carnager / rofi-pass Goto Github PK
View Code? Open in Web Editor NEWrofi frontend for pass
License: GNU General Public License v3.0
rofi frontend for pass
License: GNU General Public License v3.0
found a new bug in rofi-pass: the last-used argument dosent seem to work anymore
using latest git and arch linux
z
Hi,
Consider the following:
% pass someaccount
supersecret
---
user: azerty123456
rofi-pass will print qwerty!@#$%^
as username instead of azerty123456
.
xdotool
seems to be the criminal here, but everything just went downhill. (
Line 117 in 273b4d1
rofi-pass is unusable as is 😭
% localectl
System Locale: LANG=en_US.utf-8
LC_TIME=en_DK.utf-8
LC_MONETARY=fr_FR.utf-8
LC_NAME=fr_FR.utf-8
LC_ADDRESS=fr_FR.utf-8
LC_TELEPHONE=fr_FR.utf-8
LC_MEASUREMENT=fr_FR.utf-8
VC Keymap: fr-pc
X11 Layout: fr
I tried autotype with only one filed, the password. In my case the password contains several special chars like ;
and @
. They were typed as <
and q
.
However also a Username containing these chars gets messed up. In fact it's always the first field, that gets messed up.
The script itself gets the correct data, I create a test-password and executed bash -x /usr/bin/rofi-pass
. The output:
<<><123q´
!%&should be:
;<>;123@´!%/
)See the title.
I have pass entries that look like this:
mysecretpassword
---
login: username
url: https://example.org
(Those are 4 spaces between login:
and username
.)
My rofi-pass config looks like this:
URL_field='url'
USERNAME_field='login'
When I use rofi-pass to type or copy the username, the result always has a leading white space character. It looks like rofi-pass is just splitting the line at :
(I think GitHub is stripping white space, but that is supposed to be a colon followed by a whitespace character).
I would like rofi-pass to strip leading and trailing whitespace from whatever field it is operating on. This could be done sed.
$ echo " test " | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//'
test
This is not really an issue with rofi-pass, but I thought I'd mention it here, because it took me a while to figure out why the same rofi-pass worked perfectly on one machine, but not on another one. Seems like Ubuntu ships uses mawk instead of gawk as the default alternative for awk now (maybe I'm wrong, only got a sample size of one, point being mawk doesn't work), and that somehow breaks the line parsing in:
_id=$(echo -e "${LINE}" | awk -F ':[[:space:]]*' '{print $1}')
Xdo-typing the password still works, but none of the other variables like user or url can be used. For example, autotype always omitts the user. Might be worth mentioning in the Readme that gawk is a requirement, not awk.
Currently testing this, with the default config from /etc (so no files copied into my home dir)
And invoking rofi creates this message:
$ LANG=C rofi-pass
mkdir: cannot create directory '/home/omnius/.config/rofi-pass/parsers': No such file or directory
cp: target '/home/omnius/.config/rofi-pass/parsers' is not a directory
Is this intended behaviour? (like it's unnecessary to copy this if the user didn't create a config. Still the error messages aren't that nice)
As the title says, rofi-pass should refrain from creating notifications when notify="false"
is set in the config. Currently, it still notifies when a password is copied/cleared into/from selection.
I searched the other issues & I couldn't find anything similar: xdotool won't accept the --file
parameter:
$ echo "foo" | xdotool type --clearmodifiers --file -
type: unrecognized option '--file'
Usage: type [--window windowid] [--delay milliseconds] <things to type>
--window <windowid> - specify a window to send keys to
--delay <milliseconds> - delay between keystrokes
--clearmodifiers - reset active modifiers (alt, etc) while typing
--args N - how many arguments to expect in the exec command. This is
useful for ending an exec and continuing with more xdotool
commands
--terminator TERM - similar to --args, specifies a terminator that
marks the end of 'exec' arguments. This is useful
for continuing with more xdotool commands.
-h, --help - show this help output
It would work with either
$ echo -n type --clearmodifiers "foo" | xdotool -
foo
or
$ xdotool type --clearmodifiers foo
foo
Using xdotool
version 2.20110530.1 (the one Fedora 22 ships) + rofi-pass b01d40c.
Hi
Not really sure if this is a problem with rofi or rofi-pass. I decided to open it here, because it just happens for me with rofi-pass. But dunno if you parse the config for colors (I suppose not).
Depending on the syntax in the .Xresource file regarding the color theme rofi-pass can generate a warning message and the shortcut text won't appear.
rofi.color-normal: #000000,#A0A0A0,#000000,#0C73C2,#FFFFFF
produces
$ rofi-pass
(process:17376): Pango-WARNING **: pango_layout_set_markup_with_accel: Value of 'foreground' attribute on tag on line 1 could not be parsed; should be a color specification, not ''
rofi.color-normal: #000000, #A0A0A0 ,#000000,#0C73C2,#FFFFFF
produces
$ rofi-pass
(process:18218): Pango-WARNING **: pango_layout_set_markup_with_accel: Value of 'foreground' attribute on tag on line 1 could not be parsed; should be a color specification, not '#A0A0A0 ,#000000,#0C73C2,#FFFFFF'
rofi.color-normal: #000000, #A0A0A0 , #000000,#0C73C2,#FFFFFF
$ rofi-pass
(process:18656): Pango-WARNING **: pango_layout_set_markup_with_accel: Value of 'foreground' attribute on tag on line 1 could not be parsed; should be a color specification, not '#A0A0A0 '
And lastly, the working one
rofi.color-normal: #000000, #A0A0A0, #000000,#0C73C2,#FFFFFF
Depending on the position of whitespaces it works or not.
So is this an issue with rofi-pass or should I open an issue at the rofi-repo?
Edit2: Looking at the code I saw that you parse the help color and awk depend on the whitespaces
Best regards
Edit:
Oh, and disabling color at all, just using the rofi defaults errors out too
python keepass2pass.py -f ~/keepass.xml
[>>>>] Importing passwords from file /home/gregf/keepass.xml
[INFO] Root path: None
Traceback (most recent call last):
File "keepass2pass.py", line 141, in
main(sys.argv[1:])
File "keepass2pass.py", line 135, in main
import_passwords(xml_file, root_path)
File "keepass2pass.py", line 94, in import_passwords
root_group = root.find('Group')
AttributeError: 'NoneType' object has no attribute 'find'
rofi-pass
has unsafe use of /tmp
20:26:50[justin@diablo ~/opt/rofi-pass]% git show --oneline
b6dcf56 Merge pull request #44 from qbit/master
20:27:02[justin@diablo ~/opt/rofi-pass]% ag tmp
rofi-pass
36: rm -f "/tmp/$USER-rofi-pass/last_used"
37: echo "${root}: $selected_password" > "/tmp/$USER-rofi-pass/last_used"
48: rm -f "/tmp/$USER-rofi-pass/last_used"
49: echo "${root}: $selected_password" > "/tmp/$USER-rofi-pass/last_used"
500:# create tmp dir
501:if [[ ! -d /tmp/$USER-rofi-pass ]]; then
502: mkdir "/tmp/$USER-rofi-pass"
520:if [[ -r "/tmp/$USER-rofi-pass/last_used" ]] && [[ $1 == "--last-used" || $1 == "--show-last" ]]; then
521: export root; root=$(awk -F ': ' '{ print $1 }' "/tmp/$USER-rofi-pass/last_used")
546: if [[ -r "/tmp/$USER-rofi-pass/last_used" ]]; then
547: entry="$(awk -F ': ' '{ print $2 }' "/tmp/$USER-rofi-pass/last_used")"
552: if [[ -r "/tmp/$USER-rofi-pass/last_used" ]]; then
553: selected_password="$(awk -F ': ' '{ print $2 }' "/tmp/$USER-rofi-pass/last_used")" showEntry
This means that another user on the box, who can create a symlink at /tmp/${VICTIM_USER}-rofi-pass
before ${VICTIM_USER}
uses rofi-pass, can cause ${VICTIM_USER}
to:
rm -f
a file called last_used
in a directory of the attacker's choosing"${root}: $selected_password"
into a file called last_used
in a directory of the attacker's choosingAn example of nobody
being able to cause me (justin
) to send some text to ~justin/.ssh/last_used
:
20:31:14[justin@diablo ~/opt/rofi-pass]% sudo -u nobody ln -s /home/justin/.ssh /tmp/justin-rofi-pass
20:31:36[justin@diablo ~/opt/rofi-pass]% ls -la /tmp/justin-rofi-pass
lrwxrwxrwx 1 nobody nogroup 17 Jul 16 20:31 /tmp/justin-rofi-pass -> /home/justin/.ssh
20:31:41[justin@diablo ~/opt/rofi-pass]% ls -la ~/.ssh/last_used
ls: cannot access '/home/justin/.ssh/last_used': No such file or directory
<use rofi-pass to access the pass password item called "demopassword">
20:32:14[justin@diablo ~/opt/rofi-pass]% ls -la ~/.ssh/last_used
-rw-r--r-- 1 justin justin 43 Jul 16 20:32 /home/justin/.ssh/last_used
20:32:38[justin@diablo ~/opt/rofi-pass]% cat ~/.ssh/last_used
/home/justin/.password-store: demopassword
It looks as though an attacker may be able to control the variables ${root}
, ${entry}
and ${selected_password}
depending on how the victim user launches rofi-pass. I haven't gone too far down that rabbit hole just yet.
/tmp/
should be considered hostile and full of directories/files/symlinks planted by other users.
After (installing all required apps) git clone
or sudo make install
only thing that I get when running rofi-pass
is sorry, cannot understand key combination: !Return. Is this still the #43 issue or is it just me who cannot integrate it into rofi?
And can you provide a sample code about how to use it together with rofi? I am new to it...
If I include '-font "Monospace 10"' (or any font, for that matter) in rofiopts, the interface is unusable.
Here's the rofiopts config:
rofiopts='-i -font "Monospace 10" -no-levenshtein-sort'
% rofi -version
Version: 0.15.12
% rofi-pass --help
rofi-pass (Version: 1.2)
I would attach a screenshot, however rofi-pass intercepts all keyboard key presses and I'm unable to launch scrot :)
I am using CopyQ as my clipboard manager, and when I start rofi-pass
, then select an entry, then ALT+p, it copies it... Just that in CopyQ, there's no new copied item...
However, after 45 seconds when the clipboard is cleared, a new item ends up in CopyQ that seems to be two empty lines that are copied.
Is there any way to change the path to the config file? rofi-pass
seems to expect it at /etc/rofi-pass
, right? How can I tell rofi-pass
that it is at ~/.rofi.conf
for example?
Hi,
I was using pass & passff firefox extention for quite a long time but after some recent security potential issues I prefer the approach of rofi-pass!
I am playing around and make it almost work like my old configuration, the only thing I am not able to do is to open the url automatically and autofill, is there a way to do that?
Bookmark mode is working correctly and opening a tab in my iceweasel and goes to the right link
Autofill is also working correctly (I noticed a little glitch where I need to click into a form box for the mouse to focus on it, if I don't do that before rofi-pass is not able to fill the form, I am sure there is a little tips for that?)
My idea would be to combine both
many thanks
My pass entries look like this:
supersecretpassword
---
login: pigmonkey
url: https://somewhere.com
(Those are spaces separating the fields, not tabs.)
My ~/.config/rofi-pass/config
looks like this:
URL_field='url'
USERNAME_field='login'
clip=clipboard
notify='true'
After upgrading to rofi-pass v1.4, the autotype features types <tab>supersecretpassword
. Using alt+2
to copy the value of the login field does still work. If I edit my entry and rename login
to user
, autotype works.
The autotype function is not respecting USERNAME_field
.
When a pass entry contains an @ sign, rofi-pass cannot paste it into context, gives an ˇ sign instead. ($ sign does not work either, % does)
Hi,
I hacked the following into the rofi-pass script:
elif [[ $word == ":otp" ]]; then oathtool --totp --base32 "${stuff[${OTP_field}]}" | xdotool type --clearmodifiers --file -;
which enables OTP support in autotype. However I am not sure about the --base32 option. I guess most services do return a base32 code but not all. It also has an dependency on oathtools. I think this is a bit of an overkill.
If this is needed, and would be supported by this project, I would try to fix the issues I have with this solution right now and submit a PR request once I am finished.
What do you think? Awesome project by the way!
It's a tiny modification, but IMHO it makes a big difference.
diff --git a/rofi-pass b/rofi-pass
index 9e89493..970dfa0 100755
--- a/rofi-pass
+++ b/rofi-pass
@@ -51,7 +51,7 @@ umask 077
list_passwords() {
cd "${root}" || exit
- find -L . -iname '*.gpg' -printf '%P\n' | \
+ find -L . -iname '*.gpg' -printf '%P\n' | sort | \
while read filename; do
echo "${filename%.gpg}"
done
Right now individual fields can only be typed from inline view.
Add a hotkey to select from a list of available fields.
This way a one-item history for each root dir is saved and can be re-used separately.
This would need more complex argument parsing because --last-used and --root might be used together.
Also this needs to take PASSWORD_STORE_DIR env var and root config setting into account.
I created a shortcut to launch the script using Linux Mint's keyboard settings. When I use the shortcut, the only option that shows up is pass even though my passwords also have user and autotype, and when I hit enter, nothing happens. When I call the script from the command line, everything is perfect. As a temporary workaround, I have changed the command to this: gnome-terminal -e "rofi-pass"
. That works, but I have to click back to firefox or the password just goes into the terminal.
Btw I use this script on my arch+xfce laptop and it's so nice. Thanks a bunch!
uname -a
:
Linux Zeus 3.19.0-21-generic #21~14.04.1-Ubuntu SMP Sun Jun 14 18:45:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
pass version
:
|-----------------------|
| Password Store |
| v.1.4.2 |
| by zx2c4 |
| |
| [email protected] |
| Jason A. Donenfeld |
|-----------------------|
sed --version
:
sed (GNU sed) 4.2.2
rofi -v
:
Version: 0.15.11
xdotool -v
:
xdotool version 3.20140217.1
gawk -V
:
GNU Awk 4.0.1
bash --version
:
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
I have an alternative pass store at ~/otherpass
. I'm trying to use rofi-pass to interact with that store.
$ rofi-pass --root ~/otherpass
This results in a rofi window with no password entries.
It looks like on line 38 rofi-pass is trying to append the root dir to the default password store, resulting in something like /home/user/.password-store///home/user/otherpass
. I think the line should be something more like:
passwords=( "${root}"/**/*.gpg )
Line 44 will also need to be altered so that the pass store dir is stripped from the filenames.
Hello, I had a problem with rofi-pass and to see if there is a fix, I have installed
the last version from git. Unfortunately, I can't login anymore.
I do the following: Start rofi-pass, choose a login (I get the list of the possible logins) and hit "Enter". After that, nothing happens
I tried in a terminal and it's much more interesting:
% rofi-pass
Error: 14 is not in the password store.
Error: 14 is not in the password store.
type: unrecognized option '--file'
Usage: type [--window windowid] [--delay milliseconds] <things to type>
--window <windowid> - specify a window to send keys to
--delay <milliseconds> - delay between keystrokes
--clearmodifiers - reset active modifiers (alt, etc) while typing
--args N - how many arguments to expect in the exec command. This is
useful for ending an exec and continuing with more xdotool
commands
--terminator TERM - similar to --args, specifies a terminator that
marks the end of 'exec' arguments. This is useful
for continuing with more xdotool commands.
-h, --help - show this help output
type: unrecognized option '--file'
Usage: type [--window windowid] [--delay milliseconds] <things to type>
--window <windowid> - specify a window to send keys to
--delay <milliseconds> - delay between keystrokes
--clearmodifiers - reset active modifiers (alt, etc) while typing
--args N - how many arguments to expect in the exec command. This is
useful for ending an exec and continuing with more xdotool
commands
--terminator TERM - similar to --args, specifies a terminator that
marks the end of 'exec' arguments. This is useful
for continuing with more xdotool commands.
-h, --help - show this help output
I assume the problem is with xdotool. Could you try first on your system ? I have a Gentoo system
and it's possible something in missing in the package. But I have also an Archlinux system and it doesn't work. But I'm not sure that on Arch the git package install the last commit.
Pressing tab no longer selects the next entry in rofi-pass. The issue seems to have been introduced in 01eeb3e. I'm not sure why -kb-row-tab
is being set to ''
. Is this deliberate? Removing this makes it work again.
Many of my password files have the same two bottom lines:
user: my@email
autotype: user :tab pass :enter
Is there a way to make this the default? I see the addpass command can add these to the files if you use it to generate the password but I want autotype to default to typing my email then the password event if the password file only has one line: the password.
I find myself frequently using rofi-pass to type credentials into things that do not echo (ie, a sudo prompt). I know typing takes a second or two, but because I can't see it working and there is no notification upon completion, I'm never sure when it is done. Generally I end up telling rofi-pass to type the entry and then counting to 5 in my head before hitting return.
It would be nice if rofi-pass could notify the user when typing is complete via notify-send
, just like it does when a password has been copied. This should probably be a configurable option that defaults to off, since it would get annoying if you predominantly use rofi-pass to type credentials into things that echo the typing, like most GUI apps.
I frequently want to copy the URL from a pass entry, either to paste it into a specific browser window or to paste it into a different program. This is usually more useful to me than the ability to open the URL in the default browser directly from the entry. Could this be added to rofi-pass? Perhaps with a default mapping of Alt+L
(l for link, since u is taken).
Merge several hotkeys into a single "Actions" key. (move, delete, etc)
Reproduce:
Expected: Correct password shown
Instead: backslashes are interpreted by the shell.
Fix, incoming shortly. :)
Just tried generating a password and it did nothing. Obviously, pwgen
was not installed.
I think requirements section should list pwgen
. Feel free to note that it is only required if one wants to generate passwords.
Hello.
When the mouse is over the rofi (pass) window when it starts, a password is automatically selected.
It should not autoselect a password.
rofi run does not have this issue, so I believe the issue is in the options sent to rofi.
Thanks to fix this issue.
Currently it appears that rofi-pass copies usernames to the default selection and passwords to both the default and clipboard selections. This was not intuitive to me -- I had to read through the script to see why usernames were not added to my clipboard after I copied them with rofi-pass.
I'm not sure if there is a reason for the difference in behaviour between copying usernames and passwords, but I think it would be nice to have the selection configurable by the user. Something like an xclip_selection
setting in the configuration file, with possible options of primary
, secondary
and clipboard
. I would then expect rofi-pass to apply this to both usernames and passwords.
Hi,
thanks a lot for writing rofi-pass! I have an issue with auto-typing passwords via xdotool: In about one third of the cases it types the password or username incorrectly because one character is typed twice. I suspected that this has something to do with keyboard repeat (I have a high repeat rate with a rather short delay, xset r rate 180 60
). I added a bit of code to rofi-pass which disables keyboard repeat, types the password with xdotool, and the re-enables keyboard repeat (if it was enabled before). This solves my issue perfectly.
Would you be willing to accept a PR which adds this (and enables it by default)?
BSD grep doesn't contain -P for perl regex. There is a package called gnugrep which installs gnugrep to /usr/local/bin/grep. It would be nice to have rofi detect if you are on freebsd and use the right grep.
Scenario: Open a Roundcube login page in Firefox and focus the username field.
Problem: Upon selecting a password from list of passwords and pressing enter, the focus in Roundcube login page is moved from the username to the password field.
This happens right before selecting a field for rofi-pass to type out.
Here: https://github.com/carnager/rofi-pass/blob/master/rofi-pass#L45, it looks like tab
will always be sent if a password has no autotype field, but I think that rofi should detect if a username field exists, and only send a tab if it does.
Here's a use case that works as expected from the current implementation. router-password
:
password
---
user: username
rofi-pass would send username\tpassword
through xdotool, but if router-password
contains:
password
---
rofi-pass would just send \tpassword
, which would almost always tab out of the highlighted password field. I believe a good solution is detecting if USERNAME_field
is defined, if so, send ${USERNAME_field}\t${password}
, if not, just send ${password}
Hello.
Currently, the password is shown in the menu, but I would like to hide it.
Is there an option to never show the password in the menu?
Thanks.
How about reading $BROWSER from ENV or allowing setting BROWSER in the config file?
If neither config file exists, the program prints errors such as:
The script command 'window' has 1 options, but needs 2: <name>:<script>.
Invalid script switcher: window
And won't work overall. As soon as the default config is copied, rofi-pass works fine. I think that after the config files are sourced, default values should be loaded for unset variables. This would prevent confusing errors like the ones shown above. One possible implementation could be to add config lines like this:
USERNAME_field=${USERNAME_field:-'user'}
AUTOTYPE_field=${AUTOTYPE_field:-'autotype'}
...
after sourcing both config files. This will set the fields to their default value only if they are unset. Though I'm not sure how the _rofi
command would be implemented this way. Possibly use something like:
declare -f _rofi || _rofi() {
rofi -z -i -width 700 -no-levenshtein-sort "$@"
}
Hey! First of all: let me thank you for developing rofi-pass, it's quite useful :) Do you think about tagging releases at some point? It would make for saner packaging (I am packaging this for NixOS) imho. Anyway, keep up the good work!
My habit with previous versions of rofi-pass has been to find the entry I want and hit enter
for rofi-pass to autotype it. With rofi-pass v1.4, hitting enter
on the entry brings up the new menu asking me what I want to do. I have to hit enter
a second time, or I have to hit alt+1
when on the entry.
Personally I'm not a fan of the new menu asking me what I want to do as it requires an extra keystroke. I can see how it would be nice for new users, or for those who do not autotype the majority of the time. Is it possible to make the default entry behaviour configurable? It would be great if the default could remain the same, but I could configure the default action to be autotype
instead of menu
or something.
I actually see a default_do
config option currently that kind of looks like what I am imaging, but it doesn't look like it is being used for anything.
If I want to open an URL from command line e.g. w/ firefox the command is firefox -private-window mysite.com
but if in the pass entry when I use url: -private-window mysite.com
it will only open a private window w/o the URL pasted and submitted. Using quotation mark does not help.
Sorry rofi cannot understand the key combination: !Return
On current master rofi-pass
throws the error message and exits due to the API changes in rofi
see davatorium/rofi#290
The last rofi-pass
release works tho.
$HOME/.config/rofi-pass
is expected to exist, especially with $HOME/.config/rofi-pass/last_used
- but the directory is not being autocreated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.