第一次来电,长时间听众,我有一个以期望脚本为中心的问题,并在几台主机上更改密码。我没有任何问题让期望脚本旋转或更改密码,我遇到的问题是预期脚本能够处理多个'期望'。我需要考虑4件事,我们的环境是笨拙的 - 请耐心等待我。
我的脚本循环浏览主机列表并登录,我希望它能做一些事情 - 当它登录时,如果帐户过期,它会期望某些事情并更改密码,这是有效的。如果没有出现并且脚本使用旧密码正常登录,只需执行passwd命令并更改密码即可。我现在遇到的问题是让两件事情正确地协同工作。
如果主机列表包含混合,帐户过期且信誉良好,我希望能够循环并适当处理每种情况,然后记录。现在,如果我放入一些帐户过期且很好的测试主机(4到5),如果最后一个主机已过期,则脚本可以正常工作。但如果第一个主机已过期则无法运行,则必须移至新主机。
以下是下面的代码,我已经在互联网上搜索知识,但没有任何匹配。
我希望能够说,如果期望值==(当前的UNIX密码)然后执行此操作,如果使用旧密码继续并更改为新密码...真的很难让它一起工作
#!/usr/bin/expect
set timeout 10
set user userAccount
set password oldPassword
set new_password newPassword
set f [open "input.txt"]
set hosts [read $f]
close $f
## need to say if the expected value is "(current) UNIX password: then do this"
foreach host $hosts {
spawn -noecho /bin/ssh -q -o StrictHostKeychecking=no "$user\@$host"
expect "Password:"
send "$password\r"
expect {
"(current) UNIX password:" {send $password\r; exp_continue}
"New password:" {send $new_password\r; exp_continue}
"Retype new password:" {send $new_password\r; exp_continue}
"~]$" {close}
}
send "echo -e '$password\n$new_password\n$new_password' | passwd\r"
expect "~]$" {close}
}
答案 0 :(得分:1)
我怀疑最简单的解决方案是对您的第一个期望命令进行一些小改动:
def groupfinder(userid, request):
user = request.db.query(User).get(userid)
if user is not None:
principals = []
for app in user.apps:
principals += [
f'app:{app.id}',
f'app:{app.id} user:{user.id}',
]
for group in app.groups:
principals += [f'app:{app.id} group:{group.id}']
return principals
关键部分是第二次发送新密码后没有exp_continue。然后它会突破第一个expect命令,只匹配第二个expect命令的提示符。如果密码未过期,将在第一个expect命令中找到提示。这样就可以运行passwd命令。
添加了其他愿望后,循环体看起来像这样:
expect {
"(current) UNIX password:" {send $password\r; exp_continue}
"New password:" {send $new_password\r; exp_continue}
"Retype new password:" {send $new_password\r}
"~]$" {send "echo -e '$password\n$new_password\n$new_password' | passwd\r"}
}
expect "~]$" {close}
那将是基本结构。如果它不起作用,请添加spawn -noecho /bin/ssh -q -o StrictHostKeychecking=no "$user\@$host"
expect "assword: "
send "$password\r"
expect {
-timeout 30
"(current) UNIX password: " {
# Password has expired
send $password\r
expect {
"New password: " {
send $new_password\r
exp_continue
}
"Retype new password: " {
send $new_password\r
exp_continue
}
"all authentication tokens updated successfully." {
# Password has been changed
}
default {
error "Failed to change the password"
}
}
}
"assword: " {
# Old password was not accepted
send $new_password\r
expect {
-timeout 30
-ex "~]$" {
# New password was accepted
}
"assword: " {
# New password was not accepted either
error "None of the passwords was accepted"
}
default {
error "Failed to log in"
}
}
}
"locked" {
# Account is locked
}
-ex "~]$" {
# Logged in with old password
send "echo -e '$password\n$new_password\n$new_password' | passwd\r"
expect {
-ex "~]$" {
# Password successfully updated
}
default {
error "passwd command failed"
}
}
}
default {
error "Log in timed out"
}
}
close
命令以确定需要哪些调整。