File: sudoshim.sh

package info (click to toggle)
ansible-core 2.19.0~beta6-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 32,628 kB
  • sloc: python: 180,313; cs: 4,929; sh: 4,601; xml: 34; makefile: 21
file content (88 lines) | stat: -rwxr-xr-x 2,445 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/usr/bin/env bash
# A wrapper around `sudo` that replaces the expected password prompt string (if given) with a bogus value.
# This allows testing situations where the expected password prompt is not found.
# This wrapper also supports becoming an intermediate user before executing sudo, to support testing as root.

set -eu

args=("${@}")
intermediate_user_idx=''
original_prompt=''
shell_executable=''
shell_command=''
original_prompt_idx=''

# some args show up after others, but we need them before processing args that came before them
for i in "${!args[@]}"; do
  case "${args[$i]}" in
    "-p")
      original_prompt="${args[i+1]}"
      original_prompt_idx="${i}"
      ;;
    "-c")
      shell_executable="${args[i-1]}"
      shell_command="${args[i+1]}"
      ;;
  esac
done

for i in "${!args[@]}"; do
  case "${args[$i]}" in
    "--inject-stdout-noise")
      echo "stdout noise"
      unset "args[i]"
      ;;
    "--inject-stderr-noise")
      echo >&2 "stderr noise"
      unset "args[i]"
      ;;
    "--bogus-prompt")
      args[original_prompt_idx+1]="BOGUSPROMPT"
      unset "args[i]"
      ;;
    "--intermediate-user")
      intermediate_user_idx="${i}"
      ;;
    "--close-stderr")
      >&2 echo "some injected stderr, EOF now"
      exec 2>&-  # close stderr, doesn't seem to work on Ubuntu 24.04 (either not closed or not seen in Python?)
      unset "args[i]"
      ;;
    "--sleep-before-sudo")
      sleep 3
      unset "args[i]"
      ;;
    "--pretend-to-be-broken-passwordless-sudo")
      echo '{"hello":"not a module response"}'
      exit 0
      ;;
    "--pretend-to-be-broken-sudo")
      echo -n "${original_prompt}"
      read -rs
      echo
      echo "success, but not invoking given command"
      exit 0
      ;;
    "--pretend-to-be-sudo")
      echo -n "${original_prompt}"
      read -rs
      echo
      echo "success, invoking given command"
      "${shell_executable}" -c "${shell_command}"
      exit 0
      ;;
  esac
done

if [[ "${intermediate_user_idx}" ]]; then
  # The current user can sudo without a password prompt, so delegate to an intermediate user first.
  intermediate_user_name="${args[intermediate_user_idx+1]}"

  unset "args[intermediate_user_idx]"
  unset "args[intermediate_user_idx+1]"

  exec sudo -n -u "${intermediate_user_name}" sudo -k "${args[@]}"
else
  # The current user requires a password to sudo, so sudo can be used directly.
  exec sudo -k "${args[@]}"
fi