This commit is contained in:
Dylan Araps 2019-02-24 22:36:47 +02:00
commit dff3b23881

148
pash Executable file
View File

@ -0,0 +1,148 @@
#!/usr/bin/env bash
#
# pash - simple password manager.
pw_add() {
[[ $OSTYPE == linux* ]] &&
check_entropy
generate_password
[[ $password ]] ||
die "Failed to generate a password."
gpg2 -co "$1.gpg" <<< "$password"
}
pw_del() {
read -rn 1 -p "Delete pass file '$1'? [y/n]: "; printf '\n'
[[ $REPLY == [yY] ]] &&
rm "$1.gpg"
}
pw_show() {
read -r password < <(gpg2 -dq "$1.gpg" ||
die "Failed to decrypt '$1'."
)
}
pw_list() {
pw_files=(*.gpg)
[[ ! -f ${pw_files[0]} ]] && {
printf '%s\n' "No stored passwords."
exit
}
printf '\e[1m%s\e[m:\n' "Stored Passwords"
printf -- ' - %s\n' "${pw_files[@]//.gpg}"
}
generate_password() {
# Grab '$length' number of lines from '/dev/urandom'.
# '$length' also controls the generated password length.
# This is a simple way to ensure that pash grabs enough
# data from '/dev/urandom' to meet the length requirement.
# example: 50 lines from /dev/urandom == 50 char password
mapfile -tn "${length:=50}" rand </dev/urandom
rand=${rand[*]}
[[ $plain ]] &&
rand=${rand//[^[:alnum:]]}
rand=${rand//[^[:graph:]]}
password=${rand:0:$length}
}
check_entropy() {
# On Linux '/dev/urandom' can be accessed even when the
# system has an inadequate amount of entropy. This usually
# occurs at boot time or on a fresh install. This function
# checks the system's entropy level and shows a warning if
# its below its set maximum value.
k_path=/proc/sys/kernel/random
entropy=$(<"${k_path}/entropy_avail")
needed=$(<"${k_path}/read_wakeup_threshold")
((${entropy:=0} < ${needed:=1})) && {
printf '%s\n' "warn: Not enough entropy to generate a secure password."
read -rn 1 -p "warn: Continue anyway? [y/n]: "; printf '\n'
[[ $REPLY != [yY] ]] &&
exit 1
}
}
die() {
printf 'error: %s\n' "$1" >&2
exit 1
}
usage() { printf '%s' "\
pash - simple password manager.
usage: pash [add,del,show,list] [name] [-n] [-l length]
-n Limit passwords to alphanumeric characters.
-l length Length of generated passwords.
-q Don't print password to stdout.
-h Print this message.
-v Show version.
"
exit 1
}
get_args() {
# The first two arguments aren't flags, skip them.
shift 2
while getopts ":ncvql:" opt; do case $opt in
n) plain=1 ;;
l) length=$((OPTARG>300?300:OPTARG)) ;;
c) clipboard=1 ;;
q) quiet=1 ;;
v) printf '%s\n' "pash 0.01"; exit ;;
?) usage ;;
esac; done
}
main() {
get_args "$@"
hash gpg2 2>/dev/null ||
die "GPG not found."
[[ -r /dev/urandom ]] ||
die "/dev/urandom is not readable."
mkdir -p "${pass_dir:=${XDG_DATA_HOME:=$HOME/.local/share}/pash}" ||
die "Couldn't create password directory."
cd "$pass_dir" ||
die "Can't access password directory."
[[ $1 == [ads]* && -z $2 ]] &&
die "Missing [name] argument."
[[ $1 == [ds]* && ! -f $2.gpg ]] &&
die "Pass file '$2' doesn't exist."
[[ $1 == [a]* && -f $2.gpg ]] &&
die "Pass file '$2' already exists."
case $1 in
a*) pw_add "$2" ;;
d*) pw_del "$2" ;;
s*) pw_show "$2" ;;
l*) pw_list ;;
*) usage ;;
esac
[[ -z $quiet && $password ]] &&
printf '%s\n' "$password"
[[ $clipboard && $password ]] && hash xclip 2>/dev/null &&
xclip -selection clipboard &>/dev/null <<< "$password"
}
main "$@"