blob: cb55005ba3c3b6aa470d8ea0368956abe13a8b7f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
|
#!/bin/bash
# pwgrep v0.5-pre-3 (c) 2009, 2010 by Paul C. Buetow
# pwgrep helps you to manage all your passwords using GnuGP
# for encryption and a versioning system (subversion by default)
# for keeping track all changes of your password database. In
# combination to GnuPG you should use the versioning system in
# combination with SSL or SSH encryption.
# If you are using a *BSD, you may want to edit the shebang line.
#
# Usage:
#
# Searching for a database value:
# ./pwgrep.sh searchstring
#
# Editing the database (same but without args):
# ./pwgrep.sh
#
# For more reasonable commands the following symlinks are recommended:
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwgrep
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwedit
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfls
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfcat
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfadd
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwfdel
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/fwipe
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwdbls
# ln -s ~/svn/pwgrep/v?.?/pwgrep.sh ~/bin/pwldb
# Replace ?.? with the version of pwgrep you want to use. Your PATH variable
# should also include ~/bin then.
# You can overwrite the default values by setting env. variables
# or by just editing this file.
DEFAULTPWGREPDB=mydb
[ -z $SVN_EDITOR ] && export SVN_EDITOR=ex
[ -z $PWGREPDB ] && PWGREPDB=$DEFAULTPWGREPDB.gpg
# The PWGREPWORDIR should be in its own versioning repository.
# For password revisions.
[ -z $PWGREPWORKDIR ] && PWGREPWORKDIR=~/svn/pwdb
[ -z $PWFILEDIREXT ] && PWFILEDIREXT=files
# Enter here your GnuPG key ID
#[ -z $GPGKEYID ] && GPGKEYID=F4B6FFF0
[ -z $GPGKEYID ] && GPGKEYID=37EC5C1D
# Customizing the versioning commands (i.e. if you want to use another
# versioning system).
[ -z $VERSIONCOMMIT ] && VERSIONCOMMIT="svn commit"
[ -z $VERSIONUPDATE ] && VERSIONUPDATE="svn update"
[ -z $VERSIONADD ] && VERSIONADD="svn add"
[ -z $VERSIONDEL ] && VERSIONDEL="svn delete"
# Only use mawk or gawk, but if possible not nawk. On *BSD awk=nawk. So try
# awk/nawk last. You can use nawk but nawk will not match case insensitive.
[ -z $TRYAWKLIST ] && TRYAWKLIST="mawk gawk awk nawk"
# Find the correct command to wipe temporaly files after usage
[ -z $TRYWIPELIST ] && TRYWIPELIST="destroy shred"
# Same for sed
[ -z $TRYSEDLIST ] && TRYSEDLIST="sed gsed"
# From here, do not change stuff!
PWFILEWORKDIR=$PWGREPWORKDIR/$PWFILEDIREXT
CWD=`pwd`
umask 177
cd $PWGREPWORKDIR || error "No such file or directory: $PWGREPWORKDIR"
function out {
echo "$@" 1>&2
}
function info {
out "=====> $@"
}
function error {
echo "ERROR: $@"
exit 666
}
function findbin {
trylist=$1
found=""
for bin in $trylist; do
if [ -z $found ]; then
which=$(which $bin)
[ ! -z $which ] && found=$bin
fi
done
echo $found
}
function setawkcmd {
AWK=`findbin "$TRYAWKLIST"`
[ -z $AWK ] && error No awk found in $PATH
#info Using $AWK
}
function setsedcmd {
SED=`findbin "$TRYSEDLIST"`
[ -z $SED ] && error No sed found in $PATH
#info Using $SED
}
function setwipecmd {
WIPE=`findbin "$TRYWIPELIST"`
if [ -z $WIPE ]; then
# FreeBSDs rm includes -P which is secure enough
if [ `uname` = 'FreBSD' ]; then
WIPE="rm -v -P"
else
error "No wipe command found in $PATH, please install shred or destroy"
fi
fi
info Using $WIPE for secure file deletion
}
function pwgrep () {
search=$1
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
info Searching for $search
gpg --decrypt $PWGREPDB | $AWK -v search="$search" '
BEGIN {
flag=0
IGNORECASE=1
}
!/^\t/ {
if (!flag && $0 ~ search) {
flag=1
print $0
} else if (flag && $0 ~ search) {
print $0
} else if (flag) {
flag=0
}
} /^\t/ && flag {
print $0
}'
}
function pwedit () {
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
cp -vp $PWGREPDB $PWGREPDB.`date +'%s'`.snap && \
gpg --decrypt $PWGREPDB > .database && \
vim --cmd 'set noswapfile' --cmd 'set nobackup' \
--cmd 'set nowritebackup' .database && \
gpg --output .$PWGREPDB -e -r $GPGKEYID .database && \
$WIPE .database && \
mv .$PWGREPDB $PWGREPDB && \
[ -z $NOVERSIONING ] && $VERSIONCOMMIT
}
function pwdbls () {
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
echo Available Databases:
ls *.gpg | sed 's/\.gpg$//'
echo Default database: $DEFAULTPWGREPDB
}
function pwfls () {
name=`echo $1 | sed 's/.gpg$//'`
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
[ ! -e $PWFILEDIREXT ] && error $PWFILEDIREXT does not exist
if [ -z $name ]; then
ls $PWFILEDIREXT | sed -n '/.gpg$/ { s/.gpg$//; p; }' | sort
exit 0
fi
gpg --decrypt $PWFILEWORKDIR/${name}.gpg
}
function pwfadd () {
name=`echo $1 | sed 's/.gpg$//'`
srcfile=$1
if [ `echo "$srcfile" | grep -v '^/'` ]; then
srcfile=$CWD/$srcfile
fi
if [ ! -z $2 ]; then
outfile=`basename $2`
else
outfile=`basename $name`
fi
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
[ ! -e $PWFILEWORKDIR ] && error $PWFILEWORKDIR does not exist
[ -z $name ] && error Missing argument
gpg --output $PWFILEDIREXT/${outfile}.gpg -e -r $GPGKEYID $srcfile && \
if [ -z $NOVERSIONING ]; then
$VERSIONADD $PWFILEDIREXT/${outfile}.gpg && $VERSIONCOMMIT
fi
}
function pwfdel () {
name=`echo $1 | sed 's/.gpg$//'`
[ -z $NOVERSIONING ] && $VERSIONUPDATE 2>&1 >/dev/null
[ ! -e $PWFILEWORKDIR ] && error $PWFILEWORKDIR does not exist
[ -z $name ] && error Missing argument
if [ -z $NOVERSIONING ]; then
# Wipe even encrypted file securely
$WIPE $PWFILEDIREXT/${name}.gpg && \
touch $PWFILEDIREXT/${name}.gpg && $VERSIONCOMMIT && \
$VERSIONDEL $PWFILEDIREXT/${name}.gpg && $VERSIONCOMMIT
else
$WIPE $PWFILEDIREXT/${name}.gpg
fi
}
function fwipe () {
[ -z $1 ] && error Missing argument
$WIPE $CWD/$1
}
setawkcmd
setsedcmd
setwipecmd
BASENAME=`basename $0`
ARGS=$@
function set_opts () {
case $ARGS in
-o*)
# Offlinemode
NOVERSIONING=1
ARGS=${ARGS[@]:2}
set_opts
;;
-d*)
# Alternate DB
PWGREPDB=`echo $ARGS | $AWK '{ print $2 }'`
ARGS=`echo $ARGS | $SED "s/-d $PWGREPDB//"`
PWGREPDB=$PWGREPDB.gpg
set_opts
;;
*)
esac
}
set_opts $ARGS
case $BASENAME in
pwgrep)
pwgrep $ARGS
;;
pwedit)
pwedit
;;
pwdbls)
pwdbls
;;
pwldb)
pwdbls
;;
pwfls)
pwfls $ARGS
;;
pwfcat)
pwfls $ARGS
;;
pwfadd)
pwfadd $ARGS
;;
pwfdel)
pwfdel $ARGS
;;
fwipe)
fwipe $ARGS
;;
*)
error No such operation $basename
esac
|
