ghopp
/
accountmanager
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

finalize argument handling

master
Georg Hopp 9 years ago
parent
8a20eca3ab
commit
d7a3a5ac79
5 changed files with 546 additions and 212 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      Makefile
  2. 142
      README.md
  3. 421
      accountmanager.sh
  4. 167
      doc/accountmanager.1
  5. BIN
      doc/accountmanager.1.bz2

4
Makefile
View File

@ -25,6 +25,10 @@ PROGRAM := accountmanager.sh
all: doc all: doc
README_new.md: doc/accountmanager.1
groff -D utf8 -mandoc -Thtml "$<" |\
pandoc -f html -t markdown_strict >"$@"
.PHONY: clean install doc .PHONY: clean install doc
doc: doc:

142
README.md
View File

@ -14,7 +14,6 @@ Database management functions:
Account management functions: Account management functions:
- **amngradd** − add an account credential to the database - **amngradd** − add an account credential to the database
- **amngrcreate** − create a new account credential to the database
- **amngrcrypt** − crypt the given data with GnuPG - **amngrcrypt** − crypt the given data with GnuPG
- **amngrdelete** − delete an account - **amngrdelete** − delete an account
- **amngrgen** − generate a encrypted random passphrase - **amngrgen** − generate a encrypted random passphrase
@ -23,7 +22,6 @@ Account management functions:
- **amngrgetpass** − copy active password of account to X clipboard - **amngrgetpass** − copy active password of account to X clipboard
- **amngrgetuser** − copy active username of account to X clipboard - **amngrgetuser** − copy active username of account to X clipboard
- **amngrid** − write the database id of a given account name to stdout - **amngrid** − write the database id of a given account name to stdout
- **amngrlist** − list all accounts
- **amngrrename** − rename an account - **amngrrename** − rename an account
- **amngrsearch** − pattern search accounts - **amngrsearch** − pattern search accounts
@ -33,39 +31,35 @@ source **${PATH}/accountmanager.sh**
**random** **random**
**rand\_printable** \[*len*\]
**rand\_printable** \[**-h**\] \[*len*\]
**amngrdbinit** \[*dbfile*\]
**amngrdbinit** \[**-h**\] \[*dbfile*\]
**amngrdbdestroy** \[*dbfile*\]
**amngrdbdestroy** \[**-h**\] \[*dbfile*\]
**amngradd** **-u** *username* **-p** *password* \[**-d** *description*\]
\[**-D** *dbfile*\] \[**-r** *recipient*\] *account*
**amngradd** \[**-h**\] \[**-d** *description*\] \[**-D** *dbfile*\]
\[**-r** *recipient*\] *account* \[*username* \[*password*\]\]
**amngrcreate** **-u** *username* \[**-d** *description*\] \[**-D**
*dbfile*\] \[**-r** *recipient*\] *account*
**amngrcrypt** \[**-h**\] \[**-r** *recipient*\] *password*
**amngrcrypt** \[**-r** *recipient*\] *password*
**amngrdelete** \[**-h**\] \[**-D** *dbfile*\] *account*
**amngrdelete** *account*
**amngrgen** \[**-h**\] \[**-r** *recipient*\] \[*len*\]
**amngrgen** \[**-r** *recipient*\] \[*len*\]
**amngrgetoldpass** \[**-h**\] \[**-D** *dbfile*\] *account*
**amngrgetoldpass** *account*
**amngrgetolduser** \[**-h**\] \[**-c**\] \[**-D** *dbfile*\] *account*
**amngrgetolduser** *account*
**amngrgetpass** \[**-h**\] \[**-D** *dbfile*\] *account* \[*state*\]
**amngrgetpass** *account*
**amngrgetuser** \[**-h**\] \[**-c**\] \[**-D** *dbfile*\] *account* \[*state*\]
**amngrgetuser** *account*
**amngrid** \[**-h**\] \[**-D** *dbfile*\] *account*
**amngrid** *account*
**amngrrename** \[**-h**\] \[**-D** *dbfile*\] *old\_account* *new\_account*
**amngrlist** \[**-s** *separator*\]
**amngrrename** *old\_account new\_account*
**amngrsearch** \[**-s** *separator*\] *pattern*
**amngrsearch** \[**-h**\] \[**-D** *dbfile*\] \[**-s** *separator*\]
\[*pattern*\]
## DESCRIPTION ## DESCRIPTION
@ -84,7 +78,7 @@ pair.
Takes no arguments and connect a non blocking random source to stdout. Takes no arguments and connect a non blocking random source to stdout.
**rand\_printable** \[*len*\]
**rand\_printable** \[**-h**\] \[*len*\]
Uses **random** to write a string of random printable characters to Uses **random** to write a string of random printable characters to
stdout. All control characters ASCII-0 to ASCII-37 as well as ASCII-177 stdout. All control characters ASCII-0 to ASCII-37 as well as ASCII-177
@ -95,44 +89,47 @@ communicate with the SQLite database.
The optional *len* argument specifies the string length to be written The optional *len* argument specifies the string length to be written
and defaults to 512. and defaults to 512.
**amngrdbinit** \[*dbfile*\]
**amngrdbinit** \[**-h**\] \[*dbfile*\]
Create the SQLite database file. If the optional *dbfile* argument is Create the SQLite database file. If the optional *dbfile* argument is
given it specifies the fill path to the file to use, else the value of given it specifies the fill path to the file to use, else the value of
**$AMNGRDB** environment variable is used. **$AMNGRDB** environment variable is used.
**amngrdbdestroy** \[*dbfile*\]
**amngrdbdestroy** \[**-h**\] \[*dbfile*\]
Deletes the SQLite database file. If the optional *dbfile* argument is Deletes the SQLite database file. If the optional *dbfile* argument is
given it specifies the fill path to the file to use, else the value of given it specifies the fill path to the file to use, else the value of
**$AMNGRDB** environment variable is used. **$AMNGRDB** environment variable is used.
**amngradd -u** *username* **-p** *password* \[**-d** *description*\]
\[**-D** *dbfile*\] \[**-r** *recipient*\] *account*
**amngradd** \[**-h**\] \[**-d** *description*\] \[**-D** *dbfile*\]
\[**-r** *recipient*\] *account* \[*username* \[*password*\]\]
Adds an account credential and marks it as active. If the account Adds an account credential and marks it as active. If the account
already exist, the credential (*username* and *password*) is added to already exist, the credential (*username* and *password*) is added to
that account and the previously added credential is marked as old. If that account and the previously added credential is marked as old. If
there was another even older credential that was already marked as old there was another even older credential that was already marked as old
this will be marked as inactive and this becomes inaccessible with this
this will be marked as inactive and thus becomes inaccessible with this
tools (except for **amngrdelete**). tools (except for **amngrdelete**).
The necessary option **-u** specifies the username to be stored with
this credential pair.
The also necessary option **-p** specifies the password to be stored
and the length of *password* is not limited at all.
With option **-d** one can add a *description* to the account entry.
One can specify the *dbfile* with the option **-D** if that option is
not given the **$AMNGRDB** environment variable is used.
**amngrcreate -u** *username* \[**-d** *description*\] \[**-D**
*dbfile*\] \[**-r** *recipient*\] *account*
The *username* and the *account* name must not be longer than 128
characters. The *password* is not limited in its length at all. If
*password* is omitted one will be generated with **amngrgen**.
The *username* may also be omitted if there was a previously added
credentials pair for this account. In that case the previous username is
taken. It is a failure to provide a *password* without a *username*.
There is no way for the script to detect this condition and you will end
up with a credential where the username is the password and the password
was generated.
Option **-d** adds a *description* to the account entry and option
**-D** specifys the *dbfile* to use. If that option is not given the
**$AMNGRDB** environment variable is used.
This will create a password with **amngrgen** and use that to add an
credential via **amngradd**. (See there for options description)
The added password will be copied to the X clipboard with
**amngrgetpass** for further use.
If a password was generated with this call it will be stored in the X
clipboard.
**amngrcrypt** \[**-r** *recipient*\] *password*
**amngrcrypt** \[**-h**\] \[**-r** *recipient*\] *password*
Crypt the given plain text *password* with GnuPG and write it to Crypt the given plain text *password* with GnuPG and write it to
stdout. stdout.
@ -140,58 +137,59 @@ The option **-r** specifies the recipient to use with the call to
**gpg**. If it is not given the value of the **$AMNGRID** environment **gpg**. If it is not given the value of the **$AMNGRID** environment
variable is used. variable is used.
**amngrdelete** *account*
**amngrdelete** \[**-h**\] \[**-D** *dbfile*\] *account*
Remove the *account* and all credential associated to it. Remove the *account* and all credential associated to it.
**amngrgen** \[**-r** *receipient*\] \[*len*\]
**amngrgen** \[**-h**\] \[**-r** *receipient*\] \[*len*\]
Generate a password with **rand\_printable** and encrypt it via Generate a password with **rand\_printable** and encrypt it via
**amngrcrypt**. By default the password will be 10 characters long. That **amngrcrypt**. By default the password will be 10 characters long. That
can be modified by the optional *len* argument. can be modified by the optional *len* argument.
**amngrgetoldpass** *account*
**amngrgetoldpass** \[**-h**\] \[**-D** *dbfile*\] *account*
Read and decrypt the password associated with *account* that is flagged Read and decrypt the password associated with *account* that is flagged
as old and store it into the X clipboard. as old and store it into the X clipboard.
**amngrgetolduser** *account*
**amngrgetolduser** \[**-h**\] \[**-c**\] \[**-D** *dbfile*\] *account*
Read and decrypt the username associated with *account* that is flagged Read and decrypt the username associated with *account* that is flagged
as old and store it into the X clipboard. as old and store it into the X clipboard.
**amngrgetpass** *account*
**amngrgetpass** \[**-h**\] \[**-D** *dbfile*\] *account* \[*state*\]
Read and decrypt the password associated with *account* that is flagged Read and decrypt the password associated with *account* that is flagged
as active and store it into the X clipboard.
as active and store it into the X clipboard. The *state* argument might
be either 1 or 2 where 1 means get the current credential and 2 means
get the old credential. It defaults to 1.
**amngrgetuser** *account*
**amngrgetuser** \[**-h**\] \[**-c**\] \[**-D** *dbfile*\] *account* \[*state*\]
Read and decrypt the username associated with *account* that is flagged Read and decrypt the username associated with *account* that is flagged
as active and store it into the X clipboard.
as active and store it into the X clipboard. The *state* argument might
be either 1 or 2 where 1 means get the current credential and 2 means
get the old credential. It defaults to 1.
**amngrid** *account*
**amngrid** \[**-h**\] \[**-D** *dbfile*\] *account*
(This is primarily for internal use.) Get the database id associated to (This is primarily for internal use.) Get the database id associated to
the given *account* argument. the given *account* argument.
**amngrlist** \[**-s** *separator*\]
List all accounts currently stored within the database the output will
contain the name of the account, the username and the description
delimited by a *separator* string that can be specified with the **-s**
option. If the option is omitted the separator is " =&gt; ". Each row is
one account.
**amngrrename** *old\_account new\_account*
**amngrrename** \[**-h**\] \[**-D** *dbfile*\] *old\_account
new\_account*
Rename the account specified by *old\_account* to *new\_account*. Rename the account specified by *old\_account* to *new\_account*.
**amngrsearch** \[**-s** *separator*\] *pattern*
**amngrsearch** \[**-h**\] \[**-D** *dbfile*\] \[**-s** *separator*\]
\[*pattern*\]
List accounts where *pattern* exists in either the account name, the
username or the account description. The output is like the one
described with **amngrlist**.
List all accounts where *pattern* exists in either the account name, the
username or the account description. The output will contain the name of
the account, the username and the description delimited by a *separator*
string that can be specified with the **-s** option. If the option is
omitted the separator is " => ". Each row is one account.
If *pattern* is omitted all accounts will be listed.
## OPTIONS ## OPTIONS
@ -199,10 +197,17 @@ The options are consistent over all sub commands. However not all sub
commands use all options and some sub commands take arguments that other commands use all options and some sub commands take arguments that other
get per option. (See **DESCRIPTION**) get per option. (See **DESCRIPTION**)
**-h** − Write a short usage information.
**-u** − The login username of the credential for the account. **-u** − The login username of the credential for the account.
**-p** − The plain text password of the credential for the account. **-p** − The plain text password of the credential for the account.
**-c** − By default this scripts stores the username into the X clipboard
whith **ambgrgetuser** and **amngrgetolduser**. When **-c** is given
the username is written to stdout. The password is never written to
stdout.
**-d** − The description for the account. **-d** − The description for the account.
**-D** − Select the database file to use instead of the one defined in the **-D** − Select the database file to use instead of the one defined in the
@ -211,8 +216,8 @@ get per option. (See **DESCRIPTION**)
**-r** − Select a recipient id for GnuPG encryption to use instead of the one **-r** − Select a recipient id for GnuPG encryption to use instead of the one
defined in the **$AMNGRID** environment variable. defined in the **$AMNGRID** environment variable.
**-s** − The column separator for the **amngrlist** and
**amngrsearchcommands**.
**-s** − The column separator for the **amngrlist** and **amngrsearch**
commands.
## ENVIRONMENT ## ENVIRONMENT
@ -231,7 +236,8 @@ option.
**AMNGRPWLEN** **AMNGRPWLEN**
The password length to be used when generating new passwords.
The password length to be used when generating new passwords. If not
specified this defaults to 10.
## DEPENDENCIES ## DEPENDENCIES
@ -257,7 +263,7 @@ To store the data within the X clipboard the **xclip** is needed.
- **awk** - **awk**
- **basename** - **basename**
- **cat** - **cat**
- **dnsdomainname**
- **dirname**
- **echo** - **echo**
- **getopts** - **getopts**
- **gpg** - **gpg**

421
accountmanager.sh
View File

@ -7,15 +7,54 @@ AMNGRPWLEN="${AMNGRPWLEN:-10}"
alias random="cat /dev/urandom" alias random="cat /dev/urandom"
function rand_printable() { function rand_printable() {
if ! [[ "${1}" =~ "^[0-9]+$" ]]
local OPT OPTARG OPTIND
local USAGE="$(printf "Usage: %s [-h] [len]" "$0")"
while getopts h OPT
do
case $OPT in
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
if ! [[ "${1}" =~ ^[0-9]*$ ]]
then then
printf "Usage: %s: [len]" "$0"
echo "${USAGE}"
return 1
fi fi
echo -n "$(random | tr -dc ' !#-&(-~' | head -c${1:-512})" echo -n "$(random | tr -dc ' !#-&(-~' | head -c${1:-512})"
} }
function amngrdbinit() { function amngrdbinit() {
local DB="${1:-${AMNGRDB}}"
local OPT OPTARG OPTIND DB
local USAGE="$(printf "Usage: %s [-h] [dbfile]" "$0")"
while getopts h OPT
do
case $OPT in
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
DB="${1:-${AMNGRDB}}"
if [ ! \( -d "$(dirname "${DB}")" \) ]
then
echo "${USAGE}"
return 1
fi
sqlite3 "${DB}" <<-EOD sqlite3 "${DB}" <<-EOD
PRAGMA foreign_keys = ON; PRAGMA foreign_keys = ON;
@ -39,43 +78,198 @@ function amngrdbinit() {
} }
function amngrdbdestroy() { function amngrdbdestroy() {
local DB="${1:-${AMNGRDB}}"
local CHECK
local OPT OPTARG OPTIND DB CHECK
local USAGE="$(printf "Usage: %s [-h] [dbfile]" "$0")"
while getopts h OPT
do
case $OPT in
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
DB="${1:-${AMNGRDB}}"
cat <<-EOT cat <<-EOT
WARNING: You are about to remove your account data. There is no way to WARNING: You are about to remove your account data. There is no way to
recover from this. Are you really shure you want to do this?
recover from this. Are you really sure you want to do this?
EOT EOT
echo -n "[Yes|[No]]: " && read CHECK
printf "Really remove %s (Yes|[No]): " "${DB}" && read CHECK
CHECK="${CHECK:-No}" CHECK="${CHECK:-No}"
test "${CHECK}" == "Yes" && rm -f "${AMNGRDB}"
test "${CHECK}" == "Yes" && rm -f "${DB}"
} }
function amngrid() { function amngrid() {
local ACCOUNT_NAME="${1}"
echo "$(sqlite3 "${AMNGRDB}" <<-EOD
local OPT OPTARG OPTIND ACCOUNT_NAME DB
local USAGE="$(printf "Usage: %s [-h] [-D dbfile] account" "$0")"
while getopts hD: OPT
do
case $OPT in
D)
DB="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
ACCOUNT_NAME="${1}"
DB="${DB:-${AMNGRDB}}"
if [ -z "${ACCOUNT_NAME}" ]
then
echo "${USAGE}"
return 1
fi
echo "$(sqlite3 "${DB}" <<-EOD
SELECT id FROM account WHERE name='${ACCOUNT_NAME}'; SELECT id FROM account WHERE name='${ACCOUNT_NAME}';
EOD EOD
)" )"
} }
function amngrcrypt() { function amngrcrypt() {
local PLAIN="${1}"
echo -n "${PLAIN}" | gpg -aeqr "${AMNGRID}"
local OPT OPTARG OPTIND PLAIN RECIPIENT
local USAGE="$(printf "Usage: %s [-h] [-r recipient] password" "$0")"
while getopts hr: OPT
do
case $OPT in
r)
RECIPIENT="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
RECIPIENT="${RECIPIENT:-${AMNGRID}}"
PLAIN="${1}"
if [ -z "${PLAIN}" ]
then
echo "${USAGE}"
return 1
fi
echo -n "${PLAIN}" | gpg -aeqr "${RECIPIENT}"
} }
function amngrgen() { function amngrgen() {
local LEN="${0:-${AMNGRPWLEN}}"
local OPT OPTARG OPTIND RECIPIENT
local USAGE="$(printf "Usage: %s [-h] [-r recipient] [len]" "$0")"
while getopts hr: OPT
do
case $OPT in
r)
RECIPIENT="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
local LEN="${1:-${AMNGRPWLEN}}"
if [ "${RECIPIENT}" ]
then
amngrcrypt -r "${RECIPIENT}" "$(rand_printable "${LEN}")"
else
amngrcrypt "$(rand_printable "${LEN}")" amngrcrypt "$(rand_printable "${LEN}")"
fi
} }
function amngradd() { function amngradd() {
local OPT OPTARG OPTIND DESCRIPTION RECIPIENT DB
local USAGE="$(cat <<-EOT
Usage: $0 [-h] [-d description] [-D dbfile] [-r recipient]
account [username [password]]
EOT
)"
while getopts d:D:hr: OPT
do
case $OPT in
d)
DESCRIPTION="${OPTARG}";;
D)
DB="${OPTARG}";;
r)
RECIPIENT="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
RECIPIENT="${RECIPIENT:-${AMNGRID}}"
DB="${DB:-${AMNGRDB}}"
local ACCOUNT_NAME="${1}" local ACCOUNT_NAME="${1}"
local USER="${2}"
local PASSWORD="$(amngrcrypt "${3}")"
local DESCRIPTION="${4:-NO DESCRIPTION}"
local ACCOUNT_ID="$(amngrid "${ACCOUNT_NAME}")"
DESCRIPTION="${DESCRIPTION:-NO DESCRIPTION}"
if [ -z "${ACCOUNT_NAME}" ]
then
echo "No account name given."
echo "${USAGE}"
return 1
fi
if [ "${2}" ]
then
USER="${2}"
else
USER="$(amngrgetuser -D "${DB}" -c "${ACCOUNT_NAME}")"
fi
if [ -z "${USER}" ]
then
printf "Can't find current user for account %s\n" "${ACCOUNT_NAME}"
echo "${USAGE}"
return 2
fi
if [ "${3}" ]
then
PASSWORD="$(amngrcrypt -r "${RECIPIENT}" "${3}")"
else
PASSWORD="$(amngrgen -r "${RECIPIENT}")"
echo -n "${PASSWORD}" | gpg -dq | xclip -i
fi
if [ -z "${PASSWORD}" ]
then
printf "Failed to create encrypted password for account %s\n" \
"${ACCOUNT_NAME}"
echo "${USAGE}"
return 3
fi
local ACCOUNT_ID="$(amngrid -D "${DB}" "${ACCOUNT_NAME}")"
local QUERY="$(cat <<-EOD local QUERY="$(cat <<-EOD
PRAGMA foreign_keys = ON; PRAGMA foreign_keys = ON;
BEGIN TRANSACTION; BEGIN TRANSACTION;
@ -115,46 +309,100 @@ function amngradd() {
EOD EOD
)" )"
sqlite3 "${AMNGRDB}" "${QUERY}"
sqlite3 "${DB}" "${QUERY}"
} }
function amngrcreate() {
local ACCOUNT_NAME="${1}"
local USER="${2}"
local DESCRIPTION="${3:-NO DESCRIPTION}"
local PASSWORD="$(rand_printable 10)"
function amngrgetuser() {
local OPT OPTARG OPTIND DB
local STDOUT=0
local USAGE="$(cat <<-EOT
Usage: $0 [-h] [-c] [-D dbfile] account [state]
EOT
)"
amngradd "${ACCOUNT_NAME}" "${USER}" "${PASSWORD}" "${DESCRIPTION}"
amngrgetpass "${ACCOUNT_NAME}"
}
while getopts hcD: OPT
do
case $OPT in
c)
STDOUT=1;;
D)
DB="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
function amngrgetuser() {
local ACCOUNT_NAME="${1}" local ACCOUNT_NAME="${1}"
local STATE="${2:-"1"}" local STATE="${2:-"1"}"
DB="${DB:-${AMNGRDB}}"
if [ -z "${ACCOUNT_NAME}" ]
then
echo "${USAGE}"
return 1
fi
test "${STATE}" != "1" -a "${STATE}" != "2" && STATE="1" test "${STATE}" != "1" -a "${STATE}" != "2" && STATE="1"
sqlite3 "${AMNGRDB}" <<-EOD |\
if [ $STDOUT -eq 0 ]
then
sqlite3 "${DB}" <<-EOD |\
awk 'NR>1{print p}{p=$0}END{ORS="";print}' | xclip -i awk 'NR>1{print p}{p=$0}END{ORS="";print}' | xclip -i
SELECT user FROM account SELECT user FROM account
JOIN account_cred ON account.id=account_cred.account_id JOIN account_cred ON account.id=account_cred.account_id
JOIN cred ON cred.id=account_cred.cred_id JOIN cred ON cred.id=account_cred.cred_id
WHERE name='${ACCOUNT_NAME}' AND state=${STATE}; WHERE name='${ACCOUNT_NAME}' AND state=${STATE};
EOD EOD
else
sqlite3 "${DB}" <<-EOD |\
awk 'NR>1{print p}{p=$0}END{ORS="";print}'
SELECT user FROM account
JOIN account_cred ON account.id=account_cred.account_id
JOIN cred ON cred.id=account_cred.cred_id
WHERE name='${ACCOUNT_NAME}' AND state=${STATE};
EOD
fi
} }
function amngrgetolduser() { function amngrgetolduser() {
local ACCOUNT_NAME="${1}"
amngrgetuser "${ACCOUNT_NAME}" "2"
amngrgetuser "$@" "2"
} }
function amngrgetpass() { function amngrgetpass() {
local OPT OPTARG OPTIND DB
local USAGE="$(printf "Usage: %s [-h] [-D dbfile] account [state]" "$0")"
while getopts hD: OPT
do
case $OPT in
D)
DB="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
local ACCOUNT_NAME="${1}" local ACCOUNT_NAME="${1}"
local STATE="${2:-1}" local STATE="${2:-1}"
DB="${DB:-${AMNGRDB}}"
if [ -z "${ACCOUNT_NAME}" ]
then
echo "${USAGE}"
return 1
fi
test "${STATE}" != "1" -a "${STATE}" != "2" && STATE="1" test "${STATE}" != "1" -a "${STATE}" != "2" && STATE="1"
sqlite3 "${AMNGRDB}" <<-EOD |\
sqlite3 "${DB}" <<-EOD |\
awk 'NR>1{print p}{p=$0}END{ORS="";print}' | gpg -dq | xclip -i awk 'NR>1{print p}{p=$0}END{ORS="";print}' | gpg -dq | xclip -i
SELECT pass FROM account SELECT pass FROM account
JOIN account_cred ON account.id=account_cred.account_id JOIN account_cred ON account.id=account_cred.account_id
@ -164,26 +412,76 @@ function amngrgetpass() {
} }
function amngrgetoldpass() { function amngrgetoldpass() {
local ACCOUNT_NAME="${1}"
amngrgetpass "${ACCOUNT_NAME}" "2"
amngrgetpass "$@" "2"
} }
function amngrrename() { function amngrrename() {
local OPT OPTARG OPTIND DB
local USAGE="$(cat <<-EOT
Usage: $0 [-h] [-D dbfile] old_account new_account
EOT
)"
while getopts hD: OPT
do
case $OPT in
D)
DB="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
local OLD_NAME="${1}" local OLD_NAME="${1}"
local NEW_NAME="${2}" local NEW_NAME="${2}"
DB="${DB:-${AMNGRDB}}"
test -z "${OLD_NAME}" -o -z "${NEW_NAME}" && return 1
if [ -z "${OLD_NAME}" -o -z "${NEW_NAME}" ]
then
echo "${USAGE}"
return 1
fi
sqlite3 "${AMNGRDB}" <<-EOD
sqlite3 "${DB}" <<-EOD
UPDATE account SET name='${NEW_NAME}' UPDATE account SET name='${NEW_NAME}'
WHERE name='${OLD_NAME}'; WHERE name='${OLD_NAME}';
EOD EOD
} }
function amngrdelete() { function amngrdelete() {
local OPT OPTARG OPTIND DB
local USAGE="$(printf "Usage: %s [-h] [-D dbfile] account" "$0")"
while getopts hD: OPT
do
case $OPT in
D)
DB="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?)
echo "${USAGE}"
return 1;;
esac
done
shift $(($OPTIND-1))
local ACCOUNT_NAME="${1}" local ACCOUNT_NAME="${1}"
DB="${DB:-${AMNGRDB}}"
if [ -z "${ACCOUNT_NAME}" ]
then
echo "${USAGE}"
return 1
fi
sqlite3 "${AMNGRDB}" <<-EOD
sqlite3 "${DB}" <<-EOD
PRAGMA foreign_keys = ON; PRAGMA foreign_keys = ON;
BEGIN TRANSACTION; BEGIN TRANSACTION;
DELETE FROM cred WHERE id IN ( DELETE FROM cred WHERE id IN (
@ -195,42 +493,35 @@ function amngrdelete() {
EOD EOD
} }
function amngrlist() {
local SEPARATOR="${1:-" => "}"
sqlite3 -separator "${SEPARATOR}" "${AMNGRDB}" <<-EOD
SELECT name, user, desc FROM account
JOIN account_cred ON account.id=account_cred.account_id
JOIN cred ON cred.id=account_cred.cred_id
WHERE state=1;
EOD
}
function amngrsearch() { function amngrsearch() {
local PATTERN
local DELIMITER=" => "
local USAGE="$(printf "Usage: %s: [-d delimiter] pattern" "$0")"
local OPT OPTARG OPTIND SEPARATOR PATTERN
local USAGE="$(cat <<-EOT
Usage: $0 [-h] [-D dbfile] [-s separator] [pattern]
EOT
)"
while getopts d: opt
while getopts hD:s: OPT
do do
case $opt in
d)
DELIMITER="${OPTARG}";;
case $OPT in
D)
DB="${OPTARG}";;
s)
SEPARATOR="${OPTARG}";;
h)
echo "${USAGE}"
return 0;;
?) ?)
echo "${USAGE}" echo "${USAGE}"
exit 1;;
return 1;;
esac esac
done done
shift $(($OPTIND-1)) shift $(($OPTIND-1))
if [ $# -lt 2 ]
then
echo "${USAGE}"
exit 1;;
fi
PATTERN="${1}" PATTERN="${1}"
SEPARATOR="${SEPARATOR:-" => "}"
DB="${DB:-${AMNGRDB}}"
sqlite3 -separator " => " "${AMNGRDB}" <<-EOD
sqlite3 -separator "${SEPARATOR}" "${DB}" <<-EOD
SELECT name, user, desc FROM account SELECT name, user, desc FROM account
JOIN account_cred ON account.id=account_cred.account_id JOIN account_cred ON account.id=account_cred.account_id
JOIN cred ON cred.id=account_cred.cred_id JOIN cred ON cred.id=account_cred.cred_id
@ -242,10 +533,10 @@ function amngrsearch() {
case "$(basename -- "$0")" in case "$(basename -- "$0")" in
random) random;; random) random;;
rand_printable) rand_printable;;
rand_printable) rand_printable "$@";;
amngrdbinit) amngrdbinit;;
amngrdbdestroy) amngrdbdestroy;;
amngrdbinit) amngrdbinit "$@";;
amngrdbdestroy) amngrdbdestroy "$@";;
amngradd) amngradd "$@";; amngradd) amngradd "$@";;
amngrcreate) amngrcreate "$@";; amngrcreate) amngrcreate "$@";;
@ -257,7 +548,7 @@ case "$(basename -- "$0")" in
amngrgetpass) amngrgetpass "$@";; amngrgetpass) amngrgetpass "$@";;
amngrgetuser) amngrgetuser "$@";; amngrgetuser) amngrgetuser "$@";;
amngrid) amngrid "$@";; amngrid) amngrid "$@";;
amngrlist) amngrlist;;
amngrlist) amngrlist "$@";;
amngrrename) amngrrename "$@";; amngrrename) amngrrename "$@";;
amngrsearch) amngrsearch "$@";; amngrsearch) amngrsearch "$@";;

167
doc/accountmanager.1
View File

@ -15,7 +15,6 @@ Database management functions:
Account management functions: Account management functions:
amngradd \- add an account credential to the database amngradd \- add an account credential to the database
amngrcreate \- create a new account credential to the database
amngrcrypt \- crypt the given data with GnuPG amngrcrypt \- crypt the given data with GnuPG
amngrdelete \- delete an account amngrdelete \- delete an account
amngrgen \- generate a encrypted random passphrase amngrgen \- generate a encrypted random passphrase
@ -24,7 +23,6 @@ Account management functions:
amngrgetpass \- copy active password of account to X clipboard amngrgetpass \- copy active password of account to X clipboard
amngrgetuser \- copy active username of account to X clipboard amngrgetuser \- copy active username of account to X clipboard
amngrid \- write the database id of a given account name to stdout amngrid \- write the database id of a given account name to stdout
amngrlist \- list all accounts
amngrrename \- rename an account amngrrename \- rename an account
amngrsearch \- pattern search accounts amngrsearch \- pattern search accounts
.SH SYNOPSIS .SH SYNOPSIS
@ -34,75 +32,95 @@ source
.B random .B random
.B rand_printable .B rand_printable
.RB [ -h ]
.RI [ len ] .RI [ len ]
.B amngrdbinit .B amngrdbinit
.RB [ -h ]
.RI [ dbfile ] .RI [ dbfile ]
.B amngrdbdestroy .B amngrdbdestroy
.RB [ -h ]
.RI [ dbfile ] .RI [ dbfile ]
.B amngradd -u
.I username
.B -p
.I password
.B amngradd
.RB [ -h ]
.RB [ -d .RB [ -d
.IR description ] .IR description ]
.RB [ -D .RB [ -D
.IR dbfile ] .IR dbfile ]
.RB [ -r .RB [ -r
.IR recipient ] .IR recipient ]
.I account
.B amngrcreate -u
.I username
.RB [ -d
.IR description ]
.RB [ -D
.IR dbfile ]
.RB [ -r
.IR recipient ]
.I account
.I
account
.RI [ username
.RI [ password ]]
.B amngrcrypt .B amngrcrypt
.RB [ -h ]
.RB [ -r .RB [ -r
.IR recipient ] .IR recipient ]
.I password .I password
.B amngrdelete .B amngrdelete
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account .I account
.B amngrgen .B amngrgen
.RB [ -h ]
.RB [ -r .RB [ -r
.IR recipient ] .IR recipient ]
.RI [ len ] .RI [ len ]
.B amngrgetoldpass .B amngrgetoldpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account .I account
.B amngrgetolduser .B amngrgetolduser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account .I account
.B amngrgetpass .B amngrgetpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account .I account
.RI [ state ]
.B amngrgetuser .B amngrgetuser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account .I account
.RI [ state ]
.B amngrid .B amngrid
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account .I account
.B amngrlist
.RB [ -s
.IR separator ]
.B amngrrename .B amngrrename
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I old_account new_account .I old_account new_account
.B amngrsearch .B amngrsearch
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.RB [ -s .RB [ -s
.IR separator ] .IR separator ]
.I pattern
.RI [ pattern ]
.SH DESCRIPTION .SH DESCRIPTION
This file can either be source into the current shell or used as a This file can either be source into the current shell or used as a
standalone shell script via the provided symlinks. When used as standalone standalone shell script via the provided symlinks. When used as standalone
@ -116,7 +134,7 @@ pair.
\fBrandom\fR \fBrandom\fR
Takes no arguments and connect a non blocking random source to stdout. Takes no arguments and connect a non blocking random source to stdout.
.TP .TP
\fBrand_printable\fR [\fIlen\fR]
\fBrand_printable\fR [\fB-h\fR] [\fIlen\fR]
Uses \fBrandom\fR to write a string of random printable characters to Uses \fBrandom\fR to write a string of random printable characters to
stdout. All control characters ASCII-0 to ASCII-37 as well as stdout. All control characters ASCII-0 to ASCII-37 as well as
ASCII-177 to 255, single and double quotes are filtered. The single ASCII-177 to 255, single and double quotes are filtered. The single
@ -126,100 +144,114 @@ documents used to communicate with the SQLite database.
The optional \fIlen\fR argument specifies the string length to be written The optional \fIlen\fR argument specifies the string length to be written
and defaults to 512. and defaults to 512.
.TP .TP
\fBamngrdbinit\fR [\fIdbfile\fR]
\fBamngrdbinit\fR [\fB-h\fR] [\fIdbfile\fR]
Create the SQLite database file. If the optional \fIdbfile\fR argument is Create the SQLite database file. If the optional \fIdbfile\fR argument is
given it specifies the fill path to the file to use, else the value of given it specifies the fill path to the file to use, else the value of
\fB$AMNGRDB\fR environment variable is used. \fB$AMNGRDB\fR environment variable is used.
.TP .TP
\fBamngrdbdestroy\fR [\fIdbfile\fR]
\fBamngrdbdestroy\fR [\fB-h\fR] [\fIdbfile\fR]
Deletes the SQLite database file. If the optional \fIdbfile\fR argument Deletes the SQLite database file. If the optional \fIdbfile\fR argument
is given it specifies the fill path to the file to use, else the value is given it specifies the fill path to the file to use, else the value
of \fB$AMNGRDB\fR environment variable is used. of \fB$AMNGRDB\fR environment variable is used.
.TP .TP
\fBamngradd\fR \fB-u\fR \fIusername\fR \fB-p\fR \fIpassword\fR \
[\fB-d\fR \fIdescription\fR] [\fB-D\fR \fIdbfile\fR] \
[\fB-r\fR \fIrecipient\fR] \fIaccount\fR
\fBamngradd\fR [\fB-h\fR] [\fB-d\fR \fIdescription\fR] \
[\fB-D\fR \fIdbfile\fR] [\fB-r\fR \fIrecipient\fR]
.TQ
\fIaccount\fR [\fIusername\fR [\fIpassword\fR]]
Adds an account credential and marks it as active. If the account Adds an account credential and marks it as active. If the account
already exist, the credential (\fIusername\fR and \fIpassword\fR) is added to already exist, the credential (\fIusername\fR and \fIpassword\fR) is added to
that account and the previously added credential is marked as old. If that account and the previously added credential is marked as old. If
there was another even older credential that was already marked as old there was another even older credential that was already marked as old
this will be marked as inactive and this becomes inaccessible with
this will be marked as inactive and thus becomes inaccessible with
this tools (except for \fBamngrdelete\fR). this tools (except for \fBamngrdelete\fR).
The necessary option \fB-u\fR specifies the username to be stored with
this credential pair.
The also necessary option \fB-p\fR specifies the password to be stored
and the length of \fIpassword\fR is not limited at all.
With option \fB-d\fR one can add a \fIdescription\fR to the account entry.
One can specify the \fIdbfile\fR with the option \fB-D\fR if that option is
The \fIusername\fR and the \fIaccount\fR name must not be longer than 128
characters. The \fIpassword\fR is not limited in its length at all. If
\fIpassword\fR is omitted one will be generated with \fBamngrgen\fR. The
\fIusername\fR may also be omitted if there was a previously added credentials
pair for this account. In that case the previous username is taken. It is
a failure to provide a \fIpassword\fR without a \fIusername\fR. There is no
way for the script to detect this condition and you will end up with a
credential where the username is the password and the password was generated.
Option \fB-d\fR adds a \fIdescription\fR to the account entry and
option \fB-D\fR specifys the \fIdbfile\fR to use. If that option is
not given the \fB$AMNGRDB\fR environment variable is used. not given the \fB$AMNGRDB\fR environment variable is used.
If a password was generated with this call it will be stored in the
X clipboard.
.TP .TP
\fBamngrcreate\fR \fB-u\fR \fIusername\fR [\fB-d\fR \fIdescription\fR] \
[\fB-D\fR \fIdbfile\fR] [\fB-r\fR \fIrecipient\fR] \fIaccount\fR
This will create a password with \fBamngrgen\fR and use that to add an
credential via \fBamngradd\fR. (See there for options description)
The added password will be copied to the X clipboard with
\fBamngrgetpass\fR for further use.
.TP
\fBamngrcrypt\fR [\fB-r\fR \fIrecipient\fR] \fIpassword\fR
\fBamngrcrypt\fR [\fB-h\fR] [\fB-r\fR \fIrecipient\fR] \fIpassword\fR
Crypt the given plain text \fIpassword\fR with GnuPG and write it to Crypt the given plain text \fIpassword\fR with GnuPG and write it to
stdout. stdout.
The option \fB-r\fR specifies the recipient to use with the call to The option \fB-r\fR specifies the recipient to use with the call to
\fBgpg\fR. If it is not given the value of the \fB$AMNGRID\fR environment \fBgpg\fR. If it is not given the value of the \fB$AMNGRID\fR environment
variable is used. variable is used.
.TP .TP
\fBamngrdelete\fR \fIaccount\fR
\fBamngrdelete\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Remove the \fIaccount\fR and all credential associated to it. Remove the \fIaccount\fR and all credential associated to it.
.TP .TP
\fBamngrgen\fR [\fB-r\fR \fIreceipient\fR] [\fIlen\fR]
\fBamngrgen\fR [\fB-h\fR] [\fB-r\fR \fIreceipient\fR] [\fIlen\fR]
Generate a password with \fBrand_printable\fR and encrypt it via Generate a password with \fBrand_printable\fR and encrypt it via
\fBamngrcrypt\fR. By default the password will be 10 characters long. That \fBamngrcrypt\fR. By default the password will be 10 characters long. That
can be modified by the optional \fIlen\fR argument. can be modified by the optional \fIlen\fR argument.
.TP .TP
\fBamngrgetoldpass\fR \fIaccount\fR
\fBamngrgetoldpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Read and decrypt the password associated with \fIaccount\fR that is Read and decrypt the password associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard. flagged as old and store it into the X clipboard.
.TP .TP
\fBamngrgetolduser\fR \fIaccount\fR
\fBamngrgetolduser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR
Read and decrypt the username associated with \fIaccount\fR that is Read and decrypt the username associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard. flagged as old and store it into the X clipboard.
.TP .TP
\fBamngrgetpass\fR \fIaccount\fR
\fBamngrgetpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR \
[\fIstate\fR]
Read and decrypt the password associated with \fIaccount\fR that is Read and decrypt the password associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard.
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP .TP
\fBamngrgetuser\fR \fIaccount\fR
\fBamngrgetuser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR \
[\fIstate\fR]
Read and decrypt the username associated with \fIaccount\fR that is Read and decrypt the username associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard.
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP .TP
\fBamngrid\fR \fIaccount\fR
\fBamngrid\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
(This is primarily for internal use.) Get the database id associated (This is primarily for internal use.) Get the database id associated
to the given \fIaccount\fR argument. to the given \fIaccount\fR argument.
.TP .TP
\fBamngrlist\fR [\fB-s\fR \fIseparator\fR]
List all accounts currently stored within the database the output
will contain the name of the account, the username and the description
delimited by a \fIseparator\fR string that can be specified with the
\fB-s\fR option. If the option is omitted the separator is " => ". Each
row is one account.
.TP
\fBamngrrename\fR \fIold_account\fR \fInew_account\fR
\fBamngrrename\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIold_account\fR \
\fInew_account\fR
Rename the account specified by \fIold_account\fR to \fInew_account\fR. Rename the account specified by \fIold_account\fR to \fInew_account\fR.
.TP .TP
\fBamngrsearch\fR [\fB-s\fR \fIseparator\fR] \fIpattern\fR
List accounts where \fIpattern\fR exists in either the account name, the
username or the account description. The output is like the one
described with \fBamngrlist\fR.
\fBamngrsearch\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \
[\fB-s\fR \fIseparator\fR] [\fIpattern\fR]
List all accounts where \fIpattern\fR exists in either the account name, the
username or the account description. The output will contain the name of the
account, the username and the description delimited by a \fIseparator\fR
string that can be specified with the \fB-s\fR option. If the option is
omitted the separator is " => ". Each row is one account.
If \fIpattern\fR is omitted all accounts will be listed.
.SH OPTIONS .SH OPTIONS
The options are consistent over all sub commands. However not all sub commands The options are consistent over all sub commands. However not all sub commands
use all options and some sub commands take arguments that other get per option. use all options and some sub commands take arguments that other get per option.
(See \fBDESCRIPTION\fR) (See \fBDESCRIPTION\fR)
.TP .TP
.B -h
Write a short usage information.
.TP
.B -u .B -u
The login username of the credential for the account. The login username of the credential for the account.
.TP .TP
.B -p .B -p
The plain text password of the credential for the account. The plain text password of the credential for the account.
.TP .TP
.B -c
By default this scripts stores the username into the X clipboard whith
\fBambgrgetuser\fR and \fBamngrgetolduser\fR. When \fB-c\fR is given
the username is written to stdout. The password is never written to stdout.
.TP
.B -d .B -d
The description for the account. The description for the account.
.TP .TP
@ -232,7 +264,7 @@ Select a recipient id for GnuPG encryption to use instead of the one
defined in the \fB$AMNGRID\fR environment variable. defined in the \fB$AMNGRID\fR environment variable.
.TP .TP
.B -s .B -s
The column separator for the \fBamngrlist\fR and \fBamngrsearch\R commands.
The column separator for the \fBamngrlist\fR and \fBamngrsearch\fR commands.
.SH ENVIRONMENT .SH ENVIRONMENT
.TP .TP
.B AMNGRDB .B AMNGRDB
@ -246,7 +278,8 @@ both public and private key. Failure to do so will result in not decipherable
data. This can be overruled with the \fB-r\fR command line option. data. This can be overruled with the \fB-r\fR command line option.
.TP .TP
.B AMNGRPWLEN .B AMNGRPWLEN
The password length to be used when generating new passwords.
The password length to be used when generating new passwords. If not
specified this defaults to 10.
.SH DEPENDENCIES .SH DEPENDENCIES
A set of POSIX compliant shell utilities including a POSIX compliant shell A set of POSIX compliant shell utilities including a POSIX compliant shell
as well are needed to run this script. as well are needed to run this script.
@ -274,7 +307,7 @@ comes from the use of foreign key constraints.
.IP \[bu] .IP \[bu]
\fBcat\fR \fBcat\fR
.IP \[bu] .IP \[bu]
\fBdnsdomainname\fR
\fBdirname\fR
.IP \[bu] .IP \[bu]
\fBecho\fR \fBecho\fR
.IP \[bu] .IP \[bu]

BIN
doc/accountmanager.1.bz2
View File

Write Preview
Loading…
Cancel
Save