VeraCrypt: Füge Python-Wrapper hinzu, der u.a. das Passwort im Keyring speichern kann
This commit is contained in:
parent
859a338afb
commit
f767de7c83
|
@ -0,0 +1,153 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
import argparse
|
||||
import getpass
|
||||
import keyring
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
DESCRIPTION = "Wrapper for VeraCrypt to assist in working with data on an encrypted usb drive (e.g.\ a GIT repository)."
|
||||
KEYRING_SERVICE = "de.tu-dortmund.cs.ls1.veracryptwrapper.hisdnp"
|
||||
VERA_CONTAINER_NAME_ENV_VAR = "VERA_CONTAINER_NAME"
|
||||
|
||||
DEFAULT_DRIVE_NAME = "KINGSTON"
|
||||
DEFAULT_VERA_VOL_NAME = "NO NAME"
|
||||
#TODO determine this based on OS
|
||||
DEFAULT_MNT_PATH = "/Volumes"
|
||||
|
||||
VERA_BINARIES = [
|
||||
'veracrypt',
|
||||
'VeraCrypt',
|
||||
'/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt', #MacOS
|
||||
]
|
||||
|
||||
VERA_PARAM_TEXT_MODE = '-t'
|
||||
VERA_PARAM_STDIN = '--stdin'
|
||||
VERA_PARAM_NON_INTERACTIVE = '--non-interactive'
|
||||
|
||||
ARG_CONTAINER_NAME = "arg_container"
|
||||
ARG_USB_DRIVE_NAME = "arg_usbstick"
|
||||
ARG_VERA_VOL_NAME = "arg_volname"
|
||||
ARG_MOUNT_PATH = "arg_mountpath"
|
||||
ARG_UNMOUNT_USB_DRIVE = "arg_unmountusbdrive"
|
||||
ARG_RESET_PASSWORD = "arg_resetpw"
|
||||
ARG_VERA_DISMOUNT = "arg_vera_dismount"
|
||||
|
||||
def __vera_binary():
|
||||
binaries = [ b for b in VERA_BINARIES if os.path.exists(b) ]
|
||||
assert binaries, "Unable to find VeraCrypt executable!"
|
||||
|
||||
return binaries[0]
|
||||
|
||||
def __sync_io():
|
||||
#Sync all I/O devices (just in case)
|
||||
res = subprocess.run([
|
||||
'sync'
|
||||
])
|
||||
res.check_returncode()
|
||||
|
||||
def __store_password(pw):
|
||||
username = getpass.getuser()
|
||||
keyring.set_password(KEYRING_SERVICE, username, pw)
|
||||
|
||||
def __delete_password():
|
||||
username = getpass.getuser()
|
||||
keyring.delete_password(KEYRING_SERVICE, username)
|
||||
|
||||
def __get_password(reset_pw = False):
|
||||
if reset_pw:
|
||||
__delete_password()
|
||||
|
||||
username = getpass.getuser()
|
||||
pw = keyring.get_password(KEYRING_SERVICE, username)
|
||||
if not pw:
|
||||
pw = getpass.getpass()
|
||||
return pw
|
||||
|
||||
def __vera_exec(option_list, password = None):
|
||||
args = [ __vera_binary(), VERA_PARAM_TEXT_MODE ]
|
||||
|
||||
if password:
|
||||
args = args + [ VERA_PARAM_STDIN ]
|
||||
password = password.encode()
|
||||
|
||||
return subprocess.run(args + option_list, input = password).returncode
|
||||
|
||||
def vera_unmount(volume_path):
|
||||
__sync_io()
|
||||
res = __vera_exec(['-d', volume_path])
|
||||
assert res == 0, \
|
||||
"Failed to dismount VeraCrypt volume! VeraCrypt exited with status {}.".format(res)
|
||||
__sync_io()
|
||||
|
||||
#TODO the following function is MacOS specific
|
||||
def unmount_usbdrive(usbdrive_mnt_path):
|
||||
__sync_io()
|
||||
res = subprocess.run([
|
||||
'diskutil',
|
||||
'unmount',
|
||||
usbdrive_mnt_path,
|
||||
])
|
||||
|
||||
res.check_returncode()
|
||||
|
||||
def vera_mount(volume_path, container):
|
||||
pw = __get_password()
|
||||
|
||||
res = __vera_exec([
|
||||
VERA_PARAM_NON_INTERACTIVE,
|
||||
'--mount', container,
|
||||
], pw)
|
||||
|
||||
assert res == 0, \
|
||||
"Failed to mount VeraCrypt volume! VeraCrypt exited with status {}.".format(res)
|
||||
__store_password(pw)
|
||||
|
||||
def __parse_cmdline():
|
||||
parser = argparse.ArgumentParser(description = DESCRIPTION)
|
||||
|
||||
container_name_default = os.environ.get(VERA_CONTAINER_NAME_ENV_VAR)
|
||||
if container_name_default:
|
||||
parser.add_argument(ARG_CONTAINER_NAME, default = container_name_default, nargs = '?',
|
||||
help = "Path of the encrypted container file on the usb drive")
|
||||
else:
|
||||
parser.add_argument(ARG_CONTAINER_NAME,
|
||||
help = "Path of the encrypted container file on the usb drive")
|
||||
|
||||
parser.add_argument('--mount-path', '-m', dest = ARG_MOUNT_PATH, default = DEFAULT_MNT_PATH)
|
||||
parser.add_argument('--vera-volume-name', '-v', dest = ARG_VERA_VOL_NAME, default = DEFAULT_VERA_VOL_NAME)
|
||||
parser.add_argument('--usb-drive-part-name', '-n', dest = ARG_USB_DRIVE_NAME, default = DEFAULT_DRIVE_NAME)
|
||||
|
||||
parser.add_argument('--reset-password', '-p', dest = ARG_RESET_PASSWORD, action = 'store_true')
|
||||
parser.add_argument('--dismount', '-d', dest = ARG_VERA_DISMOUNT, action = 'store_true')
|
||||
parser.add_argument('--unmount-usb-drive', '-u', dest = ARG_UNMOUNT_USB_DRIVE, action = 'store_true')
|
||||
|
||||
return vars(parser.parse_args())
|
||||
|
||||
def __main():
|
||||
args = __parse_cmdline()
|
||||
|
||||
if args[ARG_RESET_PASSWORD]:
|
||||
__delete_password()
|
||||
|
||||
volume_name = args[ARG_VERA_VOL_NAME]
|
||||
mnt_path = args[ARG_MOUNT_PATH]
|
||||
volume = os.path.join(mnt_path, volume_name)
|
||||
|
||||
usbdrive_name = args[ARG_USB_DRIVE_NAME]
|
||||
usbdrive = os.path.join(mnt_path, usbdrive_name)
|
||||
|
||||
container_name = args[ARG_CONTAINER_NAME]
|
||||
container = os.path.join(usbdrive, container_name)
|
||||
|
||||
if args[ARG_VERA_DISMOUNT]:
|
||||
vera_unmount(volume)
|
||||
if args[ARG_UNMOUNT_USB_DRIVE]:
|
||||
unmount_usbdrive(usbdrive)
|
||||
return
|
||||
|
||||
vera_mount(volume, container)
|
||||
|
||||
if __name__ == '__main__':
|
||||
__main()
|
Loading…
Reference in New Issue