/
1pass.lua
455 lines (378 loc) · 14.1 KB
1
JSON = (loadfile "JSON.lua")()
2
3
dofile("dumptable.lua")
4
5
6
local basedir = "1Password/1Password.agilekeychain/data/default" -- !!! FIXME
local password = argv[2]
local items = nil
7
local faveitems = nil
8
9
local keyhookRunning = false
10
11
12
13
14
15
16
17
local passwordTypeNameMap = {
["webforms.WebForm"] = "Logins",
["wallet.financial.CreditCard"] = "Credit cards",
["passwords.Password"] = "Passwords",
["wallet.financial.BankAccountUS"] = "Bank accounts",
["wallet.membership.Membership"] = "Memberships",
["wallet.government.DriversLicense"] = "Drivers licenses",
["system.Tombstone"] = "Dead items",
18
["securenotes.SecureNote"] = "Secure notes",
19
20
21
22
23
24
25
26
27
28
-- !!! FIXME: more!
}
local passwordTypeOrdering = {
"webforms.WebForm",
"wallet.financial.CreditCard",
"passwords.Password",
"wallet.financial.BankAccountUS",
"wallet.membership.Membership",
"wallet.government.DriversLicense",
29
"securenotes.SecureNote",
30
31
32
-- never show "system.Tombstone",
-- !!! FIXME: more!
}
33
34
35
36
37
38
local function load_json_str(str, desc)
local retval = JSON:decode(str)
return retval
end
39
40
41
42
43
44
45
46
47
local function load_json(fname)
local f = io.open(fname, "rb")
if (f == nil) then
return nil
end
local str = f:read("*all")
f:close()
48
return load_json_str(str, fname)
49
50
51
end
52
local keys = {}
53
local function loadKey(level, password)
54
55
56
57
if keys[level] ~= nil then
return keys[level]
end
58
local keysjson = load_json(basedir .. "/encryptionKeys.js")
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
if (keysjson == nil) or (keysjson[level] == nil) then
return nil
end
local identifier = keysjson[level]
for i,v in ipairs(keysjson.list) do
if v.identifier == identifier then
local iterations = v.iterations
if (iterations == nil) or (iterations < 1000) then
iterations = 1000
end
local decrypted = decryptUsingPBKDF2(v.data, password, iterations)
if decrypted == nil then
return nil
end
local validate = decryptBase64UsingKey(v.validation, decrypted)
if validate ~= decrypted then
return nil
end
81
keys[level] = decrypted
82
83
84
85
86
87
88
return decrypted
end
end
return nil
end
89
local function getHint()
90
91
92
93
94
local f = io.open(basedir .. "/.password.hint", "r")
if (f == nil) then
return
end
95
local str = "(hint is '" .. f:read("*all") .. "')."
96
f:close()
97
98
--print(str)
return str
99
100
end
101
102
local function loadContents()
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
return load_json(basedir .. "/contents.js")
end
local function build_secret_menuitem(menu, type, str, hidden)
if str == nil then
return nil
end
local valuestr = str
if hidden == true then
valuestr = "*****"
end
local text = type .. " " .. valuestr
local callback = function()
copyToClipboard(str)
--print("Copied data [" .. str .. "] to clipboard.")
120
keyhookRunning = false
121
122
end
return appendGuiMenuItem(menu, text, callback)
123
124
end
125
126
127
128
129
130
131
local secret_menuitem_builders = {}
local function build_secret_menuitem_webform(menu, info, secure)
local addthis = false
local username = nil
local password = nil
132
133
local designated_password = nil
local designated_username = nil
134
local email = nil
135
136
137
138
139
140
if secure.fields == nil then
print("no secure fields, don't know how to handle this item")
return
end
141
142
143
for i,v in ipairs(secure.fields) do
--print(info.name .. ": " .. v.type .. ", " .. v.value)
local ignored = false
144
145
146
147
148
149
150
if (v.value == nil) or (v.value == "") then
ignored = true
elseif (v.designation ~= nil) and (v.designation == "password") then
designated_password = v.value
elseif (v.designation ~= nil) and (v.designation == "username") then
designated_username = v.value
elseif (v.type == "P") then
151
password = v.value
152
elseif (v.type == "T") then
153
username = v.value
154
elseif (v.type == "E") then
155
156
157
158
159
160
161
162
163
164
165
email = v.value
else
ignored = true
end
if not ignored then
addthis = true
end
end
if addthis then
166
167
168
169
170
171
172
173
174
-- designated fields always win out.
if (designated_username ~= nil) then
username = designated_username
end
if (designated_password ~= nil) then
password = designated_password
end
175
176
177
178
179
180
181
if (username ~= nil) and (email ~= nil) and (email == username) then
email = nil
end
build_secret_menuitem(menu, "username", username)
build_secret_menuitem(menu, "email", email)
build_secret_menuitem(menu, "password", password, true)
182
end
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
end
secret_menuitem_builders["webforms.WebForm"] = build_secret_menuitem_webform
local function build_secret_menuitem_password(menu, info, secure)
build_secret_menuitem(menu, "password", secure.password, true)
end
secret_menuitem_builders["passwords.Password"] = build_secret_menuitem_password
local function build_secret_menuitem_bankacctus(menu, info, secure)
-- !!! FIXME: there's more data than this in a generic dictionary.
build_secret_menuitem(menu, "Account type", secure.accountType)
build_secret_menuitem(menu, "Routing number", secure.routingNo)
build_secret_menuitem(menu, "Account number", secure.accountNo)
build_secret_menuitem(menu, "Bank name", secure.bankName)
build_secret_menuitem(menu, "Owner", secure.owner)
200
201
build_secret_menuitem(menu, "SWIFT code", secure.swift)
build_secret_menuitem(menu, "PIN", secure.telephonePin)
202
203
204
205
206
end
secret_menuitem_builders["wallet.financial.BankAccountUS"] = build_secret_menuitem_bankacctus
local function build_secret_menuitem_driverslic(menu, info, secure)
207
208
209
210
211
212
213
214
215
216
217
218
219
-- !!! FIXME: there's more data for this menuitem than this, in a generic dictionary.
local birthdate = nil
if secure.birthdate_yy ~= nil then
birthdate = secure.birthdate_yy
if secure.birthdate_mm ~= nil then
birthdate = birthdate .. "/" .. string.sub("00" .. secure.birthdate_mm, -2)
if secure.birthdate_dd ~= nil then
birthdate = birthdate .. "/" .. string.sub("00" .. secure.birthdate_dd, -2)
end
end
end
220
local expiredate = nil
221
222
223
224
225
226
227
228
229
230
if secure.expiry_date_yy ~= nil then
expiredate = secure.expiry_date_yy
if secure.expiry_date_mm ~= nil then
expiredate = expiredate .. "/" .. string.sub("00" .. secure.expiry_date_mm, -2)
if secure.expiry_date_dd ~= nil then
expiredate = expiredate .. "/" .. string.sub("00" .. secure.expiry_date_dd, -2)
end
end
end
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
build_secret_menuitem(menu, "License number", secure.number)
build_secret_menuitem(menu, "Class", secure.class)
build_secret_menuitem(menu, "Expires", expiredate)
build_secret_menuitem(menu, "State", secure.state)
build_secret_menuitem(menu, "Country", secure.country)
build_secret_menuitem(menu, "Conditions", secure.conditions)
build_secret_menuitem(menu, "Full name", secure.fullname)
build_secret_menuitem(menu, "Address", secure.address)
build_secret_menuitem(menu, "Gender", secure.sex)
build_secret_menuitem(menu, "Birthdate", birthdate)
build_secret_menuitem(menu, "Height", secure.height)
end
secret_menuitem_builders["wallet.government.DriversLicense"] = build_secret_menuitem_driverslic
local function build_secret_menuitem_membership(menu, info, secure)
-- !!! FIXME: there's more data than this in a generic dictionary.
build_secret_menuitem(menu, "Membership number", secure.membership_no)
end
secret_menuitem_builders["wallet.membership.Membership"] = build_secret_menuitem_membership
local function build_secret_menuitem_creditcard(menu, info, secure)
-- !!! FIXME: there's more data than this in a generic dictionary.
local expiredate = secure.expiry_yy .. "/" .. string.sub("00" .. secure.expiry_mm, -2)
build_secret_menuitem(menu, "Type", secure.type)
build_secret_menuitem(menu, "CC number", secure.ccnum, true)
build_secret_menuitem(menu, "CVV", secure.cvv, true)
259
build_secret_menuitem(menu, "Expires", expiredate)
260
261
262
263
264
build_secret_menuitem(menu, "Card holder", secure.cardholder)
build_secret_menuitem(menu, "Bank", secure.bank)
end
secret_menuitem_builders["wallet.financial.CreditCard"] = build_secret_menuitem_creditcard
265
266
267
268
local function build_secret_menuitem_securenote(menu, info, secure)
build_secret_menuitem(menu, "Notes", secure.notesPlain, true)
end
secret_menuitem_builders["securenotes.SecureNote"] = build_secret_menuitem_securenote
269
270
local function build_secret_menuitems(info, menu)
271
local metadata = load_json(basedir .. "/" .. info.uuid .. ".1password")
272
if (metadata == nil) or (next(metadata) == nil) then -- the "next" trick tests if table is empty.
273
274
275
return
end
276
277
local securityLevel = metadata.securityLevel
if securityLevel == nil then
278
securityLevel = metadata.openContents.securityLevel
279
end
280
--print("title: " .. metadata.title)
281
282
283
284
285
286
if securityLevel == nil then
--print("can't find security level, assuming SL5" .. metadata.title)
securityLevel = "SL5"
end
local plaintext = decryptBase64UsingKey(metadata.encrypted, loadKey(securityLevel, password))
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
if plaintext == nil then
return
end
local secure = load_json_str(plaintext, info.uuid)
if secure == nil then
return
end
--dumptable("secure " .. info.name, secure)
local menuitem = appendGuiMenuItem(menu, info.name)
if secret_menuitem_builders[info.type] == nil then
print("WARNING: don't know how to handle items of type " .. info.type)
dumptable("secure " .. info.type .. " (" .. info.name .. ")", secure)
return
end
305
306
307
308
309
if metadata.faveIndex ~= nil then
--dumptable("fave metadata " .. info.name, metadata)
faveitems[metadata.faveIndex] = { info=info, secure=secure }
end
310
311
312
local submenu = makeGuiMenu()
secret_menuitem_builders[info.type](submenu, info, secure)
setGuiMenuItemSubmenu(menuitem, submenu)
313
314
end
315
316
317
318
319
320
321
local function prepItems()
items = {}
local contents = loadContents()
for i,v in ipairs(contents) do
local t = v[2]
if items[t] == nil then
items[t] = {}
322
end
323
324
local bucket = items[t]
bucket[#bucket+1] = { uuid=v[1], type=t, name=v[3], url=v[4] } -- !!! FIXME: there are more fields, don't know what they mean yet.
325
326
end
end
327
328
329
local passwordUnlockTime = nil
330
331
332
333
334
335
336
337
338
local function lockKeychain()
-- lose the existing password and key, prompt user again.
password = argv[2] -- might be nil, don't reset if on command line.
keys["SL5"] = nil
passwordUnlockTime = nil
keyhookRunning = false
setPowermateLED(false)
collectgarbage()
end
339
340
function pumpLua() -- not local! Called from C!
341
342
343
-- !!! FIXME: this should lose the key in RAM and turn off the Powermate
-- !!! FIXME: LED when the time expires instead of if the time has
-- !!! FIXME: expired when the user is trying to get at the keychain.
344
345
346
347
if passwordUnlockTime ~= nil then
local now = os.time()
local maxTime = (15 * 60) -- !!! FIXME: don't hardcode.
if os.difftime(now, passwordUnlockTime) > maxTime then
348
lockKeychain()
349
350
end
end
351
352
353
354
355
356
357
358
359
360
end
function keyhookPressed() -- not local! Called from C!
--print("keyhookPressed: running==" .. tostring(keyhookRunning))
-- if keyhookRunning then
-- return
-- end
keyhookRunning = true
361
362
363
364
365
366
367
368
369
370
371
372
373
374
while password == nil do
password = runGuiPasswordPrompt(getHint())
if password == nil then
keyhookRunning = false
return
end
if loadKey("SL5", password) == nil then
password = nil -- wrong password
local start = os.time() -- cook the CPU for three seconds.
local now = start
while os.difftime(now, start) < 3 do
now = os.time()
end
375
376
else
passwordUnlockTime = os.time()
377
setPowermateLED(true)
378
end
379
end
380
381
382
383
prepItems()
local topmenu = makeGuiMenu()
384
385
386
387
local favesmenu = makeGuiMenu()
faveitems = {}
setGuiMenuItemSubmenu(appendGuiMenuItem(topmenu, "Favorites"), favesmenu)
388
389
appendGuiMenuItem(topmenu, "Lock keychain", function() lockKeychain() end)
390
391
392
for orderi,type in ipairs(passwordTypeOrdering) do
local bucket = items[type]
393
394
395
396
397
398
399
400
401
402
403
404
405
if bucket ~= nil then
local realname = passwordTypeNameMap[type]
if realname == nil then
realname = type
end
local menuitem = appendGuiMenuItem(topmenu, realname)
local submenu = makeGuiMenu()
table.sort(bucket, function(a, b) return a.name < b.name end)
for i,v in pairs(bucket) do
build_secret_menuitems(v, submenu)
end
setGuiMenuItemSubmenu(menuitem, submenu)
else
406
--print("no bucket found for item type '" .. type .. "'")
407
end
408
end
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
-- This favepairs stuff is obnoxious.
local function favepairs(t)
local a = {}
for n in pairs(t) do table.insert(a, n) end
table.sort(a)
local i = 0
local iter = function()
i = i + 1
if a[i] == nil then
return nil
else
return a[i], t[a[i]]
end
end
return iter
end
for i,v in favepairs(faveitems) do
--dumptable("fave " .. i, v)
local menuitem = appendGuiMenuItem(favesmenu, v.info.name)
local submenu = makeGuiMenu()
secret_menuitem_builders[v.info.type](submenu, v.info, v.secure)
setGuiMenuItemSubmenu(menuitem, submenu)
end
favepairs = nil
faveitems = nil
437
438
popupGuiMenu(topmenu)
439
440
end
441
442
443
444
445
446
447
448
449
-- Mainline!
--for i,v in ipairs(argv) do
-- print("argv[" .. i .. "] = " .. v)
--end
-- !!! FIXME: message box, exit if basedir is wack.
-- !!! FIXME: this can probably happen in C now (the Lua mainline is basically gone now).
450
setPowermateLED(false) -- off by default
451
print("Now waiting for the magic key combo (probably Alt-Meta-\\) ...")
452
453
giveControlToGui()
454
-- end of 1pass.lua ...