Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Command-line utility to manage passwords, protected by sudo
#!/bin/bash
file=/home/$SUDO_USER/.local/share/userpass.list
function showHelp {
version=0.0.2
versionDate="2014-06-24"
echo "$0 - manage passwords
Mainted at: https://gist.github.com/swarminglogic/??
Author: Roald Fernandez (github@swarminglogic.com)
Version: $version ($versionDate)
License: CC-zero (public domain)
"
exit $1
}
function echoerr {
echo -e "$@" 1>&2;
}
tmp=$@
while test $# -gt 0; do
case "$1" in
-h|--help)
showHelp 0
;;
-a)
shift
isAdd=yes
add=$1
shift
;;
--add=)
isAdd=yes
add=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-u)
shift
isUser=yes
username=$1
shift
;;
--username=*)
isUser=yes
username=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-m)
shift
isMeta=yes
meta="$1"
shift
;;
--meta=*)
isMeta=yes
meta=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-p)
shift
isPass=yes
pass=$1
shift
;;
--password=*)
isPass=yes
pass=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
--script)
shift
isScript=yes
;;
*)
shift
;;
esac
done
function configureFile {
if [ ! -d "`dirname $file`" ] ; then
mkdir -p "`dirname $file`"
fi
if [ ! -e "$file" ] ; then
touch "$file"
chmod -r "$file"
fi
}
function lcsubstr {
word1="${1,,}"
word2="${2,,}"
if [ ${#word1} -lt ${#word2} ]
then
word1="$2"
word2="$1"
fi
for ((i=${#word2}; i>0; i--)); do
for ((j=0; j<=${#word2}-i; j++)); do
if [[ $word1 =~ ${word2:j:i} ]]
then
echo ${word2:j:i}
exit
fi
done
done
}
# $1: userpass entry $2:column (1:key, 2:username, 3:pass, 4:meta)
function extractColumn {
echo $1 | cut -d":" -f${2} | sed -e 's/^ *//' -e 's/ *$//'
}
function queryExactEntry {
line=$(grep "^[^:]*${1}.*:" $file)
if [[ $line ]] ; then
key=$(extractColumn "$line" 1)
username=$(extractColumn "$line" 2)
pass=$(extractColumn "$line" 3)
meta=$(extractColumn "$line" 4)
echo "key: $key"
echo "username: $username"
echo "password: $pass"
echo "meta: $meta"
fi
}
if [[ $EUID -ne 0 ]] ; then
echo "This script must be run as root" 1>&2
showHelp 1
fi
configureFile
if [[ $isAdd ]] ; then
if [[ $isUser ]] && [[ $isPass ]] && [[ $isMeta ]] ; then
if [[ $add ]] && [[ $username ]] && [[ $pass ]] && [[ $meta ]] ; then
echo "${add} : ${username} : ${pass} : ${meta}" >> $file
else
echo "Missing paramater information";
exit 1
fi
else
showHelp 1
fi
else
set -- $tmp
if [[ $isScript ]] ; then
if [[ $meta ]] ; then
mfile=""
cfile=""
while read l; do
entry=`echo $l | cut -d":" -f4 | sed -e 's/^ *//' -e 's/ *$//'`
lcss=`lcsubstr "${entry,,}" "${meta,,}"`
if [[ ${#lcss} -ge ${#entry} ]] ; then
mfile+="${#lcss} $l"$'\n'
fi
done <$file
echo "$mfile" | sort -n | cut -d" " -f2- | tail -n1 | \
cut -d":" -f1 | sed -e 's/^ *//' -e 's/ *$//'
else
line=`grep "^$2 " $file`
if [[ $isUser ]] ; then
extractColumn "$line" 2
elif [[ $isPass ]] ; then
extractColumn "$line" 3
elif [[ $isMeta ]] ; then
extractColumn "$line" 4
else
echo $line
fi
fi
else
queryExactEntry $1
fi
fi

farnoy commented Sep 10, 2014

What do you think about encrypting the file with passwords rather than rely on root to protect it? It should be very similar for the user, because ssh-agent would ask the master password to the key and remember it for the session (if it's configured to do so).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment