'Re: [pass] [PATCH] Added show obfuscation'

[prev in list] [next in list] [prev in thread] [next in thread] 

List: password-store
Subject: Re: [pass] [PATCH] Added show obfuscation
From: Andrew DeMaria <ademariad () gmail ! com>
Date: 2015-11-28 17:19:07
Message-ID: CAHkd+q0wKsu8Lpd+1YUNwHsrBSjYjXvRpNxcv37hCTRSVzS=JA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Fixed spacing that was ruined by a copy-paste.

On Sat, Nov 28, 2015 at 10:16 AM, Andrew DeMaria <ademariad@gmail.com>
wrote:

> I had wrote this a couple weeks ago, but just now noticed another patch
> submitted to the list. To highlight the couple of differences, this patch
> also makes "show" only display one line by default. The reason I did this
> was that it allowed for control of how many lines were displayed regardless
> of whether clip is used or not. It also makes it clear when using the
> colored output what to actually copy for the password.
>
> In addition, this uses the tput to actually output the control sequences.
>
> On Sat, Nov 28, 2015 at 10:06 AM, Andrew DeMaria <ademariad@gmail.com>
> wrote:
>
>> - Hides shown text using terminal color codes by default
>> - Adds --no-color/-n option to remove coloring
>> - By default display only the first line regardless of whether clip is
>> specified
>> - Full output can be toggled with --full/-f
>> ---
>> src/completion/pass.bash-completion | 2 +-
>> src/completion/pass.fish-completion | 2 ++
>> src/completion/pass.zsh-completion | 6 +++++-
>> src/password-store.sh | 28 ++++++++++++++++++++--------
>> 4 files changed, 28 insertions(+), 10 deletions(-)
>>
>> diff --git a/src/completion/pass.bash-completion
>> b/src/completion/pass.bash-completion
>> index efd4b70..bfd2492 100644
>> --- a/src/completion/pass.bash-completion
>> +++ b/src/completion/pass.bash-completion
>> @@ -80,7 +80,7 @@ _pass()
>> _pass_complete_entries
>> ;;
>> show|-*)
>> - COMPREPLY+=($(compgen -W "-c --clip" -- ${cur}))
>> + COMPREPLY+=($(compgen -W "-c --clip -n --no-color -f
>> --full" -- ${cur}))
>> _pass_complete_entries 1
>> ;;
>> insert)
>> diff --git a/src/completion/pass.fish-completion
>> b/src/completion/pass.fish-completion
>> index c32a42c..5913224 100644
>> --- a/src/completion/pass.fish-completion
>> +++ b/src/completion/pass.fish-completion
>> @@ -98,6 +98,8 @@ complete -c $PROG -f -A -n '__fish_pass_uses_command
>> edit' -a "(__fish_pass_prin
>>
>> complete -c $PROG -f -A -n '__fish_pass_needs_command' -a show -d
>> 'Command: show existing password'
>> complete -c $PROG -f -A -n '__fish_pass_uses_command show' -s c -l clip
>> -d 'Put password in clipboard'
>> +complete -c $PROG -f -A -n '__fish_pass_uses_command show' -s n -l
>> no-color -d 'Do not colorize text'
>> +complete -c $PROG -f -A -n '__fish_pass_uses_command show' -s f -l full
>> -d 'Output the full password'
>> complete -c $PROG -f -A -n '__fish_pass_uses_command show' -a
>> "(__fish_pass_print_entries)"
>> # When no command is given, `show` is defaulted.
>> complete -c $PROG -f -A -n '__fish_pass_needs_command' -s c -l clip -d
>> 'Put password in clipboard'
>> diff --git a/src/completion/pass.zsh-completion
>> b/src/completion/pass.zsh-completion
>> index 9bb3f97..3b0259a 100644
>> --- a/src/completion/pass.zsh-completion
>> +++ b/src/completion/pass.zsh-completion
>> @@ -108,7 +108,11 @@ _pass () {
>> _pass_cmd_show () {
>> _arguments : \
>> "-c[put it on the clipboard]" \
>> - "--clip[put it on the clipboard]"
>> + "--clip[put it on the clipboard]" \
>> + "--full[Output the entire text]" \
>> + "-f[Output the entire text]" \
>> + "--no-color[Do not colorize output]" \
>> + "-n[Do not colorize output]"
>> _pass_complete_entries
>> }
>> _pass_complete_entries_helper () {
>> diff --git a/src/password-store.sh b/src/password-store.sh
>> index d535a74..e4f33d6 100755
>> --- a/src/password-store.sh
>> +++ b/src/password-store.sh
>> @@ -16,6 +16,9 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
>> X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
>> CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
>>
>> +SHOW_PASS_OBFUS='{ echo -en "$(tput setaf 1)$(tput setab 1)"; cat -;
>> echo -en "$(tput sgr0)"; }'
>> +SHOW_PASS_CLEAR='{ cat -; }'
>> +
>> export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
>> export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
>>
>> @@ -223,9 +226,11 @@ cmd_usage() {
>> List passwords.
>> $PROGRAM find pass-names...
>> List passwords that match pass-names.
>> - $PROGRAM [show] [--clip,-c] pass-name
>> + $PROGRAM [show] [--clip,-c] [--no-color,-n] [--full,-f] pass-name
>> Show existing password and optionally put it on the
>> clipboard.
>> + If no color is specified the password will be shown in
>> non-colorized text.
>> If put on the clipboard, it will be cleared in $CLIP_TIME
>> seconds.
>> + If full is specified the entire contents will be used
>> (copied or displayed), not just the first line
>> $PROGRAM grep search-string
>> Search for password files containing search-string when
>> decrypted.
>> $PROGRAM insert [--echo,-e | --multiline,-m] [--force,-f]
>> pass-name
>> @@ -294,26 +299,33 @@ cmd_init() {
>> }
>>
>> cmd_show() {
>> - local opts clip=0
>> - opts="$($GETOPT -o c -l clip -n "$PROGRAM" -- "$@")"
>> + local opts clip=0 no_color=0 full=0
>> + opts="$($GETOPT -o cnf -l clip,no-color,full -n "$PROGRAM" -- "$@")"
>> local err=$?
>> eval set -- "$opts"
>> while true; do case $1 in
>> -c|--clip) clip=1; shift ;;
>> + -n|--no-color) no_color=1; shift ;;
>> + -f|--full) full=1; shift ;;
>> --) shift; break ;;
>> esac done
>>
>> - [[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--clip,-c]
>> [pass-name]"
>> + [[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--clip,-c]
>> [--no-color,-n] [--full,-f] [pass-name]"
>>
>> local path="$1"
>> local passfile="$PREFIX/$path.gpg"
>> check_sneaky_paths "$path"
>> if [[ -f $passfile ]]; then
>> - if [[ $clip -eq 0 ]]; then
>> - $GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $?
>> + local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile")"
>> + if [[ $full -eq 0 ]]; then
>> + local pass=$(echo "${pass}" | head -n 1 -)
>> + fi
>> + [[ -n $pass ]] || exit 1
>> + if [[ $clip -eq 0 && $no_color -eq 0 ]]; then
>> + echo "${pass}" | eval "${SHOW_PASS_OBFUS}"
>> + elif [[ $clip -eq 0 ]]; then
>> + echo "${pass}" | eval "${SHOW_PASS_CLEAR}"
>> else
>> - local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | head -n
>> 1)"
>> - [[ -n $pass ]] || exit 1
>> clip "$pass" "$path"
>> fi
>> elif [[ -d $PREFIX/$path ]]; then
>> --
>> 2.6.2
>>
>>
>>
>

[Attachment #5 (text/html)]

<div dir="ltr">Fixed spacing that was ruined by a copy-paste. </div><div \
class="gmail_extra"> <div class="gmail_quote">On Sat, Nov 28, 2015 at 10:16 AM, \
Andrew DeMaria &lt;<a href="mailto:ademariad@gmail.com" \
target="_blank">ademariad@gmail.com</a>&gt; wrote: <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div>I had wrote this a couple weeks ago, but \
just now noticed another patch submitted to the list. To highlight the couple of \
differences, this patch also makes &quot;show&quot; only display one line by default. \
The reason I did this was that it allowed for control of how many lines were \
displayed regardless of whether clip is used or not. It also makes it clear when \
using the colored output what to actually copy for the password. </div>In \
addition, this uses the tput to actually output the control sequences. </div><div \
class="HOEnZb"><div class="h5"><div class="gmail_extra"> <div \
class="gmail_quote">On Sat, Nov 28, 2015 at 10:06 AM, Andrew DeMaria &lt;<a href="mailto:ademariad@gmail.com" \
target="_blank">ademariad@gmail.com</a>&gt; wrote: <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">- Hides shown text using terminal color codes \
by default <div><div>- Adds --no-color/-n option to remove coloring - By \
default display only the first line regardless of whether clip is specified - Full \
output can be toggled with --full/-f --- src/completion/pass.bash-completion \
| 2 +- src/completion/pass.fish-completion | 2 ++ \
src/completion/pass.zsh-completion | 6 +++++- src/password-store.sh \
| 28 ++++++++++++++++++++-------- 4 files changed, 28 insertions(+), 10 \
deletions(-) diff --git a/src/completion/pass.bash-completion \
b/src/completion/pass.bash-completion index efd4b70..bfd2492 100644 --- \
a/src/completion/pass.bash-completion +++ \
b/src/completion/pass.bash-completion @@ -80,7 +80,7 @@ _pass() \
_pass_complete_entries ;; \
show|-*) - COMPREPLY+=($(compgen -W &quot;-c \
--clip&quot; -- ${cur})) + COMPREPLY+=($(compgen -W \
&quot;-c --clip -n --no-color -f --full&quot; -- ${cur})) \
_pass_complete_entries 1 ;; \
insert) diff --git a/src/completion/pass.fish-completion \
b/src/completion/pass.fish-completion index c32a42c..5913224 100644 --- \
a/src/completion/pass.fish-completion +++ \
b/src/completion/pass.fish-completion @@ -98,6 +98,8 @@ complete -c $PROG -f -A -n \
&#39;__fish_pass_uses_command edit&#39; -a &quot;(__fish_pass_prin complete \
-c $PROG -f -A -n &#39;__fish_pass_needs_command&#39; -a show -d &#39;Command: show \
existing password&#39; complete -c $PROG -f -A -n &#39;__fish_pass_uses_command \
show&#39; -s c -l clip -d &#39;Put password in clipboard&#39; +complete -c $PROG \
-f -A -n &#39;__fish_pass_uses_command show&#39; -s n -l no-color -d &#39;Do not \
colorize text&#39; +complete -c $PROG -f -A -n &#39;__fish_pass_uses_command \
show&#39; -s f -l full -d &#39;Output the full password&#39; complete -c $PROG \
-f -A -n &#39;__fish_pass_uses_command show&#39; -a \
&quot;(__fish_pass_print_entries)&quot; # When no command is given, `show` is \
defaulted. complete -c $PROG -f -A -n &#39;__fish_pass_needs_command&#39; -s c \
-l clip -d &#39;Put password in clipboard&#39; diff --git \
a/src/completion/pass.zsh-completion b/src/completion/pass.zsh-completion index \
9bb3f97..3b0259a 100644 --- a/src/completion/pass.zsh-completion +++ \
b/src/completion/pass.zsh-completion @@ -108,7 +108,11 @@ _pass () { \
_pass_cmd_show () { _arguments : \ &quot;-c[put it on \
the clipboard]&quot; \ - &quot;--clip[put it on the \
clipboard]&quot; + &quot;--clip[put it on the clipboard]&quot; \ + \
&quot;--full[Output the entire text]&quot; \ + &quot;-f[Output the \
entire text]&quot; \ + &quot;--no-color[Do not colorize output]&quot; \
\ + &quot;-n[Do not colorize output]&quot; \
_pass_complete_entries } _pass_complete_entries_helper () { diff --git \
a/src/password-store.sh b/src/password-store.sh index d535a74..e4f33d6 \
100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -16,6 \
+16,9 @@ PREFIX=&quot;${PASSWORD_STORE_DIR:-$HOME/.password-store}&quot; \
X_SELECTION=&quot;${PASSWORD_STORE_X_SELECTION:-clipboard}&quot; \
CLIP_TIME=&quot;${PASSWORD_STORE_CLIP_TIME:-45}&quot; +SHOW_PASS_OBFUS=&#39;{ \
echo -en &quot;$(tput setaf 1)$(tput setab 1)&quot;; cat -; echo -en &quot;$(tput \
sgr0)&quot;; }&#39; +SHOW_PASS_CLEAR=&#39;{ cat -; }&#39; + export \
GIT_DIR=&quot;${PASSWORD_STORE_GIT:-$PREFIX}/.git&quot; export \
GIT_WORK_TREE=&quot;${PASSWORD_STORE_GIT:-$PREFIX}&quot; @@ -223,9 +226,11 @@ \
cmd_usage() { List passwords. $PROGRAM \
find pass-names... List passwords that match \
pass-names. - $PROGRAM [show] [--clip,-c] pass-name + \
$PROGRAM [show] [--clip,-c] [--no-color,-n] [--full,-f] pass-name \
Show existing password and optionally put it on the clipboard. + \
If no color is specified the password will be shown in non-colorized text. \
If put on the clipboard, it will be cleared in $CLIP_TIME seconds. + \
If full is specified the entire contents will be used (copied or displayed), not just \
the first line $PROGRAM grep search-string \
Search for password files containing search-string when decrypted. \
$PROGRAM insert [--echo,-e | --multiline,-m] [--force,-f] pass-name @@ -294,26 \
+299,33 @@ cmd_init() { } cmd_show() { - local opts \
clip=0 - opts=&quot;$($GETOPT -o c -l clip -n &quot;$PROGRAM&quot; -- \
&quot;$@&quot;)&quot; + local opts clip=0 no_color=0 full=0 + \
opts=&quot;$($GETOPT -o cnf -l clip,no-color,full -n &quot;$PROGRAM&quot; -- \
&quot;$@&quot;)&quot; local err=$? eval set -- \
&quot;$opts&quot; while true; do case $1 in -c|--clip) \
clip=1; shift ;; + -n|--no-color) no_color=1; shift ;; + \
-f|--full) full=1; shift ;; --) shift; break ;; esac \
done - [[ $err -ne 0 ]] &amp;&amp; die &quot;Usage: $PROGRAM $COMMAND \
[--clip,-c] [pass-name]&quot; + [[ $err -ne 0 ]] &amp;&amp; die &quot;Usage: \
$PROGRAM $COMMAND [--clip,-c] [--no-color,-n] [--full,-f] [pass-name]&quot; \
local path=&quot;$1&quot; local \
passfile=&quot;$PREFIX/$path.gpg&quot; check_sneaky_paths \
&quot;$path&quot; if [[ -f $passfile ]]; then - if [[ \
$clip -eq 0 ]]; then - $GPG -d &quot;${GPG_OPTS[@]}&quot; \
&quot;$passfile&quot; || exit $? + local pass=&quot;$($GPG -d \
&quot;${GPG_OPTS[@]}&quot; &quot;$passfile&quot;)&quot; + if [[ $full \
-eq 0 ]]; then + local pass=$(echo &quot;${pass}&quot; | head \
-n 1 -) + fi + [[ -n $pass ]] || exit 1 + \
if [[ $clip -eq 0 &amp;&amp; $no_color -eq 0 ]]; then + echo \
&quot;${pass}&quot; | eval &quot;${SHOW_PASS_OBFUS}&quot; + elif [[ \
$clip -eq 0 ]]; then + echo &quot;${pass}&quot; | eval \
&quot;${SHOW_PASS_CLEAR}&quot; else - local \
pass=&quot;$($GPG -d &quot;${GPG_OPTS[@]}&quot; &quot;$passfile&quot; | head -n \
1)&quot; - [[ -n $pass ]] || exit 1 \
clip &quot;$pass&quot; &quot;$path&quot; fi elif [[ -d \
$PREFIX/$path ]]; then -- 2.6.2 </div></div></div> \
</blockquote></div> </div> </div></div></blockquote></div> </div>


["0001-Added-show-obfuscation.patch" (text/x-patch)]

From 61945ac96fa9f721211cee221751c29126755b0a Mon Sep 17 00:00:00 2001
From: Andrew DeMaria <lostonamountain@gmail.com>
Date: Thu, 13 Aug 2015 16:00:12 -0600
Subject: [PATCH] Added show obfuscation

- Hides shown text using terminal color codes by default
- Adds --no-color/-n option to remove coloring
- By default display only the first line regardless of whether clip is specified
- Full output can be toggled with --full/-f
---
 src/completion/pass.bash-completion | 2 +-
 src/completion/pass.fish-completion | 2 ++
 src/completion/pass.zsh-completion | 6 +++++-
 src/password-store.sh | 28 ++++++++++++++++++++--------
 4 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/src/completion/pass.bash-completion \
b/src/completion/pass.bash-completion index efd4b70..bfd2492 100644
--- a/src/completion/pass.bash-completion
+++ b/src/completion/pass.bash-completion
@@ -80,7 +80,7 @@ _pass()
 				_pass_complete_entries
 				;;
 			show|-*)
-				COMPREPLY+=($(compgen -W "-c --clip" -- ${cur}))
+				COMPREPLY+=($(compgen -W "-c --clip -n --no-color -f --full" -- ${cur}))
 				_pass_complete_entries 1
 				;;
 			insert)
diff --git a/src/completion/pass.fish-completion \
b/src/completion/pass.fish-completion index c32a42c..5913224 100644
--- a/src/completion/pass.fish-completion
+++ b/src/completion/pass.fish-completion
@@ -98,6 +98,8 @@ complete -c $PROG -f -A -n '__fish_pass_uses_command edit' -a \
"(__fish_pass_prin  
 complete -c $PROG -f -A -n '__fish_pass_needs_command' -a show -d 'Command: show \
existing password'  complete -c $PROG -f -A -n '__fish_pass_uses_command show' -s c \
-l clip -d 'Put password in clipboard' +complete -c $PROG -f -A -n \
'__fish_pass_uses_command show' -s n -l no-color -d 'Do not colorize text' +complete \
-c $PROG -f -A -n '__fish_pass_uses_command show' -s f -l full -d 'Output the full \
password'  complete -c $PROG -f -A -n '__fish_pass_uses_command show' -a \
"(__fish_pass_print_entries)"  # When no command is given, `show` is defaulted.
 complete -c $PROG -f -A -n '__fish_pass_needs_command' -s c -l clip -d 'Put password \
                in clipboard'
diff --git a/src/completion/pass.zsh-completion b/src/completion/pass.zsh-completion
index 9bb3f97..3b0259a 100644
--- a/src/completion/pass.zsh-completion
+++ b/src/completion/pass.zsh-completion
@@ -108,7 +108,11 @@ _pass () {
 _pass_cmd_show () {
 	_arguments : \
 		"-c[put it on the clipboard]" \
-		"--clip[put it on the clipboard]"
+		"--clip[put it on the clipboard]" \
+		"--full[Output the entire text]" \
+		"-f[Output the entire text]" \
+		"--no-color[Do not colorize output]" \
+		"-n[Do not colorize output]"
 	_pass_complete_entries
 }
 _pass_complete_entries_helper () {
diff --git a/src/password-store.sh b/src/password-store.sh
index d535a74..e4f33d6 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -16,6 +16,9 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
 X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
 CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
 
+SHOW_PASS_OBFUS='{ echo -en "$(tput setaf 1)$(tput setab 1)"; cat -; echo -en \
"$(tput sgr0)"; }' +SHOW_PASS_CLEAR='{ cat -; }'
+
 export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
 export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
 
@@ -223,9 +226,11 @@ cmd_usage() {
 	        List passwords.
 	    $PROGRAM find pass-names...
 	    	List passwords that match pass-names.
-	    $PROGRAM [show] [--clip,-c] pass-name
+	    $PROGRAM [show] [--clip,-c] [--no-color,-n] [--full,-f] pass-name
 	        Show existing password and optionally put it on the clipboard.
+	        If no color is specified the password will be shown in non-colorized text.
 	        If put on the clipboard, it will be cleared in $CLIP_TIME seconds.
+	        If full is specified the entire contents will be used (copied or \
displayed), not just the first line  $PROGRAM grep search-string
 	        Search for password files containing search-string when decrypted.
 	    $PROGRAM insert [--echo,-e | --multiline,-m] [--force,-f] pass-name
@@ -294,26 +299,33 @@ cmd_init() {
 }
 
 cmd_show() {
-	local opts clip=0
-	opts="$($GETOPT -o c -l clip -n "$PROGRAM" -- "$@")"
+	local opts clip=0 no_color=0 full=0
+	opts="$($GETOPT -o cnf -l clip,no-color,full -n "$PROGRAM" -- "$@")"
 	local err=$?
 	eval set -- "$opts"
 	while true; do case $1 in
 		-c|--clip) clip=1; shift ;;
+		-n|--no-color) no_color=1; shift ;;
+		-f|--full) full=1; shift ;;
 		--) shift; break ;;
 	esac done
 
-	[[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--clip,-c] [pass-name]"
+	[[ $err -ne 0 ]] && die "Usage: $PROGRAM $COMMAND [--clip,-c] [--no-color,-n] \
[--full,-f] [pass-name]"  
 	local path="$1"
 	local passfile="$PREFIX/$path.gpg"
 	check_sneaky_paths "$path"
 	if [[ -f $passfile ]]; then
-		if [[ $clip -eq 0 ]]; then
-			$GPG -d "${GPG_OPTS[@]}" "$passfile" || exit $?
+		local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile")"
+		if [[ $full -eq 0 ]]; then
+			local pass=$(echo "${pass}" | head -n 1 -)
+		fi
+		[[ -n $pass ]] || exit 1
+		if [[ $clip -eq 0 && $no_color -eq 0 ]]; then
+			echo "${pass}" | eval "${SHOW_PASS_OBFUS}"
+		elif [[ $clip -eq 0 ]]; then
+			echo "${pass}" | eval "${SHOW_PASS_CLEAR}"
 		else
-			local pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | head -n 1)"
-			[[ -n $pass ]] || exit 1
 			clip "$pass" "$path"
 		fi
 	elif [[ -d $PREFIX/$path ]]; then
-- 
2.6.2



_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store


[prev in list] [next in list] [prev in thread] [next in thread] 
