ghopp
/
accountmanager
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This is a bunch of shell functions to organize my immensly growing amount of user accounts.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
3 Tags
24 KiB
 
 
Tree: eb25d157e9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eb25d157e9'
${ noResults }
accountmanager/doc/accountmanager.1

345 lines
11 KiB
Raw Blame History

.\" Man page for accountmanager.
.\" Contact georg@steffers.org to correct errors or typos.
.TH man 1 "25 Jan 2017" "0.1" \
"accountmanager.sh: Shell tools for managing account credentials."
.SH NAME
accountmanager.sh \- source all functionality into the current shell
General purpose functions:
random \- create a non blocking stream of random data on stdout
rand_printable \- create a random string a printable characters
Database management functions:
amngrdbinit \- initialize the SQLite account database
amngrdbdestroy \- remove the SQLite account database
Account management functions:
amngradd \- add an account credential to the database
amngrcrypt \- crypt the given data with GnuPG
amngrdelete \- delete an account
amngrgen \- generate a encrypted random passphrase
amngrgetoldpass \- copy previous password of account to X clipboard
amngrgetolduser \- copy previous username of account to X clipboard
amngrgetpass \- copy active password of account to X clipboard
amngrgetuser \- copy active username of account to X clipboard
amngrid \- write the database id of a given account name to stdout
amngrrename \- rename an account
amngrsearch \- pattern search accounts
.SH SYNOPSIS
source
.B ${PATH}/accountmanager.sh
.B random
.B rand_printable
.RB [ -h ]
.RI [ len ]
.B amngrdbinit
.RB [ -h ]
.RI [ dbfile ]
.B amngrdbdestroy
.RB [ -h ]
.RI [ dbfile ]
.B amngradd
.RB [ -h ]
.RB [ -d
.IR description ]
.RB [ -D
.IR dbfile ]
.RB [ -r
.IR recipient ]
.I
account
.RI [ username
.RI [ password ]]
.B amngrcrypt
.RB [ -h ]
.RB [ -r
.IR recipient ]
.I password
.B amngrdelete
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgen
.RB [ -h ]
.RB [ -r
.IR recipient ]
.RI [ len ]
.B amngrgetoldpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgetolduser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgetpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.RI [ state ]
.B amngrgetuser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account
.RI [ state ]
.B amngrid
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrrename
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I old_account new_account
.B amngrsearch
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.RB [ -s
.IR separator ]
.RI [ pattern ]
.SH DESCRIPTION
This file can either be source into the current shell or used as a
standalone shell script via the provided symlinks. When used as standalone
script it will detect the function to call by the content of \fB$0\fR.
All \fIaccount\fR as well as all \fIusername\fR arguments used below are
limited to 128 characters. The \fIaccount\fR argument is always a unique
string identifier for the account to manage. The \fIusername\fR argument is
the username part of a credential which is a (\fIusername\fR, \fIpassword\fR)
pair.
.TP
\fBrandom\fR
Takes no arguments and connect a non blocking random source to stdout.
.TP
\fBrand_printable\fR [\fB-h\fR] [\fIlen\fR]
Uses \fBrandom\fR to write a string of random printable characters to
stdout. All control characters ASCII-0 to ASCII-37 as well as
ASCII-177 to 255, single and double quotes are filtered. The single
and double quotes are filtered to prevent problems when they are used
as string separators after shell expansion as in the SQL here
documents used to communicate with the SQLite database.
The optional \fIlen\fR argument specifies the string length to be written
and defaults to 512.
.TP
\fBamngrdbinit\fR [\fB-h\fR] [\fIdbfile\fR]
Create the SQLite database file. If the optional \fIdbfile\fR argument is
given it specifies the fill path to the file to use, else the value of
\fB$AMNGRDB\fR environment variable is used.
.TP
\fBamngrdbdestroy\fR [\fB-h\fR] [\fIdbfile\fR]
Deletes the SQLite database file. If the optional \fIdbfile\fR argument
is given it specifies the fill path to the file to use, else the value
of \fB$AMNGRDB\fR environment variable is used.
.TP
\fBamngradd\fR [\fB-h\fR] [\fB-d\fR \fIdescription\fR] \
[\fB-D\fR \fIdbfile\fR] [\fB-r\fR \fIrecipient\fR]
.TQ
\fIaccount\fR [\fIusername\fR [\fIpassword\fR]]
Adds an account credential and marks it as active. If the account
already exist, the credential (\fIusername\fR and \fIpassword\fR) is added to
that account and the previously added credential is marked as old. If
there was another even older credential that was already marked as old
this will be marked as inactive and thus becomes inaccessible with
this tools (except for \fBamngrdelete\fR).
The \fIusername\fR and the \fIaccount\fR name must not be longer than 128
characters. The \fIpassword\fR is not limited in its length at all. If
\fIpassword\fR is omitted one will be generated with \fBamngrgen\fR. The
\fIusername\fR may also be omitted if there was a previously added credentials
pair for this account. In that case the previous username is taken. It is
a failure to provide a \fIpassword\fR without a \fIusername\fR. There is no
way for the script to detect this condition and you will end up with a
credential where the username is the password and the password was generated.
Option \fB-d\fR adds a \fIdescription\fR to the account entry and
option \fB-D\fR specifys the \fIdbfile\fR to use. If that option is
not given the \fB$AMNGRDB\fR environment variable is used.
If a password was generated with this call it will be stored in the
X clipboard.
.TP
\fBamngrcrypt\fR [\fB-h\fR] [\fB-r\fR \fIrecipient\fR] \fIpassword\fR
Crypt the given plain text \fIpassword\fR with GnuPG and write it to
stdout.
The option \fB-r\fR specifies the recipient to use with the call to
\fBgpg\fR. If it is not given the value of the \fB$AMNGRID\fR environment
variable is used.
.TP
\fBamngrdelete\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Remove the \fIaccount\fR and all credential associated to it.
.TP
\fBamngrgen\fR [\fB-h\fR] [\fB-r\fR \fIreceipient\fR] [\fIlen\fR]
Generate a password with \fBrand_printable\fR and encrypt it via
\fBamngrcrypt\fR. By default the password will be 10 characters long. That
can be modified by the optional \fIlen\fR argument.
.TP
\fBamngrgetoldpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Read and decrypt the password associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard.
.TP
\fBamngrgetolduser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR
Read and decrypt the username associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard.
.TP
\fBamngrgetpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR \
[\fIstate\fR]
Read and decrypt the password associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP
\fBamngrgetuser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR \
[\fIstate\fR]
Read and decrypt the username associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP
\fBamngrid\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
(This is primarily for internal use.) Get the database id associated
to the given \fIaccount\fR argument.
.TP
\fBamngrrename\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIold_account\fR \
\fInew_account\fR
Rename the account specified by \fIold_account\fR to \fInew_account\fR.
.TP
\fBamngrsearch\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \
[\fB-s\fR \fIseparator\fR] [\fIpattern\fR]
List all accounts where \fIpattern\fR exists in either the account name, the
username or the account description. The output will contain the name of the
account, the username and the description delimited by a \fIseparator\fR
string that can be specified with the \fB-s\fR option. If the option is
omitted the separator is " => ". Each row is one account.
If \fIpattern\fR is omitted all accounts will be listed.
.SH OPTIONS
The options are consistent over all sub commands. However not all sub commands
use all options and some sub commands take arguments that other get per option.
(See \fBDESCRIPTION\fR)
.TP
.B -h
Write a short usage information.
.TP
.B -u
The login username of the credential for the account.
.TP
.B -p
The plain text password of the credential for the account.
.TP
.B -c
By default this scripts stores the username into the X clipboard whith
\fBambgrgetuser\fR and \fBamngrgetolduser\fR. When \fB-c\fR is given
the username is written to stdout. The password is never written to stdout.
.TP
.B -d
The description for the account.
.TP
.B -D
Select the database file to use instead of the one defined in the
\fB$AMNGRDB\fR environment variable.
.TP
.B -r
Select a recipient id for GnuPG encryption to use instead of the one
defined in the \fB$AMNGRID\fR environment variable.
.TP
.B -s
The column separator for the \fBamngrlist\fR and \fBamngrsearch\fR commands.
.SH ENVIRONMENT
.TP
.B AMNGRDB
The default SQLite database file to use. This will be created with
\fBamngrdbinit\fR as long as the path to that file exists. This can be
overruled with the \fB-D\fR command line option.
.TP
.B AMNGRID
The GnuPG recipient id to encrypt against. You should use one where you have
both public and private key. Failure to do so will result in not decipherable
data. This can be overruled with the \fB-r\fR command line option.
.TP
.B AMNGRPWLEN
The password length to be used when generating new passwords. If not
specified this defaults to 10.
.SH DEPENDENCIES
A set of POSIX compliant shell utilities including a POSIX compliant shell
as well are needed to run this script.
The functions within this script expect that all the needed tools
can be found by the shell, usually that means that the current \fB$PATH\fR
environment variable is set accordingly or that the tools are
a shell internal.
The existence of a reliable non blocking random source. By default this
scripts use \fB$(cat /dev/urandom)\fR which can be changed by replacing the
alias \fBrandom\fR with something useful for your system.
For data storage \fBSqlite >= 3.6.19\fR is required. The version requirement
comes from the use of foreign key constraints.
To store the data within the X clipboard the \fBxclip\fR is needed.
.SS The tools used are
.PD 0
.IP \[bu] 2
\fBawk\fR
.IP \[bu]
\fBbasename\fR
.IP \[bu]
\fBcat\fR
.IP \[bu]
\fBdirname\fR
.IP \[bu]
\fBecho\fR
.IP \[bu]
\fBgetopts\fR
.IP \[bu]
\fBgpg\fR
.IP \[bu]
\fBhead\fR
.IP \[bu]
\fBprintf\fR
.IP \[bu]
\fBrm\fR
.IP \[bu]
\fBshift\fR
.IP \[bu]
\fBSQLite3\fR (>= 3.6.19 for foreign key constraints)
.IP \[bu]
\fBtest\fR and \fB[\fR
.IP \[bu]
\fBtr\fR
.IP \[bu]
\fBxclip\fR
.PD
.SH SEE ALSO
gpg2(1), gpg-agent(1)
.SH BUGS
No known bugs.
.SH AUTHOR
Georg Hopp <georg@steffers.org>
.SH COPYRIGHT
Copyright © 2017 Georg Hopp License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is
NO WARRANTY, to the extent permitted by law.
.\" vim: set ft=groff ts=4 sw=4: