aboutsummaryrefslogblamecommitdiff
path: root/src/libnpass/libnpass.c
blob: fd6e447ee133859c48afcaa8c7d56ffd9370b811 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
                     


                   
                   
                         
                  



                    
 
                         
                              
                          
                 
 


                              
 
                                     








                                     
                                    

                                             
 

                                                    
                                           
                              
 

                             
                            

                        






                                                             






                                                                      
                                                          
                                                                            





                                             

                                      

                                                                      
                                                          
                                                                            




                             

                                                                         
                                                          
                                                                            


                         
                       

 

                                          
                
              






















                                                      

                                                    

                                

                                  


                                            
                                      
 
                                

                         

                           
                  
                                                                      
 

                                                                   
                                                   
                                                                    



                                                     
                                                                               
                                                   
                                                                    
                                  
                  
                                                          



                                                 
                                                                       


         
                                                   
 
                                


                                
 

                                            
                                                                          

                    

                                                                           
                                                           
                                                                            





                                

                              
                                                          
 
                 

 
                                                
 

                           



                                            
                              
                      
 

                          
                                                                  
 
                         

         
                                     

















                                                       

                                                        
                           
                  
                
 

                                                    
                   
                                                          
 

                                     
                            
                           

          

                                                                     

                                 


                                                          
                                  

                                    
                                                                  

                 

                            
 
                                     

 

                              

                                   
                       

                           
                  
                                                                

                                  
                  
                                                             
 
                                       
                  
                                                                  
 

                                                                         
                                                      
                                                                    


                                         
                                                                          
 

                                                       
                       
                         
                                                                         



                 
                                         
 
                                 
                
 



                                    
                                                                  
 


                                                                           
                                                                    
 
                                           
 
 
                                                  
 
                                

                    
 


                                              


                             

                                                         
                                                          
 



                                             
                                                          


                                                        
 
                                                         

                               
                                                          
         
 
                   
 
 
                                                 
 
                            

                   
 
                     
                                                      


                                          
                                                          
 

                                                      
                                                                  

                                                 
                                     




                                                                          

                                                          
                                                                      


                                  
 

                             
                                                                  
 


                                                                           
                                                              


                                         
                                                                          
 

                                            
                                                                     
                       
                          
 

                                    
                                                                     
 
                                                  


                                                                           
                                                             
 


                                           
 


                                      
                                                                     


                                           
                                                          
 
                                                    
                           

                   
 


                             
                                                    
                    
 

                             
                                                                  
 

                                                                   
                                                              
 

                                                                                
                                                              
 
                                                  

                               
                                                                       
 
                                                          
 
#include <sys/stat.h>

#include <dirent.h>
#include <errno.h>
#include <libgen.h>
#include <linux/limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>

#include "libnpass/gpg.h"
#include "libnpass/libnpass.h"
#include "libnpass/util.h"
#include "util.h"

#define DEF_PASS_DIR  "pass"
#define DEF_STOR_SIZE 64
#define FPR_MAX	      NAME_MAX

static char pass_dir[PATH_MAX] = {0};
const char *pass_gen_set[] = {
	"0123456789",

	"0123456789"
	"abcdefghijklmnopqrstuvwxyz"
	"ABCDEFGHIJKLMNOPQRSTUVWXYZ",

	"0123456789"
	"abcdefghijklmnopqrstuvwxyz"
	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~",
};

static int openstore(const char *spath, DIR **dirp);
static int readstore(DIR *dirp, struct store *s);
static int is_storeobj(struct dirent *dir);
static int set_pass_dir(void);

static int set_pass_dir(void)
{
	struct stat statbuf;
	const char *env;
	int r;

	env = getenv("PASSWORD_STORE_DIR");
	if (env) {
		strncpy(pass_dir, env, sizeof(pass_dir) - 1);
		return 0;
	}

	/*
	 * for backward compatibility with original pass
	 */
	env = getenv("HOME");
	if (env) {
		r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env,
			     ".password-store");
		if (r < 0 || (size_t)r > sizeof(pass_dir))
			return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");

		r = stat(pass_dir, &statbuf);
		if (!r)
			return 0;
	}

	env = getenv("XDG_DATA_HOME");
	if (env) {
		r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env,
			     DEF_PASS_DIR);
		if (r < 0 || (size_t)r > sizeof(pass_dir))
			return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");
		return 0;
	}

	env = getenv("HOME");
	if (env) {
		r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env,
			     ".local/share", DEF_PASS_DIR);
		if (r < 0 || (size_t)r > sizeof(pass_dir))
			return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");
		return 0;
	}

	return -EINVAL;
}

static int is_storeobj(struct dirent *dir)
{
	char *s;
	int r;

	switch (dir->d_type) {
	case DT_DIR:
		r = strcmp(dir->d_name, ".");
		if (r)
			r = strcmp(dir->d_name, "..");

		return r;
		break;
	case DT_REG:
		s = strrchr(dir->d_name, '.');
		if (!s)
			return 0;

		r = strcmp(s, ".gpg");
		return (r == 0);
		break;
	default:
		return 0;
		break;
	}
}

int pass_store_cmp(const void *vp1, const void *vp2)
{
	struct store *sp1, *sp2;

	sp1 = (struct store *)vp1;
	sp2 = (struct store *)vp2;
	return strcmp(sp1->name, sp2->name);
}

int pass_store_type(const char *spath)
{
	char abs_path[PATH_MAX];
	struct stat sbuf;
	int r;

	r = set_pass_dir();
	if (r < 0)
		return_err(-EINVAL, "PASSWORD_STORE_DIR must be set");

	r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir,
		     (spath) ? spath : "");
	if (r < 0 || (size_t)r >= sizeof(abs_path))
		return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");
	r = stat(abs_path, &sbuf);
	if (!r && (sbuf.st_mode & S_IFMT) == S_IFDIR)
		return PASS_STORE_DIR;

	r = snprintf(abs_path, sizeof(abs_path), "%s/%s.gpg", pass_dir, spath);
	if (r < 0 || (size_t)r >= sizeof(abs_path))
		return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");
	r = stat(abs_path, &sbuf);
	if (r < 0)
		return_err(-errno, "%s", strerror(errno));

	if ((sbuf.st_mode & S_IFMT) == S_IFREG) {
		return PASS_STORE_ENC;
	} else {
		return_err(-EINVAL, "%s Not a regular file", abs_path);
	}
}

static int openstore(const char *spath, DIR **dirp)
{
	pass_store_t store_type;
	char abs_path[PATH_MAX];
	const char *path;
	int r;

	store_type = pass_store_type(spath);
	if (store_type != PASS_STORE_DIR)
		return_err(-EINVAL, "%s Not a passwordstore path", spath);

	if (spath) {
		r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir,
			     spath);
		if (r < 0 || (size_t)r >= sizeof(abs_path))
			return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");

		path = abs_path;
	} else {
		path = pass_dir;
	}

	*dirp = opendir(path);
	if (!*dirp)
		return_err(-errno, "%s", strerror(errno));

	return 0;
}

static int readstore(DIR *dirp, struct store *s)
{
	struct dirent *dir;

	do {
		errno = 0;
		dir = readdir(dirp);
		if (dir && is_storeobj(dir))
			break;
	} while (dir);

	if (dir == NULL) {
		if (errno)
			return_err(-errno, "%s", strerror(errno));

		return 1;
	}

	strcpy(s->name, dir->d_name);
	switch (dir->d_type) {
	case DT_DIR:
		s->type = PASS_STORE_DIR;
		break;
	case DT_REG:
		/* this is safe since is_storeobj()
		 * rejects files without .gpg suffix */
		*(strrchr(s->name, '.')) = '\0';
		s->type = PASS_STORE_ENC;
		break;
	default:
		s->type = PASS_STORE_INV;
		break;
	}

	return 0;
}

int readstore_all(const char *path, struct store **stor)
{
	int ret, size, len;
	DIR *dirp;
	void *p;

	size = DEF_STOR_SIZE;
	*stor = malloc(sizeof(struct store) * size);
	if (!*stor)
		return_err(-errno, "%s", strerror(errno));

	ret = openstore(path, &dirp);
	if (ret < 0) {
		free(*stor);
		return ret;
	};

	for (len = 0; !(ret = readstore(dirp, *stor + len)); len++) {
		if (len < size - 1)
			continue;

		size *= 2;
		p = realloc(*stor, sizeof(**stor) * size);
		if (p) {
			*stor = p;
		} else {
			free(*stor);
			return_err(-errno, "%s", strerror(errno));
		}
	}
	if (len == 0)
		free(*stor);

	return (ret < 0) ? ret : len;
}

int pass_init(const char *fpr)
{
	char gpg_id_path[PATH_MAX];
	FILE *gpg_id;
	int r, fpr_len;

	r = set_pass_dir();
	if (r < 0)
		return_err(r, "PASSWORD_STORE_DIR must be set");

	r = gpg_key_validate(fpr);
	if (r < 0)
		return_err(r, "Try gpg --full-generate-key");

	r = r_mkdir(pass_dir, S_IRWXU);
	if (r < 0)
		return_err(r, "%s %s", pass_dir, strerror(errno));

	r = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir,
		     ".gpg-id");
	if (r < 0 || (size_t)r >= sizeof(gpg_id_path))
		return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");

	gpg_id = fopen(gpg_id_path, "w");
	if (!gpg_id)
		return_err(-errno, "%s %s", gpg_id_path, strerror(errno));

	fpr_len = strlen(fpr);
	r = fwrite(fpr, sizeof(*fpr), fpr_len, gpg_id);
	fclose(gpg_id);
	if (r != fpr_len)
		return_err(-EPERM, "%s %s", gpg_id_path, "Write failed");

	return 0;
}

int pass_cat(FILE *out, const char *path)
{
	char pass_path[PATH_MAX];
	int ret;

	ret = pass_store_type(path);
	if (ret < 0)
		return ret;
	if (ret != PASS_STORE_ENC)
		return_err(-EINVAL, "%s is Not a password", path);

	ret = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir,
		       path);
	if (ret < 0 || (size_t)ret >= sizeof(pass_path))
		return_err(-ENAMETOOLONG, "Path exceeded PATH_MAX");

	return gpg_decrypt(out, pass_path);
}

ssize_t pass_getpass(char **lineptr, FILE *stream)
{
	struct termios new, old;
	size_t len;
	ssize_t ret;

	ret = tcgetattr(fileno(stream), &old);
	if (ret < 0)
		return ret;

	new = old;
	new.c_lflag &= ~ECHO;
	ret = tcsetattr(fileno(stream), TCSAFLUSH, &new);
	if (ret < 0)
		return_err(-errno, "%s", strerror(errno));

	len = 0;
	*lineptr = NULL;
	ret = getline(lineptr, &len, stream);
	if (ret < 0)
		return_err(-errno, "%s", strerror(errno));
	else if (ret > 0 && (*lineptr)[ret - 1] == '\n')
		(*lineptr)[--ret] = '\0';
	len = ret;

	ret = tcsetattr(fileno(stream), TCSAFLUSH, &old);
	if (ret < 0) {
		free(*lineptr);
		return_err(-errno, "%s", strerror(errno));
	}

	return len;
}

int pass_gen(pass_gen_t gen, char *pass, int len)
{
	size_t pass_gen_len;
	FILE *rand;
	int ret;

	if (len <= 0)
		return_err(-EINVAL, "Small password");

	rand = fopen("/dev/urandom", "r");
	if (!rand)
		return_err(-errno, "%s", strerror(errno));

	ret = fread(pass, sizeof(pass[0]), len, rand);
	if (ret != len)
		return_err(-EPERM, "Failed to read /dev/urandom");

	pass_gen_len = strlen(pass_gen_set[gen]);
	for (int i = 0; i < len; i++)
		pass[i] = pass_gen_set[gen][pass[i] % (pass_gen_len - 1)];

	return 0;
}

int pass_add(const char *path, const char *pass, size_t n)
{
	char gpg_id_path[PATH_MAX], fpr[FPR_MAX], pass_path[PATH_MAX];
	FILE *gpg_id, *out_stream;
	char *p;
	int ret;

	ret = set_pass_dir();
	if (ret < 0)
		return_err(ret, "PASSWORD_STORE_DIR must be set");

	ret = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir,
		       ".gpg-id");
	if (ret < 0 || (size_t)ret >= sizeof(gpg_id_path))
		return_err(-EINVAL, "Path exceeded PATH_MAX");

	gpg_id = fopen(gpg_id_path, "r");
	if (!gpg_id)
		return_err(-errno, "%s %s", gpg_id_path, strerror(errno));

	p = fgets(fpr, sizeof(fpr), gpg_id);
	if (!p)
		return_err(-EPERM, "Failed to read %s", gpg_id_path);
	fclose(gpg_id);
	util_strtrim(fpr);

	ret = gpg_key_validate(fpr);
	if (ret < 0)
		return_err(ret, "Invalid key , try gpg --list-keys");

	/* TODO: guard against .*\.gpg\.gpg[/$] */
	ret = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir,
		       path);
	if (ret < 0 || (size_t)ret >= sizeof(pass_path))
		return_err(-errno, "Path exceeded PATH_MAX");

	ret = r_mkdir(dirname(p), S_IRWXU);
	if (ret < 0)
		return ret;

	errno = 0;
	ret = access(pass_path, F_OK);
	if (errno != ENOENT)
		return_err(-EEXIST, "%s %s", path, strerror(EEXIST));

	out_stream = fopen(pass_path, "w");
	if (!out_stream)
		return_err(-errno, "%s", strerror(errno));

	ret = gpg_encrypt(out_stream, fpr, pass, n);
	fclose(out_stream);

	return ret;
}

int pass_rm(const char *path)
{
	char gpg_path[PATH_MAX], abs_path[PATH_MAX];
	int ret = 0;

	ret = set_pass_dir();
	if (ret < 0)
		return_err(ret, "PASSWORD_STORE_DIR must be set");

	ret = snprintf(gpg_path, sizeof(gpg_path), "%s.gpg", path);
	if (ret < 0 || (size_t)ret >= sizeof(gpg_path))
		return_err(-EINVAL, "Path exceeded PATH_MAX");

	ret = snprintf(abs_path, sizeof(gpg_path), "%s/%s", pass_dir, gpg_path);
	if (ret < 0 || (size_t)ret >= sizeof(abs_path))
		return_err(-EINVAL, "Path exceeded PATH_MAX");

	/* TODO: guard against .*\.gpg\.gpg[/$] */
	ret = unlink(abs_path);
	if (ret < 0)
		return_err(-errno, "%s %s", abs_path, strerror(errno));

	return r_rmdir_empty(pass_dir, dirname(gpg_path));
}