keeper-security / commander Goto Github PK

Keeper Commander is a python-based CLI and SDK interface to the Keeper Security platform. Provides administrative controls, reporting, import/export and vault management.

Home Page: https://www.keepersecurity.com/commander.html

License: MIT License

Python 99.97% Shell 0.03%

cli password-manager password secrets security-tools

commander's Introduction

About Keeper Commander

Keeper Commander is a command-line and SDK interface to Keeper® Password Manager. Commander can be used to access and control your Keeper vault, perform administrative functions (such as end-user onboarding and data import/export), launch remote sessions, rotate passwords, eliminate hardcoded passwords and more. Keeper Commander is an open source project with contributions from Keeper's engineering team and partners.

Documentation

To read the Keeper Commander documentation please click here:

https://docs.keeper.io/secrets-manager/commander-cli/overview

About Keeper Security

Keeper is the leading cybersecurity platform for preventing password-related data breaches and cyberthreats.

Learn More at: https://keepersecurity.com

commander's People

Contributors

Stargazers

Watchers

Forkers

walkathon mryan1347 m-wells shift sk-keeper arlenyan c7h python3pkg plar captainstatic pmoung matthijsbe tonylanglet lukasnespor pncit drosile surfndez jacek-rzrz chrishannam khan yasukazu kaymccormick mkn-yskz ad8-bdl shreyankkr nikolaigulatz officesolutions-it pyrokin5 maherthegreat1-bot maksimu sndrr armarti jonathanpadilla80 jeff-bouchard zanebond swipswaps ritvikk49 rayleyva leon-d-j diogoalexandria drewpilarski-oak9 dstromberg daniel-rodas redboxjm1 ndgit michaelsanford manny27nyc cryptomoneybotz contactbrenton securitytime raa-jan b1tninja skoglump freimer synominit rthompson-keeper igriffin00 arcaven apersonintech the-migus-group asmrprog masaruyokoi blueskeye furtber mvandermeulen dabla swiftrc23 jecker5 brennanwoodbury silentapproach skolu skertch

commander's Issues

Add audit output support for elasticsearch

Feature request to add support for elasticsearch audit output (currently only splunk).

Something like this could probably help:
https://github.com/elastic/elasticsearch-py

Or, look at python-logstash. There are probably several ways of doing this.

I don't have a lot of bandwidth, but will try to look into testing and implementing with the former method above.

`ls` exits with status "success" when record/folder does not exist

What happened:

I called command keeper ls on a non-existent folder, and it exited with a "success" status (i.e. return code != 0).

Call keeper ls on a non-existent folder:

$ keeper --user [email protected] --password <redacted> ls '/non-existent/plop'
ls: non-existent/plop: No such folder or record

Check return code:

$ echo $?
0

What you expected to happen:

I expected command to fail, i.e. to return a code != 0.

How to reproduce it (as minimally and precisely as possible):

# Call command
keeper ls /non-existent

# Check return code
echo $?

Environment:

keepercommander version:

$ pip3 show keepercommander | grep Version:
Version: 4.26

OS (e.g: cat /etc/os-release):

$ (source /etc/*-release && echo "$DISTRIB_DESCRIPTION")
Ubuntu 19.10

Rotating a record which user doesn't have edit permissions to needs better error message

`--print` breaks recursive `edit`

When i run any rotation with the --print flag, e.g. r <UID> --print I get the following error.

'str' object has no attribute 'decode'

If I'm using --match to rotate multiple records, e.g. r --match <pattern> --printthe rotation will complete the first one successfully and then stop after giving the error above, not progressing to the following ones.

Here are some specs for troubleshooting, hope that helps a bit

╰─$ python3 --version
Python 3.7.3

╰─$ keeper --version
Keeper Commander, version 4.21

╰─$ pip3 --version
pip 18.1 from /usr/lib/python3/dist-packages/pip (python 3.7)

╰─$ neofetch 
       _,met$$$$$gg.          jvacek@xxx 
    ,g$$$$$$$$$$$$$$$P.       ------------------ 
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 10 (buster) x86_64 
 ,$$P'              `$$$.     Host: Latitude 5401 
',$$P       ,ggs.     `$$b:   Kernel: 5.3.0-0.bpo.2-amd64

keeper Login hangs on Windows Git Bash MINGW64

Login hangs on Windows Git Bash MINGW64 --
If I don't specify the username, I get the expected prompt saying I am not logged in.
$ keeper login
... User(Email):
Not logged in>

When I specify the username, it hangs and never prompts for password, hitting Ctrl + C doesn't kill the application and I have to eventually exit out of the shell. Similar experience in Cygwin.

However I am able to login just fine and use keeper commander from within my Linux VM that is using bash.

Error with export function

Attempting export:
keeper export --format json exported
Output:
Downloading records...
Downloaded & Decrypted [17] Records
Error: '3CToo1QoZv6l_npDFBeIIA'

Renaming attachment on record creation does not fully work

What happened:

While creating a record, I attached file abcd.txt to it:

Still in the "record creation" interface, I changed the name of the attached file to defg.txt:

Then, I submitted the form, and the record got correctly created.

However, when I try downloading back the attached file, it is still called with the old name, i.e. abcd.txt:

What you expected to happen:

I expected the downloaded file to be named after what I typed in the "record creation" form.

Please add support for keepass references during import

Hello,

Keepass allows to use references like https://keepass.info/help/base/fieldrefs.html

It is useful when for instance you have multiple applications/services connected to one LDAP for authentication. With references, you can just use a reference in another entry that authenticates against the same LDAP [for instance Active Directory] inside the password/username field.

When importing via commander to keeper those references are kept intact - therefore instead of having a password and username in some of the entries, I see those "references" tags.

Would be nice if these references could be inlined proper data [passwords/usernames] during import to Keeper.

Thanks

Can't use name to copy to clipboard

When I use the clipboard-copy command with the Title of an entry, I receive the following feedback:

Enter name or uid of existing record

I'm not sure what "name" refers to as that is not a column in the output of list.
UID is not convenient to type, which defeats the purpose of the cc command.

Some ideas for improvement:

String match either title or UID and copy if specific enough to return 1 row.
Allow use of the # column from list command.

Keeper Commander, version 4.12

connect:xxx with same xxx but in different folders

we have the same names of connection in different folders eg:

> connect
...
 23  nfs                        machines        /lsn/est/uat1
 24  nfs                        machines        /lsn/est/prod
 25  nfs                        machines        /lsn/est/prep
 26  nfs                        machines        /lsn/est/uat2
 27  nfs                        NFS             /iot/dev
 28  nfs                        NFS             /lsn/afc/local

and we'd like to connect to a particular one by providing full connection name eg:

connect /iot/dev/nfs

or by

keeper connect /iot/dev/nfs

but for some reason, it selects just the nfs from another folder.

it was working ok in 4.9, was not in 4.12 and it's still not working in 4.24

what is more - being in THE folder and calling

connect nfs

is also picking nfs entry from a different folder

Nuget version? Samples out-of-date?

I'm trying to follow along with the .NET samples provided, but I am having trouble getting them to build as provided. There are a few different versions on Nuget and there are clearly some differences in the interfaces among the versions that are not reflected in the repository here. The last update to this repo appears to be 10 months ago, but the Nuget versions are much more recent. In fact the most recent Nuget release was yesterday (4/21/2020).

Additionally, the Project URL in Nuget is incorrect (returns 404).

Dotnet Keeper sdk - possible bug in retrieving vault records

When retrieving the keeper records using the dotnet sdk and running the code it seems to produce no records in the vault. However when debugging and stepping through each line of code manually the vault will pull back the records.

I do use a few Out-Null's just so the line of code doesn't write any response to the terminal since I don't need them.

Here's a sample code written in powershell.

$storage = New-Object KeeperSecurity.Sdk.JsonConfigurationStorage
$Auth = New-Object KeeperSecurity.Sdk.AuthContext($storage, $null)

#Initialize user configuration and set the login credentials.
$keeperLogin = New-Object KeeperSecurity.Sdk.UserConfiguration
$keeperLogin.Username = 'KeeperUsername'
$keeperLogin.Password = 'KeeperPassword'

#Login to keeper
$Auth.Login($keeperLogin) | Out-Null

#Access the vault and sync down the data from the vault
$vault = [KeeperSecurity.Sdk.Vault]::new($Auth)
[KeeperSecurity.Sdk.SyncDownExtension]::SyncDown($vault) | Out-Null

#Search through each record and look for a specific phrase. 
$records = $vault.Records

$vault and $records in this case comes back null if I run the code but if I debug it and step through, they will populate with the records.
Please advise.

Thank you,
Ma Xiong

`mkdir`: sligthly incorrect error message on already existing folder

What happened:

When executing keeper mkdir on an already existing folder, a strange error message gets printed:

Folder "" already exists

Whatever the name of the already existing folder is, the error message always prints an empty string.

What you expected to happen:

I expected the error message to correctly reference the name of the already-existing folder, not an empty string

How to reproduce it (as minimally and precisely as possible):

$ keeper --user [email protected] --password '<redacted>' mkdir --user-folder '/test-folder'
$ keeper --user [email protected] --password '<redacted>' mkdir --user-folder '/test-folder'
Folder "" already exists
$

Anything else we need to know?:

Environment:

$ pip3 show keepercommander | grep Version:
Version: 4.28

clipboard-copy is difficult to use

The clipboard-copy command seems to require:

Case-sensitive path
Case-insensitive record name

This makes finding the right record more time consuming than simply using the browser extension and using the search feature.

The clipboard-copy command would be much more useful if it could fuzzy search, just like the browser extension. E.g. I can type any piece of info (say, username) into the browser extension and it will show me all records that match. clipboard-copy could return matches if not specific enough, or copy the password if sufficiently specific to return a single record.

New logo/icon proposal

Good day Sir I am a graphic designer and i am interested in designing a logo for your good project. I will be doing it as a gift for free. I just need your permission first before i begin my design. Hoping for your positive feedback. Thanks

Docs enhancement: Using the API directly

Howdy,

I was currently using the API directly in order to import data into a vault and felt like sharing the knowledge since it showed to be an easy and powerful way to interact with Keeper. What I basically did was something like this:

from keepercommander import api
from keepercommander.__main__ import get_params_from_config

params = get_params_from_config('config.json')
api.login(params)
api.sync_down(params)

# Load items to put into the vault from somewhere

for item in items:
    # Retrieve existing record, if any.
    pattern = item.name
    records = api.search_records(params, pattern)
    if len(records) > 1:
        raise ValueError('Multiple records found for search {}'.format(pattern))

    if len(records) == 1:
        # Update existing record.
        record = records[0]
        record.login = item.login
        # [...]
        params.sync_data = True
        api.update_record(params, record)
        continue

    # Add new record.
    record_key = os.urandom(32)
    record_uid = api.generate_record_uid()
    rq = {
        'command': 'record_add',
        'record_uid': record_uid,
        'record_type': 'password',
        'record_key': api.encrypt_aes(record_key, params.data_key),
        'how_long_ago': 0,
        'folder_type': 'user_folder'
    }
    data = {
        'title': item.name,
        'login': item.login,
        # [...]
    }
    rq['data'] =  api.encrypt_aes(json.dumps(data).encode('utf-8'), record_key)

    rs = api.communicate(params, rq)
    if rs['result'] == 'success':
        params.sync_data = True
        print(record_uid)
    else:
        print(rs['message'])

I could either write a blog post about that or extend the existing docs and create a PR for that.

What do you suggest?

Command 'add' with a password does not work

Using Keeper Commander to add a record while specifying a password (with option --pass) does not work (it does when using the option -g)

>keeper add --login 'test' --pass 'foo' --url 'http://google/com' 'test'  
Authentication failed.  
Password:   
AuthenticationError Error: Authentication failed.

It looks like the --pass is wrongly interpreted as --password and is used to authenticate the user instead of filling the password field of the record (which you can confirm if you use your vault's password as a value for the --pass).

Can't import JSON data - Incorrect AES key length (86 bytes)

Hi!
Trying to use the Import feature to create new shared folders in Keeper Cloud, but it keeps returning the following error: Incorrect AES key length (86 bytes)

I initially thought it was my code, so I did a JSON dump of an existing folder/record set, deleted those records, and then tried to import the dumped JSON as-is, and I got the same error.

Steps followed:

keeper shell
[login using non-SSO Keeper Administrator]
export --format json keeper_export.json
import --format json keeper_export.json
Incorrect AES key length (86 bytes)

This happens whether I do the import command as a one line (i.e: keeper --user someuser --password somepassword import --format json somefilepath.json) or whether I log into keeper shell and trigger the import from there.

This is the Python code I'm using for reference:

#!/usr/bin/python3
import os
import subprocess
import json
folders = ['SomeFolderName', 'SomeOtherName', 'Potato', 'Potahto']
filepath = "keeper_new_folder.json"
for folder in folders:
    try:
        os.remove(filepath)
    except:
        print("File not exist, cannot delete")
    data = {}
    data['shared_folders'] = []
    data['shared_folders'].append({
        'path': folder,
        'manage_users': 'true',
        'manage_records': 'true',
        'can_edit': 'true',
        'can_share': 'true',
        'permissions': [
            {
                'name': 'SG.SLTECH.DEVOPS',
                'uid': 'Ce6tm32Po81z3Y2zK5Wd3A',
                'manage_users': 'true',
                'manage_records': 'true'
            }
        ]
    }) 
    with open (filepath, 'w') as outfile:
        json.dump(data, outfile)
    subprocess.call(["keeper", "--user", "some-non-SSO-user", "--password", "somepassword", "import", "--format", "json", filepath])

Environment information:

Python v3.6.8 (Ubuntu) & 3.7.3 (Windows)
OS: Ubuntu 18.04.x LTS running on Windows 10 WSL v1 & Powershell 5.1.17134 running on Windows 10 18.03
Keeper commander v4.12

Thanks!

U2F fails in batch mode

When using batch mode with a 2FA Yubikey enabled account, keeper prompts for the U2F touch however immediately falls through to a 2FA code prompt, as if "Enter" had been pressed.

env:

% sw_vers 
ProductName:	Mac OS X
ProductVersion:	10.15.4
BuildVersion:	19E287
% keeper --version                                         
Keeper Commander, version 4.31

keeper installed via pip3, per readme

repro:

% rm config.json
% echo 'whoami' | keeper --user '[email protected]' -
Password:

Touch the flashing U2F device to authenticate or press Enter to resume with the primary two factor authentication...
Two-Factor Code:

same thing when using --batch-mode shell
fwiw, the yubikey begins flashing at the expected time; entering a valid code succeeds

Return UUID of new record after adding

keeper add

currently returns nothing even on successful insertion of new record. Preferable to return the newly created record UUID.

download-attachment fails when UID begins with "-"

Any UID beginning with "-" will fail with the following message
This was tested on v4.20

keeper download-attachment -Gd9l4daPw-fMd (UID is from the README, simply for readability)

the following arguments are required: record

The README states that you should use a double --, when the UID begins with a -, e.g.
keeper download-attachment -- -Gd9l4daPw-fMd
however this has no effect on download-attachment

Llamar a autofill desde c#

¿Se puede invocar desde c# la misma funcion que hace el boton "Iniciar" que aparece en la boveda de Keeper?

'Connection aborted.', OSError(0, 'Error')

What happened:

On 11/2/2020, I encountered a particular error several times:

$ keeper --user [email protected] --password <redacted> rm --force /path/to/record
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python3.7/site-packages/urllib3/packages/six.py", line 734, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', OSError(0, 'Error'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/keeper", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/site-packages/keepercommander/__main__.py", line 164, in main
    cli.loop(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/cli.py", line 225, in loop
    login(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/api.py", line 89, in login
    pre_login_rs = rest_api.pre_login(params.rest_context, params.user)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 188, in pre_login
    rq.authRequest.encryptedDeviceToken = get_device_token(context)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 167, in get_device_token
    rs = execute_rest(context, 'authentication/get_device_token', api_request_payload)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 130, in execute_rest
    rs = requests.post(url, data=request_data, headers={'Content-Type': 'application/octet-stream'})
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))

Second occurrence:

$ keeper --user [email protected] --password <redacted> get --format json <record UID>
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python3.7/site-packages/urllib3/packages/six.py", line 734, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', OSError(0, 'Error'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/keeper", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/site-packages/keepercommander/__main__.py", line 164, in main
    cli.loop(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/cli.py", line 225, in loop
    login(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/api.py", line 119, in login
    response_json = run_command(params, rq)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/api.py", line 52, in run_command
    return rest_api.v2_execute(params.rest_context, request)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 241, in v2_execute
    rs_data = execute_rest(context, 'vault/execute_v2_command', api_request_payload)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 130, in execute_rest
    rs = requests.post(url, data=request_data, headers={'Content-Type': 'application/octet-stream'})
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))

However, retrying the command worked fine:

$ keeper --user [email protected] --password "<redacted>" get --format json "<redacted>"
{
  "record_uid": "<redacted>",
  "title": "<redacted>",
  "custom_fields": [
    <redacted>
  ],
  "shared_with": [
    {
      "username": "[email protected]",
      "owner": true,
      "editable": true,
      "sharable": false
    }
  ]
}

3rd occurrence:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py", line 400, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python3.7/site-packages/urllib3/packages/six.py", line 734, in reraise
    raise value.with_traceback(tb)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 360, in connect
    ssl_context=context,
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', OSError(0, 'Error'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/keeper", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/site-packages/keepercommander/__main__.py", line 164, in main
    cli.loop(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/cli.py", line 225, in loop
    login(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/api.py", line 89, in login
    pre_login_rs = rest_api.pre_login(params.rest_context, params.user)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 188, in pre_login
    rq.authRequest.encryptedDeviceToken = get_device_token(context)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 167, in get_device_token
    rs = execute_rest(context, 'authentication/get_device_token', api_request_payload)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 130, in execute_rest
    rs = requests.post(url, data=request_data, headers={'Content-Type': 'application/octet-stream'})
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))

What you expected to happen:

How to reproduce it (as minimally and precisely as possible): I cannot reproduce it

Anything else we need to know?:

Environment:

Keeper Commander version:

# pip3 show keepercommander | grep Version:
Version: 4.28

OS (e.g: cat /etc/os-release):

# cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.10.2
PRETTY_NAME="Alpine Linux v3.10"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

Exporting record owner information

Hello,

I cannot find a way to export or get record owner info.
Tried with keeper get and keeper export commands.

Am I missing something or this is not supported?

Add a command to display all records shared to or from a particular user

People demand this feature

no API call to import teams

Checking the docs and the code in keepercommander/api.py, there is no function to add/edit/del a team, is this possible in some other manner?

RFE: Add the ability to manage MFA Tokens

This is a three-part request.

Provide two types of MFA Token, Global Read-Write and Global Read-Only
Allow Tokens to be valid for longer periods, say 1-year, 3-year, 10-year or Forever
The ability to create and delete MFA Tokens from the Web GUI interface as well as set/adjust their validity period

protobuf definition

Hi,

I'm using PHP as programming language to acces Keeper management.

Could you provide the .proto file in order to build my own PHP module ?

Thanks
Thierry

Documentation Update - "Two-Factor Authentication and Device Token"

Please update the documentation section "Two-Factor Authentication and Device Token" to include guidance on:

Default behaviour if "device_token_expiration" is omitted from the config.json file
Expiration behavior when "device_token_expiration" is set to "false"
Proper method for revoking MFA tokens

Keepass import not working for PDF attachments

Hi, I'm failing to import with the latest version from pip3.

Output:

Decrypted [113] record(s)
Default shared folder permissions: manage (U)sers, manage (R)ecords, can (E)dit, can (S)hare, or (A)ll, (N)one: REU
Processing... please wait.
...    Keepass Password:
Uploading attachments:
mhb-ndgit.ppk ... Done
namecheap-order-46185359.pdf ... Done
'str' object has no attribute 'decode'

Goodbye.

The .ppk attachment shows up without problem in Keeper Vault, the PDF does not.

I couldn't find a debug mode, but I'd be happy to provide more details.

version mismatch asks for upgrade

When running commander from pip (current release 0.7.10 published yesterday) against keepersecurity.com I get a version mismatch error asking for a client upgrade, while there obviously isn't one. I had to pip3 install keepercommander==0.7.9

class Ui : IAuthUI

Hola, creo que los paquetes .DLL que se incluyen no estan actualizados. Estoy intentando crear una clase ui : IAuthUI y me dice que la clase no implementa ciertos miembros.

Adjunto pantallazo para que me entendais.

Enterprise Team Issue

The EnterpriseTeamCommand is not working. It appears the register_commands in enterprise.py may be misaligned.

PS> Set-KeeperEnterpriseTeam -Identity 'Test_001'

cmdlet Set-KeeperEnterpriseTeam at command pipeline position 1
Supply values for the following parameters:
AuthObject
Traceback (most recent call last):
File "C:\Program Files\WindowsPowerShell\Modules\keepersecurity.powershell\PyScripts\Set-KeeperEnterpriseTeam.py", line 8, in
from keepercommander.commands.register import EnterpriseTeamCommand
ImportError: cannot import name 'EnterpriseTeamCommand' from 'keepercommander.commands.register' (C:\JPStuff\Client Care\KeeperCommander\WPy64-3720\python-3.7.2.amd64\lib\site-packages\keepercommander\commands\register.py)

Using keepercommander as module

Hello,

It's a bit tricky to use a keepercommander as a module in project. It's undocumented and it's not a "developer friendly". For example if I want to use keepercommander in my project I must define class object with some predefined parameters, or there is better (undocumented) way?

for example I must define class, to be able to use it in my code:

import keepercommander.api as keeper


class AuthData:
    def __init__(self):
        self.auth_verifier = ""
        self.server = "https://keepersecurity.com/api/v2/"
        self.debug = False
        self.mfa_token = "token_from_my_device"
        self.mfa_type = "device_token"
        self.user = "[email protected]"
        self.password = "mypassword"
        self.revision = "0"

auth = AuthData()

keeper.login(auth)
keeper.sync_down(auth)
for item in keeper.search_records(auth, "test"):
    print(item.title)

Can you provide examples for using your module in code? Login, generating password for new entry, deleting, etc?

download-attachment -h asks for password

When just trying to get help on a command, one would not expect keeper to ask for the password, but that is what I'm seeing (with v4.15 downloaded today).

keeper download-attachment --help
Password: <entered password>
usage: download-attachment [-h] record

Download record attachments

positional arguments:
  record      record path or UID

optional arguments:
  -h, --help  show this help message and exit

On a related (but separate) note, keeper download-attachment -h does not show the subcommand help, but rather the general help.

Releases or tags

This software is versioned (pypi has its versions).

Can you please add related tags to this repository.
(I don't ask for the old ones, just from now on)

It's very helpful for distribution packagers to have them because the package is usually built from source.
And it's good to have reproducible build process and be sure you are building the exact thing, not the top of master =]

AUR example is git based and there is no other option right now =\

Thanks!

Replace pycrypto with cryptography

Pycrypto has Windows issues, need smoother experience. Cryptography (https://cryptography.io/en/latest) is what people recommend.

2FA tokens should have a configurable expiry time, or option to not persist on disk

At present when a user with 2FA enabled authenticates with the keeper / commander CLI client, the mfa_token is persisted on disk in the config.json file. This token appears to be valid indefinitely, or 30 days if the device_token_expiration option is set to true (presumably this only applies to the token associated with this client rather than all clients?). There is no command line flag that can set device_token_expiration.

There should be an option to control the 2FA authentication token persistence, i.e. one or all of:

a flag to not save the token to disk, and/or
add a command to forcefully invalidate the current token (or invalidate the token in the existing logout command), or
at least add a command line flag for device_token_expiration with a user-defined period.

An example use case is very occasional, ad-hoc invocation of the keeper CLI client - I want to ensure 2FA is required every time the client is used.

Authentication retry always fails

So I fat-finger my password - keeper offers me a second go but always returns error/failed even with the correct password.

env:

% sw_vers 
ProductName:	Mac OS X
ProductVersion:	10.15.4
BuildVersion:	19E287
% keeper --version                                         
Keeper Commander, version 4.31

keeper installed via pip3, per readme

repro:

% echo 'whoami' | keeper --user "${keeperuser}" -  
Password: 
Authentication failed.
Password: 
AuthenticationError Error: Authentication failed.

enter an incorrect password in response to the first prompt; a correct password to the second

expect:

keeper should either not offer a second attempt, or accept it if correct

Cannot import keepass db with attachments

When trying to import a keepass database containing attachments, I get the following output:

Processing... please wait.
... Keepass Password:
Uploading attachments:
NetBackupEnc.key ... Done
Can't convert 'bytes' object to str implicitly

Goodbye.

Running Keeper Commander, version 4.0

Please fix.

Thanks.

‘Folder’ output is blank

Example

Keeper > s xxx
Searching for xxx
Record UID Folder Title
1 GJxgkdi9bg2Um-7LyUztdA xxx
2 22-lYZAOaDNeZ-rkMU28Tw xxx

When running the keeper get-rec command, the returned results are not valid JSON

Further, the first two lines of output are always:

Downloading records...
Downloaded & Decrypted [104] Records

Example Output

xxx ~/git/xxx $ keeper --config=/home/xxx/config.json get-rec --uid 7efLlQOd-ElInlMLZoAyWw
Downloading records...
Downloaded & Decrypted [104] Records
{'secret1': 'root', 'link': '', 'custom': [{'type': 'text', 'name': 'cmdr:Rotation @ 2017-02-02 10:57:54', 'value': 'xxx'}, {'type': 'text', 'name': 'cmdr:rules', 'value': '4,6,3'}, {'type': 'text', 'name': 'cmdr:Rotation @ 2017-02-02 11:01:09', 'value': "xxx"}, {'type': 'text', 'name': 'cmdr:Rotation @ 2017-02-02 11:03:06', 'value': 'xxx'}, {'type': 'text', 'name': 'cmdr:Rotation @ 2017-02-02 11:06:06', 'value': 'xxx'}], 'title': 'BIG-IP Admin-Root - Dev', 'notes': '', 'folder': '', 'secret2': 'xxx'}

Missing `LICENSE` file.

$ pip --version
pip 9.0.1 from ~/.virtualenvs/py3.6.1/lib/python3.6/site-packages (python 3.6)

$ pip install keepercommander  --no-binary :all:
Collecting keepercommander
  Using cached https://files.pythonhosted.org/packages/3a/ff/957141dcbd5b6b193332ede5dde87f0d0076e04b8361ae886f51a6f2c42f/keepercommander-3.9.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-hqliqwyr/keepercommander/setup.py", line 11, in <module>
        LICENSE = open("LICENSE").read()
    FileNotFoundError: [Errno 2] No such file or directory: 'LICENSE'
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-hqliqwyr/keepercommander/
You are using pip version 9.0.1, however version 19.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Error with import function

Using Python 3.5.3 with pyenv. When attempting to utilize the keeper cli invocation:
keeper import --format json import.json
I get the error:
"Error: string indices must be integers"

My json file is:
{
"title":"Test Record",
"folder": "LWPC pfx",
"secret1": "",
"secret2": "BadPassword",
"link": "https://someurl",
"notes": "This is a test"
}

I have attempted it as requested in the keeper cli directly as well to no avail:
{
"Title":"Test Record",
"Folder": "LWPC pfx",
"Password": "BadPassword",
"Login URL": "https://someurl",
"Notes": "This is a test"
}

No error on incorrect `--custom` format on `add` command

What happened:

I created a record with a custom field using command keeper add:

$ keeper --user [email protected] --password '<redacted>' add --custom 'key=value' --force test-record
$

I used an incorrect format for flag --custom (key=value instead of key: value), so the record was created empty:

What bothers me is that the command did not raise any error message, and it returned a success exit code:

$ echo $?
0
$

What you expected to happen:

I expected:

an error message, maybe something like Wrong format for flag `--custom` , or maybe a python exception stack trace
an "error" exit code (i.e. not 0)

Anything else we need to know?:

Environment:

keepercommander version:

$ pip3 show keepercommander | grep Version:
Version: 4.28

Readme: broken image links

This is not a technical issues. However, all the image links on Readme.md are broken since the last check in and do not display when viewing from the Git project main page.

Circular import? ImportError: cannot import name 'cli'

Howdy,

looks like I am running into a circular import on a particular install of the Keeper commander. This is on a Ubuntu 14 machine with Python 3.4 using keepercommander==1.5. The same version on Ubuntu 16 / 3.5 does not throw this error.

~ ᐅ cd keeper 
~/keeper ᐅ source env/bin/activate
(env) ~/keeper ᐅ keeper
Traceback (most recent call last):
  File "/root/keeper/env/bin/keeper", line 7, in <module>
    from keepercommander.__main__ import main
  File "/root/keeper/env/lib/python3.4/site-packages/keepercommander/__main__.py", line 21, in <module>
    from . import cli
  File "/root/keeper/env/lib/python3.4/site-packages/keepercommander/cli.py", line 26, in <module>
    from .autocomplete import CommandCompleter
  File "/root/keeper/env/lib/python3.4/site-packages/keepercommander/autocomplete.py", line 18, in <module>
    from . import cli
ImportError: cannot import name 'cli'
(env) ~/keeper ᐅ python -V
Python 3.4.3

Reading the source, this really looks like a circular import. main.py imports cli.py which imports autocomplete.py which again imports cli.py.

I'm a bit stuck. Must be some difference between the import handling in Python 3.4 vs. Python 3.5? Is there a minimal Python version requirement for the keeper commander?

Cryptodome - ValueError: MAC check failed

When connecting to our keeper instance there is a ValueError thrown, it seems this is from the python package Cryptodome. I am trying to login using the following params:
keeper --server keeper.mydomain.com --user myusername --password mypassword --debug shell

Here is the full trace:

 | |/ /___ ___ _ __  ___ _ _ 
 | ' </ -_) -_) '_ \/ -_) '_|
 |_|\_\___\___| .__/\___|_|
              |_|            

 password manager & digital vault


Logging in...
Traceback (most recent call last):
  File "/usr/local/bin/keeper", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/site-packages/keepercommander/__main__.py", line 158, in main
    cli.loop(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/cli.py", line 203, in loop
    login(params)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/api.py", line 89, in login
    pre_login_rs = rest_api.pre_login(params.rest_context, params.user)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 190, in pre_login
    rq.authRequest.encryptedDeviceToken = get_device_token(context)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 169, in get_device_token
    rs = execute_rest(context, 'authentication/get_device_token', rq.SerializeToString())
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 144, in execute_rest
    return decrypt_aes(rs.content, context.transmission_key)
  File "/usr/local/lib/python3.7/site-packages/keepercommander/rest_api.py", line 100, in decrypt_aes
    return cipher.decrypt_and_verify(data[12:-16], data[-16:])
  File "/usr/local/lib/python3.7/site-packages/Cryptodome/Cipher/_mode_gcm.py", line 567, in decrypt_and_verify
    self.verify(received_mac_tag)
  File "/usr/local/lib/python3.7/site-packages/Cryptodome/Cipher/_mode_gcm.py", line 508, in verify
    raise ValueError("MAC check failed")
ValueError: MAC check failed```

connect / listing connections in folders

currently connect method lists all the connections in all folders

its semi-useful when its sorted first by endpoint name (folder, endpoint name would work much better)

any chance for some filters like connect *ehp* just to limit the output to /lsn/ehp/ folder?

`cd` exits with status "success" when dir does not exist

What happened:

I called command keeper cd on a non-existent folder, and it exited with "success" status, i.e. exit code 0.

Call keeper cd on a non-existent folder:

$ keeper --user [email protected] --password <redacted> cd '/non-existent-dir'
cd: Folder /non-existent-dir not found

Check exit status:

$ echo $?
0

What you expected to happen:

I expected to keeper to exit with status "failure", i.e. return code != 0

How to reproduce it (as minimally and precisely as possible):

# Call command
keeper cd '/non-existent-dir'

# Check exit status
echo $?

Environment:

keepercommander version:

$ pip3 show keepercommander | grep Version:
Version: 4.26

OS (e.g: cat /etc/os-release):

$ (source /etc/*-release && echo "$DISTRIB_DESCRIPTION")
Ubuntu 19.10

Kernel (e.g. uname -a):

$ uname -a
Linux baume 5.3.0-29-generic #31-Ubuntu SMP Fri Jan 17 17:27:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

keeper-security / commander Goto Github PK

commander's Introduction

About Keeper Commander

Documentation

About Keeper Security

commander's People

Contributors

Stargazers

Watchers

Forkers

commander's Issues

Recommend Projects

Recommend Topics

Recommend Org