Subversion Repositories pub

Compare Revisions

No changes between revisions

Ignore whitespace Rev 164 → Rev 199

/relevation/trunk/manpage.sgml
File deleted
/relevation/trunk/gui.py
0,0 → 1,156
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
 
"""
Relevation Password Printer
a command line interface to Revelation Password Manager.
 
Simplistic Graphical User Interface.
This GUI is mainly intended to be used in systems where command-lines
are less common, like Widows.
"""
# Relevation Password Printer
#
# Copyright (c) 2011, Toni Corvera
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
 
import sys
import re
import Tkinter as tk
from Tkinter import Frame, Button, Entry, Listbox, Scrollbar, Label
 
import relevation
 
old_fn = relevation.dump_result
 
def append_result(s):
global gui
fields = s.split('\n')
name = fields[2]
name = re.sub('^Name: ', '', name)
gui.lst.insert(tk.END, name)
gui.items.append(s)
 
def dump_result_override(res, query_desc):
return old_fn(res,query_desc, append_result)
 
relevation.dump_result = dump_result_override
 
class ResultDialog:
def __init__(self, parent, result):
top = self.top = tk.Toplevel(parent)
 
self.value = tk.Text(top)
self.value.insert(tk.END, result)
self.value.config(state=tk.DISABLED)
self.value.pack()
b = Button(top, text='OK', command=self.ok)
b.pack(pady=5)
 
top.bind('<Return>', lambda event: self.ok())
top.focus_set()
 
def ok(self):
self.top.destroy()
 
class GUI(object):
def do_find(self):
global rootw
search = self.search_text.get()
self.lst.delete(0, tk.END)
relevation.main(sys.argv[1:] + ['-s', search])
 
def display(self):
global rootw
selected = self.lst.curselection()
if not selected:
return
selected = int(selected[0])
item = self.items[selected]
print item
dlg = ResultDialog(rootw, item)
rootw.wait_window(dlg.top)
 
def __init__(self, master=None):
self.master = master
frame = Frame(master)
frame.pack()
self.items = []
self.frame = frame
#top = master
top = frame.winfo_toplevel()
top.rowconfigure(0, weight=1)
top.columnconfigure(0, weight=1, pad=5)
frame.rowconfigure(0, weight=1, pad=5)
frame.columnconfigure(0, weight=1)
 
# Avoid printing to stderr
def ignoreme(s):
pass
relevation.printe = ignoreme
relevation.printen = ignoreme
FILL = tk.N+tk.S+tk.E+tk.W
BTNROW = 2
RESROW = 1
# Populate
self.search_text = Entry(self.frame)
#self.search_text.pack({'expand': 1, 'side': 'top'})
self.search_text.grid(row=0, column=0, columnspan=4, padx=5, sticky=FILL)
self.search_text.bind('<Return>', lambda event: self.do_find())
self.quit = Button(self.frame, text='Quit', fg='red', command=frame.quit)
#self.quit.pack(side=tk.LEFT)
self.quit.grid(row=BTNROW, column=0, padx=10)
self.search = Button(self.frame, text='Search', command=self.do_find)
#self.search.pack(side=tk.RIGHT)
self.search.grid(row=BTNROW, column=2, padx=5)
self.view = Button(self.frame, text='View', command=self.display)
#self.view.pack(side=tk.RIGHT)
self.view.grid(row=BTNROW, column=1)
 
## FIXME
scrollbar = Scrollbar(self.frame, orient=tk.VERTICAL)
scrollbar.grid(row=RESROW, column=4, sticky=FILL)
self.lst = Listbox(self.frame)
#self.lst.pack()
self.lst.grid(row=RESROW, column=0, columnspan=3, sticky=FILL)
self.lst.bind('<Double-Button-1>', lambda event: self.display())
 
self.lst.config(yscrollcommand=scrollbar.set)
scrollbar.config(command=self.lst.yview)
 
self.search_text.focus_set()
 
if __name__ == '__main__':
rootw = tk.Tk()
rootw.title('Relevation search')
gui = GUI(master=rootw)
rootw.mainloop()
rootw.destroy()
 
# vim:set ts=4 et ai fileencoding=utf-8: #
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/relevation/trunk/Makefile
1,3 → 1,4
# $Id$
 
prefix:=/usr/local
DESTDIR:=
15,15 → 16,20
clean:
-$(RM) *.pyc *.pyo manpage.html manpage.pdf
 
distclean: clean
-$(RM) $(PKGVER).tar.gz $(PKGVER).zip
-$(RM) -r dist build
 
install:
install -D -m755 $(PKG).py $(DESTDIR)$(prefix)/bin/$(PKG)
install -D -m644 $(PKG).1 $(DESTDIR)$(prefix)/share/man/man1/$(PKG).1
install -D -m755 gui.py $(DESTDIR)$(prefix)/bin/gui-relevation
 
uninstall:
-$(RM) $(DESTDIR)$(prefix)/$(PKG) $(DESTDIR)$(prefix)/share/man/man1/$(PKG).1
-$(RM) $(DESTDIR)$(prefix)/bin/$(PKG) $(DESTDIR)$(prefix)/bin/gui-relevation $(DESTDIR)$(prefix)/share/man/man1/$(PKG).1
-rmdir --parents $(DESTDIR)$(prefix)/bin
 
$(PKG).1: manpage.sgml
$(PKG).1: manpage_source.sgml
docbook-to-man $< > $@
 
manpage.html: $(PKG).1
32,12 → 38,25
manpage.pdf: $(PKG).1
man -t ./$(PKG).1 | ps2pdf14 - > $@
 
TAR_EXCLUDES=--exclude-vcs --exclude=$(PKGVER) --exclude=*.pyo --exclude=*.pyc
dist: clean
TAR_EXCLUDES=--exclude-vcs --exclude=$(PKGVER) \
--exclude=*.swp --exclude=*.pyo --exclude=*.pyc
 
is_release:
# Only allowed if RELEASE
echo -e 'import relevation\nif not relevation.RELEASE:\n\traise Exception("RELEASE is False")' | python -
-$(RM) $(PKGVER).tar.gz
 
package_copy:
@# Make a temporary copy to package
-mkdir $(PKGVER)
tar c . $(TAR_EXCLUDES) | ( cd $(PKGVER) && tar x )
tar zcvf $(PKGVER).tar.gz $(PKGVER)
 
dist: is_release distclean package_copy
tar cv $(PKGVER) | gzip -c9 > $(PKGVER).tar.gz
-$(RM) -r $(PKGVER)
 
zip: is_release distclean manpage.pdf manpage.html package_copy
zip -9 -r $(PKGVER).zip $(PKGVER)
-$(RM) -r $(PKGVER)
 
exe:
python setup_py2exe.py py2exe
Property changes:
Added: svn:keywords
+Rev Id Date
\ No newline at end of property
/relevation/trunk/win/zipdist.py
0,0 → 1,40
from zipfile import ZipFile
import os
import sys
import glob
import shutil
import platform
 
sys.path.append(os.path.abspath('.'))
 
import relevation
 
if sys.platform != 'win32':
print "This script is meant to be run in Windows only"
sys.exit(3)
 
if not os.path.isdir('dist'):
print "dist\\ must exist"
sys.exit(2)
 
plat = platform.architecture()
if plat[0] == '64bit':
plat = '64'
else:
plat = '32'
 
pkgver = 'relevation-%s_win%s' % ( relevation.__version__, plat )
zipname = pkgver + '.zip'
 
if os.path.isdir(pkgver):
shutil.rmtree(pkgver)
shutil.copytree("dist", pkgver)
 
print '>',zipname
with ZipFile(zipname, 'w') as zipf:
for f in glob.glob("%s\\*" % pkgver):
zipf.write(f)
print f
 
if os.path.isdir(pkgver):
shutil.rmtree(pkgver)
/relevation/trunk/win/make_exe.bat
0,0 → 1,7
@echo off
cd ..
echo Creating EXE(s)...
python win\setup_py2exe.py py2exe
echo Creating ZIP...
python win\zipdist.py
pause
/relevation/trunk/win/setup_py2exe.py
0,0 → 1,6
from distutils.core import setup
import py2exe
 
setup(console=['relevation.py'],
windows=['gui.py'],
ignores=['Crypto'])
/relevation/trunk/win
Property changes:
Added: bugtraq:number
+true
\ No newline at end of property
/relevation/trunk/relevation.py
5,32 → 5,6
Relevation Password Printer
a command line interface to Revelation Password Manager.
 
Copyright (c) 2011, Toni Corvera
All rights reserved.
 
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
 
---------------------------------------------------------------------
 
Code based on Revelation's former BTS (no longer online, not archived?):
(ref1) code:
http://oss.wired-networks.net/bugzilla/attachment.cgi?id=13&action=view
39,22 → 13,100
-> http://web.archive.org/http://oss.wired-networks.net/bugzilla/show_bug.cgi?id=111
(ref3) http://docs.python.org/library/zlib.html
"""
from Crypto.Cipher import AES
# Relevation Password Printer
#
# Copyright (c) 2011, Toni Corvera
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
 
import ConfigParser
import getopt
import libxml2
from lxml import etree
import os
import stat
import sys
import zlib
# Help py2exe in packaging lxml
# <http://www.py2exe.org/index.cgi/WorkingWithVariousPackagesAndModules>
import lxml._elementpath as _dummy
import gzip # py2exe again
 
USE_PYCRYPTO = True
 
try:
from Crypto.Cipher import AES
except ImportError:
USE_PYCRYPTO = False
try:
from crypto.cipher import rijndael, cbc
from crypto.cipher.base import noPadding
except ImportError:
sys.stderr.write('Either PyCrypto or cryptopy are required\n')
raise
 
__author__ = 'Toni Corvera'
__date__ = '$Date$'
__revision__ = '$Rev$'
__version_info__ = ( 1, 0 ) #, 0 )
__version_info__ = ( 1, 1 ) #, 0 )
__version__ = '.'.join(map(str, __version_info__))
RELEASE=True
 
# These are pseudo-standardized exit codes, in Linux (*NIX?) they are defined
#+in the header </usr/include/sysexits.h> and available as properties of 'os'
#+In windows they aren't defined at all
 
if 'EX_OK' not in dir(os):
# If not defined set them manually
codes = { 'EX_OK': 0, 'EX_USAGE': 64, 'EX_DATAERR': 65,
'EX_NOINPUT': 66, 'EX_SOFTWARE': 70, 'EX_IOERR': 74,
}
for (k,v) in codes.items():
setattr(os, k, v)
del codes, k, v
 
TAGNAMES ={ 'generic-url': 'Url:',
'generic-username': 'Username:',
'generic-password': 'Password:',
'generic-email': 'Email:',
'generic-hostname': 'Hostname:',
'generic-location': 'Location:',
'generic-code': 'Code:',
'generic-certificate': 'Certificate:',
'generic-database': 'Database:',
'generic-domain': 'Domain:',
'generic-keyfile': 'Key file:',
'generic-pin': 'PIN',
'generic-port': 'Port'
}
 
def printe(s):
' Print to stderr '
sys.stderr.write(s+'\n')
 
def printen(s):
' Print to stderr without added newline '
sys.stderr.write(s)
 
def usage(channel):
' Print help message '
def p(s):
78,25 → 130,8
p(' --version Print the program\'s version information.\n')
p('\n')
 
def get_entries(document, xpath):
"""
get_entries(xmlDoc, str xpath expression) -> list of xmlNode's
 
Get entry nodes that match xpath
"""
ctx = document.xpathNewContext()
try:
res = ctx.xpathEval(xpath)
except libxml2.xpathError:
if not RELEASE:
sys.stderr.write('Failed with xpath expression: %s\n' % xpath)
raise
finally:
ctx.xpathFreeContext()
return res
 
def make_xpath_query(search_text=None, type_filter=None, ignore_case=True, negate_filter=False):
'''
''' Construct the actual XPath expression
make_xpath_query(str, str, bool, bool) -> str
'''
xpath = '/revelationdata//entry'
115,17 → 150,20
 
def dump_all_entries(xmldata):
' Dump all entries from xmldata, with no filter at all '
doc = libxml2.parseDoc(xmldata)
res = get_entries(doc, '//entry')
nr = dump_result(res, 'all')
doc.freeDoc()
return nr
tree = etree.fromstring(xmldata)
res = tree.xpath('//entry')
return dump_result(res, 'all')
 
def dump_entries(xmldata, search_text=None, type_filter=None, ignore_case=True, negate_filter=False):
' Dump entries from xmldata that match criteria '
doc = libxml2.parseDoc(xmldata)
tree = etree.fromstring(xmldata)
xpath = make_xpath_query(search_text, type_filter, ignore_case, negate_filter)
res = get_entries(doc, xpath)
try:
res = tree.xpath(xpath)
except etree.XPathEvalError:
if not RELEASE:
printe('Failed with xpath expression: %s' % xpath)
raise
query_desc = ''
if search_text:
query_desc = '"%s"' % search_text
138,14 → 176,14
else:
query_desc = '%s%s entries' % ( neg, type_filter )
nr = dump_result(res, query_desc)
doc.freeDoc()
return nr
 
def dump_result(res, query_desc):
def print_wrapper(s):
print s
 
def dump_result(res, query_desc, printfn=print_wrapper):
''' Print query results.
dump_result(list of entries, query description) -> int
Note the XML document can't be freed before calling this function.
'''
print '-> Search %s: ' % query_desc,
if not len(res):
152,48 → 190,31
print 'No results'
return False
print '%d matches' % len(res)
tagnames ={ 'generic-url': 'Url:',
'generic-username': 'Username:',
'generic-password': 'Password:',
'generic-email': 'Email:',
'generic-hostname': 'Hostname:',
'generic-location': 'Location:',
'generic-code': 'Code:',
'generic-certificate': 'Certificate:',
'generic-database': 'Database:',
'generic-domain': 'Domain:',
'generic-keyfile': 'Key file:',
'generic-pin': 'PIN',
'generic-port': 'Port'
}
for x in res:
sys.stderr.write('-------------------------------------------------------------------------------\n')
print ''
for attr in x.properties: # Is it accessible directly?
if attr.name == 'type':
print 'Type:',attr.children
for chld in x.children:
n = chld.name
val = chld.content
printe('-------------------------------------------------------------------------------')
s = '\n'
s += 'Type: %s\n' % x.get('type')
for chld in x.getchildren():
n = chld.tag
val = chld.text
if n == 'name':
print 'Name:',val
s += 'Name: %s\n' % val
elif n == 'description':
print 'Description:',val
s += 'Description: %s\n' % val
elif n == 'field':
for attr in chld.properties:
if attr.name == 'id':
idv = attr.content
if idv in tagnames:
idv = tagnames[idv]
print idv,chld.content
print ''
idv = chld.get('id')
if idv in TAGNAMES:
idv = TAGNAMES[idv]
s += '%s %s\n' % ( idv, chld.text )
#s += '\n'
printfn(s)
# / for chld in x.children
nr = len(res)
plural = ''
if nr > 1:
plural = 's'
sys.stderr.write('-------------------------------------------------------------------------------\n')
sys.stderr.write('<- (end of %d result%s for {%s})\n\n' % ( nr, plural, query_desc ))
printe('-------------------------------------------------------------------------------')
printe('<- (end of %d result%s for {%s})\n' % ( nr, plural, query_desc ))
return nr
 
def world_readable(path):
205,10 → 226,9
return bool(st.st_mode & stat.S_IROTH)
 
def load_config():
"""
''' Load configuration file is one is found
load_config() -> ( str file, str pass )
Load configuration file is one is found
"""
'''
cfg = os.path.join(os.path.expanduser('~'), '.relevation.conf')
pw = None
fl = None
215,8 → 235,8
if os.path.isfile(cfg):
if os.access(cfg, os.R_OK):
wr = world_readable(cfg)
if wr:
sys.stderr.write('Configuration (~/.relevation.conf) is world-readable!!!\n')
if wr and sys.platform != 'win32':
printe('Configuration (~/.relevation.conf) is world-readable!!!')
parser = ConfigParser.ConfigParser()
parser.read(cfg)
ops = parser.options('relevation')
223,14 → 243,37
if 'file' in ops:
fl = os.path.expanduser(parser.get('relevation', 'file'))
if 'password' in ops:
if wr and sys.platform != 'win32': # TODO: how to check in windows?
sys.stderr.write('Your password can be read by anyone!!!\n')
if wr: # TODO: how to check in windows?
printe('Your password can be read by anyone!!!')
pw = parser.get('relevation', 'password')
else: # exists but not readable
sys.stderr.write('Configuration file (~/.relevation.conf) is not readable!\n')
printe('Configuration file (~/.relevation.conf) is not readable!')
return ( fl, pw )
 
def main():
def decrypt_gz(key, cipher_text):
''' Decrypt cipher_text using key.
decrypt(str, str) -> cleartext (gzipped xml)
This function will use the underlying, available, cipher module.
'''
if USE_PYCRYPTO:
# Extract IV
c = AES.new(key)
iv = c.decrypt(cipher_text[12:28])
# Decrypt data, CBC mode
c = AES.new(key, AES.MODE_CBC, iv)
ct = c.decrypt(cipher_text[28:])
else:
# Extract IV
c = rijndael.Rijndael(key, keySize=len(key), padding=noPadding())
iv = c.decrypt(cipher_text[12:28])
# Decrypt data, CBC mode
bc = rijndael.Rijndael(key, keySize=len(key), padding=noPadding())
c = cbc.CBC(bc, padding=noPadding())
ct = c.decrypt(cipher_text[28:], iv=iv)
return ct
 
def main(argv):
datafile = None
password = None
# values to search for
240,13 → 283,13
searchTypes = []
dump_xml = False
 
sys.stderr.write('Relevation v%s, (c) 2011 Toni Corvera\n\n' % __version__)
printe('Relevation v%s, (c) 2011 Toni Corvera\n' % __version__)
 
# ---------- OPTIONS ---------- #
( datafile, password ) = load_config()
try:
# gnu_getopt requires py >= 2.3
ops, args = getopt.gnu_getopt(sys.argv[1:], 'f:p:s:0ciaht:x',
ops, args = getopt.gnu_getopt(argv, 'f:p:s:0ciaht:x',
[ 'file=', 'password=', 'search=', 'stdin',
'case-sensitive', 'case-insensitive', 'ask',
'help', 'version', 'type=', 'xml' ])
266,6 → 309,12
release=' [DEBUG]'
print 'Relevation version %s%s' % ( __version__, release )
print 'Python version %s' % sys.version
if USE_PYCRYPTO:
import Crypto
print 'PyCrypto version %s' % Crypto.__version__
else:
# AFAIK cryptopy doesn't export version info
print 'cryptopy'
sys.exit(os.EX_OK)
for opt, arg in ops:
275,7 → 324,7
password = arg
elif opt in ( '-a', '--ask', '-0', '--stdin' ):
if opt in ( '-a', '--ask' ):
sys.stderr.write('File password: ')
printen('File password: ')
password = sys.stdin.readline()
password = password[:-1]
elif opt in ( '-s', '--search' ):
292,22 → 341,22
neg = True
if not iarg in ( 'creditcard', 'cryptokey', 'database', 'door', 'email',
'folder', 'ftp', 'generic', 'phone', 'shell', 'website' ):
sys.stderr.write('Warning: Type "%s" is not known by relevation.\n' % arg)
printe('Warning: Type "%s" is not known by relevation.' % arg)
searchTypes.append( ( iarg, neg ) )
elif opt in ( '-x', '--xml' ):
dump_xml = True
else:
sys.stderr.write('Unhandled option: %s\n' % opt)
printe('Unhandled option: %s' % opt)
assert False, "internal error parsing options"
if not datafile or not password:
usage(sys.stderr)
if not datafile:
sys.stderr.write('Input password filename is required\n')
printe('Input password filename is required')
if not password:
sys.stderr.write('Password is required\n')
printe('Password is required')
sys.exit(os.EX_USAGE)
# ---------- PASSWORDS FILE DECRYPTION ---------- #
# ---------- PASSWORDS FILE DECRYPTION AND DECOMPRESSION ---------- #
f = None
try:
if not os.access(datafile, os.R_OK):
320,12 → 369,8
f.close()
# Pad password
password += (chr(0) * (32 - len(password)))
# Data IV
c = AES.new(password)
iv = c.decrypt(data[12:28])
# Decrypt. Decrypted data is compressed
c = AES.new(password, AES.MODE_CBC, iv)
cleardata_gz = c.decrypt(data[28:])
cleardata_gz = decrypt_gz(password, data)
# Length of data padding
padlen = ord(cleardata_gz[-1])
# Decompress actual data (15 is wbits [ref3] DON'T CHANGE, 2**15 is the (initial) buf size)
356,9 → 401,12
 
if __name__ == '__main__':
try:
main()
except libxml2.parserError as e:
sys.stderr.write('XML parsing error\n')
main(sys.argv[1:])
except zlib.error:
printe('Failed to decompress decrypted data. Wrong password?')
sys.exit(os.EX_DATAERR)
except etree.XMLSyntaxError as e:
printe('XML parsing error')
if not RELEASE:
traceback.print_exc()
sys.exit(os.EX_DATAERR)
365,7 → 413,7
except IOError as e:
if not RELEASE:
traceback.print_exc()
sys.stderr.write(str(e)+"\n")
printe(str(e))
sys.exit(os.EX_IOERR)
 
# vim:set ts=4 et ai fileencoding=utf-8: #
/relevation/trunk/devtools/genpw.py
0,0 → 1,125
#!/usr/bin/env python
 
"""
Simplistic Password Generator.
"""
 
# This file is released under the CC0 license (CC equivalent of Public Domain).
#
# License details:
# http://creativecommons.org/publicdomain/zero/1.0/legalcode
 
import random
import string
import locale
import sys
 
try:
import checkpw
DO_CHECK=True
except ImportError:
DO_CHECK=False
 
DEFAULT_RESULTS = 20
DEFAULT_LENGTH = 8
#Letters and digits are repeated to favour them
FAVOURED_SET = string.lowercase + string.digits #string.letters
STDSET = string.uppercase + string.punctuation
DEFAULT_CSET = FAVOURED_SET * 8 + STDSET
 
REJECTS_SET = [ 'l', '1', 'I', '0', 'O' ] # FIXME: What else?
DEFAULT_FORCE = '*' # Symbolic
 
def pwgen(length=DEFAULT_LENGTH, possible=DEFAULT_CSET,
reject_ambiguous=False, force=DEFAULT_FORCE):
'''
pwgen(int, str, bool, [ str, str, ...]) -> str
 
Generate a password.
length - Password length
possible - List of characters from where to pick
reject_ambiguous - Reject characters that can be hard to tell from each other (e.g. 1 vs l vs I)
force - List of forcible sets. Force at least one character of each set.
'''
pw = ''
rejects = []
LENGTH = length
if reject_ambiguous:
rejects = REJECTS_SET
if force == DEFAULT_FORCE:
force = [ string.lowercase, string.uppercase, string.digits ]
if type(force) != list:
raise ValueError('force must be a list of strings')
def pick_one(cset):
'''
Return a random character from cset
'''
c = random.choice(cset)
while c in rejects:
c = random.choice(cset)
return c
# Forcible includes
for cset in force:
pw += pick_one(cset)
length -= 1
for i in range(length):
pick = random.choice(possible)
while pick in rejects:
pick = random.choice(possible)
pw += pick
# Re-mix order (randomize forced-characters' position)
if len(pw) > LENGTH:
pw = pw[0:LENGTH]
l = list(pw)
random.shuffle(l)
pw = ''.join(l)
return pw
 
def main(argv):
rounds = DEFAULT_RESULTS
length = DEFAULT_LENGTH
cset = DEFAULT_CSET
reject_ambiguous = False
secure = False # When True, reject mediocre passwords and below
 
# No need to use getopt or anything like it
positional = []
for arg in argv:
if arg in ( '-B', '--ambiguous' ):
reject_ambiguous = True
elif arg in ( '-s', '--secure' ):
if not DO_CHECK:
raise EnvironmentError('Can\'t generate secure-only password without checkpw.py')
secure = True
else:
positional.append(arg)
try:
if len(positional) > 0:
length = int(positional[0])
if len(positional) > 1:
rounds = int(positional[1])
except ValueError:
sys.stderr.write('Usage: pwgen [-B] [length] [num pw]\n');
sys.exit(2);
 
def newpw():
return pwgen(length=length, reject_ambiguous=reject_ambiguous)
 
for i in range(rounds):
pw = newpw()
if DO_CHECK:
( score, verdict, _ ) = checkpw.check(pw)
if secure:
while score < checkpw.STRONG_THRESHOLD:
pw = newpw()
( score, verdict, _ ) = checkpw.check(pw)
print '%s\t%d\t%s' % ( pw, score, verdict)
#print _
else:
print pw
 
if __name__ == '__main__':
locale.setlocale(locale.LC_ALL, 'C')
main(sys.argv[1:])
 
# vim:set ts=4 et ai: #
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/relevation/trunk/devtools/checkpw.py
0,0 → 1,105
#!/usr/bin/env python
 
"""
Simplistic Password Strength Checker.
"""
 
# Based on
# <http://www.geekwisdom.com/dyn/passwdmeter>
# |-> <http://www.geekwisdom.com/js/passwordmeter.js>
# (this is mostly based on the scoring system explained there,
# and not on the actual implementation)
 
import re
import string
import sys
 
WEAK_THRESHOLD = 16
MEDIOCRE_THRESHOLD = 25
STRONG_THRESHOLD = 35
VERY_STRONG_THRESHOLD = 45
 
def check(pw):
'''
check(str) -> ( int score, str strength category, str description)
'''
score = 0
verdict = 'weak'
log = ''
# Password length
length = len(pw)
if length == 0:
return ( 0, 'weak', 'empty password' )
if length < 5:
score += 3
elif length < 8:
score += 6
elif length < 16:
score += 12
else:
score += 18
log += '%d points for length (%d)\n' % (score, length)
# Letters
locase = re.search('[a-z]', pw)
upcase = re.search('[A-Z]', pw)
if (locase and upcase):
score += 7
log += '7 points for mixed case\n'
elif locase:
score += 5
log += '5 points for all-lowercase letters\n'
elif upcase:
score += 5
log += '5 points for all-uppercase letters\n'
else: # No letters at all
pass
# Numbers
hasnums = re.search('\d', pw)
if hasnums and re.search('\d.*\d.*\d', pw):
score += 7
log += '7 points for at least three numbers\n'
elif hasnums:
score += 5
log += '5 points for at least one number\n'
# Special Characters
sch = string.punctuation
hasspecial = re.search('[%s]' % sch, pw)
if hasspecial and re.search('[%s].*[%s]' % ( sch, sch), pw):
score += 10
log += '10 points for at least two special characters\n'
elif hasspecial:
score += 5
log += '5 points for at least one special character\n'
# Combos
hasletters = re.search('([a-z]|[A-Z])', pw)
if hasnums and hasletters:
score += 1
log += '1 combo point for mixed letters and numbers\n'
if hasspecial:
score += 2
log += '2 combo points for mixed letters, numbers and special characters\n'
if upcase and locase:
score += 2
log += '2 combo point for mixed case letters, numbers and special characters'
# Verdict
if score < WEAK_THRESHOLD:
verdict = 'very weak'
elif score < MEDIOCRE_THRESHOLD:
verdict = 'weak'
elif score < STRONG_THRESHOLD:
verdict = 'mediocre'
elif score < VERY_STRONG_THRESHOLD:
verdict = 'strong'
else:
verdict = 'stronger'
 
return ( score, verdict, log )
 
if __name__ == '__main__':
for candidate in sys.argv[1:]:
( score, verdict, descr ) = check(candidate)
print '%s: %s\t%s' % ( candidate, score, verdict )
sys.stderr.write(descr)
 
# vim:set ts=4 et ai: #
 
Property changes:
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Rev Id Date
\ No newline at end of property
/relevation/trunk/devtools
Property changes:
Added: bugtraq:number
+true
\ No newline at end of property
/relevation/trunk/debian/control
10,7 → 10,7
 
Package: relevation
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.3), python-libxml2, python-crypto
Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.3), python-lxml, python-crypto
Recommends: revelation
Description: Command-line interface to query Revelation files
This is a command-line tool capable of retrieving passwords from
/relevation/trunk/debian/changelog
1,3 → 1,10
relevation (1.1-upstream.1) unstable; urgency=low
 
* New version
* debian/control: change requirement from libxml2 to lxml
 
-- Toni Corvera <outlyer@gmail.com> Wed, 13 Jul 2011 18:23:47 +0200
 
relevation (1.0-upstream.1) unstable; urgency=low
 
* Initial release
/relevation/trunk/README.Windows.txt
0,0 → 1,10
 
This program requires PyCrypto and lxml.
 
lxml binaries for Windows can be found at <http://pypi.python.org/pypi/lxml>
PyCrypto binaries for Windows (only 32bits) can be found at <http://www.voidspace.org.uk/python/modules.shtml#pycrypto>
 
In a 64bits version of Python, in Windows, installing PyCrypto is non-trivial so cryptopy can be used instead.
 
 
 
/relevation/trunk/CHANGELOG
1,5 → 1,17
$Date$
 
1.1 (2011-07-13):
- Support cryptopy if PyCrypto is not available. Enhances
cross-platform support.
- Print an error message if the decryption produced wrong data
(normally caused by a bad password)
- Add PyCrypto/cryptopy to version info (--version)
- Windows support enhancements:
- Minimalistic GUI
- Py2exe support
- Packaging scripts
- Fix uninstall
 
1.0 (2011-06-30):
- First public release
 
/relevation/trunk/relevation.1
72,4 → 72,4
This manual page was written by Toni Corvera <outlyer@gmail.com>.
Permission is granted to copy, distribute and/or modify this document under the terms of a BSD 2-clause license.
.\" created by instant / docbook-to-man, Tue 28 Jun 2011, 02:45
.\" created by instant / docbook-to-man, Tue 05 Jul 2011, 02:25
/relevation/trunk/manpage_source.sgml
0,0 → 1,173
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
 
<!--
This file is derived from Debian's template for added manpages.
 
Process this file with docbook-to-man to generate an nroff manual
page: `docbook-to-man manpage.sgml > manpage.1'. You may view
the manual page with: `docbook-to-man manpage.sgml | nroff -man |
less'. A typical entry in a Makefile or Makefile.am is:
 
manpage.1: manpage.sgml
docbook-to-man $< > $@
-->
 
<!ENTITY dhfirstname "<firstname>Toni</firstname>">
<!ENTITY dhsurname "<surname>Corvera</surname>">
<!-- Please adjust the date whenever revising the manpage. -->
<!ENTITY dhdate "<date>June 28, 2011</date>">
<!ENTITY dhsection "<manvolnum>1</manvolnum>">
<!ENTITY dhemail "<email>outlyer@gmail.com</email>">
<!ENTITY dhusername "Toni Corvera">
<!ENTITY dhucpackage "<refentrytitle>RELEVATION</refentrytitle>">
<!ENTITY dhpackage "relevation">
<!ENTITY gnu "<acronym>GNU</acronym>">
]>
 
<refentry>
<refentryinfo>
<address>
&dhemail;
</address>
<author>
&dhfirstname;
&dhsurname;
</author>
<copyright>
<year>2011</year>
<holder>&dhusername;</holder>
</copyright>
&dhdate;
</refentryinfo>
<refmeta>
&dhucpackage;
 
&dhsection;
</refmeta>
<refnamediv>
<refname>&dhpackage;</refname>
 
<refpurpose>command-line searcher for <application>Revelation</application> files</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>&dhpackage;</command>
<arg choice="opt"><option>options</option></arg>
<arg choice="opt"><replaceable>search string</replaceable> <arg choice="opt"><replaceable>...</replaceable></arg></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
 
<para>Access and print or search passwords in a <application>Revelation</application> password file.</para>
 
<para>Only read access is provided, to edit the files <application>Revelation</application> must be used.</para>
 
<para>With a search string, only entries that match the search string in any of its fields will be printed.</para>
 
<para>When no search string is provided the whole list of entries will be printed.</para>
 
</refsect1>
<refsect1>
<title>OPTIONS</title>
 
<para>This program follows the usual &gnu; command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.</para>
 
<variablelist>
<varlistentry>
<term><option>-f <replaceable>file.revelation</replaceable></option>, <option>--file=<replaceable>file.revelation</replaceable></option>
</term>
<listitem>
<para>File name of the <command>revelation</command> file (the file containing the list of stored credentials).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p <replaceable>password</replaceable></option>, <option>--password=<replaceable>password</replaceable></option>
</term>
<listitem>
<para>Decryption password.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-a</option>, <option>--ask</option>, <option>-0</option>, <option>--stdin</option>
</term>
<listitem>
<para>Ask interactively for password.</para>
<para>When <option>-a</option> or <option>--ask</option> is used a prompt will be printed.</para>
<para>Use either one of this variants or <option>--password</option>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-t <replaceable>type</replaceable></option>, <option>--type=<replaceable>type</replaceable></option></term>
<listitem>
<para>Print only entries of a certain type.</para>
<para>Known types: creditcard, cryptokey, database, door, email, folder, ftp, generic, phone, shell, website.</para>
<para>If preceded by a slash it will be negated, i.e. `-website' will select entries that are not of type website.</para>
<para>When searching for a string, folders are skipped (equivalent to `--type=-folder').</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-i</option>, <option>--case-insensitive</option>
</term>
<listitem>
<para>When searching for text, disregard case.</para>
<para>This is the default behaviour.</para>
<para>If the search string contains special/non-English characters this is likely to fail.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-c</option>, <option>--case-sensitive</option>
</term>
<listitem>
<para>When searching for text, obey case.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-s <replaceable>search string</replaceable></option>, <option>--search=<replaceable>search string</replaceable></option>, <option><replaceable>search string</replaceable></option>
</term>
<listitem>
<para>Search the file for a pice of text. All fields will be searched.</para>
</listitem>
</varlistentry>
 
<varlistentry>
<term><option>-h</option>, <option>--help</option>
</term>
<listitem>
<para>Show summary of options.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--version</option>
</term>
<listitem>
<para>Show version information for &dhpackage;.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>CONFIGURATION FILE</title>
 
<para>A configuration file `.relevation.conf' located at the user's home directory can be used to avoid having to provide the filename and/or password on each run.</para>
<para>Example `~/.relevation.conf':</para>
<programlisting>&nbsp;[relevation]
&nbsp;file=~/passwords.revelation
&nbsp;password=my secret password</programlisting>
<para>Both file and password are optional, so you can store the filename without storing the password.</para>
<para>Please understand your password is stored in this file in clear text, modify the file permissions appropriately so that only your user can read it, otherwise your master password might be compromised and hence all your stored password will be too.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
 
<para>revelation (1)</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
 
<para>This manual page was written by &dhusername; &lt;&dhemail;&gt;.
Permission is granted to copy, distribute and/or modify this document under the terms of a BSD 2-clause license.
</para>
</refsect1>
</refentry>
<!-- vim: set et: -->
/relevation/trunk/.
Property changes:
Added: svn:externals
+
Modified: svn:mergeinfo
Merged /relevation/branches/1.1:r167-198
Merged /relevation/branches/1.1-PyCryptoPlus:r168