blob: 305143e7efc668b1f733dda76e709c990dd94c16 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# Pick password from local or remote password-store with rofi's dmenu emulation
# mode, and write it to the active X11 window.
#
self=rofi_pass
# Abstraction to handle running shell commands (args or stdin) in either
# a remote or local shell. If the environment variable PASSWORD_STORE_HOST is
# set, it's used as the destination SSH hostname to the password store.
#
pass_shell() {
[ "$#" -le 1 ] || return
if [ -n "$PASSWORD_STORE_HOST" ] ; then
ssh -o StrictHostKeyChecking=yes -T -X -- \
"$PASSWORD_STORE_HOST" "$@"
elif [ "$#" -eq 1 ] ; then
"${SHELL:-/bin/sh}" -c "$1"
else
"${SHELL:-/bin/sh}" -s
fi
}
# Get a list of all the password paths, relative to the password store root,
# including leading dot-slash and trailing .gpg extension.
#
get_paths() {
pass_shell <<-'EOF'
dir=${PASSWORD_STORE_DIR:-"$HOME"/.password-store}
cd -- "$dir" || exit
find . -name \*.gpg -type f || exit
EOF
}
# Get a list of all the password names, bytewise-sorted, with leading dot-slash
# and trailing .gpg extension removed.
#
get_names() {
get_paths |
sed -e 's_^[.]/__' -e 's_[.]gpg$__' |
LC_COLLATE=C sort -f
}
get_password() {
name=$1
[ -n "$name" ] || return
printf '%s\n' "$name" |
pass_shell 'IFS= read -r name ; pass show "$name"' |
head -n 1
}
# Apply rofi -dmenu to pick a password name. Use case-insensitive matching,
# and don't accept arbitrary input.
#
name=$(get_names | rofi -dmenu -i -only_match -p pass) || exit
[ -n "$name" ] || exit
# Write the password name to a shell to retrieve it, read its first line, and
# have xdotool write that as if the keyboard; write the name safely to the
# command's input rather than as an argument.
#
password=$(get_password "$name") || exit
[ -n "$password" ] || exit
# Have xdotool type the password, receiving it on its standard input rather
# than its arguments, for security.
#
printf %s "$password" |
xdotool type --clearmodifiers --delay=0 --file - \
|| exit
# Tell the user we wrote the password out, in case they're typing a password
# into a field with echo turned off.
#
notify-send --app-name="$self" --icon=gcr-password -- \
'Password typed' "$name"
|
