A

acountmanager

This is a bunch of shell functions to organize my immensly growing amount of user accounts.

accountmanager.sh

TOC

ABOUT

This is a bunch of shell tools to maintain a list of credentials, (username, password) tuples to multiple accounts, identidied by a unique name, similar to KeePass.

I created this because I was unhappy with the existing solutions. I really wanted my credentials stored in a way that I can access them without clicking to some kind of GUI.

Also these tools don't use a GUI they rely on an running X server instance because password values are copied into the X clipboard via xclip. The data will be encrypted with GnuPG using my private key. Usually my credentials for that key are already cached within a running gpg-agent instance. The storage backend is an SQLite (>= 3.6.19) database. For more dependencies see DEPENDENCIES.

The default database file to use can be set with the AMNGRDB environment variable and the GnuPG recipient should be set in the AMNGRID environment variable. (See OPTIONS)

After downloading this either via git clone or as an archive just do a make install. This will install all files under the /usr PREFIX. If you want to install somewhere else just do PREFIX=/path/to/go make install.

For usage see DESCRIPTION.

NAME

accountmanager.sh − source all functionality into the current shell

General purpose functions:

  • random − create a non blocking stream of random data on stdout
  • rand_printable − create a random string a printable characters

Database management functions:

  • amngrdbinit − initialize the SQLite account database
  • amngrdbdestroy − remove the SQLite account database

Account management functions:

  • amngradd − add an account credential to the database
  • amngrcrypt − crypt the given data with GnuPG
  • amngrdelete − delete an account
  • amngrgen − generate a encrypted random passphrase
  • amngrgetoldpass − copy previous password of account to X clipboard
  • amngrgetolduser − copy previous username of account to X clipboard
  • amngrgetpass − copy active password of account to X clipboard
  • amngrgetuser − copy active username of account to X clipboard
  • amngrid − write the database id of a given account name to stdout
  • amngrrename − rename an account
  • amngrsearch − pattern search accounts

SYNOPSIS

source ${PATH}/accountmanager.sh

random

rand_printable [-h] [len]

amngrdbinit [-h] [dbfile]

amngrdbdestroy [-h] [dbfile]

amngradd [-h] [-d description] [-D dbfile] [-r recipient] account [username [password]]

amngrcrypt [-h] [-r recipient] password

amngrdelete [-h] [-D dbfile] account

amngrgen [-h] [-r recipient] [len]

amngrgetoldpass [-h] [-D dbfile] account

amngrgetolduser [-h] [-c] [-D dbfile] account

amngrgetpass [-h] [-D dbfile] account [state]

amngrgetuser [-h] [-c] [-D dbfile] account [state]

amngrid [-h] [-D dbfile] account

amngrrename [-h] [-D dbfile] old_account new_account

amngrsearch [-h] [-D dbfile] [-s separator] [pattern]

DESCRIPTION

This file can either be source into the current shell or used as a standalone shell script via the provided symlinks. When used as standalone script it will detect the function to call by the content of $0.

All account as well as all username arguments used below are limited to 128 characters. The account argument is always a unique string identifier for the account to manage. The username argument is the username part of a credential which is a (username, password) pair.

random

Takes no arguments and connect a non blocking random source to stdout.

rand_printable [-h] [len]

Uses random to write a string of random printable characters to stdout. All control characters ASCII-0 to ASCII-37 as well as ASCII-177 to 255, single and double quotes are filtered. The single and double quotes are filtered to prevent problems when they are used as string separators after shell expansion as in the SQL here documents used to communicate with the SQLite database. The optional len argument specifies the string length to be written and defaults to 512.

amngrdbinit [-h] [dbfile]

Create the SQLite database file. If the optional dbfile argument is given it specifies the fill path to the file to use, else the value of $AMNGRDB environment variable is used.

amngrdbdestroy [-h] [dbfile]

Deletes the SQLite database file. If the optional dbfile argument is given it specifies the fill path to the file to use, else the value of $AMNGRDB environment variable is used.

amngradd [-h] [-d description] [-D dbfile] [-r recipient] account [username [password]]

Adds an account credential and marks it as active. If the account already exist, the credential (username and password) is added to that account and the previously added credential is marked as old. If there was another even older credential that was already marked as old this will be marked as inactive and thus becomes inaccessible with this tools (except for amngrdelete).

The username and the account name must not be longer than 128 characters. The password is not limited in its length at all. If password is omitted one will be generated with amngrgen.

The username may also be omitted if there was a previously added credentials pair for this account. In that case the previous username is taken. It is a failure to provide a password without a username. There is no way for the script to detect this condition and you will end up with a credential where the username is the password and the password was generated.

Option -d adds a description to the account entry and option -D specifys the dbfile to use. If that option is not given the $AMNGRDB environment variable is used.

If a password was generated with this call it will be stored in the X clipboard.

amngrcrypt [-h] [-r recipient] password

Crypt the given plain text password with GnuPG and write it to stdout. The option -r specifies the recipient to use with the call to gpg. If it is not given the value of the $AMNGRID environment variable is used.

amngrdelete [-h] [-D dbfile] account

Remove the account and all credential associated to it.

amngrgen [-h] [-r receipient] [len]

Generate a password with rand_printable and encrypt it via amngrcrypt. By default the password will be 10 characters long. That can be modified by the optional len argument.

amngrgetoldpass [-h] [-D dbfile] account

Read and decrypt the password associated with account that is flagged as old and store it into the X clipboard.

amngrgetolduser [-h] [-c] [-D dbfile] account

Read and decrypt the username associated with account that is flagged as old and store it into the X clipboard.

amngrgetpass [-h] [-D dbfile] account [state]

Read and decrypt the password associated with account that is flagged as active and store it into the X clipboard. The state argument might be either 1 or 2 where 1 means get the current credential and 2 means get the old credential. It defaults to 1.

amngrgetuser [-h] [-c] [-D dbfile] account [state]

Read and decrypt the username associated with account that is flagged as active and store it into the X clipboard. The state argument might be either 1 or 2 where 1 means get the current credential and 2 means get the old credential. It defaults to 1.

amngrid [-h] [-D dbfile] account

(This is primarily for internal use.) Get the database id associated to the given account argument.

amngrrename [-h] [-D dbfile] old_account new_account

Rename the account specified by old_account to new_account.

amngrsearch [-h] [-D dbfile] [-s separator] [pattern]

List all accounts where pattern exists in either the account name, the username or the account description. The output will contain the name of the account, the username and the description delimited by a separator string that can be specified with the -s option. If the option is omitted the separator is " => ". Each row is one account. If pattern is omitted all accounts will be listed.

OPTIONS

The options are consistent over all sub commands. However not all sub commands use all options and some sub commands take arguments that other get per option. (See DESCRIPTION)

-h − Write a short usage information.

-u − The login username of the credential for the account.

-p − The plain text password of the credential for the account.

-c − By default this scripts stores the username into the X clipboard whith ambgrgetuser and amngrgetolduser. When -c is given the username is written to stdout. The password is never written to stdout.

-d − The description for the account.

-D − Select the database file to use instead of the one defined in the $AMNGRDB environment variable.

-r − Select a recipient id for GnuPG encryption to use instead of the one defined in the $AMNGRID environment variable.

-s − The column separator for the amngrlist and amngrsearch commands.

ENVIRONMENT

AMNGRDB

The default SQLite database file to use. This will be created with amngrdbinit as long as the path to that file exists. This can be overruled with the -D command line option.

AMNGRID

The GnuPG recipient id to encrypt against. You should use one where you have both public and private key. Failure to do so will result in not decipherable data. This can be overruled with the -r command line option.

AMNGRPWLEN

The password length to be used when generating new passwords. If not specified this defaults to 10.

DEPENDENCIES

A set of POSIX compliant shell utilities including a POSIX compliant shell as well are needed to run this script.

The functions within this script expect that all the needed tools can be found by the shell, usually that means that the current $PATH environment variable is set accordingly or that the tools are a shell internal.

The existence of a reliable non blocking random source. By default this scripts use $(cat /dev/urandom) which can be changed by replacing the alias random with something useful for your system.

For data storage Sqlite >= 3.6.19 is required. The version requirement comes from the use of foreign key constraints.

To store the data within the X clipboard the xclip is needed.

The tools used are

  • awk
  • basename
  • cat
  • dirname
  • echo
  • getopts
  • gpg
  • head
  • printf
  • rm
  • shift
  • SQLite3 (>= 3.6.19 for foreign key constraints)
  • test and [
  • tr
  • xclip

SEE ALSO

gpg2(1), gpg-agent(1)

BUGS

No known bugs.

AUTHOR

Georg Hopp georg@steffers.org

COPYRIGHT

Copyright © 2017 Georg Hopp License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.