Scripting - How do you store your credentials and call them later?

DustinB3403

This is the sort of prompt, it isn't within the terminal that I get prompted.

https://vtcri.kayako.com/base/media/url/R4YZS0B19iFjV9eMoQ5WRzipOS6IVXMy

black3dynamite

Use autoexpect to generate an expect script.

autoexpect user-prompt.sh

It will create a file called script.exp and within that file, it will like like this:

#!/usr/bin/expect -f
#
# This Expect script was generated by autoexpect on Tue Jul  2 10:53:53 2019
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script.  It
# necessarily has to guess about certain things.  Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts.  If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character.  This
# pacifies every program I know of.  The -c flag makes the script do
# this in the first place.  The -C flag allows you to define a
# character to toggle this mode off and on.

set force_conservative 0  ;# set to 1 to force conservative mode even if
                          ;# script wasn't run conservatively originally
if {$force_conservative} {
        set send_slow {1 .1}
        proc send {ignore arg} {
                sleep .1
                exp_send -s -- $arg
        }
}

#
# 2) differing output - Some programs produce different output each time
# they run.  The "date" command is an obvious example.  Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer.  If this causes a problem, delete these patterns or replace
# them with wildcards.  An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt).  The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don


set timeout -1
spawn ./user-prompt.sh
match_max 100000
expect -exact "Enter a user: "
send -- "user1username\r"
expect -exact "Enter the password for user1username: "
send -- "user1password\r"
expect eof

black3dynamite

Another reference using expect.
https://likegeeks.com/expect-command/

DustinB3403

@black3dynamite This, while it might work would be something else I have to install onto the target stations.

Not sure if I want to go down that route.

DustinB3403

expect on the otherhand is included on OSX by default, and might do it.

dafyre

@DustinB3403 :

What about something like this:

(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)

In your case it would be echo $PASSWORD | sudo -S -U $USER <command>

I just tested this on my Mac and it works.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 :

What about something like this:

(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)

In your case it would be echo $PASSWORD | sudo -S -U $USER <command>

I just tested this on my Mac and it works.

Maybe. . . it's not working with my naming computer script from yesterday.

DustinB3403

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

DustinB3403

sudo: the `-U' option may only be used with the `-l' option
usage: sudo -h | -K | -k | -V
usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user]
usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
usage: sudo [-AbEHknPS] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>]
usage: sudo -e [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...

fun times. . ..

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

Setting (office) offname variable

read -p 'What office are you in?: ' offname

Setting (computer username variable) compuser variable

read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

Setting the asset tag (tagnumber) variable

read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

DustinB3403

This is the entire portion of the script I'm just testing with (so for the moment it is it's own script).

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER $PASS scutil --set HostName $offname$compuser && sudo -S -U $USER scutil --set ComputerName $compuser$tagnumber && sudo -S -U $USER scutil --set LocalHostName $offname$compuser$tagnumber

The script is run from a local wheel user so to run it, first I go su wheel-user (because our users by default aren't wheel users and thus need to jump to one) and then call that script.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

sudo rename.sh doesn't work?

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

Because you need to elevate to root.

@dafyre said in Scripting - How do you store your credentials and call them later?:

sudo rename.sh doesn't work?

It does, but you are prompted to enter a username and password 3 times to make the edits. It's easy to fill-in but annoying to have to do repeatedly.

Hence my attempt at scripting the responses to the prompt windows (example below) Imagine having to type creds 3 times, for 100+ machines.

DustinB3403

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

@dafyre said in Scripting - How do you store your credentials and call them later?:

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

When running

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber

I'm met with

Enter a wheel user Enter a password for wheel what office are you in
enter this computers user. . .
enter this computers tag

And that I have to use -l with -U (that is lower case L).

Are you doing:

sudo myscript.sh ? Or are you just running the script and letting it call sudo?

Also... What do you have to use -U $USER?

running su <wheel-user> then ./rename.sh

@dafyre said in Scripting - How do you store your credentials and call them later?:

Also... What do you have to use -U $USER?

what?

Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?

Also you said to do this, not I.

DustinB3403

Woot got it!

dafyre

Try this script...

#!/bin/sh

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

sudo scutil --set HostName $offname$compuser
sudo scutil --set ComputerName $compuser$tagnumber
sudo scutil --set LocalHostName $offname$compuser$tagnumber

Then just run the script with ... sudo ./myscript.sh

You have to enter your password once at the beginning.

dafyre

@DustinB3403 said in Scripting - How do you store your credentials and call them later?:

Woot got it!

Sweet! What did you wind up doing?

DustinB3403

#!/bin/sh

read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASS

# Setting (office) offname variable
read -p 'What office are you in?: ' offname

# Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser

# Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber

echo $PASS | sudo -S scutil --set HostName $offname$compuser && sudo -S scutil --set ComputerName $compuser$tagnumber && sudo -S scutil --set LocalHostName $offname$compuser$tagnumber

DustinB3403

@dafyre thanks for helping out there, it was almost there the sudo -S bit was all it needed, but for some odd flipping reason it recommends using -U flag as well which is weird.

But at least it works, now to fold this into the larger script and see how it all works.