From f2d878590b34ad8c4882e7b40321e8301ea22e0d Mon Sep 17 00:00:00 2001
From: Salma Police <salma.police@windriver.com>
Date: Thu, 10 Nov 2022 08:17:11 -0500
Subject: [PATCH]  Enhance collect tool to detect passwordless sudo

The collect tool expects a password prompt for all sudo operations.
When passwordless sudo is enabled the collect script times out
waiting for a password prompt that never comes.

This update enhances collect tool to detect passwordless sudo
for getting a password prompt on its first sudo operaton and
fails the collect if there is no password prompt.

Test plan:

Verify by enabling  passwordless sudo
PASS:  collect fails with message

Verify by disabling passwordless sudo
PASS: No passwordless sudo passes and collect proceeds
PASS: Collect is rejected when provided with incorrect password
PASS: Verify when ldap is not running

Story: 2009968
Task: 46767
Signed-off-by: Salma Police <salma.police@windriver.com>
Change-Id: I50285c924a227ca0bf71b38f70869b42496611ea
---
 tools/collector/scripts/collect | 41 +++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/tools/collector/scripts/collect b/tools/collector/scripts/collect
index c35b7a6b..1101135f 100755
--- a/tools/collector/scripts/collect
+++ b/tools/collector/scripts/collect
@@ -1085,6 +1085,47 @@ pw=${pw/\[/\\\[} # replace '[' with '\['
 pw=${pw/$/\\$}   # replace '$' with '\$'
 pw=${pw/\"/\\\"} # replace '"' with '\"'
 
+###########################################################################
+#
+# Name       : passwordless_sudo_test
+#
+# Purpose    : Verify to detect passwordless sudo for getting password promptand
+#               fails the collect if there is no password prompt
+#
+# Description: cat the content of the /usr/local/sbin/expect_done
+#
+###########################################################################
+
+function passwordless_sudo_test()
+{
+
+/usr/bin/expect  << EOF
+    log_user ${USER_LOG_MODE}
+    spawn bash -i
+    set timeout 60
+    expect -re $
+    send "sudo cat /usr/local/sbin/expect_done\n"
+    expect {
+        "assword:" {
+            send "${pw}\r"
+            expect {
+                "${cmd_done_sig}" { exit ${PASS}           }
+                "${pw_error}"     { exit ${FAIL_PASSWORD}  }
+                timeout           { exit ${FAIL_TIMEOUT1}  }
+            }
+        }
+        "${pw_error}"     { exit ${FAIL_PASSWORD} }
+        timeout           { exit ${FAIL_TIMEOUT} }
+    }
+EOF
+    local rc=${?}
+    if [ ${rc} -ne ${PASS} ] ; then
+        report_error "Timeout waiting for password prompt. Passwordless sudo may be enabled. Please disable and retry." ${rc}
+        collect_exit ${rc}
+    fi
+}
+
+passwordless_sudo_test
 
 ###########################################################################
 #