Askpass Implementation For Doas
posted on 2021-01-20 by Chris Noxz
As I was trying to move away from using sudo to instead be using doas ,
mostly due to recent security concerns, I had yet to find any solution for the
missing ASKPASS functionality. So instead of creating a fork of doas that I
would have to maintain, I instead found a quite obvious solution using expect
and tcl . I wrote this short script which in its current state have a pseudo
dependency of dmenu .
#!/usr/bin/expect --
# askpass implementation for doas
# example usage: DOAS_ASKPASS="dmenu -P -p password:" doas_askpass echo working
# don't mind the man behind the curtain
log_user 0
# no command, then nothing to do
if { $argc == 0 } { exit 0 }
# treat all arguments as command input
set cmd [lrange $argv 0 end];
# read askpass from env or fallback to dmanu_pass ()
if {[info exists ::env(DOAS_ASKPASS)]} {
set askpass "$::env(DOAS_ASKPASS)"
} else {
set askpass "dmenu_pass password:"
}
# read password from user
set pwd [exec {*}$askpass]
# spawn doas operation
spawn doas {*}$cmd
# send password and execute command
expect "doas*password:" {
send -- "$pwd\r"
expect \r
log_user 1
expect eof
}
Of course, feel free to use it if you have similar needs.
|