Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
how can a shell script grab a password from stdin? [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
psycho
Apprentice
Apprentice


Joined: 22 Jun 2007
Posts: 153
Location: New Zealand

PostPosted: Mon Sep 24, 2012 10:43 am    Post subject: how can a shell script grab a password from stdin? [SOLVED] Reply with quote

I'm testing tcplay, the free-as-in-freedom implementation of truecrypt. It's working fine: I haven't created any volumes with it yet, but it reads my existing truecrypt volumes without any problems.

Except for one: the proprietary truecrypt command has a --password switch that makes it possible to send passwords to it from, for example, zenity gui dialogs. Annoyingly, tcplay doesn't implement this, so it's necessary to open a terminal window to mount volumes.

Is there a way to send a password to stdin for any program that's expecting input? Like, using the "expect" command? I've read the "expect" docs and can't figure out how to do it. Later I'll edit my zenity scripts so they're reading in the password rather than having it stored plaintext in a script, but for now I'd be grateful if anyone knows how to do something like this in bash:
Code:

password="foobar123"
echo $password | tcplay -d /dev/sdx -m truecrypt1

...so that tcplay accepts the password from the shell script rather than from the user's typing. Obviously piping it as above doesn't work: is there a way to make it work using something like "expect" and {"Password: "} or whatever?


Last edited by psycho on Thu Oct 04, 2012 5:18 am; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Advocate
Advocate


Joined: 01 Jul 2004
Posts: 4060
Location: USA

PostPosted: Mon Sep 24, 2012 4:23 pm    Post subject: Reply with quote

Well, expect isn't too bad...
Supposedly it should work something like this, but I have never used tcplay so I don't know how to do it... (I use dmcrypt...)

Code:
#!/usr/bin/expect
spawn tcplay -d /dev/sdx -m truecrypt1
expect "Password:"
send "My_Password\r"
expect eof


Now I'm not sure of the value of full disk encryption when the password is stored on disk? I certainly do NOT automount my encrypted volumes, they require me to manually type in password. Another possibility is putting your private key on a USB stick and do not encrypt the private key, but you must have the USB stick inserted to mount. And keep the USB stick in your pocket when you don't need the key...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed to be advocating?
Back to top
View user's profile Send private message
psycho
Apprentice
Apprentice


Joined: 22 Jun 2007
Posts: 153
Location: New Zealand

PostPosted: Tue Sep 25, 2012 1:07 am    Post subject: Reply with quote

Thanks eccerr0r. I'll give expect a go.

eccerr0r wrote:
Now I'm not sure of the value of full disk encryption when the password is stored on disk?


It's typed into a zenity dialogue, and then becomes a variable in a bash script, and from there to tcplay...I agree that this isn't ideal, but I don't think it exists even for an instant "on disk", not even in /tmp, and I don't use swap. Anyway, my stuff's only encrypted so a casually curious thief can't go through my personal emails and photos after stealing my computer...if anyone were really so interested s/he wanted to make a determined effort to bust in, I'd be flattered and would hate to deprive them of the fruits of their labours.

;)
Back to top
View user's profile Send private message
Genone
Retired Dev
Retired Dev


Joined: 14 Mar 2003
Posts: 9013
Location: beyond the rim

PostPosted: Tue Sep 25, 2012 9:40 am    Post subject: Reply with quote

Question is if tcplay accepts passwords on stdin, or grabs it directly from keyboard like ssh.
Back to top
View user's profile Send private message
eccerr0r
Advocate
Advocate


Joined: 01 Jul 2004
Posts: 4060
Location: USA

PostPosted: Tue Sep 25, 2012 6:25 pm    Post subject: Reply with quote

Theoretically it shouldn't matter with expect, I thought expect would open a new pty for the subprocess and expect will have full control of the "keyboard" of the subprocess. You can use expect with ssh and telnet without any problems.

Expect is a neat tool...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed to be advocating?
Back to top
View user's profile Send private message
psycho
Apprentice
Apprentice


Joined: 22 Jun 2007
Posts: 153
Location: New Zealand

PostPosted: Thu Oct 04, 2012 5:17 am    Post subject: Reply with quote

Thank you eccerr0r: it works nicely with your script below. The only thing I added was
Code:
set timeout 1
because the default had it sitting there for about ten seconds before sending the password. Now I'll build the zenity script around that snippet. Thanks again.

eccerr0r wrote:
Well, expect isn't too bad...
Supposedly it should work something like this, but I have never used tcplay so I don't know how to do it... (I use dmcrypt...)

Code:
#!/usr/bin/expect
spawn tcplay -d /dev/sdx -m truecrypt1
expect "Password:"
send "My_Password\r"
expect eof
Back to top
View user's profile Send private message
BitJam
Advocate
Advocate


Joined: 12 Aug 2003
Posts: 2454
Location: Silver City, NM

PostPosted: Thu Oct 04, 2012 6:13 am    Post subject: Reply with quote

Here is what I did:
Code:
while true; do
    echo -n "Enter new (non-visible) password for user $user: "
    stty -echo
    read NEW_PASSWORD
    stty echo
    echo
    [ "${#NEW_PASSWORD}" -lt "8" ] && break

    echo -n "Verify new password for user $user: "
    stty -echo
    read new_password2
    stty echo
    echo
    [ "$NEW_PASSWORD" = "$new_password2" ] && break
    echo -e "\nThe two passwords you typed in didn't match. Please try again."
done
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum