pwman-tools

Check-in [2345f9058d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Tidy up script and README. Initial working version.

- Remove a lots of dud comments
- Remove unnecessary print statements
- Add some better print statements to provide output during op creation
- Leave file decryption commented out and add comments explaining why
- Move mapping comments to README
- Complete list of known issues/limitations
- Enable deletion of decrypted file at the end

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256: 2345f9058de8e39128151a0496808e99609e5fb2b1f899af84711dfde99519e0
User & Date: atomicules 2019-06-26 06:56:05
Context
2019-06-26
08:11
Add to known issues post-migration check-in: 8629bde9d1 user: atomicules tags: master, trunk
06:56
Tidy up script and README. Initial working version.

- Remove a lots of dud comments
- Remove unnecessary print statements
- Add some better print statements to provide output during op creation
- Leave file decryption commented out and add comments explaining why
- Move mapping comments to README
- Complete list of known issues/limitations
- Enable deletion of decrypted file at the end check-in: 2345f9058d user: atomicules tags: master, trunk

2019-06-25
12:30
Only send --url if it's a login item

Not applicable for Secure Notes and op won't allow it. Using append and
wrapping in a list because cons inserts at the front and this is no good for
what we need. check-in: 2c99721959 user: atomicules tags: master, trunk

Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to README.markdown.

25
26
27
28
29
30
31

32
33
34
35
36
37
38
39
40
41
42

















## pwman2op

### How to use

Developed and tested in SBCL. Use as follows:


	sbcl --script /path/to/this/script

### Known issues

It's work-in-progress

- Assumes two-level hierarchy of data in pwman
- Only uses Login and Secure Note op templates
- Secure Notes have to be in a "SECURE-NOTES" category/heading in PWman
- Ignores stuff in a "INACTIVE" category/heading in PWman
- Assumes an existing authenticated op session























>


|
<
<






>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
25
26
27
28
29
30
31
32
33
34
35


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

## pwman2op

### How to use

Developed and tested in SBCL. Use as follows:

	gpg -d ~/.pwman.db > ~/.pwman.db.decrypt
	sbcl --script /path/to/this/script

### Known issues/limitations



- Assumes two-level hierarchy of data in pwman
- Only uses Login and Secure Note op templates
- Secure Notes have to be in a "SECURE-NOTES" category/heading in PWman
- Ignores stuff in a "INACTIVE" category/heading in PWman
- Assumes an existing authenticated op session
- pwman.db file needs to be decrypted up front to `~/.pwman.db.decrypt`
- Mappings from PWman to 1password are as follows:
	- For Logins
		- name -> title
		- host -> url
		- user -> username
		- passwd -> password
		- launch -> notesPlain
		- category -> tag
	- For Secure Notes
		- name -> title
		- host -> notesPlain
		- user -> notesPlain
		- passwd -> notesPlain
		- launch -> notesPlain
		- category -> tag

Changes to pwman2op.lisp.

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

89
90
91
92
93
94
95
96
...
125
126
127
128
129
130
131


132
133
134


135
136
137
138
139
140
141
142
143
144
145
146
  (username password content)
  (concatenate 'string "{\"notesPlain\":\"" content "\",\"sections\":[],\"passwordHistory\":[],\"fields\":[{\"value\":\"" username "\",\"name\":\"username\",\"type\":\"T\",\"designation\":\"username\"},{\"value\":\"" password "\",\"name\":\"password\",\"type\":\"P\",\"designation\":\"password\"}]}"))

(defun send-to-op
	(op-category pwman-category name host username passwd launch)
	(progn
		; Case would be better if I can figure that out
		; Need to fill in correct template
		(print "op-category:")
		(print op-category)
		(print "pwman-category")
		(print pwman-category)
		(print "name")
		(print name)
		(defparameter template
			(if (string= op-category "Login")
				(template-login username passwd launch)
				; Errr... I guess just assume it's... need to do this and not multiple ifs in progn as otherwise template picks up NIL from progmn
				; Need to combine fields for Secure notes
				(template-secure-note (concatenate 'string "host: " host "; user: " username "; password: " passwd "; launch: " launch))))
		;(print "template:")
		;(print template)
		; Encode first and get return
		; Probably many better ways to do this...
		; Myabe base64 encode directly here... subtle differences though it seems with op
		; Need to single quote encode the json
		(defparameter extproc (sb-ext:run-program "sh" (list "-c" (concatenate 'string "echo '" template "' | op encode")) :search :environment :output :stream))
		(defparameter encoded-item (read-line (sb-ext:process-output extproc)))
		;(print encoded-item)
		; Create item
		; Just going to send blanks, etc if that's what some fields are. It doesn't seem to matter.
		; ALMOST working...
		; Need to pick up correct env... I.e. thinks not logged in...
		; Maybe pass session variable to this? Maybe no need...?
		; Need to only send url if it's a Login item
		(defparameter defaultargs (list  "create" "item" op-category encoded-item (concatenate 'string "--title=" name) (concatenate 'string "--tags=" pwman-category)))
		(defparameter args
			(if (string= op-category "Login")
				; Append, because need at end
				(append defaultargs (list (concatenate 'string "--url=" host)))
				defaultargs))
		(defparameter cproc (sb-ext:run-program "op" args :search :environment :output :stream))
		(defparameter output (read-line (sb-ext:process-output cproc)))
		(print output)))


; Mappings are as follows:
; `op create item <category> <encodeditem> [--title=<title>] [--url=<url>] [--vault=<vault>] [--tags=<tags>]`
;
; PWman -> 1pass
; ==============
;
; For Logins
; ==========
; name -> title
; host -> url
; user -> username
; passwd -> password
; launch -> notesPlain
; category -> tag
;
; For Secure Notes
; ================
; name -> title
; host -> notesPlain
; user -> notesPlain
; passwd -> notesPlain
; launch -> notesPlain
; category -> tag

; decrpyt the file

;(sb-ext:run-program "gpg" (list "-d" (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db") ">" ".pwman.db.decrypt") :search :environment)
; read file
(defparameter *pwman* (cxml:parse-file  (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db.decrypt") (cxml-dom:make-dom-builder)))
(defparameter *categories* (dom:child-nodes (dom:item (dom:child-nodes (dom:document-element  *pwman* )) 0 )))

; Kept for ref
;(dom:do-node-list (category *categories*) (print (dom:get-attribute category "name")))

................................................................................
						(dom:data (dom:item (dom:child-nodes (dom:item pwitems 3)) 0))
						""))
				(defparameter launch
					(if (dom:item (dom:child-nodes (dom:item pwitems 4)) 0)
						(dom:data (dom:item (dom:child-nodes (dom:item pwitems 4)) 0))
						""))
				(if (string= category-name "SECURE-NOTES")


					(send-to-op "Secure Note" category-name name host username passwd launch)
					(progn
						(if (string/= category-name "INACTIVE")


							(send-to-op "Login" category-name name host username passwd launch)))))))

; Only right at end do we want to delete file
;	(if (= 0 (sb-ext:process-exit-code proc))
;		;If that was successful, then delete the un-encrypted files
;		(progn
;			(delete-file infile)
;			(delete-file "pwman.txt"))
;		;If not restore backup and leave plain text files (otherwise will fail next time on above rename)
;		(progn
;			(rename-file (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db.bak") (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db"))
;			(print "Couldn't encrypt file, plain text files have not been deleted"))))







<
<
<
<
<
<
<



|


<
<


|



<


<
<
<











<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

>
|







 







>
>
|


>
>
|


<
<
<
<
<
<
<
|
<
18
19
20
21
22
23
24







25
26
27
28
29
30


31
32
33
34
35
36

37
38



39
40
41
42
43
44
45
46
47
48
49

























50
51
52
53
54
55
56
57
58
59
..
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104







105

  (username password content)
  (concatenate 'string "{\"notesPlain\":\"" content "\",\"sections\":[],\"passwordHistory\":[],\"fields\":[{\"value\":\"" username "\",\"name\":\"username\",\"type\":\"T\",\"designation\":\"username\"},{\"value\":\"" password "\",\"name\":\"password\",\"type\":\"P\",\"designation\":\"password\"}]}"))

(defun send-to-op
	(op-category pwman-category name host username passwd launch)
	(progn
		; Case would be better if I can figure that out







		(defparameter template
			(if (string= op-category "Login")
				(template-login username passwd launch)
				; Need to do this and not multiple ifs in progn as otherwise template picks up NIL from progmn
				; Need to combine fields for Secure notes
				(template-secure-note (concatenate 'string "host: " host "; user: " username "; password: " passwd "; launch: " launch))))


		; Encode first and get return
		; Probably many better ways to do this...
		; Maybe base64 encode directly here? Subtle differences though it seems with op
		; Need to single quote encode the json
		(defparameter extproc (sb-ext:run-program "sh" (list "-c" (concatenate 'string "echo '" template "' | op encode")) :search :environment :output :stream))
		(defparameter encoded-item (read-line (sb-ext:process-output extproc)))

		; Create item
		; Just going to send blanks, etc if that's what some fields are. It doesn't seem to matter.



		; Need to only send url if it's a Login item
		(defparameter defaultargs (list  "create" "item" op-category encoded-item (concatenate 'string "--title=" name) (concatenate 'string "--tags=" pwman-category)))
		(defparameter args
			(if (string= op-category "Login")
				; Append, because need at end
				(append defaultargs (list (concatenate 'string "--url=" host)))
				defaultargs))
		(defparameter cproc (sb-ext:run-program "op" args :search :environment :output :stream))
		(defparameter output (read-line (sb-ext:process-output cproc)))
		(print output)))


























; decrpyt the file
; Nice idea, but can't find a way of reading input in a concealed fashion so instead just decrypt the file manually before running this script
;(sb-ext:run-program "gpg" (list "-d" "--password" some-password-we-get-from-input (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db") ">" ".pwman.db.decrypt") :search :environment)
; read file
(defparameter *pwman* (cxml:parse-file  (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db.decrypt") (cxml-dom:make-dom-builder)))
(defparameter *categories* (dom:child-nodes (dom:item (dom:child-nodes (dom:document-element  *pwman* )) 0 )))

; Kept for ref
;(dom:do-node-list (category *categories*) (print (dom:get-attribute category "name")))

................................................................................
						(dom:data (dom:item (dom:child-nodes (dom:item pwitems 3)) 0))
						""))
				(defparameter launch
					(if (dom:item (dom:child-nodes (dom:item pwitems 4)) 0)
						(dom:data (dom:item (dom:child-nodes (dom:item pwitems 4)) 0))
						""))
				(if (string= category-name "SECURE-NOTES")
					(progn
						(print (concatenate 'string "Creating Secure Note for " name " in " category-name))
						(send-to-op "Secure Note" category-name name host username passwd launch))
					(progn
						(if (string/= category-name "INACTIVE")
							(progn
								(print (concatenate 'string "Creating Login for " name " in " category-name))
								(send-to-op "Login" category-name name host username passwd launch))))))))

; Only right at end do we want to delete file







(delete-file (concatenate 'string (sb-unix::posix-getenv "HOME") "/.pwman.db.decrypt"))