpg
# The PWGREPWORDIR should be in its own versioning repository.
# For password revisions.
[ -z $PWGREPWORKDIR ] && PWGREPWORKDIR=~/svn/pwdb
[ -z $PWFILEDIREXT ] && PWFILEDIREXT=files
# Enter here your GnuPG key ID
[ -z $GPGKEYID ] && GPGKEYID=F4B6FFF0
# Customizing the versioning commands (i.e. if you want to use another
# versioning system).
[ -z $VERSIONCOMMIT ] && VERSIONCOMMIT="svn commit"
[ -z $VERSIONUPDATE ] && VERSIONUPDATE="svn update"
[ -z $VERSIONADD ] && VERSIONADD="svn add"
[ -z $VERSIONDEL ] && VERSIONDEL="svn delete"
# Only use mawk or gawk, but if possible not nawk. On *BSD awk=nawk. So try
# awk/nawk last. You can use nawk but nawk will not match case insensitive.
[ -z $TRYAWKLIST ] && TRYAWKLIST="mawk gawk awk nawk"
# Find the correct command to wipe temporaly files after usage
[ -z $TRYWIPELIST ] && TRYWIPELIST="destroy shred"
# From here, do not change stuff!
PWFILEWORKDIR=$PWGREPWORKDIR/$PWFILEDIREXT
CWD=`pwd`
umask 177
cd $PWGREPWORKDIR || error "No such file or directory: $PWGREPWORKDIR"
function info {
echo "=====> $@"
}
function error {
echo "ERROR: $@"
exit 666
}
function findbin {
trylist=$1
found=""
for bin in $trylist; do
if [ -z $found ]; then
which=$(which $bin)
[ ! -z $which ] && found=$bin
fi
done
echo $found
}
function setawkcmd {
AWK=`findbin "$TRYAWKLIST"`
[ -z $AWK ] && error No awk found in $PATH
info Using $AWK
}
function setwipecmd {
WIPE=`findbin "$TRYWIPELIST"`
if [ -z $WIPE ]; then
# FreeBSDs rm includes -P which is secure enough
if [ `uname` = 'FreBSD' ]; then
WIPE="rm -v -P"
else
error "No wipe command found in $PATH, please install shred or destroy"
fi
fi
info Using $WIPE
}
function pwgrep () {
search=$1
[ -z $NOVERSIONING ] && $VERSIONUPDATE
info Searching for $search
gpg --decrypt $PWGREPDB | $AWK -v search="$search" '
BEGIN {
flag=0
IGNORECASE=1
}
!/^\t/ {
if (!flag && $0 ~ search) {
flag=1
print $0
} else if (flag && $0 ~ search) {
print $0
} else if (flag) {
flag=0
}
} /^\t/ && flag {
print $0
}'
}
function pwedit () {
[ -z $NOVERSIONING ] && $VERSIONUPDATE
cp -vp $PWGREPDB $PWGREPDB.`date +'%s'`.snap && \
gpg --decrypt $PWGREPDB > .database && \
vim --cmd 'set noswapfile' --cmd 'set nobackup' \
--cmd 'set nowritebackup' .database && \
gpg --output .database.gpg -e -r $GPGKEYID .database && \
$WIPE .database && \
mv .database.gpg $PWGREPDB && \
[ -z $NOVERSIONING ] && $VERSIONCOMMIT
}
function pwfls () {
name=`echo $1 | sed 's/.gpg$//'`
[ -z $NOVERSIONING ] && $VERSIONUPDATE
[ ! -e $PWFILEDIREXT ] && error $PWFILEDIREXT does not exist
if [ -z $name ]; then
ls $PWFILEDIREXT | sed -n '/.gpg$/ { s/.gpg$//; p; }' | sort
exit 0
fi
gpg --decrypt $PWFILEWORKDIR/${name}.gpg
}
function pwfadd () {
name=`echo $1 | sed 's/.gpg$//'`
srcfile=$1
if [ `echo "$srcfile" | grep -v '^/'` ]; then
srcfile=$CWD/$srcfile
fi
if [ ! -z $2 ]; then
outfile=`basename $2`
else
outfile=`basename $name`
fi
[ -z $NOVERSIONING ] && $VERSIONUPDATE
[ ! -e $PWFILEWORKDIR ] && error $PWFILEWORKDIR does not exist
[ -z $name ] && error Missing argument
gpg --output $PWFILEDIREXT/${outfile}.gpg -e -r $GPGKEYID $srcfile && \
if [ -z $NOVERSIONING ]; then
$VERSIONADD $PWFILEDIREXT/${outfile}.gpg && $VERSIONCOMMIT
fi
}
function pwfdel () {
name=`echo $1 | sed 's/.gpg$//'`
[ -z $NOVERSIONING ] && $VERSIONUPDATE
[ ! -e $PWFILEWORKDIR ] && error $PWFILEWORKDIR does not exist
[ -z $name ] && error Missing argument
if [ -z $NOVERSIONING ]; then
# Wipe even encrypted file securely
$WIPE $PWFILEDIREXT/${name}.gpg && \
touch $PWFILEDIREXT/${name}.gpg && $VERSIONCOMMIT && \
$VERSIONDEL $PWFILEDIREXT/${name}.gpg && $VERSIONCOMMIT
else
$WIPE $PWFILEDIREXT/${name}.gpg
fi
}
function fwipe () {
[ -z $1 ] && error Missing argument
$WIPE $CWD/$1
}
setawkcmd
setwipecmd
basename=`basename $0`
case $basename in
pwgrep)
pwgrep $@
;;
pwedit)
pwedit
;;
pwfls)
pwfls $@
;;
pwfcat)
pwfls $@
;;
pwfadd)
pwfadd $@
;;
pwfdel)
pwfdel $@
;;
fwipe)
fwipe $@
;;
*)
error No such operation $basename
esac
|
