From 6acaa49202c37c197754d8dd5091b34d6b60ff72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= Date: Sat, 25 Apr 2020 11:40:13 +0000 Subject: [PATCH] Code cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adrien Gallouët --- README.md | 59 +++++++++++++++++++++++++++++++++++-------------------- secret.c | 18 +++++++---------- 2 files changed, 45 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index f2e7760..2395463 100644 --- a/README.md +++ b/README.md @@ -4,59 +4,76 @@ Keep your little secrets, publicly. ## Features - - Only one file to backup: `~/.secret`. - - No configuration: get back your file and you're done. - - URLs/logins/scopes are encrypted too. - - Secret agent that allows shell completion (only `bash` for now). - - Support many passwords (a visual hash might be required). +`secret` is the simplest secret store you can think of: + + - Requires only one file `~/.secret` that you can share publicly without fear. + - No configuration. Get back your file and you're done. + - Secret's name (hostname, mail, login, etc.) are also encrypted. + - Secret agent only trusts subprocesses. Not all user processes! How nice is that? + - Supports multiple passphrases. Not super user-friendly but nice to have. - Depends only on the [libhydrogen](https://libhydrogen.org/) library. - - Small, simple and non obfuscated C code. + - Small, simple and non obfuscated C code. Well, I hope so :) ## Build and install - $ make install prefix=/usr + $ git clone https://github.com/angt/secret --recursive + $ cd secret + $ make -Currently, bash completion is not installed. Download and source the file [argz.sh](argz/argz.sh) then: +Then, as `root`: + # make install prefix=/usr + +Currently, bash completion is not installed. +Download the file [argz.sh](argz/argz.sh) then: + + $ . argz.sh $ complete -F _argz secret +Completion for secrets is only available in a trusted shell. See below. + ## Commands - $ secret - Available commands: - init Init a secret storage for the user - list List all secrets for a given passphrase - add Add a new secret - show Show an existing secret - change Change an existing secret - agent Run a process in a trusted zone +| Command | Description | +|--------------------|-----------------------------------------------------| +| init | Init a secret storage for the user at `~/.secret`. | +| list | List all secrets for a given passphrase. | +| add KEY | Add a new secret. | +| show KEY | Show an existing secret. | +| change KEY | Change an existing secret. | +| agent CMD [ARG]... | Run a process in a trusted zone. Typically a shell. | ## Examples -Initialize secret: +Initialize secret for the current user: $ secret init -Add a new generated secret called 'test': +Add a new generated secret: $ secret add test Password: Secret [random]: 9{6u0ue>5&W2+z#OR:`X<@-# -Show secret 'test': +Show the secret: $ secret show test Password: 9{6u0ue>5&W2+z#OR:`X<@-# -Start a secret zone: +Start `bash` in a trusted zone: $ secret agent bash Password: -You can now manipulate your secrets easily and with completion: +Now you can play with your little secrets, but only in this shell: $ ./secret show test 9{6u0ue>5&W2+z#OR:`X<@-# +Note that passphrase was not required. + +--- +For feature requests and bug reports, +please create an [issue](https://github.com/angt/secret/issues). diff --git a/secret.c b/secret.c index cf5e2db..47f67b7 100644 --- a/secret.c +++ b/secret.c @@ -1,19 +1,19 @@ #define _GNU_SOURCE +#include +#include #include #include #include -#include #include #include -#include #include -#include +#include #include "argz/argz.c" #include "libhydrogen/hydrogen.c" -#define S_COUNT(x) (sizeof(x) / sizeof((x)[0])) +#define S_COUNT(x) (sizeof(x) / sizeof((x)[0])) #define S_CTX_MASTER "MASTER" #define S_CTX_SECRET "SECRET" #define S_ENV_AGENT "SECRET_AGENT" @@ -53,7 +53,6 @@ s_fatal(const char *fmt, ...) buf[0] = '?'; size = 1; } - if (size > (size_t)ret) size = (size_t)ret; @@ -122,7 +121,7 @@ s_input(unsigned char *buf, size_t size, const char *prompt) struct termios old; tcgetattr(fd, &old); - struct termios new = old;; + struct termios new = old; new.c_lflag &= ~(ECHO | ECHONL); tcsetattr(fd, TCSAFLUSH, &new); @@ -164,7 +163,7 @@ s_open_secret(int use_tty) int fd = open(s.path, O_RDWR); if (fd == -1) switch (errno) { - case ENOENT: s_fatal("No secret store: %s", s.path); + case ENOENT: s_fatal("No %s", s.path); default: s_fatal("%s: %s", s.path, strerror(errno)); } @@ -174,7 +173,7 @@ s_open_secret(int use_tty) }; if (fcntl(fd, F_SETLKW, &fl)) - s_fatal("Unable to lock secret store: %s", s.path); + s_fatal("Unable to lock %s", s.path); uint8_t master[hydro_pwhash_MASTERKEYBYTES]; @@ -219,7 +218,6 @@ s_print_keys(int use_tty) s_write(1, s.x.msg, strnlen(s.x.msg, sizeof(s.x.msg))); s_write(1, "\n", 1); } - close(fd); return 0; } @@ -258,7 +256,6 @@ s_get_secret(int fd, const char *key, int create) return &s.x.msg[len + 1]; } } - if (!create) s_fatal("Secret %s not found", key); @@ -505,7 +502,6 @@ s_agent(int argc, char **argv, void *data) case ECHILD: s_exit(0); default: s_fatal("waitpid: %s", strerror(errno)); } - if ((ret == pid) && (WIFEXITED(status) || WIFSIGNALED(status))) s_exit(0);