makepass.pl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

#!/usr/bin/env perl
#
# Author  : Dennis Eriksen <d@ennis.no>
# File    : makepass.pl
# Created : 2023-07-27
# License : BSD-3-Clause
#
# Copyright (c) 2018-2023 Dennis Eriksen • d@ennis.no

use strict;
use warnings;
use v5.10.0;

use Getopt::Std;

use constant {
    MAX        => 255,    # max length of passwords
    RANGE_MAX  => 42,     # max length when using random length
    RANGE_MIN  => 8,      # min length when using random length
    PASS_WORDS => 8,      # number of words in passphrases

    LOWER => 'abcdefghijklmnopqrstuvwxyz',
    UPPER => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
    DIGIT => '0123456789',
    OTHER => '!$%&#/()=?+-_,.;:<>[]{}|@*',
};

my @lower = split //, LOWER;
my @upper = split //, UPPER;
my @digit = split //, DIGIT;
my @other = split //, OTHER;
my @alpha = ( @lower, @upper );
my @alnum = ( @alpha, @digit );
my @every = ( @alnum, @other );

my $length   = $ENV{'MAKEPASS_LENGTH'} // 0;
my $number   = $ENV{'MAKEPASS_NUMBER'} // 10;
my $printlen = 0;
my @normal =
  $ENV{'MAKEPASS_NORMAL'}
  ? split //, $ENV{'MAKEPASS_NORMAL'}
  : ( @alnum, '-', '_' );
my @special =
  $ENV{'MAKEPASS_SPECIAL'}
  ? split //, $ENV{'MAKEPASS_SPECIAL'}
  : (@every);
my $wordlist = $ENV{'MAKEPASS_WORDLIST'} || '/usr/share/dict/words';

my $col_width;
my $col_num;

# Get screen width so we can print in pretty columns
# TODO: Native perl. Possible solutions:
# - Term::ReadKey
#     - not a builtin module. Needs installing everywhere.
# - builtin module ioctl and posix-call `TIOCGWINSZ`.
#     - does not work on all systemd. I.e. OpenBSD.
my $xwidth = `tput cols` || 80;
chomp($xwidth);    # remove \n at end of line

#
# Main function! Go magic!
#
sub main {
    #
    # Getopts
    #

    getopts('hl:n:p');
    our ( $opt_h, $opt_l, $opt_n, $opt_p );

    # -h = help
    help() if ($opt_h);

    # -l NUM = length of passwords
    # I know this check is unnecessary because we check $LENGTH below, but
    # I still want it.
    die "-l takes a number between 0 and " . MAX
      if ( $opt_l && !int_in_range( $opt_l, 0, MAX ) );
    $length = $ARGV[0] // $opt_l // $length;

    # -n NUM = number of passwords
    die "-n takes a number between 0 and " . MAX
      if ( $opt_n && !int_in_range( $opt_n, 1, MAX ) );
    $number = $opt_n // $number;

    # -p = print length of passwords
    $printlen = 1 if $opt_p;

    #
    # Some errorhandling
    #
    die "only one argument" if ( scalar(@ARGV) > 1 );

    die "length must be a number between 0 and " . MAX
      unless ( int_in_range( $length, 0, MAX ) );

    die "number-argument must be between 1 and " . MAX
      unless ( int_in_range( $number, 1, MAX ) );

    #
    # Some other stuff
    #

    # Seed rand() with bits from /dev/random. Because.
    open( my $random, '<:raw', '/dev/random' ) or die $!;
    read( $random, my $bytes, 8 ) and close($random);

    # See https://perldoc.perl.org/functions/pack
    srand( unpack( "L", $bytes ) );

    $printlen = $length < 100 ? 2 : 3 if $printlen;

    $col_width = ( $length ? $length : RANGE_MAX ) + 2;
    $col_num =
      int( $xwidth / ( $col_width + ( $printlen ? $printlen + 1 : 0 ) ) ) || 1;

    #
    # Print passwords
    #
    print_columns( "Normal passwords", $number, @normal );
    print "\n";
    print_columns( "Passwords with special characters",
        int( $number / 3 * 2 + 1 ), @special );

    #
    # Print Passphrases
    #
    # But only if we can read the wordlist
    if ( -r $wordlist ) {
        print "\n";
        say "Passphrases:";
        open( FILE, "<", $wordlist ) or die("Can't open file");
        chomp( my @wordlist = <FILE> ) and close(FILE);

        say passphrase( \@wordlist ) foreach ( 1 .. int( $number / 2 ) );
    }
}

#
# Print in random strings in columns
#
#sub print_columns ( $title, $num, @chars ) {
sub print_columns {
say "@_";
    my $title = shift(@_);
    my $num   = shift(@_);
    my @chars = @_;
    my @strings;

    push( @strings, randstring(@chars) ) foreach ( 1 .. $num );

    say "$title:";

    for my $i ( 1 .. $num ) {
        printf "%0${printlen}i ", length( $strings[ $i - 1 ] ) if ($printlen);
        printf "%-${col_width}s", $strings[ $i - 1 ];
        print "\n"
          if ( $i % $col_num == 0 || ( $i == $num && $i % $col_num > 0 ) );
    }
}

#
# Function to create random string
#
#sub randstring (@chars) {
sub randstring {
    my @chars = @_;
    my $str;
    my $len = $length || int( rand( RANGE_MAX - RANGE_MIN ) + RANGE_MIN );

    @chars = @normal if !@chars;

    $str .= $alpha[ rand @alpha ];
    $str .= $chars[ rand @chars ] foreach ( 1 .. $len - 2 );
    $str .= $alnum[ rand @alnum ] if ( $len >= 2 );

    return $str;
}

#
# Return passphrases
#
#sub passphrase ($arrh) {
sub passphrase {    # Use array-handle to avoid copying large array around
    my $arrh = shift(@_);
    my @indexes;

    push( @indexes, rand( @{$arrh} ) ) foreach ( 1 .. PASS_WORDS );
    ( my $str = join( '-', @{$arrh}[@indexes] ) ) =~ tr/A-Za-z0-9_-//cd;
    return $str;
}

#
# Check if int and in range
#
#sub int_in_range ( $num, $min, $max ) {
sub int_in_range {
    my $num = shift(@_);
    my $min = shift(@_);
    my $max = shift(@_);

    return ( $num =~ /^[[:digit:]]+$/ && $min <= $num && $num <= $max ) ? 1 : 0;
}

#
# Help function
#
sub help {
    my $str='NAME
    makepass - create several random passwords

SYNOPSIS
    makepass [OPTIONS] [NUM]

    If a NUM is provided, passwords will be NUM characters long.

    By default `makepass` will output passwords from the three following classes:

    - Normal passwords - random strings with letters (both lower and upper
      case), numbers, and dashes and underscores.

    - Passwords with special characters - random strings generated from lower
      and upper case letters, numbers, and the following characters:
      !#$%&/()=?+-_,.;:<>[]{}|@*

    - Passphrases - if we find a dictionary, a series of eight random words
      from the dictionary, separated by dashes. The number of words can not be
      changed, but you do not have to use all of them. Use as mane as you want.

    The first character will always be alphabetic, and the last will always be
    alphanumeric.

DESCRIPTION
    makepass has the following options:

    -h
        output this help-text
    -l
        length of passwords. See MAKEPASS_LENGTH below
    -n
        number of passwords. See MAKEPASS_NUMBER below
    -p
        print length of number

ENVIRONMENT
    makepass examines the following environmental variables.

    MAKEPASS_LENGTH
        Specifies the length of passwords. Valid values are 0-255. If 0, a
        random value between 8 and 42 will be used for each password. -l
        overrides this environmental variable, and the argument NUM overrides
        that again. So `MAKEPASS_LENGTH=10 makepass -l 12 14` will give
        passwords that are 14 characters long, even though both -l and
        MAKEPASS_LENGTH also specifies a length.

    MAKEPASS_NUMBER
        The number of passwords to generate. This formula is used to determine
        how many passwords from each group should be generated:
        - (n) normal passwords
        - (n / 3 * 2 + 1) special passwords
        - (n / 2) passphrases
        Where n is 10 by default. Valid values for n are 1-255. Floating-poing
        math is not used, so results may vary.

    MAKEPASS_PRINTLEN
        If 1, print length of all passwords. If 0, don\'t.

    MAKEPASS_NORMAL
        String of characters from which to generate "normal" passwords.
        Defaults to:
        abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_

    MAKEPASS_SPECIAL
        String of characters from which to generate passwords with special
        characters. Defaults to the same characters as in MAKEPASS_NORMAL, plus
        these:
        !#$%&/()=?+-_,.;:<>[]{}|@*

    MAKEPASS_WORDLIST
        Specifies the dictionary we find words for passphrases in. If this is
        unset or empty, we try "/usr/share/dict/words". If that file does not
        exist, no passphrases will be provided.

NOTES
    This scripts makes use of rand() - a perl function that returns a
    pseudo-random number. It is not cryptographically secure.  We initially
    seed the random number generator with a random 32bit integer generated from
    /dev/random. This should provide enough randomnes to generate sufficiently
    secure passwords.

AUTHOR
    Dennis Eriksen <https://dnns.no>';

    print "$str\n";

    exit(0);
}

# Call with & so it gets the same arguments as root. (@_)
&main;