accountmanager.1
10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
.\" Man page for accountmanager.
.\" Contact georg@steffers.org to correct errors or typos.
.TH man 1 "25 Jan 2017" "0.1" \
"accountmanager.sh: Shell tools for managing account credentials."
.SH NAME
accountmanager.sh \- source all functionality into the current shell
General purpose functions:
random \- create a non blocking stream of random data on stdout
rand_printable \- create a random string a printable characters
Database management functions:
amngrdbinit \- initialize the SQLite account database
amngrdbdestroy \- remove the SQLite account database
Account management functions:
amngradd \- add an account credential to the database
amngrcrypt \- crypt the given data with GnuPG
amngrdelete \- delete an account
amngrgen \- generate a encrypted random passphrase
amngrgetoldpass \- copy previous password of account to X clipboard
amngrgetolduser \- copy previous username of account to X clipboard
amngrgetpass \- copy active password of account to X clipboard
amngrgetuser \- copy active username of account to X clipboard
amngrid \- write the database id of a given account name to stdout
amngrrename \- rename an account
amngrsearch \- pattern search accounts
.SH SYNOPSIS
source
.B ${PATH}/accountmanager.sh
.B random
.B rand_printable
.RB [ -h ]
.RI [ len ]
.B amngrdbinit
.RB [ -h ]
.RI [ dbfile ]
.B amngrdbdestroy
.RB [ -h ]
.RI [ dbfile ]
.B amngradd
.RB [ -h ]
.RB [ -d
.IR description ]
.RB [ -D
.IR dbfile ]
.RB [ -r
.IR recipient ]
.I
account
.RI [ username
.RI [ password ]]
.B amngrcrypt
.RB [ -h ]
.RB [ -r
.IR recipient ]
.I password
.B amngrdelete
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgen
.RB [ -h ]
.RB [ -r
.IR recipient ]
.RI [ len ]
.B amngrgetoldpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgetolduser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrgetpass
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.RI [ state ]
.B amngrgetuser
.RB [ -h ]
.RB [ -c ]
.RB [ -D
.IR dbfile ]
.I account
.RI [ state ]
.B amngrid
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I account
.B amngrrename
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.I old_account new_account
.B amngrsearch
.RB [ -h ]
.RB [ -D
.IR dbfile ]
.RB [ -s
.IR separator ]
.RI [ pattern ]
.SH DESCRIPTION
This file can either be source into the current shell or used as a
standalone shell script via the provided symlinks. When used as standalone
script it will detect the function to call by the content of \fB$0\fR.
All \fIaccount\fR as well as all \fIusername\fR arguments used below are
limited to 128 characters. The \fIaccount\fR argument is always a unique
string identifier for the account to manage. The \fIusername\fR argument is
the username part of a credential which is a (\fIusername\fR, \fIpassword\fR)
pair.
.TP
\fBrandom\fR
Takes no arguments and connect a non blocking random source to stdout.
.TP
\fBrand_printable\fR [\fB-h\fR] [\fIlen\fR]
Uses \fBrandom\fR to write a string of random printable characters to
stdout. All control characters ASCII-0 to ASCII-37 as well as
ASCII-177 to 255, single and double quotes are filtered. The single
and double quotes are filtered to prevent problems when they are used
as string separators after shell expansion as in the SQL here
documents used to communicate with the SQLite database.
The optional \fIlen\fR argument specifies the string length to be written
and defaults to 512.
.TP
\fBamngrdbinit\fR [\fB-h\fR] [\fIdbfile\fR]
Create the SQLite database file. If the optional \fIdbfile\fR argument is
given it specifies the fill path to the file to use, else the value of
\fB$AMNGRDB\fR environment variable is used.
.TP
\fBamngrdbdestroy\fR [\fB-h\fR] [\fIdbfile\fR]
Deletes the SQLite database file. If the optional \fIdbfile\fR argument
is given it specifies the fill path to the file to use, else the value
of \fB$AMNGRDB\fR environment variable is used.
.TP
\fBamngradd\fR [\fB-h\fR] [\fB-d\fR \fIdescription\fR] \
[\fB-D\fR \fIdbfile\fR] [\fB-r\fR \fIrecipient\fR]
.TQ
\fIaccount\fR [\fIusername\fR [\fIpassword\fR]]
Adds an account credential and marks it as active. If the account
already exist, the credential (\fIusername\fR and \fIpassword\fR) is added to
that account and the previously added credential is marked as old. If
there was another even older credential that was already marked as old
this will be marked as inactive and thus becomes inaccessible with
this tools (except for \fBamngrdelete\fR).
The \fIusername\fR and the \fIaccount\fR name must not be longer than 128
characters. The \fIpassword\fR is not limited in its length at all. If
\fIpassword\fR is omitted one will be generated with \fBamngrgen\fR. The
\fIusername\fR may also be omitted if there was a previously added credentials
pair for this account. In that case the previous username is taken. It is
a failure to provide a \fIpassword\fR without a \fIusername\fR. There is no
way for the script to detect this condition and you will end up with a
credential where the username is the password and the password was generated.
Option \fB-d\fR adds a \fIdescription\fR to the account entry and
option \fB-D\fR specifys the \fIdbfile\fR to use. If that option is
not given the \fB$AMNGRDB\fR environment variable is used.
If a password was generated with this call it will be stored in the
X clipboard.
.TP
\fBamngrcrypt\fR [\fB-h\fR] [\fB-r\fR \fIrecipient\fR] \fIpassword\fR
Crypt the given plain text \fIpassword\fR with GnuPG and write it to
stdout.
The option \fB-r\fR specifies the recipient to use with the call to
\fBgpg\fR. If it is not given the value of the \fB$AMNGRID\fR environment
variable is used.
.TP
\fBamngrdelete\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Remove the \fIaccount\fR and all credential associated to it.
.TP
\fBamngrgen\fR [\fB-h\fR] [\fB-r\fR \fIreceipient\fR] [\fIlen\fR]
Generate a password with \fBrand_printable\fR and encrypt it via
\fBamngrcrypt\fR. By default the password will be 10 characters long. That
can be modified by the optional \fIlen\fR argument.
.TP
\fBamngrgetoldpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
Read and decrypt the password associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard.
.TP
\fBamngrgetolduser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR
Read and decrypt the username associated with \fIaccount\fR that is
flagged as old and store it into the X clipboard.
.TP
\fBamngrgetpass\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR \
[\fIstate\fR]
Read and decrypt the password associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP
\fBamngrgetuser\fR [\fB-h\fR] [\fB-c\fR] [\fB-D\fR \fIdbfile\fR] \
\fIaccount\fR \
[\fIstate\fR]
Read and decrypt the username associated with \fIaccount\fR that is
flagged as active and store it into the X clipboard. The \fIstate\fR
argument might be either 1 or 2 where 1 means get the current credential
and 2 means get the old credential. It defaults to 1.
.TP
\fBamngrid\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIaccount\fR
(This is primarily for internal use.) Get the database id associated
to the given \fIaccount\fR argument.
.TP
\fBamngrrename\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \fIold_account\fR \
\fInew_account\fR
Rename the account specified by \fIold_account\fR to \fInew_account\fR.
.TP
\fBamngrsearch\fR [\fB-h\fR] [\fB-D\fR \fIdbfile\fR] \
[\fB-s\fR \fIseparator\fR] [\fIpattern\fR]
List all accounts where \fIpattern\fR exists in either the account name, the
username or the account description. The output will contain the name of the
account, the username and the description delimited by a \fIseparator\fR
string that can be specified with the \fB-s\fR option. If the option is
omitted the separator is " => ". Each row is one account.
If \fIpattern\fR is omitted all accounts will be listed.
.SH OPTIONS
The options are consistent over all sub commands. However not all sub commands
use all options and some sub commands take arguments that other get per option.
(See \fBDESCRIPTION\fR)
.TP
.B -h
Write a short usage information.
.TP
.B -u
The login username of the credential for the account.
.TP
.B -p
The plain text password of the credential for the account.
.TP
.B -c
By default this scripts stores the username into the X clipboard whith
\fBambgrgetuser\fR and \fBamngrgetolduser\fR. When \fB-c\fR is given
the username is written to stdout. The password is never written to stdout.
.TP
.B -d
The description for the account.
.TP
.B -D
Select the database file to use instead of the one defined in the
\fB$AMNGRDB\fR environment variable.
.TP
.B -r
Select a recipient id for GnuPG encryption to use instead of the one
defined in the \fB$AMNGRID\fR environment variable.
.TP
.B -s
The column separator for the \fBamngrlist\fR and \fBamngrsearch\fR commands.
.SH ENVIRONMENT
.TP
.B AMNGRDB
The default SQLite database file to use. This will be created with
\fBamngrdbinit\fR as long as the path to that file exists. This can be
overruled with the \fB-D\fR command line option.
.TP
.B AMNGRID
The GnuPG recipient id to encrypt against. You should use one where you have
both public and private key. Failure to do so will result in not decipherable
data. This can be overruled with the \fB-r\fR command line option.
.TP
.B AMNGRPWLEN
The password length to be used when generating new passwords. If not
specified this defaults to 10.
.SH DEPENDENCIES
A set of POSIX compliant shell utilities including a POSIX compliant shell
as well are needed to run this script.
The functions within this script expect that all the needed tools
can be found by the shell, usually that means that the current \fB$PATH\fR
environment variable is set accordingly or that the tools are
a shell internal.
The existence of a reliable non blocking random source. By default this
scripts use \fB$(cat /dev/urandom)\fR which can be changed by replacing the
alias \fBrandom\fR with something useful for your system.
For data storage \fBSqlite >= 3.6.19\fR is required. The version requirement
comes from the use of foreign key constraints.
To store the data within the X clipboard the \fBxclip\fR is needed.
.SS The tools used are
.PD 0
.IP \[bu] 2
\fBawk\fR
.IP \[bu]
\fBbasename\fR
.IP \[bu]
\fBcat\fR
.IP \[bu]
\fBdirname\fR
.IP \[bu]
\fBecho\fR
.IP \[bu]
\fBgetopts\fR
.IP \[bu]
\fBgpg\fR
.IP \[bu]
\fBhead\fR
.IP \[bu]
\fBprintf\fR
.IP \[bu]
\fBrm\fR
.IP \[bu]
\fBshift\fR
.IP \[bu]
\fBSQLite3\fR (>= 3.6.19 for foreign key constraints)
.IP \[bu]
\fBtest\fR and \fB[\fR
.IP \[bu]
\fBtr\fR
.IP \[bu]
\fBxclip\fR
.PD
.SH SEE ALSO
gpg2(1), gpg-agent(1)
.SH BUGS
No known bugs.
.SH AUTHOR
Georg Hopp <georg@steffers.org>
.SH COPYRIGHT
Copyright © 2017 Georg Hopp License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is
NO WARRANTY, to the extent permitted by law.
.\" vim: set ft=groff ts=4 sw=4: