Solved Scripting - How do you store your credentials and call them later?

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

What I have currently is this

#!/bin/sh

read -s -p "Enter a user: " USER
read -s -p "Enter the password for $USER: " PASS

sudo -u $USER -p $PASS <command>

As soon as it hits the actual <command> you get an onscreen prompt for credentials, which is what I'm trying to populate with these credentials at execution time.

Are you trying to enter credentials for the SUDO command or the <command> ?

DustinB3403

@dafyre for the actual <command> that's a typo I put it after and you still get prompted for credentials.

DustinB3403

This is the sort of prompt, it isn't within the terminal that I get prompted.

https://vtcri.kayako.com/base/media/url/R4YZS0B19iFjV9eMoQ5WRzipOS6IVXMy

black3dynamite

Use autoexpect to generate an expect script.

autoexpect user-prompt.sh

It will create a file called script.exp and within that file, it will like like this:

#!/usr/bin/expect -f
#
# This Expect script was generated by autoexpect on Tue Jul  2 10:53:53 2019
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script.  It
# necessarily has to guess about certain things.  Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts.  If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character.  This
# pacifies every program I know of.  The -c flag makes the script do
# this in the first place.  The -C flag allows you to define a
# character to toggle this mode off and on.

set force_conservative 0  ;# set to 1 to force conservative mode even if
                          ;# script wasn't run conservatively originally
if {$force_conservative} {
        set send_slow {1 .1}
        proc send {ignore arg} {
                sleep .1
                exp_send -s -- $arg
        }
}

#
# 2) differing output - Some programs produce different output each time
# they run.  The "date" command is an obvious example.  Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer.  If this causes a problem, delete these patterns or replace
# them with wildcards.  An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt).  The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don


set timeout -1
spawn ./user-prompt.sh
match_max 100000
expect -exact "Enter a user: "
send -- "user1username\r"
expect -exact "Enter the password for user1username: "
send -- "user1password\r"
expect eof

black3dynamite

Another reference using expect.
https://likegeeks.com/expect-command/

DustinB3403

@black3dynamite This, while it might work would be something else I have to install onto the target stations.

Not sure if I want to go down that route.

DustinB3403

expect on the otherhand is included on OSX by default, and might do it.

dafyre

@DustinB3403 :

What about something like this:

(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)

In your case it would be echo $PASSWORD | sudo -S -U $USER <command>

I just tested this on my Mac and it works.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 :

What about something like this:

(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)

In your case it would be echo $PASSWORD | sudo -S -U $USER <command>

I just tested this on my Mac and it works.

Maybe. . . it's not working with my naming computer script from yesterday.

DustinB3403

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

DustinB3403

sudo: the `-U' option may only be used with the `-l' option
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...

fun times. . ..

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

Setting (office) offname variable

read -p 'What office are you in?: ' offname

Setting (computer username variable) compuser variable

read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

Setting the asset tag (tagnumber) variable

read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

DustinB3403

This is the entire portion of the script I'm just testing with (so for the moment it is it's own script).

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER $PASS scutil --set HostName $offname$compuser && sudo -S -U $USER scutil --set ComputerName $compuser$tagnumber && sudo -S -U $USER scutil --set LocalHostName $offname$compuser$tagnumber

The script is run from a local wheel user so to run it, first I go su wheel-user (because our users by default aren't wheel users and thus need to jump to one) and then call that script.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

sudo rename.sh doesn't work?

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

Because you need to elevate to root.

@dafyre said in Scripting - How do you store your credentials and call them later?:

sudo rename.sh doesn't work?

It does, but you are prompted to enter a username and password 3 times to make the edits. It's easy to fill-in but annoying to have to do repeatedly.

Hence my attempt at scripting the responses to the prompt windows (example below) Imagine having to type creds 3 times, for 100+ machines.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

Also you said to do this, not I.

DustinB3403

Woot got it!

dafyre

Try this script...

#!/bin/sh

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

sudo scutil --set HostName $offname$compuser
sudo scutil --set ComputerName $compuser$tagnumber
sudo scutil --set LocalHostName $offname$compuser$tagnumber

Then just run the script with ... sudo ./myscript.sh

You have to enter your password once at the beginning.

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

Woot got it!

Sweet! What did you wind up doing?