noxz.tech/articles/askpass_implementation_for_doas/index.www
1As I was trying to move away from using
2.ICD sudo
3to instead be using
4.ICD doas ,
5mostly due to recent security concerns, I had yet to find any solution for the
6missing ASKPASS functionality. So instead of creating a fork of
7.ICD doas
8that I would have to maintain, I instead found a quite obvious solution using
9.ICD expect
10and
11.ICD tcl .
12I wrote this short script which in its current state have a pseudo dependency of
13.ICD dmenu .
14
15.CDS
16.COS
17#!/usr/bin/expect --
18
19# askpass implementation for doas
20# example usage: DOAS_ASKPASS="dmenu -P -p password:" doas_askpass echo working
21
22# don't mind the man behind the curtain
23log_user 0
24
25# no command, then nothing to do
26if { $argc == 0 } { exit 0 }
27
28# treat all arguments as command input
29set cmd [lrange $argv 0 end];
30
31# read askpass from env or fallback to dmanu_pass ()
32if {[info exists ::env(DOAS_ASKPASS)]} {
33 set askpass "$::env(DOAS_ASKPASS)"
34} else {
35 set askpass "dmenu_pass password:"
36}
37
38# read password from user
39set pwd [exec {*}$askpass]
40
41# spawn doas operation
42spawn doas {*}$cmd
43
44# send password and execute command
45expect "doas*password:" {
46 send -- "$pwd\\r"
47 expect \\r
48 log_user 1
49 expect eof
50}
51.COE
52.CDE
53
54Of course, feel free to use it if you have similar needs.
