Register
It is currently Fri Dec 19, 2014 4:23 am

perl script to bash


All times are UTC - 6 hours


Post new topic Reply to topic  [ 1 post ] 
Author Message
 PostPosted: Fri Nov 15, 2013 2:59 pm   

Joined: Mon Jul 01, 2013 7:24 pm
Posts: 19
If it is bad form to ask help converting a perl script to bash/sh then I appologize and please ignore the post.

However, I want to make use of the pinentry tool for securely entering passwords from scripts in GUI pop ups, both for sudo requests as well as LUKS. I have searched long and hard and there is scant-little out there about using pinentry without gog. However someone did comeup with a perl script named lukspinentry, which I can see does in fact make use of the pinentry-gtk2 tool for allowing users to enter LUKS passphrases uwing a GUI pop up. Exactly what I want, except I don't know perl and would prefer, especially since I am dealing with sensitive info like passphrases, know exactly what is going on. I have btw achieved the goal of successfully entering LUKS passphrases thru a zenity/yad dialog, which would be fine except I am quite uneasy about passing passphrases that way, even though they are set not to show input. It occurs to me that they still store the input somewhere, even if it is temporary. So the fact that pinentry boasts not storing/swapping user input (passwords) to HDs makes me feel like that is ultimately the best solution.

For anyone who wants to suggest I should "suck it up and learning perl," I answer: that hardly seems like a rational option simply to translate one 59 line perl script, without any further intention of scripting with perl in the future. If anything I think I would learn python first if I felt I needed something more than bash provides, which at this point I really don't.

The reason behind my desire to enter sudo/LUKS passwords via GUI is that I am trying to add GUI'ness to my bash scripts that my wife might need to run, such as unencrypting LUKS partitions (I have about 8 or 9 incl. ext HDs). Again I know those can be mount easily enough using a FM that prompts for passwords using a GUI. The problem with that, which lead me to write my own scripts for mounting LUKS partitions in the first place, however, is that when mounted the partitions are given such arbitrary names that make it difficult to distinguish which partition is which other than by size. And b/c I have two 1TB HDs that are mirrors of one another, there might very possibly be two LUKS partitions mounted at the same time that are the same size and going by memory, which is not the best, I remember having difficulty knowing which partition I was using.

Ok, so blah, blah, blah. Background finished. Without further ado, here is the perl script. If anyone feels inclined to help I would appreciate it.

Code:
#!/usr/bin/perl -w
#

use strict;
use utf8;
use FileHandle;
use IPC::Open2;
use Env qw( LC_CTYPE DISPLAY SSH_TTY );

my $arg = shift(@ARGV);

# open pinentry
my $pid = "";
if ( defined($DISPLAY) && !defined($SSH_TTY) ) {
   $pid = open2(*IN, *OUT, "pinentry-x11 -g") || die;
} else {
   # get a tty
   open F, "tty |" || die ("can't fork to tty");
   my $tty = <F>;
   close F;
   $pid = open2(*IN, *OUT, "pinentry-curses --ttyname $tty") || die;
}

my $lctype = "en_US.UTF-8";
if ( defined($LC_CTYPE) ) {
   $lctype = $LC_CTYPE;
}
print OUT "OPTION lc-ctype=$lctype\n";

############################################################################
sub getpass($) {
   my $prompt = shift;
   print OUT "SETDESC sudo Password\nSETPROMPT $prompt\nGETPIN\n";
   while ( <IN> ) {
      if ( /^OK/ ) {
         next;
      } elsif ( /^ERR \d+ (.*)/ ) {
         print STDERR $1."\n";
         exit 1;
         last;
      } elsif ( /^D (.*)/ ) {
         return $1;
      }
   }
}

if ( defined($arg) &&  $arg eq "invalid" ) {
   print OUT "SETERROR Invalid Passphrase, try again\n";
}

my $p = getpass("Enter sudo password:");
if ( defined($arg) &&  $arg eq "confirm" ) {
   while ( $p ne getpass("Confirm LUKS Passphrase") ) {
      print OUT "SETDESC Passhphrases do not match\nMESSAGE\n";
      $p = getpass("Re-Enter LUKS passphrase");
   }
}

print "$p";


So right out of the box I can call this perl script fine in my bash script and it works fine for LUKS passphrases if the bash script is run from a terminal session. If the bash script is run from alt+F2 for example then the script fails. I still need to use a yad dialog for the sudo request however, and I think the sudo request is what makes the alt+F2 instance fail, perhaps because the sudo password cannot be buffered. But when run from a terminal session which after requesting the sudo password once, even though it is thru a yad dialog still buffers the password, maintaining the user's sudo status that allows the 'cryptsetup LUKS' request to run which also first requests sudo priviledge, already granted and buffered by the terminal session. But running the script from a terminal session sort of defeats the purpose. Ideally I would like the script to run from a right-click short cut option esily navigated using openbox's rightclick menu.

I hope that makes sense.


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP