-
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathsudo-touchid.sh
executable file
·126 lines (106 loc) · 2.52 KB
/
sudo-touchid.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
VERSION=0.4
readable_name='[TouchID for sudo]'
executable_name='sudo-touchid'
usage() {
cat <<EOF
Usage: $executable_name [options]
Running without options adds TouchID parameter to sudo configuration
Options:
-d, --disable Remove TouchID from sudo config
-v, --version Output version
-h, --help This message.
EOF
}
backup_ext='.bak'
touch_pam='auth sufficient pam_tid.so'
sudo_path='/etc/pam.d/sudo'
nl=$'\n'
# Source: https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh
getc() {
local save_state
save_state="$(/bin/stty -g)"
/bin/stty raw -echo
IFS='' read -r -n 1 -d '' "$@"
/bin/stty "${save_state}"
}
wait_for_user() {
local c
echo
echo "Press RETURN to continue or any other key to abort"
getc c
# we test for \r and \n because some stuff does \r instead
if ! [[ "${c}" == $'\r' || "${c}" == $'\n' ]]; then
exit 1
fi
}
# Source end.
display_backup_info() {
echo "Created a backup file at $sudo_path$backup_ext"
echo
}
display_sudo_without_touch_pam() {
grep -v "^$touch_pam$" "$sudo_path"
}
touch_pam_at_sudo_path_check_exists() {
grep -q -e "^$touch_pam$" "$sudo_path"
}
touch_pam_at_sudo_path_insert() {
sudo sed -E -i "$backup_ext" "1s/^(#.*)$/\1\\${nl}$touch_pam/" "$sudo_path"
}
touch_pam_at_sudo_path_remove() {
sudo sed -i "$backup_ext" -e "/^$touch_pam$/d" "$sudo_path"
}
sudo_touchid_disable() {
if touch_pam_at_sudo_path_check_exists; then
echo "The following will be your $sudo_path after disabling:"
echo
display_sudo_without_touch_pam
wait_for_user
if touch_pam_at_sudo_path_remove; then
display_backup_info
echo "$readable_name has been disabled."
else
echo "$readable_name failed to disable"
fi
else
echo "$readable_name seems to be already disabled"
fi
}
sudo_touchid_enable() {
if touch_pam_at_sudo_path_check_exists; then
echo "$readable_name seems to be enabled already"
else
if touch_pam_at_sudo_path_insert; then
display_backup_info
echo "$readable_name enabled successfully."
else
echo "$readable_name failed to execute"
fi
fi
}
sudo_touchid() {
for opt in "${@}"; do
case "$opt" in
-v | --version)
echo "v$VERSION"
return 0
;;
-d | --disable)
sudo_touchid_disable
return 0
;;
-h | --help)
usage
return 0
;;
*)
echo "Unknown option: $opt"
usage
return 0
;;
esac
done
sudo_touchid_enable
}
sudo_touchid "${@}"