{{tag>Brouillon Script}}

= Script automatisation entrées clavier automated input macro

Voir :
http://www.thegeekstuff.com/2010/10/expect-examples/

<code bash>
#! /usr/bin/expect

set timeout 10

spawn cadaver -p 192.168.56.1:3128 https://www.acme.fr/

expect "Do you wish to accept the certificate? (y/n)"
send "y\n"

interact
</code>



Ou dans un script bash

Exemple 

<code bash>
#!/bin/bash
# Get password from PAM
read password
# A few files we use to save and validate the results
SHADFILE=/root/newshadow
LOGFILE=/root/convpass.log
# Let's see if the user has been converted already
# The username is provided as an environment variable.
CHECK=$(grep ^$PAM_USER $SHADFILE)
if [ "x$CHECK" == "x" ]; then
    # The user has not been migrated already
    #
    # First, we need to validate that the provided password 
    # is the correct one.  
    # Since this script is run for ALL password-attempts, and
    # before the user is actually logged in, any brute force attack, 
    # or wrong password entered by the user will also be sent to the   
    # script.  So we can't just blindly accept whatever password
    # is provided here.  We try do a "su" to the provided user
    # with the provided password, using "expect", if the su succeds
    # the password is correct.  But since su will succeed without a
    # password for root, we need to sudo the su command as an
    # unprivileged user - in this case the user "nobody"
    #
    # since we use expect inside a bash-script, 
    # we have to escape tcl-$.
    expect << EOF
    spawn sudo -u nobody su "$PAM_USER" -c "exit" 
    expect "Password:"
    send "$password\r"
    set wait_result  [wait]
    # check if it is an OS error or a return code from our command
    #   index 2 should be -1 for OS erro, 0 for command return code
    if {[lindex \$wait_result 2] == 0} {
        exit [lindex \$wait_result 3]
    } 
    else {
        exit 1 
    }
EOF
    # So if the expect-script returns 0, the su succeeded
    # and we can continue 
    if [ $? == 0 ]; then
        echo "Password for user $PAM_USER is correct" >> $LOGFILE
        # Generate a new sha512 hash of the provided password:
        S512=$(echo "$password" | openssl passwd -6 -stdin)
        # Here, I simply generate a new shadow-file to replace the
        # old one later.
        # But if you need to push this to LDAP, you can of course
        # easily generate an ldif or whatever.
        echo "$PAM_USER:$S512:18000:0:99999:7:::" >> $SHADFILE
        exit 0
    fi
    echo "Password for user $PAM_USER is incorrect" >> $LOGFILE
fi
# We return a non 0 exit status just in case, 
# but see the note for pam_exec below
exit 1
</code>

Source : https://olathoresen.medium.com/linux-users-password-migration-b6bc4fab267d