From f6b5e5eaa2e641d32878ff485f3e54de2eb35552 Mon Sep 17 00:00:00 2001
From: Colin P. Mccabe <colin@cmccabe.xyz>
Date: Wed, 19 Dec 2018 16:11:02 -0800
Subject: [PATCH] passtool improvements

---
 passtool.sh |   67 ++++++++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/passtool.sh b/passtool.sh
index 552568e..ce34965 100755
--- a/passtool.sh
+++ b/passtool.sh
@@ -13,6 +13,7 @@ $0: a tool for dealing with passwords.
 Flags:
 -f [path]: specify the password file to use.
 -h: this help message.
+-p: the input file is plaintext, and we should encrypt it.
 -s [pattern]: search for the given pattern
 
 Environment variables:
@@ -28,11 +29,54 @@ TEMPFILE_ENC="${TEMPDIR}/temp.nc"
 trap "rm -rf ${TEMPDIR}; exit" EXIT
 #chmod 007 "${TEMPDIR}" || die "failed to chmod ${TEMPDIR}"
 
+encrypt_new_file() {
+    echo
+    encrypt_file "${TEMPFILE}" "${PASSWORD_PATH}"
+    [[ $? -ne 0 ]] && die "Failed to encrypt ${PASSWORD_PATH}"
+    mv -f "${TEMPFILE}" "${PASSWORD_PATH}" || \
+        die "Failed to replace ${PASSWORD_PATH}"
+    exit 0
+}
+
+search_existing_file() {
+    echo
+    decrypt_file "${TEMPFILE}" "${PASSWORD_PATH}"
+    [[ $? -ne 0 ]] && \
+        die "Failed to decrypt ${PASSWORD_PATH}.  Was the password correct?"
+    egrep ${SEARCH_PATTERN} "${TEMPFILE}"
+}
+
+edit_existing_file() {
+    echo
+    decrypt_file "${TEMPFILE}" "${PASSWORD_PATH}"
+    [[ $? -ne 0 ]] && \
+        die "Failed to decrypt ${PASSWORD_PATH}.  Was the password correct?"
+    ${EDITOR} "${TEMPFILE}"
+    encrypt_file "${PASSWORD_PATH}" "${TEMPFILE}" 
+    [[ $? -ne 0 ]] && \
+            die "failed to move ${TEMPFILE_ENC} to ${PASSWORD_PATH}: changes lost."
+    exit 0
+}
+
+encrypt_file() {
+    dest="${1}"
+    src="${2}"
+    openssl enc -aes-256-ecb -k "${PASSWORD}" -salt < "${src}" > "${dest}"
+}
+
+decrypt_file() {
+    dest="${1}"
+    src="${2}"
+    openssl enc -d -aes-256-ecb -k "${PASSWORD}" < "${src}" > "${dest}"
+}
+
 SEARCH_PATTERN=""
-while getopts  "f:hs:" flag; do
+PLAINTEXT=0
+while getopts  "f:hps:" flag; do
     case $flag in
         f)  PASSWORD_PATH="${OPTARG}";;
         h)  usage; exit 0;;
+        p)  PLAINTEXT=1;;
         s)  SEARCH_PATTERN="${OPTARG}";;
         *)  echo; usage; exit 1;;
     esac
@@ -44,19 +88,14 @@ done
 if [[ -z ${PASSWORD} ]]; then
     read -s -p "enter password: " PASSWORD
 fi
-if openssl enc -d -aes-256-ecb -k "${PASSWORD}" \
-        < "${PASSWORD_PATH}" > "${TEMPFILE}"; then
-    if [[ -z ${SEARCH_PATTERN} ]]; then
-        ${EDITOR} "${TEMPFILE}"
-        openssl enc -aes-256-ecb -k "${PASSWORD}" -salt \
-                    < "${TEMPFILE}" > "${TEMPFILE_ENC}" ||
-            die "Re-encryption failed.  Changes lost."
-        mv -f "${TEMPFILE_ENC}" "${PASSWORD_PATH}" || \
-            die "failed to move ${TEMPFILE_ENC} to ${PASSWORD_PATH}: changes lost."
-    else
-        echo
-        egrep ${SEARCH_PATTERN} "${TEMPFILE}"
+if [[ ${PLAINTEXT} -eq 1 ]]; then
+    if [[ ${SEARCH_PATTERN} != "" ]]; then
+        die "You may not specify both -s and -p."
     fi
+    encrypt_new_file
+elif [[ ${SEARCH_PATTERN} != "" ]]; then
+    search_existing_file
 else
-    die "Failed to decrypt ${PASSWORD_PATH}.  Was the password correct?"
+    edit_existing_file
 fi
+
-- 
1.6.6.rc1.39.g9a42