func (x *cmdCreateKey) Execute(args []string) error {
if len(args) > 0 {
return ErrExtraArgs
}
keyName := x.Positional.KeyName
if keyName == "" {
keyName = "default"
}
if !asserts.IsValidAccountKeyName(keyName) {
return fmt.Errorf(i18n.G("key name %q is not valid; only ASCII letters, digits, and hyphens are allowed"), keyName)
}
fmt.Fprint(Stdout, i18n.G("Passphrase: "))
passphrase, err := terminal.ReadPassword(0)
fmt.Fprint(Stdout, "\n")
if err != nil {
return err
}
fmt.Fprint(Stdout, i18n.G("Confirm passphrase: "))
confirmPassphrase, err := terminal.ReadPassword(0)
fmt.Fprint(Stdout, "\n")
if err != nil {
return err
}
if string(passphrase) != string(confirmPassphrase) {
return errors.New("passphrases do not match")
}
if err != nil {
return err
}
manager := asserts.NewGPGKeypairManager()
return manager.Generate(string(passphrase), keyName)
}
//passwordPrompt prompts user to enter password twice and that the two entries are equivalent.
func passwordPrompt() string {
fmt.Print("Enter password: "******"\nCould not read password:"******"\nConfirm password: "******"\nCould Not read password.")
log.Fatal(errs)
os.Exit(1)
}
if reflect.DeepEqual(password, passwordConfirm) == false {
fmt.Println("\n")
log.Fatal("Passwords do not match")
}
return strings.TrimSpace(string(password))
}
func main() {
var pw = flag.Bool("p", false, "Input password via stdin")
var cost = flag.Int("c", DefaultCost, "The cost weight, range of 4-31 (11)")
log.SetFlags(0)
flag.Usage = usage
flag.Parse()
var password string
if *pw {
fmt.Printf("Enter Password: "******"\nReenter Password: "******"Error, passwords do not match\n")
}
password = string(bytePassword)
fmt.Printf("\n")
} else {
password = genPassword()
fmt.Printf("pass: %s\n", password)
}
cb, err := bcrypt.GenerateFromPassword([]byte(password), *cost)
if err != nil {
log.Fatalf("Error producing bcrypt hash: %v\n", err)
}
fmt.Printf("bcrypt hash: %s\n", cb)
}
// promptForPassword prompts the user for a password twice, returning
// the read bytes if they match, or an error.
// It turns out getting non-echo stdin is tricky and not portable at all.
// terminal seems a decent solution, although it does not work on windows.
func promptForPassword() ([]byte, error) {
// Use a raw terminal.
oldState, err := terminal.MakeRaw(0)
if err != nil {
return nil, err
}
defer func() {
_ = terminal.Restore(0, oldState)
}()
fmt.Print("Enter password: "******"\nConfirm password: "******"\n")
if !bytes.Equal(one, two) {
return nil, util.Errorf("password mismatch")
}
return []byte(one), nil
}
// promptConsolePass uses the given prefix to ask the user for a password.
// The function will ask the user to confirm the passphrase and will repeat
// the prompts until they enter a matching response.
func promptConsolePass(prefix string, confirm bool) ([]byte, error) {
// Prompt the user until they enter a passphrase.
prompt := fmt.Sprintf("%s: ", prefix)
for {
fmt.Print(prompt)
pass, err := terminal.ReadPassword(int(os.Stdin.Fd()))
if err != nil {
return nil, err
}
fmt.Print("\n")
pass = bytes.TrimSpace(pass)
if len(pass) == 0 {
return nil, nil
}
if !confirm {
return pass, nil
}
fmt.Print("Confirm passphrase: ")
confirm, err := terminal.ReadPassword(int(os.Stdin.Fd()))
if err != nil {
return nil, err
}
fmt.Print("\n")
confirm = bytes.TrimSpace(confirm)
if !bytes.Equal(pass, confirm) {
fmt.Println("The entered passphrases do not match.")
continue
}
return pass, nil
}
}
func createNewVault(path string, lowSecurity bool) {
if !strings.HasSuffix(path, ".agilekeychain") {
path += ".agilekeychain"
}
fmt.Printf("Creating new vault in %s\n", path)
fmt.Printf("Enter master password: "******"\nRe-enter master password: "******"Passwords do not match")
}
security := onepass.VaultSecurity{MasterPwd: string(masterPwd)}
if lowSecurity {
// use fewer PBKDF2 iterations to speed up
// master key decryption
security.Iterations = 10
}
_, err = onepass.NewVault(path, security)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to create new vault: %v", err)
}
}
func InputNewPassword(uname string) []byte {
fmt.Printf("creating password for user %s\n", uname)
for true {
fmt.Print("\nInput your password:"******"\nInvalid input!")
continue
}
fmt.Print("\nType the password again:")
pass2, err := terminal.ReadPassword(int(os.Stdin.Fd()))
if err != nil {
fmt.Println("\nInvalid input!")
continue
}
if !bytes.Equal(upass, pass2) {
fmt.Println("\nTwo typing are not equal!")
continue
}
if GoodPass(upass) {
fmt.Println("\n")
return upass
} else {
fmt.Println("\nNot a good password!")
}
}
fmt.Println("\n")
return nil
}
func setDatabasePw() {
fmt.Println("Please type password for database: ")
pw, _ := terminal.ReadPassword(0)
ans := string(pw)
switch ans {
case "":
newConf.DatabasePassword = config.DatabasePassword
case "q":
fmt.Println("Terminating..")
os.Exit(0)
case "b":
if functionIndex > 0 {
functionIndex--
}
return
default:
fmt.Println("Type again to confirm: ")
confirm, _ := terminal.ReadPassword(0)
if ans != string(confirm) {
fmt.Println("Passwords does not match, try again")
return
}
newConf.DatabasePassword = ans
}
functionIndex++
}
// Key will return a 32 byte key from a key phrase, cache, or prompting the
// user. If any of the func args are "", that procedure will be skipped. In the
// OS environment, x_KEY x_KEY_FILE and x_KEY_INACTIVITY are used for the key
// phrase itself (not recommended), where to cache, and for how long.
func Key(phrase string, envPrefix string, prompt string, confirm string) ([]byte, error) {
if phrase != "" {
return keyPhrase(phrase), nil
}
if envPrefix != "" {
if phrase = os.Getenv(envPrefix + "_KEY"); phrase != "" {
return keyPhrase(phrase), nil
}
fname := os.Getenv(envPrefix + "_KEY_FILE")
if fname != "" {
if inact, err := strconv.Atoi(os.Getenv(envPrefix + "_KEY_INACTIVITY")); err == nil && inact > 0 {
if finfo, err := os.Stat(fname); err == nil && finfo.Size() == 32 && finfo.Mode() == 0600 && time.Now().After(finfo.ModTime()) && time.Now().Sub(finfo.ModTime()).Seconds() < float64(inact) {
if key, err := ioutil.ReadFile(fname); err == nil && len(key) == 32 {
return key, nil
}
}
}
os.Remove(fname)
}
}
if prompt == "" {
return nil, NoKeyAndNoPromptError
}
tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0600)
if err != nil {
return nil, fmt.Errorf("no controlling terminal to ask for key phrase: %s", err)
}
var bphrase []byte
if _, err = fmt.Fprintf(tty, prompt); err != nil {
return nil, err
}
if bphrase, err = terminal.ReadPassword(int(tty.Fd())); err != nil {
return nil, err
}
if _, err = fmt.Fprintf(tty, "\n"); err != nil {
return nil, err
}
if confirm != "" {
if _, err = fmt.Fprintf(tty, confirm); err != nil {
return nil, err
}
var bphrase2 []byte
if bphrase2, err = terminal.ReadPassword(int(tty.Fd())); err != nil {
return nil, err
}
if _, err = fmt.Fprintf(tty, "\n"); err != nil {
return nil, err
}
if !bytes.Equal(bphrase, bphrase2) {
return nil, fmt.Errorf("input did not match")
}
}
if bphrase == nil || len(bphrase) == 0 {
return nil, fmt.Errorf("empty input")
}
return keyPhrase(string(bphrase)), nil
}
func doAddPassword(args []string) error {
var plaintext []byte
var err error
if len(args) == 1 && terminal.IsTerminal(0) {
fmt.Printf("Contents for password `%s': ", args[0])
plaintext, err = terminal.ReadPassword(0)
if err != nil {
return err
}
fmt.Println()
} else {
var f io.Reader
if len(args) > 1 {
file, err := os.Open(args[1])
if err != nil {
return err
}
defer file.Close()
f = file
} else {
f = os.Stdin
}
if plaintext, err = ioutil.ReadAll(f); err != nil {
return err
}
}
if err = config.WritePassword(args[0], string(plaintext)); err != nil {
return err
}
fmt.Printf("Saved password `%s'\n", args[0])
return nil
}
// TODO(axw) this is now in three places: change-password,
// register, and here. Refactor and move to a common location.
func readPassword(stdin io.Reader) (string, error) {
if f, ok := stdin.(*os.File); ok && terminal.IsTerminal(int(f.Fd())) {
password, err := terminal.ReadPassword(int(f.Fd()))
return string(password), err
}
return readLine(stdin)
}
func main() {
r := bufio.NewReader(os.Stdin)
fmt.Print("GitHub Username: "******"GitHub Password: "******"")
// Is this a two-factor auth error? If so, prompt for OTP and try again.
if _, ok := err.(*github.TwoFactorAuthError); err != nil && ok {
fmt.Print("\nGitHub OTP: ")
otp, _ := r.ReadString('\n')
tp.OTP = strings.TrimSpace(otp)
user, _, err = client.Users.Get("")
}
if err != nil {
fmt.Printf("\nerror: %v\n", err)
return
}
fmt.Printf("\n%v\n", github.Stringify(user))
}
func readPassword(prompt string) (string, error) {
fmt.Fprintf(os.Stderr, prompt)
tty, err := os.Open("/dev/tty")
if err != nil {
return "", hierr.Errorf(
err,
`TTY is required for reading password, `+
`but /dev/tty can't be opened`,
)
}
password, err := terminal.ReadPassword(int(tty.Fd()))
if err != nil {
return "", hierr.Errorf(
err,
`can't read password`,
)
}
if prompt != "" {
fmt.Fprintln(os.Stderr)
}
return string(password), nil
}
// Prompt displays a prompt and returns answer
func (p *Prompter) Prompt() string {
fmt.Print(p.msg())
if p.UseDefault || skip() {
return p.Default
}
input := ""
if p.NoEcho {
b, err := terminal.ReadPassword(int(os.Stdin.Fd()))
if err == nil {
input = string(b)
}
fmt.Print("\n")
} else {
scanner := bufio.NewScanner(os.Stdin)
ok := scanner.Scan()
if ok {
input = strings.TrimRight(scanner.Text(), "\r\n")
}
}
if input == "" {
input = p.Default
}
if !p.inputIsValid(input) {
fmt.Println(p.errorMsg())
return p.Prompt()
}
return input
}
func getPassword() ([]byte, error) {
signals := make(chan os.Signal, 1)
passwords := make(chan password)
signal.Notify(signals, os.Interrupt, os.Kill)
defer signal.Stop(signals)
state, err := terminal.GetState(2)
if err != nil {
return nil, err
}
defer terminal.Restore(2, state)
go func() {
fmt.Fprintf(os.Stderr, "Password: "******"\n")
p, err := terminal.ReadPassword(2)
passwords <- password{
Password: p,
Err: err,
}
close(passwords)
}()
select {
case <-signals:
return nil, fmt.Errorf("Password entry cancelled")
case password := <-passwords:
return password.Password, password.Err
}
}
func main() {
r := bufio.NewReader(os.Stdin)
fmt.Print("JIRA base URL (ex.: https://me.atlassian.net): ")
baseurl, _ := r.ReadString('\n')
fmt.Print("JIRA Username: "******"JIRA Password: "******"\nIssue key (ex.: TEST-1): ")
key, _ := r.ReadString('\n')
issue, _, err := client.Issue.Get(strings.TrimSpace(key))
if err != nil {
panic(err)
}
fmt.Printf("%s: %+v\n", issue.Key, issue.Fields.Summary)
}
func readLine(w io.Writer, r io.Reader, secret bool) ([]byte, error) {
if f, ok := r.(*os.File); ok && secret && terminal.IsTerminal(int(f.Fd())) {
defer w.Write([]byte{'\n'})
return terminal.ReadPassword(int(f.Fd()))
}
var input []byte
for {
var buf [1]byte
n, err := r.Read(buf[:])
if n == 1 {
if buf[0] == '\n' {
break
}
input = append(input, buf[0])
}
if err != nil {
if err == io.EOF {
err = io.ErrUnexpectedEOF
}
return nil, errgo.Mask(err)
}
}
if len(input) > 0 && input[len(input)-1] == '\r' {
input = input[:len(input)-1]
}
return input, nil
}
// Get paste from api by passing slug
// Will prompt password if paste is encrypted
func GetPaste(slug string) string {
url := "https://vvt.nu/" + slug + ".json"
result, err := http.Get(url)
if err != nil {
panic(err)
}
defer result.Body.Close()
body, err := ioutil.ReadAll(result.Body)
if err != nil {
panic(err)
}
paste := decodeJSON(body)
// Move this logix out of GetPaste..
if paste.Encrypted == true {
fmt.Printf("This paste is encrypted, enter password: "******"\n")
content, err := Decrypt(paste.Code, string(password))
if err != nil {
panic(err)
}
return content
}
return paste.Code
}
//Prompt user for login and auth with
//acquire auth token
func (cli *CLI) UserLogin() {
//get username or password
var identity string
fmt.Fprintf(os.Stderr, "Please enter your username or email: ")
_, err := fmt.Scanln(&identity)
check(err)
//get password
fmt.Fprintf(os.Stderr, "Please enter your password: "******"\n")
check(err)
password := string(pass)
//determine if given username or password
var auth User
if strings.ContainsRune(identity, '@') {
auth = User{Email: identity, Password: password}
} else {
auth = User{Username: identity, Password: password}
}
token, err := cli.Client.UserLogin(auth)
check(err)
cli.Client.Auth = token
cli.save()
}
// Checks for authentication flags and returns a username/password
// from the specified settings
func checkForAuth(ctx *cli.Context) (username, password string) {
if ctx.IsSet("password") {
username = "******" // for now since username is unused but needs to exist for basicAuth
// Prompt for password
fmt.Print("Password:"******""
} else {
password = string(pass)
}
// Go to next line after password prompt
fmt.Println()
return
}
//Get config file path in the order:
if ctx.IsSet("config") {
cfg := &config{}
if err := cfg.loadConfig(ctx.String("config")); err != nil {
fmt.Println(err)
}
if cfg.RestAPI.Password != nil {
password = *cfg.RestAPI.Password
} else {
fmt.Println("Error config password field 'rest-auth-pwd' is empty")
}
}
return
}
func main() {
flag.Parse()
passwd := *password
if *promptForPassword {
fmt.Print("password:"******"failed to read password:"******"mysql", fmt.Sprintf("%s:%s@tcp(%s:%d)/", *username, passwd, *host, *port)); err != nil {
fmt.Println("failed to connect to db:", err)
os.Exit(1)
} else if err = db.Ping(); err != nil {
fmt.Println("failed to connect to db:", err)
os.Exit(1)
}
events := make(chan keyEvent)
if err = termbox.Init(); err != nil {
panic(err)
}
defer termbox.Close()
go keyListener(events)
monitor(db, events)
}
func getPassword() (string, error) {
stdin := int(syscall.Stdin)
initialTermState, err := terminal.GetState(stdin)
if err != nil {
return "", err
}
c := make(chan os.Signal)
signal.Notify(c, os.Interrupt, os.Kill)
go func() {
s := <-c
terminal.Restore(stdin, initialTermState)
switch sig := s.(type) {
case syscall.Signal:
if int(sig) == 2 {
fmt.Println("^C")
}
}
os.Exit(1)
}()
passBytes, err := terminal.ReadPassword(stdin)
if err != nil {
return "", err
}
signal.Stop(c)
fmt.Print("\n")
return string(passBytes), nil
}
func SetupConfig() {
var conf goStashRestClientConfig
ParseJsonFileStripComments("./config.json", &conf)
validateRequiredField("host", &conf.Host)
validateRequiredField("username", &conf.Username)
if &conf.Password == nil || len(conf.Password) == 0 {
fmt.Printf("Enter your password for %s: ", conf.Username)
bytePassword, err := terminal.ReadPassword(0)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
fmt.Println()
conf.Password = string(bytePassword)
}
validateRequiredField("password", &conf.Password)
doc, err := spec.New(apiclient.SwaggerJSON, "")
if err != nil {
panic(err)
}
transport := httptransport.New(doc)
transport.Host = conf.Host
fmt.Println("using host", conf.Host)
// Helpful to debug
// transport.Debug = true
// Assumes basic auth. TODO enable the config.json to take different mechanisms, OR integrate with swagger spec file what it says is supported.
transport.DefaultAuthentication = httptransport.BasicAuth(conf.Username, conf.Password)
apiclient.Default.SetTransport(transport)
}
func Config(details, defaultDetails *config.BintrayDetails, interactive bool) (*config.BintrayDetails, error) {
if details == nil {
details = new(config.BintrayDetails)
}
if interactive {
if defaultDetails == nil {
var err error
defaultDetails, err = config.ReadBintrayConf()
if err != nil {
return nil, err
}
}
if details.User == "" {
ioutils.ScanFromConsole("User", &details.User, defaultDetails.User)
}
if details.Key == "" {
print("Key: ")
byteKey, err := terminal.ReadPassword(int(syscall.Stdin))
err = cliutils.CheckError(err)
if err != nil {
return nil, err
}
details.Key = string(byteKey)
if details.Key == "" {
details.Key = defaultDetails.Key
}
}
if details.DefPackageLicenses == "" {
ioutils.ScanFromConsole("\nDefault package licenses",
&details.DefPackageLicenses, defaultDetails.DefPackageLicenses)
}
}
config.SaveBintrayConf(details)
return details, nil
}
// readPassword - get password from terminal
// or from the "extpass" program
func readPassword(extpass string) string {
var password string
var err error
var output []byte
if extpass != "" {
parts := strings.Split(extpass, " ")
cmd := exec.Command(parts[0], parts[1:]...)
cmd.Stderr = os.Stderr
output, err = cmd.Output()
if err != nil {
fmt.Printf("extpass program returned error: %v\n", err)
os.Exit(ERREXIT_PASSWORD)
}
fmt.Printf("(extpass)\n")
// Trim trailing newline like terminal.ReadPassword() does
if output[len(output)-1] == '\n' {
output = output[:len(output)-1]
}
} else {
fd := int(os.Stdin.Fd())
output, err = terminal.ReadPassword(fd)
if err != nil {
fmt.Printf("Error: Could not read password from terminal: %v\n", err)
os.Exit(ERREXIT_PASSWORD)
}
fmt.Printf("\n")
}
password = string(output)
if password == "" {
fmt.Printf("Error: password is empty\n")
os.Exit(ERREXIT_PASSWORD)
}
return password
}
func main() {
flag.Parse()
if len(os.Args) <= 1 {
flag.Usage()
os.Exit(1)
}
cmds := make([]string, flag.NArg())
for i := 0; i < flag.NArg(); i++ {
cmds[i] = flag.Arg(i)
}
cmd := strings.Join(cmds, " ")
if _, err := os.Stat(ipFile); err != nil {
flag.Usage()
log.Fatal("File not found:", err)
}
file, err := os.Open(ipFile)
if err != nil {
log.Fatal(err)
}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
host := strings.TrimSpace(scanner.Text())
if len(host) > 0 {
hosts = append(hosts, host)
}
}
if len(hosts) == 0 {
flag.Usage()
log.Fatal("No host specified")
}
if len(username) == 0 {
reader := bufio.NewReader(os.Stdin)
fmt.Print("Username: "******"read error:", err)
}
username = strings.TrimSpace(username)
}
if len(password) == 0 {
fmt.Print("Password: ")
if pw, err := terminal.ReadPassword(int(os.Stdin.Fd())); err == nil {
password = strings.TrimSpace(string(pw))
}
fmt.Println()
}
for _, host := range hosts {
wg.Add(1)
go tryHost(host, cmd)
}
wg.Wait()
}
func (cmd *Login) Run(scope scope.Scope, c *cli.Context) {
if !c.Args().Present() {
error_handler.ErrorExit("A URL must be provided as the first argument", error_handler.CLIUsageErrorExitCode)
}
// If an argument was not supplied, it is set to empty string
cmd.network.BrooklynUrl = c.Args().Get(0)
cmd.network.BrooklynUser = c.Args().Get(1)
cmd.network.BrooklynPass = c.Args().Get(2)
cmd.network.SkipSslChecks = c.GlobalBool("skipSslChecks")
if err := net.VerifyLoginURL(cmd.network); err != nil {
error_handler.ErrorExit(err)
}
// Strip off trailing '/' from URL if present.
if cmd.network.BrooklynUrl[len(cmd.network.BrooklynUrl)-1] == '/' {
if len(cmd.network.BrooklynUrl) == 1 {
error_handler.ErrorExit("URL must not be a single \"/\" character", error_handler.CLIUsageErrorExitCode)
}
cmd.network.BrooklynUrl = cmd.network.BrooklynUrl[0 : len(cmd.network.BrooklynUrl)-1]
}
// Prompt for password if not supplied (password is not echoed to screen
if cmd.network.BrooklynUser != "" && cmd.network.BrooklynPass == "" {
fmt.Print("Enter Password: "******"\n")
cmd.network.BrooklynPass = string(bytePassword)
}
if cmd.config.Map == nil {
cmd.config.Map = make(map[string]interface{})
}
// now persist these credentials to the yaml file
auth, ok := cmd.config.Map["auth"].(map[string]interface{})
if !ok {
auth = make(map[string]interface{})
cmd.config.Map["auth"] = auth
}
auth[cmd.network.BrooklynUrl] = map[string]string{
"username": cmd.network.BrooklynUser,
"password": cmd.network.BrooklynPass,
}
cmd.config.Map["target"] = cmd.network.BrooklynUrl
cmd.config.Map["skipSslChecks"] = cmd.network.SkipSslChecks
cmd.config.Write()
loginVersion, err := version.Version(cmd.network)
if nil != err {
error_handler.ErrorExit(err)
}
fmt.Printf("Connected to Brooklyn version %s at %s\n", loginVersion.Version, cmd.network.BrooklynUrl)
}
func BuildConfig() *ssh.ClientConfig {
var config *ssh.ClientConfig
var pass string
if *pubkey == true {
if *agent {
var err error
config, err = netconf.SSHConfigPubKeyAgent(*username)
if err != nil {
log.Fatal(err)
}
} else {
if *nopassphrase {
pass = "******"
} else {
if *passphrase != "" {
pass = *passphrase
} else {
var readpass []byte
var err error
fmt.Printf("Enter Passphrase for %s: ", *key)
readpass, err = terminal.ReadPassword(int(syscall.Stdin))
if err != nil {
log.Fatal(err)
}
pass = string(readpass)
fmt.Println()
}
}
var err error
config, err = netconf.SSHConfigPubKeyFile(*username, *key, pass)
if err != nil {
log.Fatal(err)
}
}
} else {
fmt.Printf("Enter Password: ")
bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
if err != nil {
log.Fatal(err)
}
fmt.Println()
config = netconf.SSHConfigPassword(*username, string(bytePassword))
}
return config
}
// ReadPassword reads a password without echoing it to the terminal.
func ReadPassword() string {
line, err := terminal.ReadPassword(int(os.Stdin.Fd()))
fmt.Println("")
if err != nil {
log.Fatalf("Failed to read password: %v", err)
}
return strings.TrimSpace(string(line))
}
func readFromStdIn() ([]byte, error) {
fd := int(os.Stdin.Fd())
pass, err := terminal.ReadPassword(fd)
if err != nil {
return nil, err
}
return pass, nil
}
