1

Background

I am extremely green and new to Linux, so apologies in advance if this is off topic, or I am using the wrong terminology, etc.

I am writing a shell script to be executed on Ubuntu/WSL through calling Powershell from a node.js project. I pass a string containing the wsl command along with the path to the shell script I am trying to run to the PowerShell module like below

new PowerShell("wsl ./lpass.sh")

Issue

The shell script is able to run perfectly fine, however, I have a line of code that NEEDS to pass input to a command prompt when ran. This line of code sends a log-in request to a server which then responds, prompting the user for their password to be entered. I have been able to get this line of code working, passes the user input to the command when prompted, when I call the script with just this one line. This is what the lpass.sh file looks like when I get the command working in the nature that I would like. 

#!/bin/sh
echo 'Password' | LPASS_DISABLE_PINENTRY=1 lpass login --force [email protected]

With the file configured this way, I am able to log-in to the LastPass account that I would like just by calling the script from the PowerShell command line. Using the piping, my password is passed and entered as input to the command prompt when elevated. However, obviously, I would like to do more than just log into the account through LastPass's CLI.

What I would like to be able to do is, log into the LastPass account, and then perform more actions through the LastPass CLI after I have logged in. I would like the lpass.shfile to have more commands and code to it than just one line like so...

#!/bin/sh
echo 'Test' | LPASS_DISABLE_PINENTRY=1 lpass login --force [email protected]
lpass show -G -x --json poopy | jq '.' > poopy.json

The problem is if I run the file like shown above, the command prompt does not take my input before the pipe and thus does not log me into the LastPass account. The command after appears to be working fine, however I am not sure of the result as I am not able to perform that command without being logged into LastPass.

Question

How can I write the shell script so that my first line echo "password" | lpass login accepts the input before the pipe but also has more than one line of code within it as well? Is there somewhere or something that describes how command prompts interact with the rest of the script/ how shell scripts execute? I was able to find some documentation on shell scripts here and a few other places however I am struggling to find the exact problem that I am encountering. Or even better, what I am really interested in, which is how command prompts are being interacted with by the shell from a script and how the shell executes/runs/debugs the scripts that causes the command to not run properly with more lines of codes after it.

Improve this question
1

1 Answer 1

Reset to default
1

It is most often a terrible idea to embed your lasspass master password into random scripts that might incorrectly get commited to github or sent elsewhere as part of a legal discovery process or hoovered up by javascript running in some bloatenschlaag browser. With this in mind...

According to the lpass(1) man page the password can be accepted on standard input:

If pinentry program is unavailable, or if the LPASS_DISABLE_PINENTRY environment variable is set to 1, passwords will be read from standard input and a prompt will be displayed on standard error.

This in practice appears to be a bit finicky though eventually I was able to get something like

printf 'Hunter2' |
LPASS_DISABLE_PINENTRY=1 lpass login [email protected]

working from the command line. You will probably want to check the exit status word (mangled by the shell into the $? variable) to see if the command actually worked and to fail the script on a non-zero exit.

Another option is to set LPASS_ASKPASS which should be a program that produces the password to standard output, but that's more or less the same thing as the above.

lpass may leave a little daemon running by default; this may complicate matters. You can disable it by exporting LPASS_AGENT_DISABLE=1 into the environment the lpass command is run in. Or, use lpass status to see whether a password should be entered:

$ lpass status
Not logged in.
$ echo $?
1

Other password programs may instead read from /dev/tty in which case you will typically need something like expect to interact with the program, as in that case standard input will not be used. This fact may or may not be documented by the program in question.

Anyways, a full lastpass shell script might look something like the following, which only logs in if necessary. It could do with some more error checking, such as to capture the result of the login or status commands and show that information should something go awry instead of hiding it by default.

#!/bin/sh

lpasslogin() {
   printf 'Hunter2' |
   LPASS_DISABLE_PINENTRY=1 lpass login --force [email protected] >/dev/null 2>&1
}

lpassup() {
   lpass status >/dev/null || lpasslogin
   status=$?
   if [ $status -ne 0 ]; then
      printf >&2 "lpass login failed\n"
      exit $status
   fi
}

lpassup

# account creation for testing
printf "Username: test\nPassword: Hunter2" |
lpass add test --non-interactive

# and now testing (`jq` might not be doing much here?)
#lpass show -G -x --json test | jq . > test.json
Improve this answer
1
  • Thank you for taking the time to leave a lengthy response. (Also thank you for noting about the password. I could have been in big trouble(still am but better than it was) I do not have the rep to give you an upvote on your answer but I much appreciate your assistance and advice. I did mark you answer as the correct one so you recieve some rep for your time :)
    – RankinJ
    Commented Aug 30, 2022 at 20:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .