m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-09-20 17:10:03 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2012-09-20 17:12:20 +0200
commite12affb8e4b214e84cfbedfe00e4ff358d2e7e86 (patch)
tree9c78a98fab858c728b882e27fd2baeec37dc2781
parent14955bcb4f749f7a95ce8ac94d055cf3231f3696 (diff)
Prompt before overwriting password in generate, unless --force is provided.
-rw-r--r--man/pass.19
-rwxr-xr-xsrc/password-store.sh44
2 files changed, 28 insertions, 25 deletions
diff --git a/man/pass.1 b/man/pass.1
index 223d5e0..c215cd2 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -71,7 +71,7 @@ clipboard using
.BR xclip (1)
and then restore the clipboard after 45 seconds.
.TP
-\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ]\fIpass-name\fP
+\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP
Insert a new password into the password store called \fIpass-name\fP. This will
read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do
disable keyboard echo when the password is entered and confirm the password by asking
@@ -88,7 +88,7 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ
difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to
the ordinary \fBTMPDIR\fP location, and print a warning.
.TP
-\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP
+\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name pass-length\fP
Generate a new password using
.BR pwgen (1)
of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP
@@ -96,9 +96,10 @@ is specified, do not use any non-alphanumeric characters in the generated passwo
If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy
it to the clipboard using
.BR xclip (1)
-and then restore the clipboard after 45 seconds.
+and then restore the clipboard after 45 seconds. Prompt before overwriting an existing password,
+unless \fI--force\fP or \fI-f\fP is specified.
.TP
-\fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ]\fI pass-name\fP
+\fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP
Remove the password named \fIpass-name\fP from the password store. This command is
alternatively named \fBremove\fP or \fBdelete\fP. If \fI--recursive\fP or \fI-r\fP
is specified, delete pass-name recursively if it is a directory. If \fI--force\fP
diff --git a/src/password-store.sh b/src/password-store.sh
index f0b965a..5075bb8 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -43,9 +43,10 @@ Usage:
before overwriting existing password unless forced.
$program edit pass-name
Insert a new password or edit an existing password using ${EDITOR:-vi}.
- $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length
+ $program generate [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length
Generate a new password of pass-length with optionally no symbols.
Optionally put it on the clipboard and clear board after 45 seconds.
+ Prompt before overwriting existing password unless forced.
$program rm [--recursive,-r] [--force,-f] pass-name
Remove existing password or directory, optionally forcefully.
$program git git-command-args...
@@ -63,7 +64,16 @@ is_command() {
*) return 1 ;;
esac
}
-
+git_add_file() {
+ [[ -d $GIT_DIR ]] || return
+ git add "$1" || return
+ [[ -n $(git status --porcelain "$1") ]] || return
+ git commit -m "$2"
+}
+yesno() {
+ read -p "$1 [y/N] " response
+ [[ $response == "y" || $response == "Y" ]] || exit 1
+}
#
# BEGIN Platform definable
#
@@ -98,12 +108,10 @@ tmpdir() {
if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then
tmp_dir="$(TMPDIR=/dev/shm mktemp -t "$template" -d)"
else
- prompt=$(echo "Your system does not have /dev/shm, which means that it may"
+ yesno "$(echo "Your system does not have /dev/shm, which means that it may"
echo "be difficult to entirely erase the temporary non-encrypted"
echo "password file after editing. Are you sure you would like to"
- echo -n "continue? [y/N] ")
- read -p "$prompt" yesno
- [[ $yesno == "y" || $yesno == "Y" ]] || exit 1
+ echo -n "continue?")"
tmp_dir="$(mktemp -t "$template" -d)"
fi
@@ -116,13 +124,6 @@ GETOPT="getopt"
# END Platform definable
#
-function git_add_file() {
- [[ -d $GIT_DIR ]] || return
- git add "$1" || return
- [[ -n $(git status --porcelain "$1") ]] || return
- git commit -m "$2"
-}
-
program="$(basename "$0")"
command="$1"
if is_command "$command"; then
@@ -225,11 +226,7 @@ case "$command" in
path="$1"
passfile="$PREFIX/$path.gpg"
- if [[ $force -eq 0 && -e $passfile ]]; then
- prompt="An entry already exists for $path. Overwrite it [y/N]? "
- read -p "$prompt" yesno
- [[ $yesno == "y" || $yesno == "Y" ]] || exit 1
- fi
+ [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
mkdir -p -v "$PREFIX/$(dirname "$path")"
@@ -286,19 +283,21 @@ case "$command" in
;;
generate)
clip=0
+ force=0
symbols="-y"
- opts="$($GETOPT -o nc -l no-symbols,clip -n "$program" -- "$@")"
+ opts="$($GETOPT -o ncf -l no-symbols,clip,force -n "$program" -- "$@")"
err=$?
eval set -- "$opts"
while true; do case $1 in
-n|--no-symbols) symbols=""; shift ;;
-c|--clip) clip=1; shift ;;
+ -f|--force) force=1; shift ;;
--) shift; break ;;
esac done
if [[ $err -ne 0 || $# -ne 2 ]]; then
- echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] pass-name pass-length"
+ echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length"
exit 1
fi
path="$1"
@@ -308,8 +307,11 @@ case "$command" in
exit 1
fi
mkdir -p -v "$PREFIX/$(dirname "$path")"
- pass="$(pwgen -s $symbols $length 1)"
passfile="$PREFIX/$path.gpg"
+
+ [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
+
+ pass="$(pwgen -s $symbols $length 1)"
$GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass"
git_add_file "$passfile" "Added generated password for $path to store."