#include #include #include #include #include #include #include #include #include #include #include "libnpass/libnpass.h" #include "libnpass/gpg.h" #include "libnpass/util.h" #include "util.h" #define DEF_PASS_DIR "pass" #define DEF_STOR_LEN 64 #define FPR_MAX NAME_MAX static char pass_dir[PATH_MAX] = {0}; const char *pass_gen_set[] = { "0123456789", "0123456789" "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "0123456789" "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~", }; int set_pass_dir(void); int is_storeobj(struct dirent *dir); int set_pass_dir(void) { const char *env; env = getenv("PASSWORD_STORE_DIR"); if (env) { strncpy(pass_dir, env, sizeof(pass_dir) - 1); return 0; } env = getenv("XDG_DATA_HOME"); if (env) { snprintf(pass_dir, sizeof(pass_dir), "%s/%s", env, DEF_PASS_DIR); return 0; } env = getenv("HOME"); if (env) { snprintf(pass_dir, sizeof(pass_dir), "%s/%s/%s", env, ".local/share", DEF_PASS_DIR); return 0; } return 1; } int pass_store_cmp(const void *vp1, const void *vp2) { struct store *sp1, *sp2; sp1 = (struct store *) vp1; sp2 = (struct store *) vp2; return strcmp(sp1->name, sp2->name); } int is_storeobj(struct dirent *dir) { int r; char *s; switch (dir->d_type) { case DT_DIR: r = strcmp(dir->d_name, "."); if (r) r = strcmp(dir->d_name, ".."); return r; break; case DT_REG: s = strrchr(dir->d_name, '.'); if (!s) return 0; r = strcmp(s, ".gpg"); return (r == 0); break; default: return 0; break; } } pass_store_t pass_store_type(const char *spath) { int r; struct stat sbuf; char abs_path[PATH_MAX]; r = set_pass_dir(); if (r) err_ret(PASS_STORE_INV, "PASSWORD_STORE_DIR not set"); r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir, (spath) ? spath : ""); if (r >= (int) sizeof(abs_path)) err_ret(PASS_STORE_INV, "path exceeded PATH_MAX"); r = stat(abs_path, &sbuf); if (!r && (sbuf.st_mode & S_IFMT) == S_IFDIR) return PASS_STORE_DIR; r = snprintf(abs_path, sizeof(abs_path), "%s/%s.gpg", pass_dir, spath); if (r >= (int) sizeof(abs_path)) err_ret(PASS_STORE_INV, "path exceeded PATH_MAX"); r = stat(abs_path, &sbuf); if (r) err_ret(PASS_STORE_INV, "%s", strerror(errno)); if ((sbuf.st_mode & S_IFMT) == S_IFREG) { return PASS_STORE_ENC; } else { err_ret(PASS_STORE_INV, "%s is not a regular file", abs_path); } } DIR *openstore(const char *spath) { int r; DIR *d; const char *path; char abs_path[PATH_MAX]; pass_store_t store_type; store_type = pass_store_type(spath); if (store_type != PASS_STORE_DIR) err_ret(NULL, "%s is not a passwordstore directory", spath); if (spath) { r = snprintf(abs_path, sizeof(abs_path), "%s/%s", pass_dir, spath); if (r >= (int) sizeof(abs_path)) err_ret(NULL, "path exceeded PATH_MAX"); path = abs_path; } else { path = pass_dir; } d = opendir(path); if (!d) err_ret(NULL, "%s", strerror(errno)); return d; } int readstore(DIR *dirp, struct store *s) { struct dirent *dir; errno = 0; while ((dir = readdir(dirp))) { if (is_storeobj(dir)) break; } if (!dir) { if (errno != 0) err_ret(1, "%s", strerror(errno)); return EOF; } strncpy(s->name , dir->d_name, sizeof(s->name) - 1); switch (dir->d_type) { case DT_DIR: s->type = PASS_STORE_DIR; break; case DT_REG: /* this is safe since is_storeobj() * rejects files without .gpg suffix */ *(strrchr(s->name, '.')) = '\0'; s->type = PASS_STORE_ENC; break; default: s->type = PASS_STORE_INV; break; } return 0; } int readstore_all(const char *path, struct store **stor) { int r; void *p; size_t i; DIR *dirp; size_t len = DEF_STOR_LEN; *stor = malloc(sizeof(struct store) * len); if (!*stor) err_ret(-1, "%s", strerror(errno)); dirp = openstore(path); if (!dirp) { free(*stor); return -1; }; for (i = 0; !(r = readstore(dirp, *stor + i)); i++) { if (i < len - 1) continue; len *= 2; p = realloc(*stor, sizeof(**stor) * len); if (!p) { free(*stor); err_ret(-1, "%s", strerror(errno)); } else { *stor = p; } } return i; } int pass_init(const char *fpr) { int r; char gpg_id_path[PATH_MAX]; FILE *gpg_id; r = set_pass_dir(); if (r) err_ret(1, "PASSWORD_STORE_DIR not set"); r = gpg_key_validate(fpr); if (r) err_ret(1, "key not usable, try gpg --full-generate-key"); r = r_mkdir(pass_dir, S_IRWXU); if (r) err_ret(1, "%s %s", pass_dir, strerror(errno)); r = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir, ".gpg-id"); if (r > (int) sizeof(gpg_id_path)) err_ret(1, "path exceeded PATH_MAX"); gpg_id = fopen(gpg_id_path, "w"); if (!gpg_id) err_ret(1, "%s %s", gpg_id_path, strerror(errno)); r = fwrite(fpr, strlen(fpr), 1,gpg_id); fclose(gpg_id); if (!r) err_ret(1, "write failed"); return 0; } int pass_cat(FILE *out, const char *path) { int r; pass_store_t store_type; char pass_path[PATH_MAX]; store_type = pass_store_type(path); if (store_type != PASS_STORE_ENC) err_ret(1, "%s is not a passwordstore file", path); r = set_pass_dir(); if (r) err_ret(1, "PASSWORD_STORE_DIR not set"); r = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir, path); if (r >= (int) sizeof(pass_path)) err_ret(1, "path exceeded PATH_MAX"); r = gpg_decrypt(out, pass_path); return r; } ssize_t pass_getpass(char **lineptr, size_t *n, FILE *stream) { ssize_t r; struct termios new, old; r = tcgetattr(fileno(stream), &old); if (r) return -1; new = old; new.c_lflag &= ~ECHO; r = tcsetattr(fileno(stream), TCSAFLUSH, &new); if (r) return -1; r = getline (lineptr, n, stream); if (r > 0 && (*lineptr)[r - 1] == '\n') (*lineptr)[r - 1] = '\0'; (void) tcsetattr (fileno (stream), TCSAFLUSH, &old); return r; } int pass_gen(pass_gen_t gen, char *pass, size_t n) { int r; FILE *rand; size_t pass_gen_len; if (n <= 0) err_ret(1, "small password"); rand = fopen("/dev/urandom", "r"); if (!rand) err_ret(1, "%s", strerror(errno)); r = fread(pass, sizeof(pass[0]), n, rand); if (r != (int) n) err_ret(1, "fread failed"); pass_gen_len = strlen(pass_gen_set[gen]); for (size_t i = 0; i < n; i++) pass[i] = pass_gen_set[gen][pass[i] % (pass_gen_len - 1)]; return 0; } int pass_add(const char *path, const char *pass, size_t n) { int r; char *rc; FILE *gpg_id, *out_stream; char gpg_id_path[PATH_MAX], fpr[FPR_MAX], pass_path[PATH_MAX]; r = set_pass_dir(); if (r) err_ret(1, "PASSWORD_STORE_DIR not set"); r = snprintf(gpg_id_path, sizeof(gpg_id_path), "%s/%s", pass_dir, ".gpg-id"); if (r > (int) sizeof(gpg_id_path)) err_ret(1, "path exceeded PATH_MAX"); gpg_id = fopen(gpg_id_path, "r"); if (!gpg_id) err_ret(1, "%s %s", gpg_id_path, strerror(errno)); rc = fgets(fpr, sizeof(fpr), gpg_id); if (!rc) err_ret(1, "failed to read %s", gpg_id_path); fclose(gpg_id); util_strtrim(fpr); r = gpg_key_validate(fpr); if (r) err_ret(1, "invalid key , try gpg --list-keys"); // TODO: guard against .*\.gpg\.gpg[/$] r = snprintf(pass_path, sizeof(pass_path), "%s/%s.gpg", pass_dir, path); if (r > (int) sizeof(pass_path)) err_ret(1, "path exceeded PATH_MAX"); rc = strdup(pass_path); if (!rc) err_ret(1, "%s", strerror(errno)); (void) r_mkdir(dirname(rc), S_IRWXU); free(rc); r = access(pass_path, F_OK); if (!(errno & ENOENT)) err_ret(1, "an entry already exists for %s", path); out_stream = fopen(pass_path, "w"); if (!out_stream) err_ret(1, "%s", strerror(errno)); r = gpg_encrypt(out_stream, fpr, pass, n); fclose(out_stream); return r; } int pass_rm(const char *path) { int r = 0; char gpg_path[PATH_MAX], abs_path[PATH_MAX]; r = set_pass_dir(); if (r) err_ret(1, "PASSWORD_STORE_DIR not set"); r = snprintf(gpg_path, sizeof(gpg_path), "%s.gpg", path); if (r > (int) sizeof(gpg_path)) err_ret(1, "path exceeded PATH_MAX"); r = snprintf(abs_path, sizeof(gpg_path), "%s/%s", pass_dir, gpg_path); if (r > (int) sizeof(abs_path)) err_ret(1, "path exceeded PATH_MAX"); // TODO: guard against .*\.gpg\.gpg[/$] r = unlink(abs_path); if (r) err_ret(1, "%s %s", abs_path, strerror(errno)); return r_rmdir(pass_dir, dirname(gpg_path)); }