Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@swarminglogic

swarminglogic/userpass.sh

Last active December 1, 2015 21:52
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save swarminglogic/40922ce92e49aae3b2ca to your computer and use it in GitHub Desktop.
Save swarminglogic/40922ce92e49aae3b2ca to your computer and use it in GitHub Desktop.
Download ZIP
Command-line utility to manage passwords, protected by sudo
Raw
userpass.sh
#!/bin/bash
file=/home/$SUDO_USER/.local/share/userpass.list
function showHelp {
version=0.0.2
versionDate="2014-06-24"
echo "$0 - manage passwords
Mainted at: https://gist.github.com/swarminglogic/??
Author: Roald Fernandez (github@swarminglogic.com)
Version: $version ($versionDate)
License: CC-zero (public domain)
"
exit $1
}
function echoerr {
echo -e "$@" 1>&2;
}
tmp=$@
while test $# -gt 0; do
case "$1" in
-h|--help)
showHelp 0
;;
-a)
shift
isAdd=yes
add=$1
shift
;;
--add=)
isAdd=yes
add=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-u)
shift
isUser=yes
username=$1
shift
;;
--username=*)
isUser=yes
username=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-m)
shift
isMeta=yes
meta="$1"
shift
;;
--meta=*)
isMeta=yes
meta=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
-p)
shift
isPass=yes
pass=$1
shift
;;
--password=*)
isPass=yes
pass=`echo $1 | sed -e 's/^[^=]*=//g'`
shift
;;
--script)
shift
isScript=yes
;;
*)
shift
;;
esac
done
function configureFile {
if [ ! -d "`dirname $file`" ] ; then
mkdir -p "`dirname $file`"
fi
if [ ! -e "$file" ] ; then
touch "$file"
chmod -r "$file"
fi
}
function lcsubstr {
word1="${1,,}"
word2="${2,,}"
if [ ${#word1} -lt ${#word2} ]
then
word1="$2"
word2="$1"
fi
for ((i=${#word2}; i>0; i--)); do
for ((j=0; j<=${#word2}-i; j++)); do
if [[ $word1 =~ ${word2:j:i} ]]
then
echo ${word2:j:i}
exit
fi
done
done
}
# $1: userpass entry $2:column (1:key, 2:username, 3:pass, 4:meta)
function extractColumn {
echo $1 | cut -d":" -f${2} | sed -e 's/^ *//' -e 's/ *$//'
}
function queryExactEntry {
line=$(grep "^[^:]*${1}.*:" $file)
if [[ $line ]] ; then
key=$(extractColumn "$line" 1)
username=$(extractColumn "$line" 2)
pass=$(extractColumn "$line" 3)
meta=$(extractColumn "$line" 4)
echo "key: $key"
echo "username: $username"
echo "password: $pass"
echo "meta: $meta"
fi
}
if [[ $EUID -ne 0 ]] ; then
echo "This script must be run as root" 1>&2
showHelp 1
fi
configureFile
if [[ $isAdd ]] ; then
if [[ $isUser ]] && [[ $isPass ]] && [[ $isMeta ]] ; then
if [[ $add ]] && [[ $username ]] && [[ $pass ]] && [[ $meta ]] ; then
echo "${add} : ${username} : ${pass} : ${meta}" >> $file
else
echo "Missing paramater information";
exit 1
fi
else
showHelp 1
fi
else
set -- $tmp
if [[ $isScript ]] ; then
if [[ $meta ]] ; then
mfile=""
cfile=""
while read l; do
entry=`echo $l | cut -d":" -f4 | sed -e 's/^ *//' -e 's/ *$//'`
lcss=`lcsubstr "${entry,,}" "${meta,,}"`
if [[ ${#lcss} -ge ${#entry} ]] ; then
mfile+="${#lcss} $l"$'\n'
fi
done <$file
echo "$mfile" | sort -n | cut -d" " -f2- | tail -n1 | \
cut -d":" -f1 | sed -e 's/^ *//' -e 's/ *$//'
else
line=`grep "^$2 " $file`
if [[ $isUser ]] ; then
extractColumn "$line" 2
elif [[ $isPass ]] ; then
extractColumn "$line" 3
elif [[ $isMeta ]] ; then
extractColumn "$line" 4
else
echo $line
fi
fi
else
queryExactEntry $1
fi
fi
@farnoy
Copy link

farnoy commented Sep 10, 2014

What do you think about encrypting the file with passwords rather than rely on root to protect it? It should be very similar for the user, because ssh-agent would ask the master password to the key and remember it for the session (if it's configured to do so).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment