Enhance collect tool to detect passwordless sudo

The collect tool expects a password prompt for all sudo operations. When passwordless sudo is enabled the collect script times out waiting for a password prompt that never comes. This update enhances collect tool to detect passwordless sudo for getting a password prompt on its first sudo operaton and fails the collect if there is no password prompt. Test plan: Verify by enabling passwordless sudo PASS: collect fails with message Verify by disabling passwordless sudo PASS: No passwordless sudo passes and collect proceeds PASS: Collect is rejected when provided with incorrect password PASS: Verify when ldap is not running Story: 2009968 Task: 46767 Signed-off-by: Salma Police <salma.police@windriver.com> Change-Id: I50285c924a227ca0bf71b38f70869b42496611ea
2022-11-10 08:17:11 -05:00 · 2022-11-10 08:17:11 -05:00 · d29b263056
commit d29b263056
parent a5fe044d5d
1 changed files with 41 additions and 0 deletions
--- a/tools/collector/scripts/collect
+++ b/tools/collector/scripts/collect
@ -1085,6 +1085,47 @@ pw=${pw/\[/\\\[} # replace '[' with '\['
 pw=${pw/$/\\$}   # replace '$' with '\$'
 pw=${pw/\"/\\\"} # replace '"' with '\"'

+###########################################################################
+#
+# Name       : passwordless_sudo_test
+#
+# Purpose    : Verify to detect passwordless sudo for getting password promptand
+#               fails the collect if there is no password prompt
+#
+# Description: cat the content of the /usr/local/sbin/expect_done
+#
+###########################################################################
+
+function passwordless_sudo_test()
+{
+
+/usr/bin/expect  << EOF
+    log_user ${USER_LOG_MODE}
+    spawn bash -i
+    set timeout 60
+    expect -re $
+    send "sudo cat /usr/local/sbin/expect_done\n"
+    expect {
+        "assword:" {
+            send "${pw}\r"
+            expect {
+                "${cmd_done_sig}" { exit ${PASS}           }
+                "${pw_error}"     { exit ${FAIL_PASSWORD}  }
+                timeout           { exit ${FAIL_TIMEOUT1}  }
+            }
+        }
+        "${pw_error}"     { exit ${FAIL_PASSWORD} }
+        timeout           { exit ${FAIL_TIMEOUT} }
+    }
+EOF
+    local rc=${?}
+    if [ ${rc} -ne ${PASS} ] ; then
+        report_error "Timeout waiting for password prompt. Passwordless sudo may be enabled. Please disable and retry." ${rc}
+        collect_exit ${rc}
+    fi
+}
+
+passwordless_sudo_test

 ###########################################################################
 #