/relevation/branches/1.3/CHANGELOG |
---|
0,0 → 1,40 |
$Date$ |
1.3 (?): |
- Check file magic [#230] and reject unsupported data formats |
- Support the new data file format [#228] |
- Added extra checks for data integrity |
1.2.1 (2013-11-05): |
- Minimal GUI Fixes: |
- Updated to the changes in 1.2 |
- Handle lack of matches gracefully |
- Integrated specfile from Fedora Rawhide |
1.2 (2013-10-21): |
- Bugfix: Make case-insensitive search work on uppercase search |
strings |
- Print "notes" |
- Allow searches with "AND" operator: |
- OR is used by default, as in previous versions |
- New command-line flags: --and / -A and --or / -O |
- New config file option: mode (possibles values 'and' and 'or') |
- Use getpass when asking for a password to suspend echoing it (suggested |
by Jorge Gallegos) |
- Explicitly filter out folder entries when filtering by other types |
1.1 (2011-07-13): |
- Support cryptopy if PyCrypto is not available. Enhances |
cross-platform support. |
- Print an error message if the decryption produced wrong data |
(normally caused by a bad password) |
- Add PyCrypto/cryptopy to version info (--version) |
- Windows support enhancements: |
- Minimalistic GUI |
- Py2exe support |
- Packaging scripts |
- Fix uninstall procedure |
1.0 (2011-06-30): |
- First public release |
Property changes: |
Added: svn:keywords |
+Rev Id Date |
\ No newline at end of property |
/relevation/branches/1.3/relevation.py |
---|
0,0 → 1,649 |
#!/usr/bin/env python |
# -*- coding: UTF-8 -*- |
""" |
Relevation Password Printer |
a command line interface to Revelation Password Manager. |
Code based on Revelation's former BTS (no longer online, not archived?): |
(ref1) code: |
http://oss.wired-networks.net/bugzilla/attachment.cgi?id=13&action=view |
(ref2) bug report: |
http://oss.wired-networks.net/bugzilla/show_bug.cgi?id=111 |
-> http://web.archive.org/http://oss.wired-networks.net/bugzilla/show_bug.cgi?id=111 |
(ref3) http://docs.python.org/library/zlib.html |
(ref4) http://pymotw.com/2/getpass/ |
$Id$ |
""" |
# Relevation Password Printer |
# |
# Copyright (c) 2011,2012,2013,2014 Toni Corvera |
# All rights reserved. |
# |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions are |
# met: |
# 1. Redistributions of source code must retain the above copyright |
# notice, this list of conditions and the following disclaimer. |
# 2. Redistributions in binary form must reproduce the above copyright |
# notice, this list of conditions and the following disclaimer in the |
# documentation and/or other materials provided with the distribution. |
# |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
# POSSIBILITY OF SUCH DAMAGE. |
import ConfigParser |
import getopt |
import getpass |
from lxml import etree |
import os |
import stat |
import string |
import sys |
import zlib |
# Help py2exe in packaging lxml |
# <http://www.py2exe.org/index.cgi/WorkingWithVariousPackagesAndModules> |
import lxml._elementpath as _dummy |
import gzip # py2exe again |
import hashlib # required by newer format |
# PBKDF2 stolen from Revelation |
import PBKDF2 |
USE_PYCRYPTO = True |
try: |
from Crypto.Cipher import AES |
except ImportError: |
USE_PYCRYPTO = False |
try: |
from crypto.cipher import rijndael, cbc |
from crypto.cipher.base import noPadding |
except ImportError: |
sys.stderr.write('Either PyCrypto or cryptopy is required\n') |
raise |
__author__ = 'Toni Corvera' |
__date__ = '$Date$' |
__revision__ = '$Rev$' |
__version_info__ = ( 1, 3 ) #, 0 ) # Note: For x.y.0, only x and y are kept |
__version__ = '.'.join(map(str, __version_info__)) |
RELEASE=True |
# These are pseudo-standardized exit codes, in Linux (*NIX?) they are defined |
#+in the header </usr/include/sysexits.h> and available as properties of 'os' |
#+In windows they aren't defined at all |
if 'EX_OK' not in dir(os): |
# If not defined set them manually |
codes = { 'EX_OK': 0, 'EX_USAGE': 64, 'EX_DATAERR': 65, |
'EX_NOINPUT': 66, 'EX_SOFTWARE': 70, 'EX_IOERR': 74, |
} |
for (k,v) in codes.items(): |
setattr(os, k, v) |
del codes, k, v |
TAGNAMES ={ 'generic-url': 'Url:', |
'generic-username': 'Username:', |
'generic-password': 'Password:', |
'generic-email': 'Email:', |
'generic-hostname': 'Hostname:', |
'generic-location': 'Location:', |
'generic-code': 'Code:', |
'generic-certificate': 'Certificate:', |
'generic-database': 'Database:', |
'generic-domain': 'Domain:', |
'generic-keyfile': 'Key file:', |
'generic-pin': 'PIN', |
'generic-port': 'Port' |
} |
MODE_AND='and' |
MODE_OR='or' |
# Errors |
class Errors(object): |
class Error(Exception): |
def __str__(self): |
return self.msg |
class DecryptError(Error): |
def __init__(self, msg = 'Failed to decrypt data. Wrong password?'): |
self.msg = msg |
class DataFormatError(Error): |
def __init__(self, msg = 'Incorrect data format'): |
self.msg = msg |
def printe(s): |
' Print to stderr ' |
sys.stderr.write(s+'\n') |
def usage(channel): |
' Print help message ' |
def p(s): |
channel.write(s) |
p('%s {-f passwordfile} {-p password | -0} [search] [search2] [...]\n' % sys.argv[0]) |
p('\nOptions:\n') |
# Reference: 80 characters |
# ------------------------------------------------------------------------------- |
p(' -f FILE, --file=FILE Revelation password file.\n') |
p(' -p PASS, --password=PASS Master password.\n') |
p(' -s SEARCH, --search=SEARCH Search for string.\n') |
p(' -i, --case-insensitive Case insensitive search (default).\n') |
p(' -c, --case-sensitive Case sensitive search.\n') |
p(' -a, --ask Interactively ask for password.\n') |
p(' Note it will be displayed in clear as you\n') |
p(' type it.\n') |
p(' -t TYPE, --type=TYPE Print only entries of type TYPE.\n') |
p(' With no search string, prints all entries of\n') |
p(' type TYPE.\n') |
p(' -A, --and When multiple search terms are used, use an AND\n') |
p(' operator to combine them.\n') |
p(' -O, --or When multiple search terms are used, use an OR\n') |
p(' operator to combine them.\n') |
p(' -x, --xml Dump unencrypted XML document.\n') |
p(' -0, --stdin Read password from standard input.\n') |
p(' -h, --help Print help (this message).\n') |
p(' --version Print the program\'s version information.\n') |
p('\n') |
def make_xpath_query(search_text=None, type_filter=None, ignore_case=True, negate_filter=False): |
''' Construct the actual XPath expression |
make_xpath_query(str, str, bool, bool) -> str |
or |
make_xpath_query(list, str, bool, bool) -> str |
Passing a list as the second argument implies combining its elements |
in the search (AND) |
''' |
xpath = '/revelationdata//entry' |
if type_filter: |
sign = '=' |
if negate_filter: |
sign = '!=' |
xpath = '%s[@type%s"%s"]' % ( xpath, sign, type_filter ) |
if type_filter != 'folder': |
# Avoid printing folders since all their children are printed |
# alongside |
xpath += '[@type!="folder"]' |
if search_text: |
#xpath = xpath + '//text()' |
needles = [] |
if type(search_text) == str: |
needles = [ search_text, ] |
else: |
needles = search_text |
selector = '' |
for search in needles: |
if ignore_case: |
# must pass lowercase to actually be case insensitive |
search = string.lower(search) |
# XPath 2.0 has lower-case, upper-case, matches(..., -i) etc. |
selector += '//text()[contains(translate(., "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz"), "%s")]/../..' % search |
else: |
selector += '//text()[contains(., "%s")]/../..' % search |
xpath = '%s%s' % ( xpath, selector ) |
if not RELEASE: |
printe("> Xpath: %s\n" % xpath) |
return xpath |
def dump_all_entries(xmldata): |
' Dump all entries from xmldata, with no filter at all ' |
tree = etree.fromstring(xmldata) |
res = tree.xpath('//entry') |
return dump_result(res, 'all') |
def dump_entries(xmldata, search_text=None, type_filter=None, ignore_case=True, negate_filter=False): |
''' Dump entries from xmldata that match criteria |
dump_entries(str, str, str, bool, bool) -> int |
or |
dump_entries(str, list, str, bool, bool) -> int |
''' |
tree = etree.fromstring(xmldata) |
xpath = make_xpath_query(search_text, type_filter, ignore_case, negate_filter) |
try: |
res = tree.xpath(xpath) |
except etree.XPathEvalError: |
if not RELEASE: |
printe('Failed with xpath expression: %s' % xpath) |
raise |
query_desc = '' |
if search_text: |
query_desc = '"%s"' % search_text |
if type_filter: |
neg = '' |
if negate_filter: |
neg = 'not ' |
if search_text: |
query_desc = '%s (\'%s%s\' entries)' % ( query_desc, neg, type_filter ) |
else: |
query_desc = '%s%s entries' % ( neg, type_filter ) |
nr = dump_result(res, query_desc) |
return nr |
def dump_single_result(typeName, name, descr, notes, fields): |
printe('-------------------------------------------------------------------------------') |
s = '\n' |
s += 'Type: %s\n' % typeName |
s += 'Name: %s\n' % name |
s += 'Description: %s\n' % descr |
s += 'Notes: %s\n' % notes |
for field in fields: |
s += '%s %s\n' % field # field, value |
#s += '\n' |
print s |
def dump_result(res, query_desc, dumpfn=dump_single_result): |
''' Print query results. |
dump_result(list of entries, query description) -> int |
''' |
print '-> Search %s: ' % query_desc, |
if not len(res): |
print 'No results' |
return False |
print '%d matches' % len(res) |
for x in res: |
typeName = x.get('type') |
name = None |
descr = None |
fields = [] |
notes = None |
for chld in x.getchildren(): |
n = chld.tag |
val = chld.text |
if val is None: |
val = '' |
if n == 'name': |
name = val |
elif n == 'description': |
descr = val |
elif n == 'field': |
idv = chld.get('id') |
if idv in TAGNAMES: |
idv = TAGNAMES[idv] |
val = chld.text |
if val is None: |
val = '' |
# Maintain order => list |
fields += [ ( idv, val ), ] |
elif n == 'notes': |
notes = val |
dumpfn(typeName, name, descr, notes, fields) |
# / for chld in x.children |
nr = len(res) |
plural = '' |
if nr > 1: |
plural = 's' |
printe('-------------------------------------------------------------------------------') |
printe('<- (end of %d result%s for {%s})\n' % ( nr, plural, query_desc )) |
return nr |
def world_readable(path): |
' Check if a file is readable by everyone ' |
assert os.path.exists(path) |
if sys.platform == 'win32': |
return True |
st = os.stat(path) |
return bool(st.st_mode & stat.S_IROTH) |
def load_config(): |
''' Load configuration file if one is found |
load_config() -> ( str file, str pass ) |
''' |
cfg = os.path.join(os.path.expanduser('~'), '.relevation.conf') |
pw = None |
fl = None |
mode = MODE_OR |
if os.path.isfile(cfg): |
if os.access(cfg, os.R_OK): |
wr = world_readable(cfg) |
if wr and sys.platform != 'win32': |
printe('Configuration (~/.relevation.conf) is world-readable!!!') |
parser = ConfigParser.ConfigParser() |
parser.read(cfg) |
ops = parser.options('relevation') |
if 'file' in ops: |
fl = os.path.expanduser(parser.get('relevation', 'file')) |
if 'password' in ops: |
if wr: # TODO: how to check in windows? |
printe('Your password can be read by anyone!!!') |
pw = parser.get('relevation', 'password') |
if 'mode' in ops: |
mode = parser.get('relevation', 'mode') |
if mode not in [ MODE_AND, MODE_OR ]: |
printe('Warning: Unknown mode \'%s\' set in configuration' % mode) |
mode=MODE_OR |
else: # exists but not readable |
printe('Configuration file (~/.relevation.conf) is not readable!') |
return ( fl, pw, mode ) |
class _DataReaderBase(object): |
' Common methods for reading data files ' |
def validate_compressed_padding(self, data): |
''' Checks that the gzip-compressed 'data' is padded correctly. |
validate_compressed_padding(str) -> bool |
''' |
padlen = ord(data[-1]) |
for i in data[-padlen:]: |
if ord(i) != padlen: |
return False |
return True |
def validate_cipher_length(self, data): |
''' Checks that encrypted 'data' has an appropriate length. |
validate_cipher_length(str) -> bool |
Encrypted data length must be a multiple of 16 |
''' |
return ( len(data) % 16 == 0 ) |
def _aes_decrypt_ecb(self, key, data): |
''' Decrypt AES cipher text in ECB mode |
_aes_decrypt_ecb(str, str) -> str |
This function will use the underlying, available, cipher module. |
''' |
if USE_PYCRYPTO: |
c = AES.new(key) |
cleardata = c.decrypt(data) |
else: |
c = rijndael.Rijndael(key, keySize=len(key), padding=noPadding()) |
cleardata = c.decrypt(data) |
return cleardata |
def _aes_decrypt_cbc(self, key, iv, data): |
''' Decrypt AES cipher text in CBC mode |
_aes_decrypt_ecb(str, str, str) -> str |
This function will use the underlying, available, cipher module. |
''' |
if USE_PYCRYPTO: |
c = AES.new(key, AES.MODE_CBC, iv) |
cleardata = c.decrypt(data) |
else: |
bc = rijndael.Rijndael(key, keySize=len(key), padding=noPadding()) |
c = cbc.CBC(bc, padding=noPadding()) |
cleardata = c.decrypt(data, iv=iv) |
return cleardata |
def get_xml(self, data, password): |
''' Extract the XML contents from the encrypted and compressed input. |
get_xml(str, str) -> str |
''' |
pass |
class DataReaderV1(_DataReaderBase): |
''' Data reading for Revelation data files in the original format. |
Old format header: |
[0:12) 12B header: "rvl" 0x00, 0x01, 0x00 |
[12:28) 16B ECB encrypted IV (for CBC-encrypted data) |
[28:] CBC encrypted data |
''' |
def _decrypt_compressed_data(self, password, cipher_text): |
''' Decrypt cipher_text using password. |
_decrypt_compressed_data(str, str) -> cleartext (gzipped xml) |
''' |
# Minimum length of header |
if len(cipher_text) < 28: |
raise Errors.DataFormatError |
# Key <= Padded password |
key = password |
key += (chr(0) * (32 - len(password))) |
# Extract IV |
iv = self._aes_decrypt_ecb(key, cipher_text[12:28]) |
# Skip IV |
cipher_text = cipher_text[28:] |
# Input strings for decrypt must be a multiple of 16 in length |
if not self.validate_cipher_length(cipher_text): |
raise Errors.DataFormatError |
# Decrypt data, CBC mode |
return self._aes_decrypt_cbc(key, iv, cipher_text) |
def get_xml(self, data, password): |
# Decrypt. Decrypted data is compressed |
cleardata_gz = self._decrypt_compressed_data(password, data) |
# Validate padding for decompression |
if not self.validate_compressed_padding(cleardata_gz): |
raise Errors.DataFormatError |
# Decompress actual data (15 is wbits [ref3] DON'T CHANGE, 2**15 is the (initial) buf size) |
padlen = ord(cleardata_gz[-1]) |
return zlib.decompress(cleardata_gz[:-padlen], 15, 2**15) |
class DataReaderV2(_DataReaderBase): |
''' Data reading for Revelation data files in the new format. |
New format header: |
[0:12) 12B header: "rvl" 0x00, 0x02, 0x00 |
[12:20) 8B salt |
[20:36) 16B IV (for CBC-encrypted data) |
[36:] CBC encrypted data |
The encryption key is derived from the password and salt through the |
PBKDF2 module. |
''' |
def _decrypt_compressed_data(self, password, cipher_text): |
# Minimum length of header |
if len(cipher_text) < 36: |
raise Errors.DataFormatError |
salt = cipher_text[12:20] |
iv = cipher_text[20:36] |
key = PBKDF2.PBKDF2(password, salt, iterations=12000).read(32) |
# Skip encryption header |
cipher_text = cipher_text[36:] |
if not self.validate_cipher_length(cipher_text): |
raise Errors.DataFormatError |
# Decrypt data (CBC) |
decrypted = self._aes_decrypt_cbc(key, iv, cipher_text) |
sha256hash = decrypted[0:32] |
# Skip hash. decrypted <= Decrypted, Compressed data |
decrypted = decrypted[32:] |
# Validate hash |
if sha256hash != hashlib.sha256(decrypted).digest(): |
raise Errors.DecryptError |
return decrypted |
def get_xml(self, data, password): |
# Decrypt... |
cleardata_gz = self._decrypt_compressed_data(password, data) |
# Validate padding for decompression |
if not self.validate_compressed_padding(cleardata_gz): |
raise Errors.DataFormatError |
# Decompress |
padlen = ord(cleardata_gz[-1]) |
return zlib.decompress(cleardata_gz[:-padlen]) |
class DataReader(object): |
''' Interface to read Revelation's data files ''' |
def __init__(self, filename): |
''' DataReader(str) |
Loads file data and checks file format and data version for compatibility |
raises IOError If filename not readable |
raises IOError If filename not in Revelation format |
raises IOError If filename not in a supported data format version |
''' |
self._impl = None |
self._data = None |
self._filename = filename |
f = None |
try: |
if not os.access(filename, os.R_OK): |
raise IOError('File \'%s\' not accessible' % filename) |
f = open(filename, "rb") |
# Encrypted data |
self._data = f.read() |
finally: |
if f: |
f.close() |
self._check_header() |
def _check_header(self): |
''' Checks the file header for compatibility |
_check_header() -> None |
''' |
header = self._data[0:12] |
magic = header[0:4] |
if magic != "rvl\x00": |
raise IOError('File \'%s\' not in the correct format' % self._filename) |
data_version = header[4] |
app_version = header[6:9] |
if data_version == '\x01': |
self._impl = DataReaderV1() |
elif data_version == '\x02': |
self._impl = DataReaderV2() |
else: |
raise IOError('File \'%s\' is in a newer, unsupported, data format' % self._filename) |
def get_xml(self, password): |
''' Decrypt and decompress file data |
get_xml(str) -> str |
''' |
return self._impl.get_xml(self._data, password) |
def main(argv): |
datafile = None |
password = None |
# values to search for |
needles = [] |
caseInsensitive = True |
# individual search: ( 'value to search', 'type of search', 'type of entry to filter' ) |
searchTypes = [] |
dump_xml = False |
mode = None |
printe('Relevation v%s, (c) 2011-2014 Toni Corvera\n' % __version__) |
# ---------- OPTIONS ---------- # |
( datafile, password, mode ) = load_config() |
try: |
# gnu_getopt requires py >= 2.3 |
ops, args = getopt.gnu_getopt(argv, 'f:p:s:0ciaht:xAO', |
[ 'file=', 'password=', 'search=', 'stdin', |
'case-sensitive', 'case-insensitive', 'ask', |
'help', 'version', 'type=', 'xml', |
'and', 'or' ]) |
except getopt.GetoptError, err: |
print str(err) |
usage(sys.stderr) |
sys.exit(os.EX_USAGE) |
if args: |
needles = args |
if ( '-h', '' ) in ops or ( '--help', '' ) in ops: |
usage(sys.stdout) |
sys.exit(os.EX_OK) |
if ( '--version', '' ) in ops: |
release='' |
if not RELEASE: |
release=' [DEBUG]' |
print 'Relevation version %s%s' % ( __version__, release ) |
print 'Python version %s' % sys.version |
if USE_PYCRYPTO: |
import Crypto |
print 'PyCrypto version %s' % Crypto.__version__ |
else: |
# AFAIK cryptopy doesn't export version info |
print 'cryptopy' |
sys.exit(os.EX_OK) |
for opt, arg in ops: |
if opt in ( '-f', '--file' ): |
datafile = arg |
elif opt in ( '-p', '--password' ): |
password = arg |
elif opt in ( '-a', '--ask', '-0', '--stdin' ): |
prompt = '' |
if opt in ( '-a', '--ask' ): |
prompt = 'File password: ' |
# see [ref4] |
if sys.stdin.isatty(): |
password = getpass.getpass(prompt=prompt, stream=sys.stderr) |
else: |
# Not a terminal, getpass won't work |
password = sys.stdin.readline(); |
password = password[:-1] # XXX: would .rstrip() be safe enough? |
elif opt in ( '-s', '--search' ): |
needles.append(arg) |
elif opt in ( '-i', '--case-insensitive' ): |
caseInsensitive = True |
elif opt in ( '-c', '--case-sensitive' ): |
caseInsensitive = False |
elif opt in ( '-t', '--type' ): |
iarg = arg.lower() |
neg = False |
if iarg.startswith('-'): |
iarg = iarg[1:] |
neg = True |
if not iarg in ( 'creditcard', 'cryptokey', 'database', 'door', 'email', |
'folder', 'ftp', 'generic', 'phone', 'shell', 'website' ): |
printe('Warning: Type "%s" is not known by relevation.' % arg) |
searchTypes.append( ( iarg, neg ) ) |
elif opt in ( '-x', '--xml' ): |
dump_xml = True |
elif opt in ( '-A', '--and' ): |
mode = MODE_AND |
elif opt in ( '-O', '--or' ): |
mode = MODE_OR |
else: |
printe('Unhandled option: %s' % opt) |
assert False, "internal error parsing options" |
if not datafile or not password: |
usage(sys.stderr) |
if not datafile: |
printe('Input password filename is required') |
if not password: |
printe('Password is required') |
sys.exit(os.EX_USAGE) |
# ---------- PASSWORDS FILE DECRYPTION AND DECOMPRESSION ---------- # |
xmldata = DataReader(datafile).get_xml(password) |
# ---------- QUERIES ---------- # |
if dump_xml: |
print xmldata |
sys.exit(os.EX_OK) |
# Multiply values to search by type of searches |
numhits = 0 |
if not ( needles or searchTypes ): # No search nor filters, print all |
numhits = dump_all_entries(xmldata) |
elif not searchTypes: # Simple case, all searches are text searches |
if mode == MODE_OR: |
for text in needles: |
numhits += dump_entries(xmldata, text, 'folder', caseInsensitive, True) |
else: |
assert mode == MODE_AND, "Unknown boolean operation mode" |
numhits += dump_entries(xmldata, needles, 'folder', caseInsensitive, True) |
elif needles: |
if mode == MODE_OR: # Do a search filtered for each type |
for text in needles: |
for ( sfilter, negate ) in searchTypes: |
numhits += dump_entries(xmldata, text, sfilter, caseInsensitive, |
negate_filter=negate) |
else: # Do a combined search, filter for each type |
assert mode == MODE_AND, "Unknown boolean operation mode" |
for ( sfilter, negate ) in searchTypes: |
numhits += dump_entries(xmldata, needles, sfilter, caseInsensitive, |
negate_filter=negate) |
else: # Do a search only of types |
for ( sfilter, negate ) in searchTypes: |
numhits += dump_entries(xmldata, None, sfilter, negate_filter=negate) |
if numhits == 0: |
sys.exit(80) |
if __name__ == '__main__': |
try: |
main(sys.argv[1:]) |
except zlib.error: |
printe('Failed to decompress decrypted data. Wrong password?') |
sys.exit(os.EX_DATAERR) |
except etree.XMLSyntaxError as e: |
printe('XML parsing error') |
if not RELEASE: |
traceback.print_exc() |
sys.exit(os.EX_DATAERR) |
except IOError as e: |
if not RELEASE: |
traceback.print_exc() |
printe(str(e)) |
sys.exit(os.EX_IOERR) |
# vim:set ts=4 et ai fileencoding=utf-8: # |
Property changes: |
Added: svn:executable |
Added: svn:keywords |
+Rev Id Date |
\ No newline at end of property |
/relevation/branches/1.3/PBKDF2.py |
---|
0,0 → 1,297 |
#!/usr/bin/python |
# -*- coding: ascii -*- |
########################################################################### |
# pbkdf2 - PKCS#5 v2.0 Password-Based Key Derivation |
# |
# Copyright (C) 2007-2011 Dwayne C. Litzenberger <dlitz@dlitz.net> |
# |
# Permission is hereby granted, free of charge, to any person obtaining |
# a copy of this software and associated documentation files (the |
# "Software"), to deal in the Software without restriction, including |
# without limitation the rights to use, copy, modify, merge, publish, |
# distribute, sublicense, and/or sell copies of the Software, and to |
# permit persons to whom the Software is furnished to do so, subject to |
# the following conditions: |
# |
# The above copyright notice and this permission notice shall be |
# included in all copies or substantial portions of the Software. |
# |
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE |
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION |
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
# |
# Country of origin: Canada |
# |
########################################################################### |
# Sample PBKDF2 usage: |
# from Crypto.Cipher import AES |
# from pbkdf2 import PBKDF2 |
# import os |
# |
# salt = os.urandom(8) # 64-bit salt |
# key = PBKDF2("This passphrase is a secret.", salt).read(32) # 256-bit key |
# iv = os.urandom(16) # 128-bit IV |
# cipher = AES.new(key, AES.MODE_CBC, iv) |
# ... |
# |
# Sample crypt() usage: |
# from pbkdf2 import crypt |
# pwhash = crypt("secret") |
# alleged_pw = raw_input("Enter password: ") |
# if pwhash == crypt(alleged_pw, pwhash): |
# print "Password good" |
# else: |
# print "Invalid password" |
# |
########################################################################### |
__version__ = "1.3" |
__all__ = ['PBKDF2', 'crypt'] |
from struct import pack |
from random import randint |
import string |
import sys |
try: |
# Use PyCrypto (if available). |
from Crypto.Hash import HMAC, SHA as SHA1 |
except ImportError: |
# PyCrypto not available. Use the Python standard library. |
import hmac as HMAC |
try: |
from hashlib import sha1 as SHA1 |
except ImportError: |
# hashlib not available. Use the old sha module. |
import sha as SHA1 |
# |
# Python 2.1 thru 3.2 compatibility |
# |
if sys.version_info[0] == 2: |
_0xffffffffL = long(1) << 32 |
def isunicode(s): |
return isinstance(s, unicode) |
def isbytes(s): |
return isinstance(s, str) |
def isinteger(n): |
return isinstance(n, (int, long)) |
def b(s): |
return s |
def binxor(a, b): |
return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)]) |
def b64encode(data, chars="+/"): |
tt = string.maketrans("+/", chars) |
return data.encode('base64').replace("\n", "").translate(tt) |
from binascii import b2a_hex |
else: |
_0xffffffffL = 0xffffffff |
def isunicode(s): |
return isinstance(s, str) |
def isbytes(s): |
return isinstance(s, bytes) |
def isinteger(n): |
return isinstance(n, int) |
def callable(obj): |
return hasattr(obj, '__call__') |
def b(s): |
return s.encode("latin-1") |
def binxor(a, b): |
return bytes([x ^ y for (x, y) in zip(a, b)]) |
from base64 import b64encode as _b64encode |
def b64encode(data, chars="+/"): |
if isunicode(chars): |
return _b64encode(data, chars.encode('utf-8')).decode('utf-8') |
else: |
return _b64encode(data, chars) |
from binascii import b2a_hex as _b2a_hex |
def b2a_hex(s): |
return _b2a_hex(s).decode('us-ascii') |
xrange = range |
class PBKDF2(object): |
"""PBKDF2.py : PKCS#5 v2.0 Password-Based Key Derivation |
This implementation takes a passphrase and a salt (and optionally an |
iteration count, a digest module, and a MAC module) and provides a |
file-like object from which an arbitrarily-sized key can be read. |
If the passphrase and/or salt are unicode objects, they are encoded as |
UTF-8 before they are processed. |
The idea behind PBKDF2 is to derive a cryptographic key from a |
passphrase and a salt. |
PBKDF2 may also be used as a strong salted password hash. The |
'crypt' function is provided for that purpose. |
Remember: Keys generated using PBKDF2 are only as strong as the |
passphrases they are derived from. |
""" |
def __init__(self, passphrase, salt, iterations=1000, |
digestmodule=SHA1, macmodule=HMAC): |
self.__macmodule = macmodule |
self.__digestmodule = digestmodule |
self._setup(passphrase, salt, iterations, self._pseudorandom) |
def _pseudorandom(self, key, msg): |
"""Pseudorandom function. e.g. HMAC-SHA1""" |
return self.__macmodule.new(key=key, msg=msg, |
digestmod=self.__digestmodule).digest() |
def read(self, bytes): |
"""Read the specified number of key bytes.""" |
if self.closed: |
raise ValueError("file-like object is closed") |
size = len(self.__buf) |
blocks = [self.__buf] |
i = self.__blockNum |
while size < bytes: |
i += 1 |
if i > _0xffffffffL or i < 1: |
# We could return "" here, but |
raise OverflowError("derived key too long") |
block = self.__f(i) |
blocks.append(block) |
size += len(block) |
buf = b("").join(blocks) |
retval = buf[:bytes] |
self.__buf = buf[bytes:] |
self.__blockNum = i |
return retval |
def __f(self, i): |
# i must fit within 32 bits |
assert 1 <= i <= _0xffffffffL |
U = self.__prf(self.__passphrase, self.__salt + pack("!L", i)) |
result = U |
for j in xrange(2, 1+self.__iterations): |
U = self.__prf(self.__passphrase, U) |
result = binxor(result, U) |
return result |
def hexread(self, octets): |
"""Read the specified number of octets. Return them as hexadecimal. |
Note that len(obj.hexread(n)) == 2*n. |
""" |
return b2a_hex(self.read(octets)) |
def _setup(self, passphrase, salt, iterations, prf): |
# Sanity checks: |
# passphrase and salt must be str or unicode (in the latter |
# case, we convert to UTF-8) |
if isunicode(passphrase): |
passphrase = passphrase.encode("UTF-8") |
elif not isbytes(passphrase): |
raise TypeError("passphrase must be str or unicode") |
if isunicode(salt): |
salt = salt.encode("UTF-8") |
elif not isbytes(salt): |
raise TypeError("salt must be str or unicode") |
# iterations must be an integer >= 1 |
if not isinteger(iterations): |
raise TypeError("iterations must be an integer") |
if iterations < 1: |
raise ValueError("iterations must be at least 1") |
# prf must be callable |
if not callable(prf): |
raise TypeError("prf must be callable") |
self.__passphrase = passphrase |
self.__salt = salt |
self.__iterations = iterations |
self.__prf = prf |
self.__blockNum = 0 |
self.__buf = b("") |
self.closed = False |
def close(self): |
"""Close the stream.""" |
if not self.closed: |
del self.__passphrase |
del self.__salt |
del self.__iterations |
del self.__prf |
del self.__blockNum |
del self.__buf |
self.closed = True |
def crypt(word, salt=None, iterations=None): |
"""PBKDF2-based unix crypt(3) replacement. |
The number of iterations specified in the salt overrides the 'iterations' |
parameter. |
The effective hash length is 192 bits. |
""" |
# Generate a (pseudo-)random salt if the user hasn't provided one. |
if salt is None: |
salt = _makesalt() |
# salt must be a string or the us-ascii subset of unicode |
if isunicode(salt): |
salt = salt.encode('us-ascii').decode('us-ascii') |
elif isbytes(salt): |
salt = salt.decode('us-ascii') |
else: |
raise TypeError("salt must be a string") |
# word must be a string or unicode (in the latter case, we convert to UTF-8) |
if isunicode(word): |
word = word.encode("UTF-8") |
elif not isbytes(word): |
raise TypeError("word must be a string or unicode") |
# Try to extract the real salt and iteration count from the salt |
if salt.startswith("$p5k2$"): |
(iterations, salt, dummy) = salt.split("$")[2:5] |
if iterations == "": |
iterations = 400 |
else: |
converted = int(iterations, 16) |
if iterations != "%x" % converted: # lowercase hex, minimum digits |
raise ValueError("Invalid salt") |
iterations = converted |
if not (iterations >= 1): |
raise ValueError("Invalid salt") |
# Make sure the salt matches the allowed character set |
allowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./" |
for ch in salt: |
if ch not in allowed: |
raise ValueError("Illegal character %r in salt" % (ch,)) |
if iterations is None or iterations == 400: |
iterations = 400 |
salt = "$p5k2$$" + salt |
else: |
salt = "$p5k2$%x$%s" % (iterations, salt) |
rawhash = PBKDF2(word, salt, iterations).read(24) |
return salt + "$" + b64encode(rawhash, "./") |
# Add crypt as a static method of the PBKDF2 class |
# This makes it easier to do "from PBKDF2 import PBKDF2" and still use |
# crypt. |
PBKDF2.crypt = staticmethod(crypt) |
def _makesalt(): |
"""Return a 48-bit pseudorandom salt for crypt(). |
This function is not suitable for generating cryptographic secrets. |
""" |
binarysalt = b("").join([pack("@H", randint(0, 0xffff)) for i in range(3)]) |
return b64encode(binarysalt, "./") |
# vim:set ts=4 sw=4 sts=4 expandtab: |
/relevation/branches/1.3/GNUmakefile |
---|
0,0 → 1,94 |
# $Id$ |
prefix:=/usr/local |
DESTDIR:= |
PKG=relevation |
VERSION=$(shell printf 'import relevation\nprint relevation.__version__' | python - && $(RM) $(PKG).pyc) |
PKGVER=$(PKG)-$(VERSION) |
PACKAGER:=$(shell finger -lp `echo $USER` 2>/dev/null | head -n1 | cut -d: -f3) |
ifeq ($(PACKAGER),) |
PACKAGER:=$(shell getent passwd "`id -un`" | cut -d: -f5 | cut -d, -f1) |
endif |
TAR_EXCLUDES=--exclude-vcs --exclude=$(PKGVER) \ |
--exclude=*.swp --exclude=*.pyo --exclude=*.pyc \ |
--exclude=manpage.html --exclude=manpage.pdf |
IS_RELEASE=$(shell printf 'import relevation\nif not relevation.RELEASE:\n\traise Exception("RELEASE is False")' | python - ) |
INSTALLROOT=$(DESTDIR)$(prefix) |
MANROOT=$(INSTALLROOT)/share/man |
all: $(PKG).1 |
testman: |
docbook-to-man manpage.sgml | nroff -man | less |
clean: |
-$(RM) *.pyc *.pyo manpage.html manpage.pdf $(PKG).spec |
distclean: clean |
-$(RM) $(PKGVER).tar.gz $(PKGVER).zip |
-$(RM) -r dist build $(PKGVER)/ |
install: |
install -D -m755 $(PKG).py $(INSTALLROOT)/bin/$(PKG) |
install -D -m644 $(PKG).1 $(MANROOT)/man1/$(PKG).1 |
# Extra tools |
install -d $(INSTALLROOT)/share/doc/$(PKG)/extra |
for tool in gui.py devtools/*.py; do \ |
install -D -m755 $$tool $(INSTALLROOT)/share/doc/$(PKG)/extra/ ; \ |
done |
uninstall: |
-$(RM) $(INSTALLROOT)/bin/$(PKG) $(INSTALLROOT)/share/man/man1/$(PKG).1 |
-for tool in gui.py devtools/*.py; do \ |
$(RM) $(INSTALLROOT)/share/doc/$(PKG)/extra/`basename $$tool` ; \ |
done |
-rmdir --parents $(INSTALLROOT)/share/doc/$(PKG)/extra/ \ |
$(MANROOT)/man1/ \ |
$(INSTALLROOT)/bin/ |
$(PKG).1: manpage_source.sgml |
docbook-to-man $< > $@ |
manpage.html: $(PKG).1 |
man2html $< | sed '1,2d' > $@ |
manpage.pdf: $(PKG).1 |
man -t ./$(PKG).1 | ps2pdf14 - > $@ |
is_release: |
# Only allowed if RELEASE |
printf 'import relevation\nif not relevation.RELEASE:\n\traise Exception("RELEASE is False")' | python - |
package_copy: |
@# Make a temporary copy to package |
-mkdir $(PKGVER) |
tar c . $(TAR_EXCLUDES) | ( cd $(PKGVER) && tar x ) |
dist: $(PKGVER).tar.gz $(PKGVER).zip |
-$(RM) -r $(PKGVER) |
$(PKGVER).tar.gz: is_release distclean $(PKG).spec package_copy |
tar cv $(PKGVER) | gzip -c9 > $(PKGVER).tar.gz |
zip: $(PKGVER).zip |
$(PKGVER).zip: is_release distclean manpage.pdf manpage.html $(PKG).spec package_copy |
cp manpage.pdf manpage.html $(PKGVER) |
zip -9 -r $(PKGVER).zip $(PKGVER) |
-$(RM) $(PKGVER)/manpage.pdf $(PKGVER)/manpage.html |
$(PKG).spec: $(PKG).spec.in |
test -n "$(VERSION)" # Version (=$(VERSION)) must be defined |
@echo "[creating $@]" |
@cat "$<" | sed -e 's/@VERSION@/$(VERSION)/g' \ |
-e 's/@PACKAGER@/$(PACKAGER)/g' > "$@" |
exe: |
python setup_py2exe.py py2exe |
.PHONY: testman clean distclean dist exe is_release zip |
Property changes: |
Added: svn:keywords |
+Rev Id Date |
\ No newline at end of property |
/relevation/branches/1.3/debian/changelog |
---|
0,0 → 1,24 |
relevation (1.2.1-pon.1) unstable; urgency=low |
* New version |
-- Toni Corvera <outlyer@gmail.com> Tue, 05 Nov 2013 00:45:24 +0100 |
relevation (1.2-pon.1) unstable; urgency=low |
* New version |
-- Toni Corvera <outlyer@gmail.com> Sat, 21 Oct 2013 00:52:41 +0100 |
relevation (1.1-upstream.1) unstable; urgency=low |
* New version |
* debian/control: change requirement from libxml2 to lxml |
-- Toni Corvera <outlyer@gmail.com> Wed, 13 Jul 2011 18:23:47 +0200 |
relevation (1.0-upstream.1) unstable; urgency=low |
* Initial release |
-- Toni Corvera <outlyer@gmail.com> Thu, 30 Jun 2011 19:36:30 +0200 |
/relevation/branches/1.3/debian/control |
---|
0,0 → 1,19 |
Source: relevation |
Section: contrib/utils |
Priority: extra |
Maintainer: Toni Corvera <outlyer@gmail.com> |
Build-Depends: debhelper (>= 7.0.50~), python (>= 2.3) |
Standards-Version: 3.9.1 |
Homepage: http://p.outlyer.net/relevation/ |
#Vcs-Git: git://git.debian.org/collab-maint/relevation.git |
#Vcs-Browser: http://git.debian.org/?p=collab-maint/relevation.git;a=summary |
Package: relevation |
Architecture: all |
Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.3), python-lxml, python-crypto |
Recommends: revelation |
Description: Command-line interface to query Revelation files |
This is a command-line tool capable of retrieving passwords from |
a Revelation password file. |
. |
Please note files can only be searched, not edited with this tool. |
/relevation/branches/1.3/debian/README.source |
---|
0,0 → 1,6 |
relevation for Debian |
--------------------- |
The source includes a default set of Debian packaging scripts created |
by the origial author. |
/relevation/branches/1.3/debian/manpages |
---|
0,0 → 1,0 |
relevation.1 |
/relevation/branches/1.3/debian/copyright |
---|
0,0 → 1,34 |
Format: http://dep.debian.net/deps/dep5 |
Upstream-Name: relevation |
Source: http://p.outlyer.net/revelation/ |
Files: * |
Copyright: 2011 Toni Corvera <outlyer@gmail.com> |
License: BSD-2-Clause |
Files: debian/* |
Copyright: 2011 Toni Corvera <outlyer@gmail.com> |
License: BSD-2-Clause |
License: BSD-2-Clause |
Redistribution and use in source and binary forms, with or without |
modification, are permitted provided that the following conditions are |
met: |
1. Redistributions of source code must retain the above copyright |
notice, this list of conditions and the following disclaimer. |
2. Redistributions in binary form must reproduce the above copyright |
notice, this list of conditions and the following disclaimer in the |
documentation and/or other materials provided with the distribution. |
. |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
POSSIBILITY OF SUCH DAMAGE. |
/relevation/branches/1.3/debian/docs |
---|
--- debian/source/format (nonexistent) |
+++ debian/source/format (revision 590) |
@@ -0,0 +1 @@ |
+3.0 (quilt) |
/relevation/branches/1.3/debian/compat |
---|
0,0 → 1,0 |
7 |
/relevation/branches/1.3/debian/rules |
---|
0,0 → 1,17 |
#!/usr/bin/make -f |
# -*- makefile -*- |
# Sample debian/rules that uses debhelper. |
# This file was originally written by Joey Hess and Craig Small. |
# As a special exception, when this file is copied by dh-make into a |
# dh-make output file, you may use that output file without restriction. |
# This special exception was added by Craig Small in version 0.37 of dh-make. |
# Uncomment this to turn on verbose mode. |
#export DH_VERBOSE=1 |
%: |
dh $@ |
override_dh_auto_install: |
$(MAKE) DESTDIR=$(CURDIR)/debian/relevation prefix=/usr install |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
/relevation/branches/1.3/debian/README.Debian |
---|
0,0 → 1,8 |
relevation for Debian |
--------------------- |
This package is derived from the upstream tarball's Debian |
packaging scripts. Those are not written by a Debian developer |
so they may inadvertently break packaging rules or conventions. |
-- Toni Corvera <outlyer@gmail.com> Mon, 27 Jun 2011 01:44:10 +0200 |
/relevation/branches/1.3/relevation.spec.in |
---|
0,0 → 1,72 |
Summary: Command-line search for Revelation Password Manager files |
Name: relevation |
Version: @VERSION@ |
Release: 1.pon%{?dist} |
License: BSD |
Packager: @PACKAGER@ |
Group: Applications/Text |
URL: http://p.outlyer.net/relevation/ |
Source: http://p.outlyer.net/relevation/files/relevation-%{version}.tar.gz |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
BuildArch: noarch |
Requires: libxml2-python |
Requires: python-crypto |
Requires: python-lxml |
%description |
Relevation is a tool to retrieve passwords stored in a password file in the |
format used by Revelation, from the command-line instead of through a GUI. |
%prep |
%setup -q |
%build |
%install |
rm -rf %{buildroot} |
make install prefix=%{_prefix} DESTDIR=%{buildroot} |
# We include the extra tools as %%doc, remove from here |
rm -rf %{buildroot}%{_prefix}/share/doc/relevation/extra/ |
%clean |
rm -rf %{buildroot} |
%files |
%defattr(-,root,root,-) |
%doc CHANGELOG LICENSE |
%doc gui.py devtools/*.py |
%{_bindir}/relevation |
%{_mandir}/man1/relevation.1* |
%changelog |
* Wed Oct 30 2013 Toni Corvera <outlyer@gmail.com> 1.2.1-1.pon |
- Integrated spec from Fedora into upstream source |
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1-6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1-5 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1-4 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
* Thu Mar 29 2012 Matthias Saou <matthias@saou.eu> 1.1-3 |
- Add missing python-lxml requirement (#807335). |
* Mon Mar 26 2012 Matthias Saou <matthias@saou.eu> 1.1-2 |
- Fix URL vs. email in spec changelog. |
* Mon Jul 18 2011 Matthias Saou <matthias@saou.eu> 1.1-1 |
- Update to 1.1. |
- New extra tools, remove the "make install"ed ones, include them as %%doc. |
* Mon Jul 4 2011 Matthias Saou <matthias@saou.eu> 1.0-1 |
- Initial RPM release. |
/relevation/branches/1.3/gui.py |
---|
0,0 → 1,194 |
#!/usr/bin/env python |
# -*- coding: UTF-8 -*- |
""" |
Relevation Password Printer |
a command line interface to Revelation Password Manager. |
Simplistic Graphical User Interface. |
This GUI is mainly intended to be used in systems where command-lines |
are less common, like Windows. |
$Id$ |
""" |
# Relevation Password Printer |
# |
# Copyright (c) 2011, 2013, Toni Corvera |
# All rights reserved. |
# |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions are |
# met: |
# 1. Redistributions of source code must retain the above copyright |
# notice, this list of conditions and the following disclaimer. |
# 2. Redistributions in binary form must reproduce the above copyright |
# notice, this list of conditions and the following disclaimer in the |
# documentation and/or other materials provided with the distribution. |
# |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
# POSSIBILITY OF SUCH DAMAGE. |
import sys |
import re |
import Tkinter as tk |
from Tkinter import Frame, Button, Entry, Listbox, Scrollbar, Label, Radiobutton, StringVar |
import relevation |
__author__ = 'Toni Corvera' |
__date__ = '$Date$' |
__revision__ = '$Rev$' |
__version_info__ = ( 1, 2, 1 ) |
__version__ = '.'.join(map(str, __version_info__)) |
old_fn = relevation.dump_result |
def append_result(typeName, name, descr, notes, fields): |
global gui |
gui.lst.insert(tk.END, name) |
s = '\n' |
s += 'Type: %s\n' % typeName |
s += 'Name: %s\n' % name |
s += 'Description: %s\n' % descr |
s += 'Notes: %s\n' % notes |
for field in fields: |
s += '%s %s\n' % field |
gui.items.append(s) |
def dump_result_override(res, query_desc): |
return old_fn(res, query_desc, append_result) |
relevation.dump_result = dump_result_override |
class ResultDialog: |
def __init__(self, parent, result): |
top = self.top = tk.Toplevel(parent) |
self.value = tk.Text(top) |
self.value.insert(tk.END, result) |
self.value.config(state=tk.DISABLED) |
self.value.pack() |
b = Button(top, text='OK', command=self.ok) |
b.pack(pady=5) |
top.bind('<Return>', lambda event: self.ok()) |
top.focus_set() |
def ok(self): |
self.top.destroy() |
class GUI(object): |
def do_find(self): |
global rootw |
search = self.search_text.get() |
self.lst.delete(0, tk.END) |
self.items = [] |
mode = '-O' |
args = sys.argv[1:] + [ '-s', ] |
if self.mode.get() == relevation.MODE_AND: |
mode = '-A' |
search = search.split(' ') |
args += search |
args += [ mode, ] |
else: |
args += [ search, mode ] |
print args |
try: |
relevation.main(args) |
except SystemExit: |
# No matches -> Exit with 80 |
gui.lst.insert(tk.END, '<No matches>') |
self.items.append('<No passwords matched search>') |
def display(self): |
global rootw |
selected = self.lst.curselection() |
if not selected: |
return |
selected = int(selected[0]) |
item = self.items[selected] |
print item |
dlg = ResultDialog(rootw, item) |
rootw.wait_window(dlg.top) |
def __init__(self, master=None): |
self.master = master |
frame = Frame(master) |
frame.pack(expand=1, fill=tk.BOTH) |
self.items = [] |
self.frame = frame |
#top = master |
top = frame.winfo_toplevel() |
top.rowconfigure(0, weight=1) |
top.columnconfigure(0, weight=1, pad=5) |
frame.rowconfigure(0, weight=1, pad=5) |
frame.columnconfigure(0, weight=1) |
# Avoid printing to stderr |
def ignoreme(s): |
pass |
relevation.printe = ignoreme |
FILL = tk.N+tk.S+tk.E+tk.W |
BTNROW = 3 |
MODEROW = 2 |
RESROW = 1 |
# Populate |
self.search_text = Entry(self.frame) |
#self.search_text.pack({'expand': 1, 'side': 'top'}) |
self.search_text.grid(row=0, column=0, columnspan=4, padx=5, sticky=tk.N+tk.E+tk.W) |
self.search_text.bind('<Return>', lambda event: self.do_find()) |
self.quit = Button(self.frame, text='Quit', fg='red', command=frame.quit) |
#self.quit.pack(side=tk.LEFT) |
self.quit.grid(row=BTNROW, column=0, padx=10) |
self.search = Button(self.frame, text='Search', command=self.do_find) |
#self.search.pack(side=tk.RIGHT) |
self.search.grid(row=BTNROW, column=2, padx=5) |
self.mode = StringVar() |
mode = relevation.load_config()[2] |
self.mode.set(mode) |
rbO = Radiobutton(self.frame, text="OR/Literal", variable=self.mode, value=relevation.MODE_OR) |
rbA = Radiobutton(self.frame, text="AND", variable=self.mode, value=relevation.MODE_AND) |
rbO.grid(row=MODEROW, column=0) |
rbA.grid(row=MODEROW, column=1) |
self.view = Button(self.frame, text='View', command=self.display) |
#self.view.pack(side=tk.RIGHT) |
self.view.grid(row=BTNROW, column=1) |
## FIXME |
scrollbar = Scrollbar(self.frame, orient=tk.VERTICAL) |
scrollbar.grid(row=RESROW, column=4, sticky=FILL) |
self.lst = Listbox(self.frame) |
#self.lst.pack() |
self.lst.grid(row=RESROW, column=0, columnspan=3, sticky=FILL) |
self.lst.bind('<Double-Button-1>', lambda event: self.display()) |
self.lst.config(yscrollcommand=scrollbar.set) |
scrollbar.config(command=self.lst.yview) |
self.search_text.focus_set() |
if __name__ == '__main__': |
rootw = tk.Tk() |
rootw.title('Relevation search v' + __version__) |
gui = GUI(master=rootw) |
rootw.mainloop() |
#rootw.destroy() |
# vim:set ts=4 et ai fileencoding=utf-8: # |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Rev Id Date |
\ No newline at end of property |
/relevation/branches/1.3/relevation.1 |
---|
0,0 → 1,82 |
.TH "RELEVATION" "1" |
.SH "NAME" |
relevation \(em command-line searcher for \fBRevelation\fP files |
.SH "SYNOPSIS" |
.PP |
\fBrelevation\fR [\fBoptions\fP] [\fIsearch string\fR [\fI...\fR] ] |
.SH "DESCRIPTION" |
.PP |
Access and print or search passwords in a \fBRevelation\fP password file. |
.PP |
Only read access is provided, to edit the files \fBRevelation\fP must be used. |
.PP |
With a search string, only entries that match the search string in any of its fields will be printed. |
.PP |
When no search string is provided the whole list of entries will be printed. |
.SH "OPTIONS" |
.PP |
This program follows the usual GNU command line syntax, with long options starting with two dashes (`\-'). A summary of options is included below. |
.IP "\fB-f \fIfile.revelation\fR\fP, \fB\-\-file=\fIfile.revelation\fR\fP " 10 |
File name of the \fBrevelation\fR file (the file containing the list of stored credentials). |
.IP "\fB-p \fIpassword\fR\fP, \fB\-\-password=\fIpassword\fR\fP " 10 |
Decryption password. |
.IP "\fB-a\fP, \fB\-\-ask\fP, \fB-0\fP, \fB\-\-stdin\fP " 10 |
Ask interactively for password. |
.IP "" 10 |
When \fB-a\fP or \fB\-\-ask\fP is used a prompt will be printed. |
.IP "" 10 |
Use either one of this variants or \fB\-\-password\fP. |
.IP "\fB-t \fItype\fR\fP, \fB\-\-type=\fItype\fR\fP" 10 |
Print only entries of a certain type. |
.IP "" 10 |
Known types: creditcard, cryptokey, database, door, email, folder, ftp, generic, phone, shell, website. |
.IP "" 10 |
If preceded by a slash it will be negated, i.e. `\-website' will select entries that are not of type website. |
.IP "" 10 |
When searching for a string, folders are skipped (equivalent to `\-\-type=\-folder'). |
.IP "\fB-i\fP, \fB\-\-case-insensitive\fP " 10 |
When searching for text, disregard case. |
.IP "" 10 |
This is the default behaviour. |
.IP "" 10 |
If the search string contains special/non-English characters this is likely to fail. |
.IP "\fB-c\fP, \fB\-\-case-sensitive\fP " 10 |
When searching for text, obey case. |
.IP "\fB-A\fP, \fB\-\-and\fP " 10 |
When multiple search terms are used, use an AND operator to combine them. All search terms will be combined in a single search, only entries that match every search term will be selected. |
.IP "\fB-O\fP, \fB\-\-or\fP " 10 |
When multiple search terms are used, use an OR operator to combine them. A different search will be issued for each search term. This is the default and the original mode of operation. |
.IP "\fB-s \fIsearch string\fR\fP, \fB\-\-search=\fIsearch string\fR\fP, \fB\fIsearch string\fR\fP " 10 |
Search the file for a pice of text. All fields will be searched. There's no need to use the \fB-s\fP or \fB\-\-search\fP option names, any unnamed argument will be considered a search term. |
.IP "\fB-h\fP, \fB\-\-help\fP " 10 |
Show summary of options. |
.IP "\fB\-\-version\fP " 10 |
Show version information for relevation. |
.SH "CONFIGURATION FILE" |
.PP |
A configuration file `.relevation.conf' located at the user's home directory can be used to avoid having to provide the filename and/or password on each run. |
.PP |
Example `~/.relevation.conf': |
.PP |
.nf |
\ [relevation] |
\ file=~/passwords.revelation |
\ password=my secret password |
\ mode=and |
.fi |
.PP |
.PP |
Both \fBfile\fP and \fBpassword\fP are optional, so you can store the filename without storing the password. |
.PP |
Please understand your password is stored in this file in clear text, modify the file permissions appropriately so that only your user can read it, otherwise your master password might be compromised and hence all your stored password will be too. |
.PP |
\fBmode\fP is optional ("\fIor\fR" by default), only the values \fIand\fR and \fIor\fR are recognized, corresponding to the matching \fB\-\-and\fP and \fB\-\-or\fP options (any other value will be ignored). |
.SH "SEE ALSO" |
.PP |
revelation (1) |
.SH "AUTHOR" |
.PP |
This manual page was written by Toni Corvera <outlyer@gmail.com>. |
Permission is granted to copy, distribute and/or modify this document under the terms of a BSD 2-clause license. |
.\" created by instant / docbook-to-man, Mon 21 Oct 2013, 06:49 |
/relevation/branches/1.3/manpage_source.sgml |
---|
0,0 → 1,189 |
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ |
<!-- |
This file is derived from Debian's template for added manpages. |
Process this file with docbook-to-man to generate an nroff manual |
page: `docbook-to-man manpage.sgml > manpage.1'. You may view |
the manual page with: `docbook-to-man manpage.sgml | nroff -man | |
less'. A typical entry in a Makefile or Makefile.am is: |
manpage.1: manpage.sgml |
docbook-to-man $< > $@ |
--> |
<!ENTITY dhfirstname "<firstname>Toni</firstname>"> |
<!ENTITY dhsurname "<surname>Corvera</surname>"> |
<!-- Please adjust the date whenever revising the manpage. --> |
<!ENTITY dhdate "<date>October 21, 2013</date>"> |
<!ENTITY dhsection "<manvolnum>1</manvolnum>"> |
<!ENTITY dhemail "<email>outlyer@gmail.com</email>"> |
<!ENTITY dhusername "Toni Corvera"> |
<!ENTITY dhucpackage "<refentrytitle>RELEVATION</refentrytitle>"> |
<!ENTITY dhpackage "relevation"> |
<!ENTITY gnu "<acronym>GNU</acronym>"> |
]> |
<refentry> |
<refentryinfo> |
<address> |
&dhemail; |
</address> |
<author> |
&dhfirstname; |
&dhsurname; |
</author> |
<copyright> |
<year>2011-2013</year> |
<holder>&dhusername;</holder> |
</copyright> |
&dhdate; |
</refentryinfo> |
<refmeta> |
&dhucpackage; |
&dhsection; |
</refmeta> |
<refnamediv> |
<refname>&dhpackage;</refname> |
<refpurpose>command-line searcher for <application>Revelation</application> files</refpurpose> |
</refnamediv> |
<refsynopsisdiv> |
<cmdsynopsis> |
<command>&dhpackage;</command> |
<arg choice="opt"><option>options</option></arg> |
<arg choice="opt"><replaceable>search string</replaceable> <arg choice="opt"><replaceable>...</replaceable></arg></arg> |
</cmdsynopsis> |
</refsynopsisdiv> |
<refsect1> |
<title>DESCRIPTION</title> |
<para>Access and print or search passwords in a <application>Revelation</application> password file.</para> |
<para>Only read access is provided, to edit the files <application>Revelation</application> must be used.</para> |
<para>With a search string, only entries that match the search string in any of its fields will be printed.</para> |
<para>When no search string is provided the whole list of entries will be printed.</para> |
</refsect1> |
<refsect1> |
<title>OPTIONS</title> |
<para>This program follows the usual &gnu; command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.</para> |
<variablelist> |
<varlistentry> |
<term><option>-f <replaceable>file.revelation</replaceable></option>, <option>--file=<replaceable>file.revelation</replaceable></option> |
</term> |
<listitem> |
<para>File name of the <command>revelation</command> file (the file containing the list of stored credentials).</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-p <replaceable>password</replaceable></option>, <option>--password=<replaceable>password</replaceable></option> |
</term> |
<listitem> |
<para>Decryption password.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-a</option>, <option>--ask</option>, <option>-0</option>, <option>--stdin</option> |
</term> |
<listitem> |
<para>Ask interactively for password.</para> |
<para>When <option>-a</option> or <option>--ask</option> is used a prompt will be printed.</para> |
<para>Use either one of this variants or <option>--password</option>.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-t <replaceable>type</replaceable></option>, <option>--type=<replaceable>type</replaceable></option></term> |
<listitem> |
<para>Print only entries of a certain type.</para> |
<para>Known types: creditcard, cryptokey, database, door, email, folder, ftp, generic, phone, shell, website.</para> |
<para>If preceded by a slash it will be negated, i.e. `-website' will select entries that are not of type website.</para> |
<para>When searching for a string, folders are skipped (equivalent to `--type=-folder').</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-i</option>, <option>--case-insensitive</option> |
</term> |
<listitem> |
<para>When searching for text, disregard case.</para> |
<para>This is the default behaviour.</para> |
<para>If the search string contains special/non-English characters this is likely to fail.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-c</option>, <option>--case-sensitive</option> |
</term> |
<listitem> |
<para>When searching for text, obey case.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-A</option>, <option>--and</option> |
</term> |
<listitem> |
<para>When multiple search terms are used, use an AND operator to combine them. All search terms will be combined in a single search, only entries that match every search term will be selected.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-O</option>, <option>--or</option> |
</term> |
<listitem> |
<para>When multiple search terms are used, use an OR operator to combine them. A different search will be issued for each search term. This is the default and the original mode of operation.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-s <replaceable>search string</replaceable></option>, <option>--search=<replaceable>search string</replaceable></option>, <option><replaceable>search string</replaceable></option> |
</term> |
<listitem> |
<para>Search the file for a pice of text. All fields will be searched. There's no need to use the <option>-s</option> or <option>--search</option> option names, any unnamed argument will be considered a search term.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>-h</option>, <option>--help</option> |
</term> |
<listitem> |
<para>Show summary of options.</para> |
</listitem> |
</varlistentry> |
<varlistentry> |
<term><option>--version</option> |
</term> |
<listitem> |
<para>Show version information for &dhpackage;.</para> |
</listitem> |
</varlistentry> |
</variablelist> |
</refsect1> |
<refsect1> |
<title>CONFIGURATION FILE</title> |
<para>A configuration file `.relevation.conf' located at the user's home directory can be used to avoid having to provide the filename and/or password on each run.</para> |
<para>Example `~/.relevation.conf':</para> |
<programlisting> [relevation] |
file=~/passwords.revelation |
password=my secret password |
mode=and</programlisting> |
<para>Both <option>file</option> and <option>password</option> are optional, so you can store the filename without storing the password.</para> |
<para>Please understand your password is stored in this file in clear text, modify the file permissions appropriately so that only your user can read it, otherwise your master password might be compromised and hence all your stored password will be too.</para> |
<para><option>mode</option> is optional ("<replaceable>or</replaceable>" by default), only the values <replaceable>and</replaceable> and <replaceable>or</replaceable> are recognized, corresponding to the matching <option>--and</option> and <option>--or</option> options (any other value will be ignored).</para> |
</refsect1> |
<refsect1> |
<title>SEE ALSO</title> |
<para>revelation (1)</para> |
</refsect1> |
<refsect1> |
<title>AUTHOR</title> |
<para>This manual page was written by &dhusername; <&dhemail;>. |
Permission is granted to copy, distribute and/or modify this document under the terms of a BSD 2-clause license. |
</para> |
</refsect1> |
</refentry> |
<!-- vim: set et: --> |
/relevation/branches/1.3/devtools/genpw.py |
---|
0,0 → 1,156 |
#!/usr/bin/env python |
""" |
Simplistic Password Generator. |
""" |
# Relevation Password Printer |
# |
# Copyright (c) 2011,2012 Toni Corvera |
# All rights reserved. |
# |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions are |
# met: |
# 1. Redistributions of source code must retain the above copyright |
# notice, this list of conditions and the following disclaimer. |
# 2. Redistributions in binary form must reproduce the above copyright |
# notice, this list of conditions and the following disclaimer in the |
# documentation and/or other materials provided with the distribution. |
# |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
# POSSIBILITY OF SUCH DAMAGE. |
import random |
import string |
import locale |
import os |
import sys |
try: |
import checkpw |
DO_CHECK=True |
except ImportError: |
DO_CHECK=False |
DEFAULT_RESULTS = 20 |
DEFAULT_LENGTH = 8 |
#Letters and digits are repeated to favour them |
FAVOURED_SET = string.lowercase + string.digits #string.letters |
STDSET = string.uppercase + string.punctuation |
DEFAULT_CSET = FAVOURED_SET * 8 + STDSET |
# Taken from pwgen's list ("B8G6I1l0OQDS5Z2") |
REJECTS_SET = [ 'B','8', 'G','6', 'I','1','l', '0','O','Q','D', 'S','5', 'Z','2' ] |
DEFAULT_FORCE = '*' # Symbolic |
# The number of tries, when strong passwords are requested, before giving up |
# e.g. with length below 7 there won't be strong passwords |
STRIKES = 2048 |
def pwgen(length=DEFAULT_LENGTH, possible=DEFAULT_CSET, |
reject_ambiguous=False, force=DEFAULT_FORCE): |
''' |
pwgen(int, str, bool, [ str, str, ...]) -> str |
Generate a password. |
length - Password length |
possible - List of characters from where to pick |
reject_ambiguous - Reject characters that can be hard to tell from each other (e.g. 1 vs l vs I) |
force - List of forcible sets. Force at least one character of each set. |
''' |
pw = '' |
rejects = [] |
LENGTH = length |
if reject_ambiguous: |
rejects = REJECTS_SET |
if force == DEFAULT_FORCE: |
force = [ string.lowercase, string.uppercase, string.digits ] |
if type(force) != list: |
raise ValueError('force must be a list of strings') |
def pick_one(cset): |
''' |
Return a random character from cset |
''' |
c = random.choice(cset) |
while c in rejects: |
c = random.choice(cset) |
return c |
# Forcible includes |
for cset in force: |
pw += pick_one(cset) |
length -= 1 |
for i in range(length): |
pick = random.choice(possible) |
while pick in rejects: |
pick = random.choice(possible) |
pw += pick |
# Re-mix order (randomize forced-characters' position) |
if len(pw) > LENGTH: |
pw = pw[0:LENGTH] |
l = list(pw) |
random.shuffle(l) |
pw = ''.join(l) |
return pw |
def main(argv): |
rounds = DEFAULT_RESULTS |
length = DEFAULT_LENGTH |
cset = DEFAULT_CSET |
reject_ambiguous = False |
secure = False # When True, reject mediocre passwords and below |
# No need to use getopt or anything like it |
positional = [] |
for arg in argv: |
if arg in ( '-B', '--ambiguous' ): |
reject_ambiguous = True |
elif arg in ( '-s', '--secure' ): |
if not DO_CHECK: |
raise EnvironmentError('Can\'t generate secure-only password without checkpw.py') |
secure = True |
else: |
positional.append(arg) |
try: |
if len(positional) > 0: |
length = int(positional[0]) |
if len(positional) > 1: |
rounds = int(positional[1]) |
except ValueError: |
sys.stderr.write('Usage: %s [-B] [length] [num pw]\n' % os.path.basename(sys.argv[0])); |
sys.exit(2); |
def newpw(): |
return pwgen(length=length, reject_ambiguous=reject_ambiguous) |
for i in range(rounds): |
pw = newpw() |
if DO_CHECK: |
( score, verdict, _ ) = checkpw.check(pw) |
if secure: |
strikes_left = STRIKES |
while strikes_left > 0 and score < checkpw.STRONG_THRESHOLD: |
pw = newpw() |
( score, verdict, _ ) = checkpw.check(pw) |
strikes_left -= 1 |
if strikes_left == 0: |
print "Giving up: Too many weak passwords" |
sys.exit(1) |
print '%s\t%d\t%s' % ( pw, score, verdict) |
#print _ |
else: |
print pw |
if __name__ == '__main__': |
locale.setlocale(locale.LC_ALL, 'C') |
main(sys.argv[1:]) |
# vim:set ts=4 et ai: # |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
/relevation/branches/1.3/devtools/checkpw.py |
---|
0,0 → 1,130 |
#!/usr/bin/env python |
""" |
Simplistic Password Strength Checker. |
""" |
# Relevation Password Printer |
# |
# Copyright (c) 2011, Toni Corvera |
# All rights reserved. |
# |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions are |
# met: |
# 1. Redistributions of source code must retain the above copyright |
# notice, this list of conditions and the following disclaimer. |
# 2. Redistributions in binary form must reproduce the above copyright |
# notice, this list of conditions and the following disclaimer in the |
# documentation and/or other materials provided with the distribution. |
# |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
# POSSIBILITY OF SUCH DAMAGE. |
# Based on |
# <http://www.geekwisdom.com/dyn/passwdmeter> |
# |-> <http://www.geekwisdom.com/js/passwordmeter.js> |
# (this is mostly based on the scoring system explained there, |
# and not on the actual implementation) |
import re |
import string |
import sys |
WEAK_THRESHOLD = 16 |
MEDIOCRE_THRESHOLD = 25 |
STRONG_THRESHOLD = 35 |
VERY_STRONG_THRESHOLD = 45 |
def check(pw): |
''' |
check(str) -> ( int score, str strength category, str description) |
''' |
score = 0 |
verdict = 'weak' |
log = '' |
# Password length |
length = len(pw) |
if length == 0: |
return ( 0, 'weak', 'empty password' ) |
if length < 5: |
score += 3 |
elif length < 8: |
score += 6 |
elif length < 16: |
score += 12 |
else: |
score += 18 |
log += '%d points for length (%d)\n' % (score, length) |
# Letters |
locase = re.search('[a-z]', pw) |
upcase = re.search('[A-Z]', pw) |
if (locase and upcase): |
score += 7 |
log += '7 points for mixed case\n' |
elif locase: |
score += 5 |
log += '5 points for all-lowercase letters\n' |
elif upcase: |
score += 5 |
log += '5 points for all-uppercase letters\n' |
else: # No letters at all |
pass |
# Numbers |
hasnums = re.search('\d', pw) |
if hasnums and re.search('\d.*\d.*\d', pw): |
score += 7 |
log += '7 points for at least three numbers\n' |
elif hasnums: |
score += 5 |
log += '5 points for at least one number\n' |
# Special Characters |
sch = string.punctuation |
hasspecial = re.search('[%s]' % sch, pw) |
if hasspecial and re.search('[%s].*[%s]' % ( sch, sch), pw): |
score += 10 |
log += '10 points for at least two special characters\n' |
elif hasspecial: |
score += 5 |
log += '5 points for at least one special character\n' |
# Combos |
hasletters = re.search('([a-z]|[A-Z])', pw) |
if hasnums and hasletters: |
score += 1 |
log += '1 combo point for mixed letters and numbers\n' |
if hasspecial: |
score += 2 |
log += '2 combo points for mixed letters, numbers and special characters\n' |
if upcase and locase: |
score += 2 |
log += '2 combo point for mixed case letters, numbers and special characters' |
# Verdict |
if score < WEAK_THRESHOLD: |
verdict = 'very weak' |
elif score < MEDIOCRE_THRESHOLD: |
verdict = 'weak' |
elif score < STRONG_THRESHOLD: |
verdict = 'mediocre' |
elif score < VERY_STRONG_THRESHOLD: |
verdict = 'strong' |
else: |
verdict = 'stronger' |
return ( score, verdict, log ) |
if __name__ == '__main__': |
for candidate in sys.argv[1:]: |
( score, verdict, descr ) = check(candidate) |
print '%s: %s\t%s' % ( candidate, score, verdict ) |
sys.stderr.write(descr) |
# vim:set ts=4 et ai: # |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Rev Id Date |
\ No newline at end of property |
/relevation/branches/1.3/devtools |
---|
Property changes: |
Added: bugtraq:number |
+true |
\ No newline at end of property |
/relevation/branches/1.3/README.Windows.txt |
---|
0,0 → 1,9 |
This program requires PyCrypto and lxml. |
lxml binaries for Windows can be found at <http://pypi.python.org/pypi/lxml> |
PyCrypto binaries for Windows (only 32bits) can be found at <http://www.voidspace.org.uk/python/modules.shtml#pycrypto> |
In a 64bits version of Python, in Windows, installing PyCrypto is non-trivial so cryptopy can be used instead. |
/relevation/branches/1.3/win/zipdist.py |
---|
0,0 → 1,40 |
from zipfile import ZipFile |
import os |
import sys |
import glob |
import shutil |
import platform |
sys.path.append(os.path.abspath('.')) |
import relevation |
if sys.platform != 'win32': |
print "This script is meant to be run in Windows only" |
sys.exit(3) |
if not os.path.isdir('dist'): |
print "dist\\ must exist" |
sys.exit(2) |
plat = platform.architecture() |
if plat[0] == '64bit': |
plat = '64' |
else: |
plat = '32' |
pkgver = 'relevation-%s_win%s' % ( relevation.__version__, plat ) |
zipname = pkgver + '.zip' |
if os.path.isdir(pkgver): |
shutil.rmtree(pkgver) |
shutil.copytree("dist", pkgver) |
print '>',zipname |
with ZipFile(zipname, 'w') as zipf: |
for f in glob.glob("%s\\*" % pkgver): |
zipf.write(f) |
print f |
if os.path.isdir(pkgver): |
shutil.rmtree(pkgver) |
/relevation/branches/1.3/win/make_exe.bat |
---|
0,0 → 1,7 |
@echo off |
cd .. |
echo Creating EXE(s)... |
python win\setup_py2exe.py py2exe |
echo Creating ZIP... |
python win\zipdist.py |
pause |
/relevation/branches/1.3/win/setup_py2exe.py |
---|
0,0 → 1,6 |
from distutils.core import setup |
import py2exe |
setup(console=['relevation.py'], |
windows=['gui.py'], |
ignores=['Crypto']) |
/relevation/branches/1.3/win |
---|
Property changes: |
Added: bugtraq:number |
+true |
\ No newline at end of property |
/relevation/branches/1.3/LICENSE |
---|
0,0 → 1,24 |
Copyright (c) 2011, Toni Corvera |
All rights reserved. |
Redistribution and use in source and binary forms, with or without |
modification, are permitted provided that the following conditions are |
met: |
1. Redistributions of source code must retain the above copyright |
notice, this list of conditions and the following disclaimer. |
2. Redistributions in binary form must reproduce the above copyright |
notice, this list of conditions and the following disclaimer in the |
documentation and/or other materials provided with the distribution. |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
POSSIBILITY OF SUCH DAMAGE. |
/relevation/branches/1.3/. |
---|
Property changes: |
Added: svn:externals |
+ |
Added: svn:ignore |
+relevation.spec |
+ |
Added: svn:mergeinfo |
Merged /relevation/branches/1.2.1:r242-252 |
Merged /relevation/branches/0.2:r122-130 |
Merged /relevation/branches/0.3:r133-141 |
Merged /relevation/branches/1.0:r142-156 |
Merged /relevation/branches/1.1:r167-198 |
Merged /relevation/branches/1.2:r207-215 |
Merged /relevation/tags/1.0:r163 |
Merged /relevation/tags/1.1:r204 |
Merged /relevation/tags/1.2:r217-225 |
Merged /relevation/branches/1.1-PyCryptoPlus:r168 |