#include <sys/stat.h>
#include <dirent.h>
#include <errno.h>
#include <libgen.h>
#include <linux/limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include "libnpass/gpg.h"
#include "libnpass/libnpass.h"
#include "libnpass/util.h"
#include "util.h"
#define DEF_PASS_DIR "pass"
#define DEF_STOR_LEN 64
#define FPR_MAX NAME_MAX
static char pass_dir[PATH_MAX] = {0};
const char *pass_gen_set[] = {
"0123456789",
"0123456789"
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
"0123456789"
"abcdefghijklmnopqrstuvwxyz"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~",
};
static int set_pass_dir(void);
static int is_storeobj(struct dirent *dir);
static int set_pass_dir(void)
{
int r;
const char *env;
env = getenv("PASSWORD_STORE_DIR");
if (env) {
strncpy(pass_dir, env, sizeof(pass_dir) - 1);
return 0;
}
env = getenv("XDG_DATA_HOME");
if (env) {
r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env,
DEF_PASS_DIR);
if ((size_t)r > sizeof(pass_dir))
err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
return 0;
}
env = getenv("HOME");
if (env) {
r = snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env,
".local/share", DEF_PASS_DIR);
if ((size_t)r > sizeof(pass_dir))
err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
return 0;
}
return 1;
}
static int is_storeobj(struct dirent *dir)
{
int r;
char *s;
switch (dir->d_type) {
case DT_DIR:
r = strcmp(dir->d_name, ".");
if (r)
r = strcmp(dir->d_name, "..");
return r;
break;
case DT_REG:
s = strrchr(dir->d_name, '.');
if (!s)
return 0;
r = strcmp(s, ".gpg");
return (r == 0);
break;
default:
return 0;
break;
}
}
int pass_store_cmp(const void *vp1, const void *vp2)
{
struct store *sp1, *sp2;
sp1 = (struct store *)vp1;
sp2 = (struct store *)vp2;
return strcmp(sp1->name, sp2->name);
}
pass_store_t pass_store_type(const char *spath)
{
int r;
struct stat sbuf;
char abs_path[PATH_MAX];
r = set_pass_dir();
if (r)
err_ret(PASS_STORE_INV, "PASSWORD_STORE_DIR not set");
r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir,
(spath) ? spath : "");
if (r >= (int)sizeof(abs_path))
err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
r = stat(abs_path, &sbuf);
if (!r && (sbuf.st_mode & S_IFMT) == S_IFDIR)
return PASS_STORE_DIR;
r = snprintf(abs_path, sizeof(abs_path), "%s/%s.gpg", pass_dir, spath);
if (r >= (int)sizeof(abs_path))
err_ret(PASS_STORE_INV, "path exceeded PATH_MAX");
r = stat(abs_path, &sbuf);
if (r)
err_ret(PASS_STORE_INV, "%s", strerror(errno));
if ((sbuf.st_mode & S_IFMT) == S_IFREG) {
return PASS_STORE_ENC;
} else {
err_ret(PASS_STORE_INV, "%s is not a regular file", abs_path);
}
}
DIR *openstore(const char *spath)
{
int r;
DIR *d;
const char *path;
char abs_path[PATH_MAX];
pass_store_t store_type;
store_type = pass_store_type(spath);
if (store_type != PASS_STORE_DIR)
err_ret(NULL, "%s is not a passwordstore directory", spath);
if (spath) {
r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir,
spath);
if (r >= (int)sizeof(abs_path))
err_ret(NULL, "path exceeded PATH_MAX");
path = abs_path;
} else {
path = pass_dir;
}
d = opendir(path);
if (!d)
err_ret(NULL, "%s", strerror(errno));
return d;
}
int readstore(DIR *dirp, struct store *s)
{
struct dirent *dir;
errno = 0;
while ((dir = readdir(dirp))) {
if (is_storeobj(dir))
break;
}
if (!dir) {
if (errno != 0)
err_ret(1, "%s", strerror(errno));
return EOF;
}
strcpy(s->name, dir->d_name);
switch (dir->d_type) {
case DT_DIR:
s->type = PASS_STORE_DIR;
break;
case DT_REG:
/* this is safe since is_storeobj()
* rejects files without .gpg suffix */
*(strrchr(s->name, '.')) = '\0';
s->type = PASS_STORE_ENC;
break;
default:
s->type = PASS_STORE_INV;
break;
}
return 0;
}
int readstore_all(const char *path, struct store **stor)
{
int r;
void *p;
size_t i;
DIR *dirp;
size_t len = DEF_STOR_LEN;
*stor = malloc(sizeof(struct store) * len);
if (!*stor)
err_ret(-1, "%s", strerror(errno));
dirp = openstore(path);
if (!dirp) {
free(*stor);
return -1;
};
for (i = 0; !(r = readstore(dirp, *stor + i)); i++) {
if (i < len - 1)
continue;
len *= 2;
p = realloc(*stor, sizeof(**stor) * len);
if (!p) {
free(*stor);
err_ret(-1, "%s", strerror(errno));
} else {
*stor = p;
}
}
return i;
}
int pass_init(const char *fpr)
{
int r;
char gpg_id_path[PATH_MAX];
FILE *gpg_id;
r = set_pass_dir();
if (r)
err_ret(1, "PASSWORD_STORE_DIR not set");
r = gpg_key_validate(fpr);
if (r)
err_ret(1, "key not usable, try gpg --full-generate-key");
r = r_mkdir(pass_dir, S_IRWXU);
if (r)
err_ret(1, "%s %s", pass_dir, strerror(errno));
r = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir,
".gpg-id");
if (r > (int)sizeof(gpg_id_path))
err_ret(1, "path exceeded PATH_MAX");
gpg_id = fopen(gpg_id_path, "w");
if (!gpg_id)
err_ret(1, "%s %s", gpg_id_path, strerror(errno));
r = fwrite(fpr, strlen(fpr), 1, gpg_id);
fclose(gpg_id);
if (!r)
err_ret(1, "write failed");
return 0;
}
int pass_cat(FILE *out, const char *path)
{
int r;
pass_store_t store_type;
char pass_path[PATH_MAX];
store_type = pass_store_type(path);
if (store_type != PASS_STORE_ENC)
err_ret(1, "%s is not a passwordstore file", path);
r = set_pass_dir();
if (r)
err_ret(1, "PASSWORD_STORE_DIR not set");
r = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir, path);
if (r >= (int)sizeof(pass_path))
err_ret(1, "path exceeded PATH_MAX");
r = gpg_decrypt(out, pass_path);
return r;
}
ssize_t pass_getpass(char **lineptr, size_t *n, FILE *stream)
{
ssize_t r;
struct termios new, old;
r = tcgetattr(fileno(stream), &old);
if (r)
return -1;
new = old;
new.c_lflag &= ~ECHO;
r = tcsetattr(fileno(stream), TCSAFLUSH, &new);
if (r)
return -1;
r = getline(lineptr, n, stream);
if (r > 0 && (*lineptr)[r - 1] == '\n')
(*lineptr)[r - 1] = '\0';
(void)tcsetattr(fileno(stream), TCSAFLUSH, &old);
return r;
}
int pass_gen(pass_gen_t gen, char *pass, size_t n)
{
int r;
FILE *rand;
size_t pass_gen_len;
if (n <= 0)
err_ret(1, "small password");
rand = fopen("/dev/urandom", "r");
if (!rand)
err_ret(1, "%s", strerror(errno));
r = fread(pass, sizeof(pass[0]), n, rand);
if (r != (int)n)
err_ret(1, "fread failed");
pass_gen_len = strlen(pass_gen_set[gen]);
for (size_t i = 0; i < n; i++)
pass[i] = pass_gen_set[gen][pass[i] % (pass_gen_len - 1)];
return 0;
}
int pass_add(const char *path, const char *pass, size_t n)
{
int r;
char *rc;
FILE *gpg_id, *out_stream;
char gpg_id_path[PATH_MAX], fpr[FPR_MAX], pass_path[PATH_MAX];
r = set_pass_dir();
if (r)
err_ret(1, "PASSWORD_STORE_DIR not set");
r = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir,
".gpg-id");
if (r > (int)sizeof(gpg_id_path))
err_ret(1, "path exceeded PATH_MAX");
gpg_id = fopen(gpg_id_path, "r");
if (!gpg_id)
err_ret(1, "%s %s", gpg_id_path, strerror(errno));
rc = fgets(fpr, sizeof(fpr), gpg_id);
if (!rc)
err_ret(1, "failed to read %s", gpg_id_path);
fclose(gpg_id);
util_strtrim(fpr);
r = gpg_key_validate(fpr);
if (r)
err_ret(1, "invalid key , try gpg --list-keys");
/* TODO: guard against .*\.gpg\.gpg[/$] */
r = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir, path);
if (r > (int)sizeof(pass_path))
err_ret(1, "path exceeded PATH_MAX");
rc = strdup(pass_path);
if (!rc)
err_ret(1, "%s", strerror(errno));
(void)r_mkdir(dirname(rc), S_IRWXU);
free(rc);
r = access(pass_path, F_OK);
if (!(errno & ENOENT))
err_ret(1, "an entry already exists for %s", path);
out_stream = fopen(pass_path, "w");
if (!out_stream)
err_ret(1, "%s", strerror(errno));
r = gpg_encrypt(out_stream, fpr, pass, n);
fclose(out_stream);
return r;
}
int pass_rm(const char *path)
{
int r = 0;
char gpg_path[PATH_MAX], abs_path[PATH_MAX];
r = set_pass_dir();
if (r)
err_ret(1, "PASSWORD_STORE_DIR not set");
r = snprintf(gpg_path, sizeof(gpg_path), "%s.gpg", path);
if (r > (int)sizeof(gpg_path))
err_ret(1, "path exceeded PATH_MAX");
r = snprintf(abs_path, sizeof(gpg_path), "%s/%s", pass_dir, gpg_path);
if (r > (int)sizeof(abs_path))
err_ret(1, "path exceeded PATH_MAX");
/* TODO: guard against .*\.gpg\.gpg[/$] */
r = unlink(abs_path);
if (r)
err_ret(1, "%s %s", abs_path, strerror(errno));
return r_rmdir(pass_dir, dirname(gpg_path));
}
