Enhance collect tool to detect passwordless sudo
The collect tool expects a password prompt for all sudo operations. When passwordless sudo is enabled the collect script times out waiting for a password prompt that never comes. This update enhances collect tool to detect passwordless sudo for getting a password prompt on its first sudo operaton and fails the collect if there is no password prompt. Test plan: Verify by enabling passwordless sudo PASS: collect fails with message Verify by disabling passwordless sudo PASS: No passwordless sudo passes and collect proceeds PASS: Collect is rejected when provided with incorrect password PASS: Verify when ldap is not running Story: 2009968 Task: 46767 Signed-off-by: Salma Police <salma.police@windriver.com> Change-Id: I50285c924a227ca0bf71b38f70869b42496611ea
This commit is contained in:
Salma Police
parent
a5fe044d5d
commit
838da25da8
|
|
@ -0,0 +1,27 @@
|
|||
Enhance collect tool to detect passwordless sudo
|
||||
|
||||
The collect tool expects a password prompt for all sudo operations.
|
||||
When passwordless sudo is enabled the collect script times out
|
||||
waiting for a password prompt that never comes.
|
||||
|
||||
This update enhances collect tool to detect passwordless sudo
|
||||
for getting a password prompt on its first sudo operaton and
|
||||
fails the collect if there is no password prompt.
|
||||
|
||||
Test plan:
|
||||
|
||||
Verify by enabling passwordless sudo
|
||||
PASS: collect fails with message
|
||||
|
||||
Verify by disabling passwordless sudo
|
||||
PASS: No passwordless sudo passes and collect proceeds
|
||||
PASS: Collect is rejected when provided with incorrect password
|
||||
PASS: Verify when ldap is not running
|
||||
|
||||
Story: 2009968
|
||||
Task: 46767
|
||||
Signed-off-by: Salma Police <salma.police@windriver.com>
|
||||
Change-Id: I50285c924a227ca0bf71b38f70869b42496611ea
|
||||
|
||||
|
||||
|
||||
|
|
@ -1085,6 +1085,48 @@ pw=${pw/\[/\\\[} # replace '[' with '\['
|
|||
pw=${pw/$/\\$} # replace '$' with '\$'
|
||||
pw=${pw/\"/\\\"} # replace '"' with '\"'
|
||||
|
||||
###########################################################################
|
||||
#
|
||||
# Name : passwordless_sudo_test
|
||||
#
|
||||
# Purpose : Verify to detect passwordless sudo for getting password promptand
|
||||
# fails the collect if there is no password prompt
|
||||
#
|
||||
# Description: cat the content of the /usr/local/sbin/expect_done
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
|
||||
function passwordless_sudo_test()
|
||||
{
|
||||
|
||||
/usr/bin/expect << EOF
|
||||
log_user ${USER_LOG_MODE}
|
||||
spawn bash -i
|
||||
set timeout 60
|
||||
expect -re $
|
||||
send "sudo cat /usr/local/sbin/expect_done\n"
|
||||
expect {
|
||||
"assword:" {
|
||||
send "${pw}\r"
|
||||
expect {
|
||||
"${cmd_done_sig}" { exit ${PASS} }
|
||||
"${pw_error}" { exit ${FAIL_PASSWORD} }
|
||||
timeout { exit ${FAIL_TIMEOUT1} }
|
||||
}
|
||||
}
|
||||
"${pw_error}" { exit ${FAIL_PASSWORD} }
|
||||
timeout { exit ${FAIL_TIMEOUT} }
|
||||
}
|
||||
EOF
|
||||
local rc=${?}
|
||||
if [ ${rc} -ne ${PASS} ] ; then
|
||||
report_error "Timeout waiting for password prompt. Passwordless sudo may be enabled. Please disable and retry." ${rc}
|
||||
collect_exit ${rc}
|
||||
fi
|
||||
}
|
||||
|
||||
passwordless_sudo_test
|
||||
|
||||
###########################################################################
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue