Subversion Repositories pub

Compare Revisions

Ignore whitespace Rev 198 → Rev 199

/relevation/trunk/relevation.py
5,32 → 5,6
Relevation Password Printer
a command line interface to Revelation Password Manager.
 
Copyright (c) 2011, Toni Corvera
All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
 
---------------------------------------------------------------------
 
Code based on Revelation's former BTS (no longer online, not archived?):
(ref1) code:
http://oss.wired-networks.net/bugzilla/attachment.cgi?id=13&action=view
39,22 → 13,100
-> http://web.archive.org/http://oss.wired-networks.net/bugzilla/show_bug.cgi?id=111
(ref3) http://docs.python.org/library/zlib.html
"""
from Crypto.Cipher import AES
# Relevation Password Printer
#
# Copyright (c) 2011, Toni Corvera
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
 
import ConfigParser
import getopt
import libxml2
from lxml import etree
import os
import stat
import sys
import zlib
# Help py2exe in packaging lxml
# <http://www.py2exe.org/index.cgi/WorkingWithVariousPackagesAndModules>
import lxml._elementpath as _dummy
import gzip # py2exe again
 
USE_PYCRYPTO = True
 
try:
from Crypto.Cipher import AES
except ImportError:
USE_PYCRYPTO = False
try:
from crypto.cipher import rijndael, cbc
from crypto.cipher.base import noPadding
except ImportError:
sys.stderr.write('Either PyCrypto or cryptopy are required\n')
raise
 
__author__ = 'Toni Corvera'
__date__ = '$Date$'
__revision__ = '$Rev$'
__version_info__ = ( 1, 0 ) #, 0 )
__version_info__ = ( 1, 1 ) #, 0 )
__version__ = '.'.join(map(str, __version_info__))
RELEASE=True
 
# These are pseudo-standardized exit codes, in Linux (*NIX?) they are defined
#+in the header </usr/include/sysexits.h> and available as properties of 'os'
#+In windows they aren't defined at all
 
if 'EX_OK' not in dir(os):
# If not defined set them manually
codes = { 'EX_OK': 0, 'EX_USAGE': 64, 'EX_DATAERR': 65,
'EX_NOINPUT': 66, 'EX_SOFTWARE': 70, 'EX_IOERR': 74,
}
for (k,v) in codes.items():
setattr(os, k, v)
del codes, k, v
 
TAGNAMES ={ 'generic-url': 'Url:',
'generic-username': 'Username:',
'generic-password': 'Password:',
'generic-email': 'Email:',
'generic-hostname': 'Hostname:',
'generic-location': 'Location:',
'generic-code': 'Code:',
'generic-certificate': 'Certificate:',
'generic-database': 'Database:',
'generic-domain': 'Domain:',
'generic-keyfile': 'Key file:',
'generic-pin': 'PIN',
'generic-port': 'Port'
}
 
def printe(s):
' Print to stderr '
sys.stderr.write(s+'\n')
 
def printen(s):
' Print to stderr without added newline '
sys.stderr.write(s)
 
def usage(channel):
' Print help message '
def p(s):
78,25 → 130,8
p(' --version Print the program\'s version information.\n')
p('\n')
 
def get_entries(document, xpath):
"""
get_entries(xmlDoc, str xpath expression) -> list of xmlNode's
 
Get entry nodes that match xpath
"""
ctx = document.xpathNewContext()
try:
res = ctx.xpathEval(xpath)
except libxml2.xpathError:
if not RELEASE:
sys.stderr.write('Failed with xpath expression: %s\n' % xpath)
raise
finally:
ctx.xpathFreeContext()
return res
 
def make_xpath_query(search_text=None, type_filter=None, ignore_case=True, negate_filter=False):
'''
''' Construct the actual XPath expression
make_xpath_query(str, str, bool, bool) -> str
'''
xpath = '/revelationdata//entry'
115,17 → 150,20
 
def dump_all_entries(xmldata):
' Dump all entries from xmldata, with no filter at all '
doc = libxml2.parseDoc(xmldata)
res = get_entries(doc, '//entry')
nr = dump_result(res, 'all')
doc.freeDoc()
return nr
tree = etree.fromstring(xmldata)
res = tree.xpath('//entry')
return dump_result(res, 'all')
 
def dump_entries(xmldata, search_text=None, type_filter=None, ignore_case=True, negate_filter=False):
' Dump entries from xmldata that match criteria '
doc = libxml2.parseDoc(xmldata)
tree = etree.fromstring(xmldata)
xpath = make_xpath_query(search_text, type_filter, ignore_case, negate_filter)
res = get_entries(doc, xpath)
try:
res = tree.xpath(xpath)
except etree.XPathEvalError:
if not RELEASE:
printe('Failed with xpath expression: %s' % xpath)
raise
query_desc = ''
if search_text:
query_desc = '"%s"' % search_text
138,14 → 176,14
else:
query_desc = '%s%s entries' % ( neg, type_filter )
nr = dump_result(res, query_desc)
doc.freeDoc()
return nr
 
def dump_result(res, query_desc):
def print_wrapper(s):
print s
 
def dump_result(res, query_desc, printfn=print_wrapper):
''' Print query results.
dump_result(list of entries, query description) -> int
Note the XML document can't be freed before calling this function.
'''
print '-> Search %s: ' % query_desc,
if not len(res):
152,48 → 190,31
print 'No results'
return False
print '%d matches' % len(res)
tagnames ={ 'generic-url': 'Url:',
'generic-username': 'Username:',
'generic-password': 'Password:',
'generic-email': 'Email:',
'generic-hostname': 'Hostname:',
'generic-location': 'Location:',
'generic-code': 'Code:',
'generic-certificate': 'Certificate:',
'generic-database': 'Database:',
'generic-domain': 'Domain:',
'generic-keyfile': 'Key file:',
'generic-pin': 'PIN',
'generic-port': 'Port'
}
for x in res:
sys.stderr.write('-------------------------------------------------------------------------------\n')
print ''
for attr in x.properties: # Is it accessible directly?
if attr.name == 'type':
print 'Type:',attr.children
for chld in x.children:
n = chld.name
val = chld.content
printe('-------------------------------------------------------------------------------')
s = '\n'
s += 'Type: %s\n' % x.get('type')
for chld in x.getchildren():
n = chld.tag
val = chld.text
if n == 'name':
print 'Name:',val
s += 'Name: %s\n' % val
elif n == 'description':
print 'Description:',val
s += 'Description: %s\n' % val
elif n == 'field':
for attr in chld.properties:
if attr.name == 'id':
idv = attr.content
if idv in tagnames:
idv = tagnames[idv]
print idv,chld.content
print ''
idv = chld.get('id')
if idv in TAGNAMES:
idv = TAGNAMES[idv]
s += '%s %s\n' % ( idv, chld.text )
#s += '\n'
printfn(s)
# / for chld in x.children
nr = len(res)
plural = ''
if nr > 1:
plural = 's'
sys.stderr.write('-------------------------------------------------------------------------------\n')
sys.stderr.write('<- (end of %d result%s for {%s})\n\n' % ( nr, plural, query_desc ))
printe('-------------------------------------------------------------------------------')
printe('<- (end of %d result%s for {%s})\n' % ( nr, plural, query_desc ))
return nr
 
def world_readable(path):
205,10 → 226,9
return bool(st.st_mode & stat.S_IROTH)
 
def load_config():
"""
''' Load configuration file is one is found
load_config() -> ( str file, str pass )
Load configuration file is one is found
"""
'''
cfg = os.path.join(os.path.expanduser('~'), '.relevation.conf')
pw = None
fl = None
215,8 → 235,8
if os.path.isfile(cfg):
if os.access(cfg, os.R_OK):
wr = world_readable(cfg)
if wr:
sys.stderr.write('Configuration (~/.relevation.conf) is world-readable!!!\n')
if wr and sys.platform != 'win32':
printe('Configuration (~/.relevation.conf) is world-readable!!!')
parser = ConfigParser.ConfigParser()
parser.read(cfg)
ops = parser.options('relevation')
223,14 → 243,37
if 'file' in ops:
fl = os.path.expanduser(parser.get('relevation', 'file'))
if 'password' in ops:
if wr and sys.platform != 'win32': # TODO: how to check in windows?
sys.stderr.write('Your password can be read by anyone!!!\n')
if wr: # TODO: how to check in windows?
printe('Your password can be read by anyone!!!')
pw = parser.get('relevation', 'password')
else: # exists but not readable
sys.stderr.write('Configuration file (~/.relevation.conf) is not readable!\n')
printe('Configuration file (~/.relevation.conf) is not readable!')
return ( fl, pw )
 
def main():
def decrypt_gz(key, cipher_text):
''' Decrypt cipher_text using key.
decrypt(str, str) -> cleartext (gzipped xml)
This function will use the underlying, available, cipher module.
'''
if USE_PYCRYPTO:
# Extract IV
c = AES.new(key)
iv = c.decrypt(cipher_text[12:28])
# Decrypt data, CBC mode
c = AES.new(key, AES.MODE_CBC, iv)
ct = c.decrypt(cipher_text[28:])
else:
# Extract IV
c = rijndael.Rijndael(key, keySize=len(key), padding=noPadding())
iv = c.decrypt(cipher_text[12:28])
# Decrypt data, CBC mode
bc = rijndael.Rijndael(key, keySize=len(key), padding=noPadding())
c = cbc.CBC(bc, padding=noPadding())
ct = c.decrypt(cipher_text[28:], iv=iv)
return ct
 
def main(argv):
datafile = None
password = None
# values to search for
240,13 → 283,13
searchTypes = []
dump_xml = False
 
sys.stderr.write('Relevation v%s, (c) 2011 Toni Corvera\n\n' % __version__)
printe('Relevation v%s, (c) 2011 Toni Corvera\n' % __version__)
 
# ---------- OPTIONS ---------- #
( datafile, password ) = load_config()
try:
# gnu_getopt requires py >= 2.3
ops, args = getopt.gnu_getopt(sys.argv[1:], 'f:p:s:0ciaht:x',
ops, args = getopt.gnu_getopt(argv, 'f:p:s:0ciaht:x',
[ 'file=', 'password=', 'search=', 'stdin',
'case-sensitive', 'case-insensitive', 'ask',
'help', 'version', 'type=', 'xml' ])
266,6 → 309,12
release=' [DEBUG]'
print 'Relevation version %s%s' % ( __version__, release )
print 'Python version %s' % sys.version
if USE_PYCRYPTO:
import Crypto
print 'PyCrypto version %s' % Crypto.__version__
else:
# AFAIK cryptopy doesn't export version info
print 'cryptopy'
sys.exit(os.EX_OK)
for opt, arg in ops:
275,7 → 324,7
password = arg
elif opt in ( '-a', '--ask', '-0', '--stdin' ):
if opt in ( '-a', '--ask' ):
sys.stderr.write('File password: ')
printen('File password: ')
password = sys.stdin.readline()
password = password[:-1]
elif opt in ( '-s', '--search' ):
292,22 → 341,22
neg = True
if not iarg in ( 'creditcard', 'cryptokey', 'database', 'door', 'email',
'folder', 'ftp', 'generic', 'phone', 'shell', 'website' ):
sys.stderr.write('Warning: Type "%s" is not known by relevation.\n' % arg)
printe('Warning: Type "%s" is not known by relevation.' % arg)
searchTypes.append( ( iarg, neg ) )
elif opt in ( '-x', '--xml' ):
dump_xml = True
else:
sys.stderr.write('Unhandled option: %s\n' % opt)
printe('Unhandled option: %s' % opt)
assert False, "internal error parsing options"
if not datafile or not password:
usage(sys.stderr)
if not datafile:
sys.stderr.write('Input password filename is required\n')
printe('Input password filename is required')
if not password:
sys.stderr.write('Password is required\n')
printe('Password is required')
sys.exit(os.EX_USAGE)
# ---------- PASSWORDS FILE DECRYPTION ---------- #
# ---------- PASSWORDS FILE DECRYPTION AND DECOMPRESSION ---------- #
f = None
try:
if not os.access(datafile, os.R_OK):
320,12 → 369,8
f.close()
# Pad password
password += (chr(0) * (32 - len(password)))
# Data IV
c = AES.new(password)
iv = c.decrypt(data[12:28])
# Decrypt. Decrypted data is compressed
c = AES.new(password, AES.MODE_CBC, iv)
cleardata_gz = c.decrypt(data[28:])
cleardata_gz = decrypt_gz(password, data)
# Length of data padding
padlen = ord(cleardata_gz[-1])
# Decompress actual data (15 is wbits [ref3] DON'T CHANGE, 2**15 is the (initial) buf size)
356,9 → 401,12
 
if __name__ == '__main__':
try:
main()
except libxml2.parserError as e:
sys.stderr.write('XML parsing error\n')
main(sys.argv[1:])
except zlib.error:
printe('Failed to decompress decrypted data. Wrong password?')
sys.exit(os.EX_DATAERR)
except etree.XMLSyntaxError as e:
printe('XML parsing error')
if not RELEASE:
traceback.print_exc()
sys.exit(os.EX_DATAERR)
365,7 → 413,7
except IOError as e:
if not RELEASE:
traceback.print_exc()
sys.stderr.write(str(e)+"\n")
printe(str(e))
sys.exit(os.EX_IOERR)
 
# vim:set ts=4 et ai fileencoding=utf-8: #