密码更改期望脚本

时间:2018-03-22 15:54:33

标签: linux unix ssh tcl expect

第一次来电,长时间听众,我有一个以期望脚本为中心的问题,并在几台主机上更改密码。我没有任何问题让期望脚本旋转或更改密码,我遇到的问题是预期脚本能够处理多个'期望'。我需要考虑4件事,我们的环境是笨拙的 - 请耐心等待我。

  1. 帐户很好,密码需要轮换 - 这可行
  2. 帐户已过期,密码需求已更改 - 此作品
  3. 帐户已使用新密码 - 尚未内置
  4. 帐户已锁定 - 未内置

    5. 我的脚本循环浏览主机列表并登录,我希望它能做一些事情 - 当它登录时,如果帐户过期,它会期望某些事情并更改密码,这是有效的。如果没有出现并且脚本使用旧密码正常登录,只需执行passwd命令并更改密码即可。我现在遇到的问题是让两件事情正确地协同工作。

    如果主机列表包含混合,帐户过期且信誉良好,我希望能够循环并适当处理每种情况,然后记录。现在,如果我放入一些帐户过期且很好的测试主机(4到5),如果最后一个主机已过期,则脚本可以正常工作。但如果第一个主机已过期则无法运行,则必须移至新主机。

    以下是下面的代码,我已经在互联网上搜索知识,但没有任何匹配。

    我希望能够说,如果期望值==(当前的UNIX密码)然后执行此操作,如果使用旧密码继续并更改为新密码...真的很难让它一起工作

    #!/usr/bin/expect



set timeout 10
set user userAccount
set password oldPassword
set new_password newPassword


set f [open "input.txt"]
set hosts [read $f]
close $f


## need to say if the expected value is "(current) UNIX password: then do this"
foreach host $hosts {
    spawn -noecho /bin/ssh -q -o StrictHostKeychecking=no "$user\@$host"
    expect "Password:" 
    send "$password\r"
        expect { 
            "(current) UNIX password:" {send $password\r; exp_continue}
            "New password:" {send $new_password\r; exp_continue}
            "Retype new password:" {send $new_password\r; exp_continue}
            "~]$" {close}
}
    send "echo -e '$password\n$new_password\n$new_password' | passwd\r"
    expect "~]$" {close}
}

1 个答案:

答案 0 :(得分:1)

我怀疑最简单的解决方案是对您的第一个期望命令进行一些小改动:

def groupfinder(userid, request):
    user = request.db.query(User).get(userid)
    if user is not None:
        principals = []
        for app in user.apps:
            principals += [
                f'app:{app.id}',
                f'app:{app.id} user:{user.id}',
            ]
            for group in app.groups:
                principals += [f'app:{app.id} group:{group.id}']
        return principals

关键部分是第二次发送新密码后没有exp_continue。然后它会突破第一个expect命令,只匹配第二个expect命令的提示符。如果密码未过期,将在第一个expect命令中找到提示。这样就可以运行passwd命令。

添加了其他愿望后,循环体看起来像这样:

expect { 
    "(current) UNIX password:" {send $password\r; exp_continue}
    "New password:" {send $new_password\r; exp_continue}
    "Retype new password:" {send $new_password\r}
    "~]$" {send "echo -e '$password\n$new_password\n$new_password' | passwd\r"}
}
expect "~]$" {close}

那将是基本结构。如果它不起作用,请添加spawn -noecho /bin/ssh -q -o StrictHostKeychecking=no "$user\@$host" expect "assword: " send "$password\r" expect { -timeout 30 "(current) UNIX password: " { # Password has expired send $password\r expect { "New password: " { send $new_password\r exp_continue } "Retype new password: " { send $new_password\r exp_continue } "all authentication tokens updated successfully." { # Password has been changed } default { error "Failed to change the password" } } } "assword: " { # Old password was not accepted send $new_password\r expect { -timeout 30 -ex "~]$" { # New password was accepted } "assword: " { # New password was not accepted either error "None of the passwords was accepted" } default { error "Failed to log in" } } } "locked" { # Account is locked } -ex "~]$" { # Logged in with old password send "echo -e '$password\n$new_password\n$new_password' | passwd\r" expect { -ex "~]$" { # Password successfully updated } default { error "passwd command failed" } } } default { error "Log in timed out" } } close 命令以确定需要哪些调整。

相关问题
最新问题