Menu
▾
▴
Re: [Expectperl-discuss] expired passwd in AIX
|
From: Smith, E. \(IT T. OPS\) <ES...@at...> - 2008-04-22 17:07:50
|
Hi,
Firstly thanks Roland and Bruno for helping get some juices flowing. My
head hurt from banging it against the wall :-)
I never did figure out why this didn't work. I tried
io::Handle::printflush() and went as far as to try
IO::Handle::syswrite($$) and got the same result so it's not likely perl
or expect but perhaps something to do with ssh and AIXs terminal
emulations. It's certainly out-of-scope for this project ;)
Here's the workaround for the expired passwd on AIX when logging in via
ssh (tested on RedHat Linux RHEL4-2.6.9-42/openssh3.9p1, SunOS
5.10/openssh_4.3p2, AIX4.3.3/openssh_3.9p1 and AIX5.3/openssh_4.7p1)
Please pardon the kludgieness. It's a nested expect which would not be
my first choice but *seems* to work in all the environments I have to
deal with.
# change_password(expect_object, old_password, new_password);
sub change_password
{
my $exp = shift;
my $old_pwd = shift;
my $new_pwd = shift;
my $rc = 1;
my $cmd = "passwd";
$cmd = "passwd -r files" if $OS =~ /SunOS/;
$exp->clear_accum();
if(!$EXPIRED)
{
$exp->send("$cmd\n");
}
$exp->expect($ENV{TIMEOUT},
[ qr/.*BAD PASSWORD.*$|Authentication token manipulation
error.*$/, sub {
my $self = shift;
print
"ERROR:set_user_password:".__LINE__.":".($self->match())."\n";
}],
[ qr/Connection to.*closed/i,
sub {
print "sucess:".__LINE__.": password changed
[$new_pwd]\n" if $DEBUG>0;
$rc = 0;
}
],
[ qr/Permission denied.*$|.*ssword too short.*$/i,
sub {
print "password change failed[$old_pwd]\n" if
$DEBUG>0;
}
],
[ qr/New password:.*$|New.*password:.*$/i, sub {
my $ok = 0;
my $self = shift;
$self->send($new_pwd,"\n");
# $self->printflush();
my $ptrn = 'password successfully changed|'.
'.*updated successfully.*|'.
'Connection .* closed|'.
'New.*password:.*$|'.
'gain:';
$self->expect(2,
[ qr/$ptrn/i, sub {
$self->set_accum($self->before().$self->match().$self->after());
$ok = 1;
}]
);
if($ok < 1)
{
$self->send($new_pwd,"\n");
}
exp_continue;
}],
[ qr/gain:.*$/i, sub {
my $ok = 0;
my $self = shift;
$self->send($new_pwd,"\n");
# $self->printflush();
$self->expect(2,
[ qr/$ENV{PROMPT}/, sub {
$self->set_accum($self->before().$self->match().$self->after());
$ok = 1;
}]
);
if($ok < 1)
{
$self->send($new_pwd,"\n");
}
exp_continue;
}],
[ qr/password:\s?$/i, sub {
my $ok = 0;
my $self = shift;
$self->send($old_pwd,"\n");
# $self->printflush();
$self->expect(2,
[ qr/.*password.*/i, sub {
$self->set_accum($self->before().$self->match().$self->after());
$ok = 1;
}]
);
if($ok < 1)
{
$self->send($old_pwd,"\n");
}
exp_continue;
}],
[ qr/$ENV{PROMPT}/,
sub {
my $self = shift;
if($DEBUG >0)
{
my $foo = $self->before();
$foo .= $self->match();
print "--> PROMPT FOUND [".$foo."]\n";
}
$rc = 0;
print "----[ password >$new_pwd< set ]---\n";
}
]
);
return $rc;
}
If you have any further helpful hints please let me know.
Thanks!
ed
________________________________
From: Bruno Negrao [mailto:bn...@gm...]
Sent: Friday, April 18, 2008 11:25 AM
To: Smith, Edward (IT TECH OPS)
Cc: Roland Giersig; exp...@li...
Subject: Re: [Expectperl-discuss] expired passwd in AIX
Edward,
I suspect this has to do with buffering. Somehow your password string
doesn't complete a buffer and it is not transmitted to the passwd
executable on the other side. So when you send the password string a
second time, the buffer completes and the first string is sent, the
second one is ignored. (crazy?)
There's a perl variable that controls buffering (i forgot which one),
you should disable buffering anywhere you can. (and then tell us how did
you do that)
Please try this and tell us what happened.
Regards,
bruno
On Fri, Apr 18, 2008 at 11:56 AM, Smith, Edward (IT TECH OPS)
<ES...@at...> wrote:
Hi Roland,
Thanks for the response! I have run with "$new_pwd\n\n" and
"\n$new_pwd\n" and both work fine. I tried \r and \r\r and it failed
with both. I have spent a lot of time with countless other combinations
as well (\r\r and \n\r come to mind). I even went as far as to attempt
to use Net::SSH::Expect which appeared to work fine until it encountered
the same issue on the expired password. I was thinking it may have been
due to my setting $exp->raw_pty(1) after login but I am doing that prior
to spawning.
Below is the debug with some of the superfluous output removed.
$exp->internal(1) is set.
I have sent the old password twice, the new password twice and when it
asks for the new password again I have sent it once, then timeout.
Sending any of the three produces the same results as you can see when
the new password is sent the second time.
Let me know if you have an idea on this wierdness.
Thanks,
Ed
Script started on Fri 18 Apr 2008 09:40:16 AM EDT
Old password:bizbot
New password:qwerty
New password again:qwerty
connecting to host [anpkhsw21]
Spawned 'ssh es1724@anpkhsw21'
spawn id(3)
Pid: 17376
Tty: /dev/pts/4
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 181
Expect::spawn('Expect=GLOB(0xb405c0)', 'ssh es1724@anpkhsw21')
called at ./elpaso.pl line 619
Starting EXPECT pattern matching...
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 561
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb71b60)',
'ARRAY(0xb71b50)', 'ARRAY(0xb53c70)', 'ARRAY(0xb53d50)',
'ARRAY(0xb53dc0)', 'ARRAY(0xb53e30)', 'ARRAY(0xb53f00)', ...) called at
./elpaso.pl line 347
main::exp_login('Expect=GLOB(0xb405c0)', 'bizbot') called at
./elpaso.pl line 629
spawn id(3): list of patterns:
#1: -re `(?-xism:\(yes/no\)\?\s*$)'
#2: -re `(?-xism:Your password has expired)'
#3: -re `(?-xism:[Pp]assword.*?:|[Pp]assphrase.*?:)'
#4: -re `(?-xism:ogin:\s*$)'
#5: -re `(?-xism:Permission denied)'
#6: -re `(?-xism:REMOTE HOST IDEN)'
#7: -re `(?-xism:>$|# $|\$ $)'
es1724@anpkhsw21's password:
spawn id(3): Does `es1724@anpkhsw21\'s password: '
match:
pattern #1: -re `(?-xism:\(yes/no\)\?\s*$)'? No.
pattern #2: -re `(?-xism:Your password has expired)'? No.
pattern #3: -re `(?-xism:[Pp]assword.*?:|[Pp]assphrase.*?:)'? YES!!
Before match string: `es1724@anpkhsw21\'s '
Match string: `password:'
After match string: ` '
Matchlist: ()
Calling hook CODE(0xb53bf0)...
Sending 'bizbot\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'bizbot\x{a}') called at
./elpaso.pl line 312
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'ARRAY(0xb75620)', 'ARRAY(0xb75360)')
called at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb71b60)',
'ARRAY(0xb71b50)', 'ARRAY(0xb53c70)', 'ARRAY(0xb53d50)',
'ARRAY(0xb53dc0)', 'ARRAY(0xb53e30)', 'ARRAY(0xb53f00)', ...) called at
./elpaso.pl line 347
main::exp_login('Expect=GLOB(0xb405c0)', 'bizbot') called at
./elpaso.pl line 629
Continuing expect, restarting timeout...
spawn id(3): Does ` \n --> output abbreviated<-- \nWARNING: Your
password has expired.\nYou must change your password now and login
again!\n'
match:
pattern #1: -re `(?-xism:\(yes/no\)\?\s*$)'? No.
pattern #2: -re `(?-xism:Your password has expired)'? YES!!
Before match string: ` \n --> abbreviated<-- \n'
Match string: `Your password has expired'
After match string: `.\nYou must change your password now and login
again!\n'
Matchlist: ()
Calling hook CODE(0xb53ba0)...
304: Expired password detected!
Starting EXPECT pattern matching...
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 561
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
spawn id(3): list of patterns:
#1: -re `(?-xism:.*BAD PASSWORD.*$|Authentication token manipulation
error.*$)'
#2: -re `(?i-xsm:New password:|New.*password:)'
#3: -re `(?i-xsm:gain:)'
#4: -re `(?i-xsm:password:\s?$)'
#5: -re `(?-xism:>$|# $|\$ $)'
#6: -re `(?i-xsm:Connection to.*closed)'
#7: -re `(?i-xsm:Permission denied)'
es1724's Old password:
spawn id(3): Does `Changing password for \"es1724\"\nes1724\'s Old
password: '
match:
pattern #1: -re `(?-xism:.*BAD PASSWORD.*$|Authentication token
manipulation error.*$)'? No.
pattern #2: -re `(?i-xsm:New password:|New.*password:)'? No.
pattern #3: -re `(?i-xsm:gain:)'? No.
pattern #4: -re `(?i-xsm:password:\s?$)'? YES!!
Before match string: `Changing password for \"es1724\"\nes1724\'s
Old '
Match string: `password: '
After match string: `'
Matchlist: ()
Calling hook CODE(0xb53cc0)...
Sending 'bizbot\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'bizbot\x{a}') called at
./elpaso.pl line 427
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'undef', 'ARRAY(0xb75450)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
Sending 'bizbot\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'bizbot\x{a}') called at
./elpaso.pl line 428
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'undef', 'ARRAY(0xb75450)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
Continuing expect, restarting timeout...
sword:
spawn id(3): Does `\nes1724\'s New password: '
match:
pattern #1: -re `(?-xism:.*BAD PASSWORD.*$|Authentication token
manipulation error.*$)'? No.
pattern #2: -re `(?i-xsm:New password:|New.*password:)'? YES!!
Before match string: `\nes1724\'s '
Match string: `New password:'
After match string: ` '
Matchlist: ()
Calling hook CODE(0xb71b90)...
Sending 'qwerty\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'qwerty', '\x{a}') called
at ./elpaso.pl line 415
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'undef', 'ARRAY(0xb75450)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
Sending 'qwerty\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'qwerty', '\x{a}') called
at ./elpaso.pl line 416
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'undef', 'ARRAY(0xb75450)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
Continuing expect, restarting timeout...
ssword again:
spawn id(3): Does ` \nEnter the new password again:'
match:
pattern #1: -re `(?-xism:.*BAD PASSWORD.*$|Authentication token
manipulation error.*$)'? No.
pattern #2: -re `(?i-xsm:New password:|New.*password:)'? No.
pattern #3: -re `(?i-xsm:gain:)'? YES!!
Before match string: ` \nEnter the new password a'
Match string: `gain:'
After match string: `'
Matchlist: ()
Calling hook CODE(0xb71b20)...
Sending 'qwerty\n' to spawn id(3)
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1264
Expect::print('Expect=GLOB(0xb405c0)', 'qwerty', '\x{a}') called
at ./elpaso.pl line 422
main::__ANON__('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 760
Expect::_multi_expect(20, 'undef', 'ARRAY(0xb75450)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 565
Expect::expect('Expect=GLOB(0xb405c0)', 20, 'ARRAY(0xb51630)',
'ARRAY(0xb51600)', 'ARRAY(0xb53c60)', 'ARRAY(0xb53d80)',
'ARRAY(0xb53f00)', 'ARRAY(0xb75350)', 'ARRAY(0xb75400)', ...) called at
./elpaso.pl line 454
main::change_password('Expect=GLOB(0xb405c0)', 'bizbot',
'qwerty') called at ./elpaso.pl line 661
Continuing expect, restarting timeout...
spawn id(3): Does `'
match:
pattern #1: -re `(?-xism:.*BAD PASSWORD.*$|Authentication token
manipulation error.*$)'? No.
pattern #2: -re `(?i-xsm:New password:|New.*password:)'? No.
pattern #3: -re `(?i-xsm:gain:)'? No.
pattern #4: -re `(?i-xsm:password:\s?$)'? No.
pattern #5: -re `(?-xism:>$|# $|\$ $)'? No.
pattern #6: -re `(?i-xsm:Connection to.*closed)'? No.
pattern #7: -re `(?i-xsm:Permission denied)'? No.
Closing spawn id(3).
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1431
Expect::hard_close('Expect=GLOB(0xb405c0)') called at
./elpaso.pl line 670
spawn id(3) closed.
Pid 17376 of spawn id(3) terminated, Status: 0x01
Closing spawn id(3).
at /usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1431
Expect::hard_close('Expect=GLOB(0xb405c0)') called at
/usr/lib/perl5/site_perl/5.8.5/Expect.pm line 1621
Expect::DESTROY('Expect=GLOB(0xb405c0)') called at ./elpaso.pl
line 670
eval {...} called at ./elpaso.pl line 670
password change for [anpkhsw21] failed. old pwd [bizbot] new pwd
[qwerty]
Script done on Fri 18 Apr 2008 09:43:30 AM EDT
[es1724@wxgcpw200 elpaso]$
-----Original Message-----
From: Roland Giersig [mailto:rgi...@cp...]
Sent: Friday, April 18, 2008 6:54 AM
To: Smith, Edward (IT TECH OPS)
Cc: exp...@li...
Subject: Re: [Expectperl-discuss] expired passwd in AIX
Hmm, very strange.
Have you tried other things? Sending double linefeeds "$new_pwd\n\n" or
"\n$new_pwd\n"? Using "\r" instead of "\n"?
Yes, please send debug output for the case with password expired and
sending only one $new_pwd with $Expect::Internal = 1;
Regards, Roland
------------------------------------------------------------------------
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/j
avaone
_______________________________________________
Expectperl-discuss mailing list
Exp...@li...
https://lists.sourceforge.net/lists/listinfo/expectperl-discuss
|
