diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-20 17:10:03 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-20 17:12:20 +0200 |
commit | e12affb8e4b214e84cfbedfe00e4ff358d2e7e86 (patch) | |
tree | 9c78a98fab858c728b882e27fd2baeec37dc2781 | |
parent | 14955bcb4f749f7a95ce8ac94d055cf3231f3696 (diff) |
Prompt before overwriting password in generate, unless --force is provided.
-rw-r--r-- | man/pass.1 | 9 | ||||
-rwxr-xr-x | src/password-store.sh | 44 |
2 files changed, 28 insertions, 25 deletions
@@ -71,7 +71,7 @@ clipboard using .BR xclip (1) and then restore the clipboard after 45 seconds. .TP -\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ]\fIpass-name\fP +\fBinsert\fP [ \fI--no-echo\fP, \fI-n\fP | \fI--multiline\fP, \fI-m\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP Insert a new password into the password store called \fIpass-name\fP. This will read the new password from standard in. If \fI--no-echo\fP or \fI-n\fP is specified, do disable keyboard echo when the password is entered and confirm the password by asking @@ -88,7 +88,7 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to the ordinary \fBTMPDIR\fP location, and print a warning. .TP -\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] \fIpass-name pass-length\fP +\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name pass-length\fP Generate a new password using .BR pwgen (1) of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP @@ -96,9 +96,10 @@ is specified, do not use any non-alphanumeric characters in the generated passwo If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy it to the clipboard using .BR xclip (1) -and then restore the clipboard after 45 seconds. +and then restore the clipboard after 45 seconds. Prompt before overwriting an existing password, +unless \fI--force\fP or \fI-f\fP is specified. .TP -\fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ]\fI pass-name\fP +\fBrm\fP [ \fI--recursive\fP, \fI-r\fP ] [ \fI--force\fP, \fI-f\fP ] \fIpass-name\fP Remove the password named \fIpass-name\fP from the password store. This command is alternatively named \fBremove\fP or \fBdelete\fP. If \fI--recursive\fP or \fI-r\fP is specified, delete pass-name recursively if it is a directory. If \fI--force\fP diff --git a/src/password-store.sh b/src/password-store.sh index f0b965a..5075bb8 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -43,9 +43,10 @@ Usage: before overwriting existing password unless forced. $program edit pass-name Insert a new password or edit an existing password using ${EDITOR:-vi}. - $program generate [--no-symbols,-n] [--clip,-c] pass-name pass-length + $program generate [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length Generate a new password of pass-length with optionally no symbols. Optionally put it on the clipboard and clear board after 45 seconds. + Prompt before overwriting existing password unless forced. $program rm [--recursive,-r] [--force,-f] pass-name Remove existing password or directory, optionally forcefully. $program git git-command-args... @@ -63,7 +64,16 @@ is_command() { *) return 1 ;; esac } - +git_add_file() { + [[ -d $GIT_DIR ]] || return + git add "$1" || return + [[ -n $(git status --porcelain "$1") ]] || return + git commit -m "$2" +} +yesno() { + read -p "$1 [y/N] " response + [[ $response == "y" || $response == "Y" ]] || exit 1 +} # # BEGIN Platform definable # @@ -98,12 +108,10 @@ tmpdir() { if [[ -d /dev/shm && -w /dev/shm && -x /dev/shm ]]; then tmp_dir="$(TMPDIR=/dev/shm mktemp -t "$template" -d)" else - prompt=$(echo "Your system does not have /dev/shm, which means that it may" + yesno "$(echo "Your system does not have /dev/shm, which means that it may" echo "be difficult to entirely erase the temporary non-encrypted" echo "password file after editing. Are you sure you would like to" - echo -n "continue? [y/N] ") - read -p "$prompt" yesno - [[ $yesno == "y" || $yesno == "Y" ]] || exit 1 + echo -n "continue?")" tmp_dir="$(mktemp -t "$template" -d)" fi @@ -116,13 +124,6 @@ GETOPT="getopt" # END Platform definable # -function git_add_file() { - [[ -d $GIT_DIR ]] || return - git add "$1" || return - [[ -n $(git status --porcelain "$1") ]] || return - git commit -m "$2" -} - program="$(basename "$0")" command="$1" if is_command "$command"; then @@ -225,11 +226,7 @@ case "$command" in path="$1" passfile="$PREFIX/$path.gpg" - if [[ $force -eq 0 && -e $passfile ]]; then - prompt="An entry already exists for $path. Overwrite it [y/N]? " - read -p "$prompt" yesno - [[ $yesno == "y" || $yesno == "Y" ]] || exit 1 - fi + [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" mkdir -p -v "$PREFIX/$(dirname "$path")" @@ -286,19 +283,21 @@ case "$command" in ;; generate) clip=0 + force=0 symbols="-y" - opts="$($GETOPT -o nc -l no-symbols,clip -n "$program" -- "$@")" + opts="$($GETOPT -o ncf -l no-symbols,clip,force -n "$program" -- "$@")" err=$? eval set -- "$opts" while true; do case $1 in -n|--no-symbols) symbols=""; shift ;; -c|--clip) clip=1; shift ;; + -f|--force) force=1; shift ;; --) shift; break ;; esac done if [[ $err -ne 0 || $# -ne 2 ]]; then - echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] pass-name pass-length" + echo "Usage: $program $command [--no-symbols,-n] [--clip,-c] [--force,-f] pass-name pass-length" exit 1 fi path="$1" @@ -308,8 +307,11 @@ case "$command" in exit 1 fi mkdir -p -v "$PREFIX/$(dirname "$path")" - pass="$(pwgen -s $symbols $length 1)" passfile="$PREFIX/$path.gpg" + + [[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" + + pass="$(pwgen -s $symbols $length 1)" $GPG -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass" git_add_file "$passfile" "Added generated password for $path to store." |