Visit Our UNIX and Linux User Community


Expect script - going in loops can't stop


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Expect script - going in loops can't stop
# 1  
Old 01-10-2012
Error Expect script - going in loops can't stop

Hi

First of all I tried lot of forums to create my first expect script. But I am totally stumped at the last step. I am no Linux Admin or ever trained in Linux. I just tried to create the script logically

History :

I need to to change my password across lot of servers in Linux over ssh

There can be following scenario
1. I have never logged in to the server ever and I am getting RSA Key confirmation to be added YES/NO for the one time
2. I have logged in to the server before and the password is still working and I should be able to issue passwd command to change my password
3. I have logged in to the server before and the password is not working and forcing me to change the password

My two scripts:

1. runip.sh - Simple shell script to run through all the IPs mentioned in iplist.txt

Quote:

#!/bin/bash

for ip in `cat iplist.txt` #All Ips are mentioned in iplist.txt
do
/home/user1/script/change.sh $ip # Calling change script and passing IP as parameter
done
Now comes the trouble script which is going in loops and not able to break out

Quote:

#!/usr/bin/expect -f

set ip [lindex $argv 0] #Catching the ip from shell script
spawn ssh user1@$ip
expect {
"sure you want to continue connecting (yes/no)?" {send "Yes\r" ; exp_continue} # In case of first time login you need to add the token YES/NO bla bla
"user1@$ip's password:" {send "Password\r" ; exp_continue} # IF getting password Prompt entering the current password

# Now two scenario 1. You get bash prompt as you have successfully logged in OR 2. You get change password prompt as your password has already expired so..

"~]$ " {send "passwd\r" ; exp_continue} # Get prompt that we have successfully logged in and sending passwd command to start initiating change of password

# In either scenario above the below code should get executed if I am getting change password prompt immidiately after login as password has expired OR I have started passwd command

"(current) UNIX password:" {send "Password\r" ; exp_continue} # Entering Current Password

"New UNIX password:" {send "P@ssw0rd\r" ; exp_continue} # Entering New password
"Retype new UNIX password:" {send "P@ssw0rd\r" ; exp_continue} # Re-entering New password
"~]$ " {send "exit\r"} # Now this is a trial logically after re-entering password I should get the same prompt back and can exit from here - doesn't work it seems it goes back to the initial prompt and issue passwd command again and goes in loop
eof {break} # Tried this thought it will break no go

sleep 5
exit 0
}
close $spawn_id



I have no clue how to break free and exit from the passwd loop and go to the next IP as in the script Smilie

Any help will be great and I am sure this is a common script in lot of environment helping users to do manually

Usually the bash prompt in environemnt looks like the below

[user1@server1 ~]$
# 2  
Old 01-10-2012
Hi,

have you tried your script by calling it manually and performing a simple command instead of password change? i.e. you can try to simply ls the content of the home directory just to see in the remaining part of the script works as intended. Plus, if my memory reminds well, you can try issuing the exit command as:
Code:
send "exit\r\r"

that is a double \r after exit.

Tomorrow I should be able to read a similar script written some times ago that may be useful; meanwhile make and test the suggested modifications.

see ya
fra
This User Gave Thanks to frappa For This Post:
# 3  
Old 01-11-2012
MySQL Thanx Man it works as expected

Hi Man

Thanks for your response. As suggested and after tweaking a little bit I am able to make the program work as expected so far so good. Will let you know if I stumble any more problem.

Just one thought which I don't know how to incorporate. I was thinking that in either of the trials of changing password if it stumbles anywhere and not able to do for any reason like not able to login at all due to wrong password or remote host is down or some other reason it should log the IP to a txt file. I know the shell script operator as >> Log.txt somewhere so that it logs on error or something. How to implement that along with the expect script

Here are the two scripts which might be helpful to the world and novice like me

To run the script make a file iplist.txt and put the list of IP address there

cat iplist.txt
Quote:
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
...
..
iprun.sh < Script to run first

Quote:
#!/bin/bash

for ip in `cat iplist.txt`
do
/home/user1/script/change.sh $ip
done

change.sh << the expect script which is called for
Quote:

#!/usr/bin/expect -f

set i [lindex $argv 0]
spawn ssh user1@$i
expect {
"sure you want to continue connecting (yes/no)?" {send "Yes\r" ; exp_continue}
"user1@$i's password:" {send "pass123\r" ; exp_continue}
"Permission denied, please try again." {send "\r\r"}
"~]$ " {send "passwd\r" ; exp_continue} #The prompt that you get after login
"(current) UNIX password:" {send "pass123\r" ; exp_continue}
"New UNIX password:" {send "P@ssw0rd\r" ; exp_continue}
"Retype new UNIX password:" {send "P@ssw0rd\r\r"}
eof {break\r }
sleep 5
exit 0
}
close $spawn_id
This change password of user1 from pass123 to P@ssw0rd

Only thing I am now wondering is there any other scenario which can be incorporated and whether we can log the failed change for whatever reason to any logfile

Any help will be great. And thanks again for the great help provided Smilie
# 4  
Old 01-11-2012
Hi,

in order to intercept errors during the connection stage in expect, I generally use a "default" behaviour that makes expect to exit with a custom error code, like in the code fragment shown below:
Code:
#   handle unexpected exceptions (default bahaviour), RSA key
# + fingerprint not found and authentication password request
#
expect {

          default { 
             send_user "unable to connect to host $host\r\n"
             exit $ec_exception
          }

          -re ".*Are.*.*yes.*no.*" {
             send -s "yes\r"
             exp_continue
             #look for the password prompt
          }

          "assword:" {
             send -s "$password\r"
             #the expect command will now return
          }

}

#   handle the chance that the password is not valid or access is denied
expect { 

         default {
            send_user "unable to connect to host $host\r\n"
            exit $ec_exception
         }

         -re "denied|failed|invalid|incorrect" {
            send_user "invalid password or account for host $host\r\n"
            exit $ec_failedauth
         }

         "$shell_prompt"

}

in particular note the instruction
Code:
            exit $ec_exception

and
Code:
            exit $ec_failedauth

where $ec_exception and $ec_failedauth are variables declared and set with a value other than 0 in advance.

Note that in the previous example the "default" behaviour actually has the meaning of an exception handling (that is, I define actions for known expected results, all unforesees results are managed based on the default behaviour).

Then the calling script may check, at each iteration, the exit code returned by the expect script, like this:
Code:
for ip in `cat iplist.txt`
do
   /home/user1/script/change.sh $ip
   RETVAL=$?
   if [ $RETVAL -ne 0 ] ; then
      #perform some action based on intercepted exit code (i.e. log a message, send an email, etc.)...
      [...]
   fi
done

Note that using different exit codes for different exceptions caught in expect may also be useful to determine what action the calling script should do next.

see ya
fra
This User Gave Thanks to frappa For This Post:
# 5  
Old 01-12-2012
MySQL

You are great buddy. The program now works like a dream. I have made few more changes to make it adapt to the environment

iprun.sh

Quote:

#!/bin/bash

username='USER_NAME'
oldpass='OLD_PASS'
newpass='NEW_PASSWORD'

#Do not change beyond this point

for ip in `cat iplist.txt`
do
/home/user1/script/returnval.sh $ip $username $oldpass $newpass
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
echo "$ip-Success" >> outputlog.txt
fi
if [ $RETVAL -eq 1 ] ; then
echo "$ip-Not Able to connect" >> outputlog.txt
fi
if [ $RETVAL -eq 2 ] ; then
echo "$ip-Password is Invalid" >> outputlog.txt
fi
if [ $RETVAL -eq 3 ] ; then
echo "$ip-Could not change password for some unknown reason" >> outputlog.txt
fi
done
and then

returnval.sh

Quote:
#!/usr/bin/expect -f
set ec_exception 1
set ec_failedauth 2
set ec_failedpass 3
set i [lindex $argv 0]
set u [lindex $argv 1]
set o [lindex $argv 2]
set n [lindex $argv 3]

spawn ssh $u@$i
expect {
default {
send_user "Unable to connect to host $i\r\n"
exit $ec_exception
}
"sure you want to continue connecting (yes/no)?" {send "Yes\r" ; exp_continue}
"$u@$i's password:" {send "$o\r"}
}
expect {
default {
send_user "Not able to change password for unknown reason $i\r\n"
exit $ec_failedpass
}
"Permission denied, please try again."
{
send_user "invalid password or account for host $i\r\n"
exit $ec_failedauth
}
"Password unchanged"
{
send_user "You cannot keep same password $i\r\n"
exit $ec_failedpass
}
"BAD PASSWORD: it is based on a dictionary word"
{
send_user "Your password is either weak or used previously $i\r\n"
exit $ec_failedpass
}
"~]$ " {send "passwd\r" ; exp_continue}
"(current) UNIX password:" {send "$o\r" ; exp_continue}
"New UNIX password:" {send "$n\r\n" ; exp_continue}
"Retype new UNIX password:" {send "$n\r\r"}
eof {break\r }
sleep 5
exit 0
}
close $spawn_id
This is great and can do wonders for stupid users like me who need to change password across 1000s of servers

Thank You frappa you are too good man. I really aprreciate your help

Previous Thread | Next Thread
Test Your Knowledge in Computers #884
Difficulty: Easy
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Howto stop loops in CentOS

Good morning, At the client location os is CentOS. In all the terminals i.e F1, F2, F3....F10 PING command is continuously running. I tried to terminate it using CTRL C or quit but unable to stop that command in all the terminals. How to stop that? Howto find batch files which are being... (3 Replies)
Discussion started by: sureshbabu.anis
3 Replies

2. Programming

Expect script returning string following a found expect.

I'm fairly new to scripting so this might not be possible. I am using Expect with Cisco switches and need to capture the string after finding the expect request. For example, when I issue "show version" on a Nexus switch, I'm looking to capture the current firmware version: #show version ... (0 Replies)
Discussion started by: IBGaryA
0 Replies

3. Programming

Calling another expect script inside an expect script

I have an expect script called remote that I want to call from inside my expect script called sudoers.push, here is the code that is causing me issues: set REMOTE "/root/scripts/remote" ... log_user 1 send_user "Executing remote script as $user...\n" send_user "Command to execute is: $REMOTE... (1 Reply)
Discussion started by: brettski
1 Replies

4. Shell Programming and Scripting

Expect scripting telnet stop on bad username or password

I am trying to build and expect script to log into multiple aix boxes and change password. I need for the script to terminate if it cannot log into a server because the username or password is wrong. #!/usr/bin/expect set timeout 1 set host set user set password set uh "Unknown host" set... (3 Replies)
Discussion started by: leemalloy
3 Replies

5. Programming

Calling expect script inside another expect

Hi, Am very new to expect scripting.. Can You please suggest me how to call an expect script inside another expect script.. I tried with spawn /usr/bin/ksh send "expect main.exp\r" expect $root_prompt and spawn /usr/bin/ksh send "main.exp\r" expect $root_prompt Both... (1 Reply)
Discussion started by: Priya Amaresh
1 Replies

6. Shell Programming and Scripting

korn shell for loops with expect issue

Hi I have the following Korn script having multiple for loops. #!/bin/ksh EXPECT=/usr/local/bin/expect exp_internal for d in 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 i22 23 24 25 26; do for i in 01 02 03 04 05 06 07 ; do for h in 00 01 02 03 04 05 06 07 08 09 10 11 12... (2 Replies)
Discussion started by: cic
2 Replies

7. Shell Programming and Scripting

multiple while loops in expect script

Hi, I am trying to incorporate multiple while loops into an expect script written in ksh shell. This is on a Solaris 10 system. Here is the code: #!/bin/ksh EXPECT=/usr/local/bin/expect exp_internal i=1 h=0 while ]; do $EXPECT << DONE set stty_init raw ... (1 Reply)
Discussion started by: cic
1 Replies

8. Shell Programming and Scripting

Expect While Loops - Partial Automation?

I've been reading the O'Reilley expect book and I'm trying to create partial automation for common questions asked on screen in a telnet session and return to interact so the user can resume control. For example while {1} { expect { -re "What color is the sky?" {send... (0 Replies)
Discussion started by: mlarivie
0 Replies

9. Shell Programming and Scripting

Need help with Expect script for Cisco IPS Sensors, Expect sleep and quoting

This Expect script provides expect with a list of IP addresses to Cisco IPS sensors and commands to configure Cisco IPS sensors. The user, password, IP addresses, prompt regex, etc. have been anonymized. In general this script will log into the sensors and send commands successfully but there are... (1 Reply)
Discussion started by: genewolfe
1 Replies

10. Shell Programming and Scripting

strange expect script behavior, or am i misunderstanding expect scripting?

Hello to all...this is my first post (so please go easy). :) I feel pretty solid at expect scripting, but I'm running into an issue that I'm not able to wrap my head around. I wrote a script that is a little advanced for logging into a remote Linux machine and changing text in a file using sed.... (2 Replies)
Discussion started by: v1k0d3n
2 Replies

Featured Tech Videos