add the awful autopw password injector

doc/autopw.1

@@ -0,0 +1,99 @@
+.\"	This manual page was written by Jan Schaumann <jschauma@yahoo-inc.com>
+.Dd February 05, 2011
+.Dt AUTOPW 1
+.Os
+.Sh NAME
+.Nm autopw
+.Nd cache and re-inject passwords into other programs
+.Sh SYNOPSIS
+.Nm
+.Ar command
+.Sh DESRIPTION
+The
+.Nm
+utility will cache passwords and re-inject them whenever the given command
+requires them.
+That is, if
+.Ar command
+prompts for a password,
+.Nm
+will cache it and then provide that password the next time
+.Ar command
+asks for it.
+.Pp
+.Nm
+is frequently used to wrap commands invoking
+.Xr ssh 1
+repeatedly to avoid having the user monitor the command and re-supply
+their password when other forms of automation are not possible.
+.Sh PROMPTS MATCHED
+.Nm
+currently matches and distinguishes the following prompts:
+.Bl -bullet -compact -offset indent
+.It
+assword:
+.It
+Enter passphrase for
+.It
+Bad passphrase, try again
+.It
+Enter PEM pass phrase:
+.It
+Enter passphrase:
+.It
+y,n,(y/n)?
+.It
+?,??,q
+.It
+(yes/no)?
+.El
+.Pp
+In the latter examples,
+.Nm
+will be affirmative instead of supplying a password.
+.Sh EXAMPLES
+The following examples illustrate common usage of this tool.
+.Pp
+To invoke the command 'foo.sh' and have
+.Nm
+cache and re-inject any passwords prompted for, run
+.Bd -literal -offset indent
+autopw sh foo.sh
+.Ed
+.Sh CAVEATS
+Since
+.Nm
+must keep the password available in memory it is obviously advised against
+using this tool on shared hosts.
+.Pp
+You should only invoke commands that you actually trust --
+.Nm
+will only respond to specific patterns, and any program that prompts one
+of the strings
+.Nm
+is looking for will be supplied with the given password.
+This is particularly concerning when executing commands on a remote,
+possibly untrusted host.
+.Pp
+.Nm
+does not play very well with multiple levels of pseudo-terminals (screen
+sessions, 'ssh -t' etc.) and may at times print the cleartext password to
+the terminal.
+.Pp
+.Nm
+invokes
+.Xr perl 1 Ns 's
+\'pack/unpack' function for each password provided/injected.
+This can become a performance-impacting limitation.
+.Sh SEE ALSO
+.Xr expect 1 ,
+.Xr perl 1
+.Sh HISTORY
+The
+.Nm
+utility was originally written at Yahoo! Inc.
+It not being terribly original or clever, there appeared a number of
+variations.
+This variant is bundled with the
+.Xr scanmaster 1
+scripts for convenience.

src/autopw

@@ -0,0 +1,103 @@
+#!/usr/local/bin/expect --
+#
+# A generic password injector.
+#
+# Copyright (c) 2011 Yahoo! Inc.
+# All rights reserved.
+#
+# Redistribution and use of this software in source and binary forms,
+# with or without modification, are permitted provided that the following
+# conditions are met:
+#
+# * Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer in the documentation and/or other
+#   materials provided with the distribution.
+#
+# * Neither the name of Yahoo! Inc. nor the names of its
+#   contributors may be used to endorse or promote products
+#   derived from this software without specific prior
+#   written permission of Yahoo! Inc.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+proc respond { pw } {
+  global pws
+  if {![info exists pws($pw)]} {
+    send_user " (autopw) "
+    stty -echo
+    expect_user -re "(.+)\n"
+    stty echo
+    set pws($pw) \
+      [exec perl -ne "print pack(q{u}, \$_)" << $expect_out(1,string)]
+  } else {
+    send_user " (autopw'ed)"
+  }
+  log_user 0
+  send -- "[exec perl -ne "print unpack(q{u}, \$_)" << $pws($pw)]\n";
+  log_user 1
+}
+
+## main ()
+
+set timeout -1
+global pws
+
+eval spawn -noecho $argv
+
+expect {
+  "assword:" {
+    respond system
+    exp_continue
+  }
+  "Enter passphrase for " {
+    respond ssh
+    exp_continue
+  }
+  "Bad passphrase, try again" {
+    unset pws(ssh)
+    respond ssh
+    exp_continue
+  }
+  "Enter PEM pass phrase:" {
+    respond pem
+    exp_continue
+  }
+  "Enter passphrase: " {
+    respond gpg
+    exp_continue
+  }
+  "y,n,?" {
+    send -- "y\n"
+    exp_continue
+  }
+  "(y/n)?" {
+    send -- "y\n"
+    exp_continue
+  }
+  "?,??,q" {
+    send -- "\n"
+    exp_continue
+  }
+  "(yes/no)?" {
+    send -- "yes\n"
+    exp_continue
+  }
+  eof {
+    exit
+  }
+}