1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
|
#!/usr/bin/env bash
# A wrapper around `sudo` that replaces the expected password prompt string (if given) with a bogus value.
# This allows testing situations where the expected password prompt is not found.
# This wrapper also supports becoming an intermediate user before executing sudo, to support testing as root.
set -eu
args=("${@}")
intermediate_user_idx=''
original_prompt=''
shell_executable=''
shell_command=''
original_prompt_idx=''
# some args show up after others, but we need them before processing args that came before them
for i in "${!args[@]}"; do
case "${args[$i]}" in
"-p")
original_prompt="${args[i+1]}"
original_prompt_idx="${i}"
;;
"-c")
shell_executable="${args[i-1]}"
shell_command="${args[i+1]}"
;;
esac
done
for i in "${!args[@]}"; do
case "${args[$i]}" in
"--inject-stdout-noise")
echo "stdout noise"
unset "args[i]"
;;
"--inject-stderr-noise")
echo >&2 "stderr noise"
unset "args[i]"
;;
"--bogus-prompt")
args[original_prompt_idx+1]="BOGUSPROMPT"
unset "args[i]"
;;
"--intermediate-user")
intermediate_user_idx="${i}"
;;
"--close-stderr")
>&2 echo "some injected stderr, EOF now"
exec 2>&- # close stderr, doesn't seem to work on Ubuntu 24.04 (either not closed or not seen in Python?)
unset "args[i]"
;;
"--sleep-before-sudo")
sleep 3
unset "args[i]"
;;
"--pretend-to-be-broken-passwordless-sudo")
echo '{"hello":"not a module response"}'
exit 0
;;
"--pretend-to-be-broken-sudo")
echo -n "${original_prompt}"
read -rs
echo
echo "success, but not invoking given command"
exit 0
;;
"--pretend-to-be-sudo")
echo -n "${original_prompt}"
read -rs
echo
echo "success, invoking given command"
"${shell_executable}" -c "${shell_command}"
exit 0
;;
esac
done
if [[ "${intermediate_user_idx}" ]]; then
# The current user can sudo without a password prompt, so delegate to an intermediate user first.
intermediate_user_name="${args[intermediate_user_idx+1]}"
unset "args[intermediate_user_idx]"
unset "args[intermediate_user_idx+1]"
exec sudo -n -u "${intermediate_user_name}" sudo -k "${args[@]}"
else
# The current user requires a password to sudo, so sudo can be used directly.
exec sudo -k "${args[@]}"
fi
|