Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add the awful autopw password injector

  • Loading branch information...
commit 77bbcdfe655e81b1c876904657cf418b9dd084a2 1 parent 4cd60b9
Jan Schaumann authored
Showing with 202 additions and 0 deletions.
  1. +99 −0 doc/autopw.1
  2. +103 −0 src/autopw
99 doc/autopw.1
View
@@ -0,0 +1,99 @@
+.\" This manual page was written by Jan Schaumann <jschauma@yahoo-inc.com>
+.Dd February 05, 2011
+.Dt AUTOPW 1
+.Os
+.Sh NAME
+.Nm autopw
+.Nd cache and re-inject passwords into other programs
+.Sh SYNOPSIS
+.Nm
+.Ar command
+.Sh DESRIPTION
+The
+.Nm
+utility will cache passwords and re-inject them whenever the given command
+requires them.
+That is, if
+.Ar command
+prompts for a password,
+.Nm
+will cache it and then provide that password the next time
+.Ar command
+asks for it.
+.Pp
+.Nm
+is frequently used to wrap commands invoking
+.Xr ssh 1
+repeatedly to avoid having the user monitor the command and re-supply
+their password when other forms of automation are not possible.
+.Sh PROMPTS MATCHED
+.Nm
+currently matches and distinguishes the following prompts:
+.Bl -bullet -compact -offset indent
+.It
+assword:
+.It
+Enter passphrase for
+.It
+Bad passphrase, try again
+.It
+Enter PEM pass phrase:
+.It
+Enter passphrase:
+.It
+y,n,(y/n)?
+.It
+?,??,q
+.It
+(yes/no)?
+.El
+.Pp
+In the latter examples,
+.Nm
+will be affirmative instead of supplying a password.
+.Sh EXAMPLES
+The following examples illustrate common usage of this tool.
+.Pp
+To invoke the command 'foo.sh' and have
+.Nm
+cache and re-inject any passwords prompted for, run
+.Bd -literal -offset indent
+autopw sh foo.sh
+.Ed
+.Sh CAVEATS
+Since
+.Nm
+must keep the password available in memory it is obviously advised against
+using this tool on shared hosts.
+.Pp
+You should only invoke commands that you actually trust --
+.Nm
+will only respond to specific patterns, and any program that prompts one
+of the strings
+.Nm
+is looking for will be supplied with the given password.
+This is particularly concerning when executing commands on a remote,
+possibly untrusted host.
+.Pp
+.Nm
+does not play very well with multiple levels of pseudo-terminals (screen
+sessions, 'ssh -t' etc.) and may at times print the cleartext password to
+the terminal.
+.Pp
+.Nm
+invokes
+.Xr perl 1 Ns 's
+\'pack/unpack' function for each password provided/injected.
+This can become a performance-impacting limitation.
+.Sh SEE ALSO
+.Xr expect 1 ,
+.Xr perl 1
+.Sh HISTORY
+The
+.Nm
+utility was originally written at Yahoo! Inc.
+It not being terribly original or clever, there appeared a number of
+variations.
+This variant is bundled with the
+.Xr scanmaster 1
+scripts for convenience.
103 src/autopw
View
@@ -0,0 +1,103 @@
+#!/usr/local/bin/expect --
+#
+# A generic password injector.
+#
+# Copyright (c) 2011 Yahoo! Inc.
+# All rights reserved.
+#
+# Redistribution and use of this software in source and binary forms,
+# with or without modification, are permitted provided that the following
+# conditions are met:
+#
+# * Redistributions of source code must retain the above
+# copyright notice, this list of conditions and the
+# following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the
+# following disclaimer in the documentation and/or other
+# materials provided with the distribution.
+#
+# * Neither the name of Yahoo! Inc. nor the names of its
+# contributors may be used to endorse or promote products
+# derived from this software without specific prior
+# written permission of Yahoo! Inc.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+proc respond { pw } {
+ global pws
+ if {![info exists pws($pw)]} {
+ send_user " (autopw) "
+ stty -echo
+ expect_user -re "(.+)\n"
+ stty echo
+ set pws($pw) \
+ [exec perl -ne "print pack(q{u}, \$_)" << $expect_out(1,string)]
+ } else {
+ send_user " (autopw'ed)"
+ }
+ log_user 0
+ send -- "[exec perl -ne "print unpack(q{u}, \$_)" << $pws($pw)]\n";
+ log_user 1
+}
+
+## main ()
+
+set timeout -1
+global pws
+
+eval spawn -noecho $argv
+
+expect {
+ "assword:" {
+ respond system
+ exp_continue
+ }
+ "Enter passphrase for " {
+ respond ssh
+ exp_continue
+ }
+ "Bad passphrase, try again" {
+ unset pws(ssh)
+ respond ssh
+ exp_continue
+ }
+ "Enter PEM pass phrase:" {
+ respond pem
+ exp_continue
+ }
+ "Enter passphrase: " {
+ respond gpg
+ exp_continue
+ }
+ "y,n,?" {
+ send -- "y\n"
+ exp_continue
+ }
+ "(y/n)?" {
+ send -- "y\n"
+ exp_continue
+ }
+ "?,??,q" {
+ send -- "\n"
+ exp_continue
+ }
+ "(yes/no)?" {
+ send -- "yes\n"
+ exp_continue
+ }
+ eof {
+ exit
+ }
+}
Please sign in to comment.
Something went wrong with that request. Please try again.