added a sshsudo draft
This commit is contained in:
parent
2cc820e931
commit
b4ba7b50a2
36
sshbackup
36
sshbackup
|
@ -65,6 +65,42 @@ version()
|
||||||
echo
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pipewrap()
|
||||||
|
{
|
||||||
|
echo $1
|
||||||
|
local lockfile=$2;
|
||||||
|
while true; do
|
||||||
|
if [ ! -e $lockfile ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
read -t 1 line
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo $line
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
sshsudo()
|
||||||
|
{
|
||||||
|
local machine=$1
|
||||||
|
local password=""
|
||||||
|
local script=$2
|
||||||
|
local arguments=$3
|
||||||
|
|
||||||
|
read -s -p "please enter your [sudo] password for $machine:" password
|
||||||
|
echo
|
||||||
|
|
||||||
|
local remotescript=/tmp/sshsudo_`date +%s`
|
||||||
|
|
||||||
|
sshpass -p "$password" scp -q "$script" "$machine:'$remotescript'"
|
||||||
|
sshpass -p "$password" ssh -q "machine" "sudo -K"
|
||||||
|
|
||||||
|
local lockfile=`mktemp`
|
||||||
|
|
||||||
|
eval pipewrap '$password' '$lockfile' | (sshpass -p "$password" ssh -q "$machine" "sudo -S '$remotescript' $arguments"; rm "$lockfile")
|
||||||
|
sshpass -p $password ssh -q "$machine" rm $remotescript
|
||||||
|
}
|
||||||
|
|
||||||
interactive()
|
interactive()
|
||||||
{
|
{
|
||||||
tty -s
|
tty -s
|
||||||
|
|
146
sshsudo
146
sshsudo
|
@ -1,146 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
pipewrap()
|
|
||||||
{
|
|
||||||
# This function reads in the input from a terminal and output the same.
|
|
||||||
# The only purpose is to insert PASSWORD for "sudo -S" command.
|
|
||||||
# After initially insert the password, it simply copy input from terminal
|
|
||||||
# and send it to ssh command directly
|
|
||||||
echo $1 # which is password
|
|
||||||
local lockFile=$2;
|
|
||||||
while true; do
|
|
||||||
# The function will exit when output pipe is closed,
|
|
||||||
if [ ! -e $lockFile ]; then
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
# i.e., the ssh
|
|
||||||
read -t 1 line
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
# successfully read
|
|
||||||
echo $line
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
runsudo()
|
|
||||||
{
|
|
||||||
# receive its arguments
|
|
||||||
local ACCOUNT=$1;
|
|
||||||
local PASSWORD=$2;
|
|
||||||
local COMMAND=$3;
|
|
||||||
local ARGUMENTS=$4;
|
|
||||||
local DEFAULTUSER=$5;
|
|
||||||
local COPY=$6;
|
|
||||||
local VERBOSE=$7;
|
|
||||||
|
|
||||||
# Parse account which has the form user@computer.domain
|
|
||||||
local REMOTEUSER=${ACCOUNT%%@*}
|
|
||||||
local REMOTECOMPUTER=${ACCOUNT#*@}
|
|
||||||
local REMOTESCRIPT=
|
|
||||||
local REMOTECOMMAND="$COMMAND"
|
|
||||||
if [ $REMOTEUSER = $REMOTECOMPUTER ]; then
|
|
||||||
# There is no @, i.e., only computer name is given
|
|
||||||
REMOTEUSER=$DEFAULTUSER
|
|
||||||
fi
|
|
||||||
#echo =========================${REMOTEUSER}@$REMOTECOMPUTER: sudo $COMMAND $ARGUMENTS
|
|
||||||
if [ $COPY -ne 0 ]; then
|
|
||||||
# Make a script + seconds since 1970-01-01
|
|
||||||
REMOTESCRIPT=/tmp/$COMMAND`date +%s`
|
|
||||||
if [ $VERBOSE -ne 0 ]; then
|
|
||||||
echo $REMOTECOMPUTER: Secure copy \"$COMMAND\" to \"$REMOTESCRIPT\"
|
|
||||||
fi
|
|
||||||
# Copy to remote computer. Quote target name on the remote computer for script name
|
|
||||||
# that contains " "
|
|
||||||
sshpass -p "$PASSWORD" scp -q "$COMMAND" "$REMOTEUSER@$REMOTECOMPUTER:'$REMOTESCRIPT'"
|
|
||||||
REMOTECOMMAND=$REMOTESCRIPT
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Assume we are lucky, result is fine.
|
|
||||||
local RES=DONE
|
|
||||||
# Invalidate the sudo timestamp. Simplify the situation. Henceforth sudo always ask for a password
|
|
||||||
sshpass -p "$PASSWORD" ssh -q "$REMOTEUSER@$REMOTECOMPUTER" "sudo -K"
|
|
||||||
|
|
||||||
# Use lock file to inform pipewrap function to exit.
|
|
||||||
local lockFile=`mktemp`
|
|
||||||
eval pipewrap '$PASSWORD' '$lockFile' | (sshpass -p "$PASSWORD" ssh -q "$REMOTEUSER@$REMOTECOMPUTER" "sudo -S '$REMOTECOMMAND' $ARGUMENTS"; rm "$lockFile")
|
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
RES=FAILED
|
|
||||||
fi
|
|
||||||
if [ $COPY -ne 0 ]; then
|
|
||||||
sshpass -p $PASSWORD ssh -q "$REMOTEUSER@$REMOTECOMPUTER" rm \'$REMOTESCRIPT\'
|
|
||||||
if [ $VERBOSE -ne 0 ]; then
|
|
||||||
echo Remove temporary script \"$REMOTESCRIPT\" at [$REMOTECOMPUTER]
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
#echo ----------------------------------${RES}!!----------------------------------------
|
|
||||||
}
|
|
||||||
|
|
||||||
sshsudo()
|
|
||||||
{
|
|
||||||
# Set default values for variables
|
|
||||||
COMMAND=
|
|
||||||
ARGUMENTS=
|
|
||||||
COPY=0
|
|
||||||
VERBOSE=0
|
|
||||||
ACCOUNTLIST=
|
|
||||||
DEFAULTUSER=$USER
|
|
||||||
|
|
||||||
# Parse the command line arguments with '-'
|
|
||||||
while getopts u:rv o ; do
|
|
||||||
case "$o" in
|
|
||||||
[?]) echo "unknown option(s): $0 "
|
|
||||||
exit 1;;
|
|
||||||
u) DEFAULTUSER=$OPTARG;;
|
|
||||||
v) VERBOSE=1;;
|
|
||||||
r) COPY=1;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
# Read the rest command line arguments
|
|
||||||
if [ $(($#-$OPTIND+1)) -lt 2 ]; then
|
|
||||||
echo Error: Account list and command have to be in the arguments
|
|
||||||
exit 4
|
|
||||||
fi
|
|
||||||
|
|
||||||
shift $(($OPTIND-1))
|
|
||||||
ACCOUNTLIST=$1
|
|
||||||
shift
|
|
||||||
COMMAND=$1
|
|
||||||
shift
|
|
||||||
for PARAM; do
|
|
||||||
ARGUMENTS=$ARGUMENTS\'$PARAM\'" "
|
|
||||||
done
|
|
||||||
|
|
||||||
# Check the validity of the script command if remote copy is needed
|
|
||||||
if [ $COPY -ne 0 ]; then
|
|
||||||
if [ ! -e "$COMMAND" ]; then
|
|
||||||
echo \"$COMMAND\" does not exist.
|
|
||||||
exit 3
|
|
||||||
fi
|
|
||||||
if [ ! -x "$COMMAND" ]; then
|
|
||||||
echo \"$COMMAND\" can not be executed.
|
|
||||||
exit 3
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Read in the password from the STDIN
|
|
||||||
read -s -p "Please enter your password:" PASSWORD
|
|
||||||
echo
|
|
||||||
|
|
||||||
# Start running
|
|
||||||
if [ -e $ACCOUNTLIST ]; then # read accounts from a file
|
|
||||||
for ACCOUNT in `cat $ACCOUNTLIST`; do
|
|
||||||
runsudo "$ACCOUNT" "$PASSWORD" "$COMMAND" "$ARGUMENTS" "$DEFAULTUSER" "$COPY" "$VERBOSE";
|
|
||||||
done
|
|
||||||
|
|
||||||
else # ACCOUNTLIST is a comma separated list of user@computer strings.
|
|
||||||
# Change the internal separation field.
|
|
||||||
IFS=,
|
|
||||||
for ACCOUNT in $ACCOUNTLIST; do
|
|
||||||
runsudo "$ACCOUNT" "$PASSWORD" "$COMMAND" "$ARGUMENTS" "$DEFAULTUSER" "$COPY" "$VERBOSE";
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
sshsudo $*
|
|
Reference in New Issue