#!/usr/bin/expect -f ########################################################################### ### Copyright (c) 2006 Hewlett Packard Development Company, L.P. # ########################################################################### ### Remote host control script set host $env(HPSUM_HOST) #set host [lindex $argv 0] set service_control $env(HPSUM_SERVICE_CONTROL) #set service_control [lindex $argv 4] set usepubkey 0 set step 0 set timeout -1 set connected_flag 0 set force_slow 1 set sshpath "" set scppath "" set iptablespathr "" set iptablespathl "" set ifconfigpath "" set mkdirpathr "" set rmpathr "" if { ${usepubkey} < 1} { set user $env(HPSUM_USER) set passwd $env(HPSUM_PWD) #[lindex $argv 3] #$env(HPSUM_PWD) set sshprm0 "-o" set sshprm1 "PubkeyAuthentication=no" set sshdst "${user}@${host}" } else { set sshprm0 "-o" set sshprm1 "PubkeyAuthentication=yes" set sshdst "${host}" } if { $force_slow } { set send_slow { 1 .1 } proc send_with_id { id arg } { set spawn_id ${id} sleep .1 exp_send -s -- ${arg} } proc send {arg} { sleep .1 exp_send -s -- ${arg} } } # # Returns a list of interfaces addresses excluding localhost # proc gethostipaddress { ifcfgpath } { puts "getting ip address\r" set ips [list] if { ${ifcfgpath} != "" } { catch { ::exec ${ifcfgpath} -a | grep "inet" | grep -v "Scope:Link" | grep -v "Scope:Host" | grep -v "127.0.0.1" | grep -v "::1" | sed "s/addr:/addr: /g" | awk { { print $3 } } | awk -F/ { { print $1 } } } data # catch { ::exec ${ifcfgpath} -a | grep "inet" | grep -v "Scope:Link" | grep -v "Scope:Host" | grep -v "127.0.0.1" | sed "s/addr:/addr: /g" } data foreach line [ split ${data} "\n" ] { # regexp {^[a-z]+\d+} ${line} if # if { [ regexp {^\[a-z]+\d+} ${line} -> ip ] } { puts "ip: ${line}" lappend ips ${line} #} } #} puts "finished ip addresses\r" return ${ips} } #proc gethostipaddress { ifcfgpath } { # puts "getting ip address\r" # set ips [list] ## # if { ${ifcfgpath} != ""} { # catch { ::exec ${ifcfgpath} -a | grep inet | grep -v "Scope:Link" | grep -v "Scope:Host" | grep -v "127.0.0.1" | sed 's/addr:/addr: /g' | awk '{ print $3 }' | awk -F/ '{ print $1 }' } data # # foreach line [split ${data} "\n" ] { # regexp {^[a-z]+\d+} ${line} if # if { [ regexp {^\s+inet\s+(?:addr:)?(\S+)} ${line} -> ip ] } { # if { ${ip} != "127.0.0.1" } { # puts "ip: ${line}" # lappend ips ${line} # } # } # } # } # puts "finished ip addresses\r" # return ${ips} #} proc getRootId {step spath sshprm0 sshprm1 sshdst passwd } { spawn ${spath} ${sshprm0} ${sshprm1} ${sshdst} vi /etc/passwd set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit ${step}3} "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { set file [split $expect_out(buffer) "\r"] set fline [lindex $file 0] set rootId [split $fline ":"] set RID [lindex $rootId "2"] puts "RootID : $RID \r" return $RID } } } proc apppath { step appname remote spath host user passwd sprm0 sprm1 } { set apath "" if {${remote} == "remote"} { spawn ${spath} ${sprm0} ${sprm1} ${user}@${host} which ${appname} set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send_with_id ${spawn_id} "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: ${appname} not found\r"; return ${apath} } " no ${appname}" { return ${apath}} "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit [expr ${step} * 10 + 6] } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit [expr ${step} * 10 + 3] } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes\r"; send_with_id ${spawn_id} "yes\r"; exp_continue } "no ${appname}" { puts "(${step}.6) ControlLinuxServer: ${appname} not found\r"; return ${apath} } "${appname}" {set apath $expect_out(buffer); regsub -all "\r" ${apath} "" apath; ; regsub -all "\n" ${apath} "" apath } timeout { puts "(${step}.7) ControlLinuxServer: timeout\r", exit [expr ${step} * 10 + 1] } eof { if {${connected_flag}} { puts "(${step}.9) ControlLinuxServer: found ${appname} in ${apath} on ${host} \r" } else { puts "(${step}.10) ControlLinuxServer: no route to the host\r"; exit [expr ${step} * 10 + 2] }; } } } else { spawn which ${appname} expect { "Command not found" { puts "(${step}.2) ControlLinuxServer: ${appname} not found\r"; return ${apath} } " no ${appname}" {return ${apath}} "${appname}" {set apath $expect_out(buffer); regsub -all "\r" ${apath} "" apath; ; regsub -all "\n" ${apath} "" apath } timeout { puts "(${step}.8) ControlLinuxServer: timeout\r", exit [expr ${step} * 10 + 1] } eof { puts "(${step}.9) ControlLinuxServer: found ${appname} in ${apath}\r" } } } return $apath } proc checkforservice { step serviceexec spath host user passwd sprm0 sprm1 } { spawn ${spath} ${sprm0} ${sprm1} ${user}@${host} ps -ef | grep ${serviceexec} | grep -v grep set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send_with_id ${spawn_id} "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit [expr ${step} * 10 + 5] } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit [expr ${step} * 10 + 6] } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit [expr ${step} * 10 + 3] } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes\r"; send_with_id ${spawn_id} "yes\r"; exp_continue } "${serviceexec}" { puts "(${step}.6) ControlLinuxServer: found active ${serviceexec} on ${host}\r"; return 77 } timeout { puts "(${step}.8) ControlLinuxServer: timeout\r", exit [expr ${step} * 10 + 1] } eof { if {${connected_flag}} { puts "(${step}.9) ControlLinuxServer: ${serviceexec} not found on ${host}\r" } else { puts "(${step}.10) ControlLinuxServer: no route to the host\r"; exit [expr ${step} * 10 + 2] }; } } return 0 } proc copy_file { step file scopypath host user passwd destdir toremote sprm0 sprm1 } { set connected_flag 0 set ipv6host "\[${host}\]" set cmd [string first ":" ${host} ] if { $cmd > -1 } { if { ${toremote} == "remote" } { puts "spawn command using remote ipv6host address\n" spawn ${scopypath} ${sprm0} ${sprm1} -q -p $file ${user}@${ipv6host}:${destdir} } else { puts "spawn command using local ipv6host address\n" spawn ${scopypath} ${sprm0} ${sprm1} -q -p ${user}@${ipv6host}:${destdir} ${file} } } else { if { ${toremote} == "remote" } { puts "spawn command using remote ipv4 host address\n" spawn ${scopypath} ${sprm0} ${sprm1} -q -p $file ${user}@${host}:${destdir} } else { puts "spawn command using local ipv4 host address\n" spawn ${scopypath} ${sprm0} ${sprm1} -q -p ${user}@${host}:${destdir} ${file} } } expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send_with_id ${spawn_id} "${passwd}\r"; set connected_flag 1; exp_continue } "No such file" { puts "(${step}.2) ControlLinuxServer: cannot copy file ${file} to ${host}:${destdir}\r"; exit [expr ${step} * 10 + 4] } "denied" { puts "(${step}.3) ControlLinuxServer: permision denided\r"; exit [expr ${step} * 10 + 3] } "Command not found" { puts "(${step}.4) ControlLinuxServer: command not found\r"; exit [expr ${step} * 10 + 5] } "not permitted" { puts "(${step}.5) ControlLinuxServer: Operation not permitted\r"; exit [expr ${step} * 10 + 6] } "Text file busy" { puts "(${step}.6) ControlLinuxServer: Unable to overwrite file ${file}\r"; exit [expr ${step} * 10 + 9] } "fingerprint" { puts "(${step}.7) ControlLinuxServer: sending yes\r"; send_with_id ${spawn_id} "yes\r"; exp_continue} timeout { puts "(${step}.8) ControlLinuxServer: timeout\r", exit [expr ${step} * 10 + 1] } eof { if {${connected_flag}} { puts "(${step}.9) ControlLinuxServer: $file copied\r" } else { puts "(${step}.10) ControlLinuxServer: no route to the host\r"; exit [expr ${step} * 10 + 2] }; } } } set sshpath [ apppath ${step} "ssh" "local" "" ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] if { ${sshpath} == ""} { exit 102 } set scppath [ apppath ${step} "scp" "local" "" ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] if { ${scppath} == "" } { exit 103 } set iptablespathr [ apppath ${step} "iptables" "remote" ${sshpath} ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] set iptablespathl [ apppath ${step} "iptables" "local" "" ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] set ifconfigpath [ apppath ${step} "ifconfig" "local" "" ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] set ip6tablespathr [ apppath ${step} "ip6tables" "remote" ${sshpath} ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] set ip6tablespathl [ apppath ${step} "ip6tables" "local" "" ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] puts "(${step}.0) ControlLinuxServer: The paths are: ${sshpath}, ${scppath}, ${iptablespathr} (remote), ${iptablespathl}, ${ifconfigpath}\r" #### Start SOAP server on the remote host if { ${service_control} == "start" } { set service_exe $env(HPSUM_SERVICE_EXE) set service_args $env(HPSUM_SVCARG) puts "${service_args}\r" set destdir $env(HPSUM_DESTDIR) set skipHost $env(HPSUM_SKIPHOST) puts "(${step}.0) ControlLinuxServer: Checking for running ${service_exe} on ${host}\r" # Add entry to remote firewall set lst [ split ${service_args} " " ] set ipaddr [ lindex ${lst} 1 ] set portno [ lindex ${lst} 2 ] set ips [ gethostipaddress ${ifconfigpath} ] puts "Local iptables path is ${iptablespathl}" puts "Remote iptables path is ${iptablespathr}" puts "Local ip6tables path is ${ip6tablespathl}" puts "Remote ip6tables path is ${ip6tablespathr}" if { ${iptablespathl} != "" || ${ip6tablespathl} != "" } { puts "1 - host is ${host}\n" set cmd [ string first ":" ${host} ] puts "cmd result is ${cmd}" if { $cmd > -1 } { if { ${ip6tablespathl} != "" } { exec ${ip6tablespathl} -I INPUT 1 -p ALL -s ${host} -j ACCEPT puts "2 - host ${host} added to local input firewall\n" exec ${ip6tablespathl} -I OUTPUT 1 -p ALL -d ${host} -j ACCEPT puts "3 - host ${host} added to local output firewall\n" } } else { if { ${iptablespathl} != "" } { exec ${iptablespathl} -I INPUT 1 -p ALL -s ${host} -j ACCEPT puts "4 - host ${host} added to local input firewall\n" exec ${iptablespathl} -I OUTPUT 1 -p ALL -d ${host} -j ACCEPT puts "5 - host ${host} added to local output firewall\n" } } puts "5a - Finished Local Firewall configuration\n" } if { ${iptablespathr} != "" || ${ip6tablespathr} != "" } { foreach ip ${ips} { puts "IP address added to firewall is ${ip}\n" set connected_flag 0 set exist_flag 0 # Add to the INPUT chain set cmd [string first ":" ${ip} ] if { $cmd > -1 } { if { ${ip6tablespathr} != "" } { puts "6 - host ${ip} added to remote input firewall\n" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${ip6tablespathr} -I INPUT 1 -p ALL -s ${ip} -j ACCEPT set exist_flag 1 } } else { if { ${iptablespathr} != "" } { puts "7 - host ${host} added to remote input firewall\n" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${iptablespathr} -I INPUT 1 -p ALL -s ${ip} -j ACCEPT set exist_flag 1 } } if { ${exist_flag} } { expect { "assword:" { puts "(${step}.1) sending password "; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) iptables: permision denied\r"; exit ${step}3 } "Command not found" { puts "(${step}.3) iptables: command not found\r"; exit ${step}5 } "fingerprint" { puts "(${step}.4) sending yes"; send ${spawn_id} "yes\r"; exp_continue} timeout { puts "timeout\r", exit ${step}1 } eof { if {$connected_flag} { puts "(${step}.5) iptables opened port in firewall\r" } else { puts "(${step}.6) iptables: no route to the host\r"; exit ${step}2 }; } } } set exist_flag 0 # Add to the OUTPUT chain if { $cmd > -1 } { if { ${ip6tablespathr} != "" } { puts "8 - host ${host} added to remote output firewall\n" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${ip6tablespathr} -I OUTPUT 1 -p ALL -d ${ip} -j ACCEPT set exist_flag 1 } } else { if { ${iptablespathr} != "" } { puts "9 - host ${host} added to remote output firewall\n" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${iptablespathr} -I OUTPUT 1 -p ALL -d ${ip} -j ACCEPT set exist_flag 1 } } if { ${exist_flag} } { expect { "assword:" { puts "(${step}.1) sending password "; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) iptables: permision denided\r"; exit ${step}3 } "Command not found" { puts "(${step}.3) iptables: command not found\r"; exit ${step}5 } "fingerprint" { puts "(${step}.4) sending yes"; send ${spawn_id} "yes\r"; exp_continue} timeout { puts "timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.5) iptables opened port in firewall\r" } else { puts "(${step}.6) iptables: no route to the host\r"; exit ${step}2 }; } } } puts "Moving to next host\n" } puts "All entries have been added to remote firewall\n" } set step 1 set srvcstatus [ checkforservice ${step} ${service_exe} ${sshpath} ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] if { ${srvcstatus} == "77" } { if { ${skipHost} == "1" } { puts "(${step}.1) ControlLinuxServer: host ${host} skipped\r"; exit 99 } else { puts "(${step}.2) ControlLinuxServer: Killing running ${service_exe} and tools on ${host}\r"; } } else { puts "(${step}.3) Cleaning-up ${host}\r" } set step 2 spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} killall -q ${service_exe} hpsum_discagnt hpsum_hwdiscovery InstallClient hpsum_srv_discovery set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "no process killed" { exp_continue } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit ${step}3 } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes"; send "yes\r"; exp_continue } timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: killing done\r" } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } set step 3 puts "(${step}.0)Creating /tmp/hp_sum\r" set connected_flag 0 spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} mkdir ${destdir} expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "exists" { puts "(${step}.2) ControlLinuxServer: ${destdir} directory exists\r"; exp_continue} # "cannot" { puts "(${step}.3) ControlLinuxServer: cannot create directory ${destdir}\r"; exit ${step}4} "not a directory" { puts "(2.4) ControlLinuxServer: file ${destdir} exists - cannot create directory ${destdir}\r"; exit ${step}7} "denied" { puts "(${step}.5) ControlLinuxServer: wrong username or password\r"; exit ${step}3} "Command not found" { puts "(${step}.6) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.7) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "fingerprint" { puts "(${step}.8) ControlLinuxServer: sending yes\r"; send "yes\r"; exp_continue} timeout { puts "(${step}.9) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.10) ControlLinuxServer: mkdir done\r" } else { puts "(${step}.11) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } set step 5 puts "(${step}.0) ControlLinuxServer: copying $service_exe to ${host}\r" copy_file 3 ${service_exe} ${scppath} ${host} ${user} ${passwd} ${destdir} "remote" ${sshprm0} ${sshprm1} puts "(${step}.0) ControlLinuxServer: ssh for ${user}@${host} ${destdir} ${service_exe} ${service_args}\r" set connected_flag 0 spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${destdir}/${service_exe} ${service_args}& expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) ControlLinuxServer: permision denided\r"; exit ${step}3 } "Command not found" { puts "(${step}.3) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.4) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes\r"; send "yes\r"; exp_continue} "HPServer" { puts "(${step}.6) Server started\r"; exit 0} timeout { puts "(${step}.7) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.8) ControlLinuxServer: service created\r" } else { puts "(${step}.9) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } } #### Stop SOAP server and tools on the remote host set step 6 if { ${service_control} == "stop" } { set service_exe $env(HPSUM_SERVICE_EXE) set destdir $env(HPSUM_DESTDIR) puts "(${step}.0) ControlLinuxServer: Killing server\r" set connected_flag 0 spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} killall -q ${service_exe} hpsum_discagnt hpsum_hwdiscovery hpsum_srvdiscovery InstallClient hpsum_srv_discovery expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) ControlLinuxServer: permision denided\r"; exit ${step}3 } "Command not found" { puts "(${step}.3) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.4) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "no process killed" { exp_continue } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes\r"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: remote host is clean\r" } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } set step 7 puts "(${step}.0) ControlLinuxServer: Cleaning temporary directory\r" set connected_flag 0 spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} rm -r -f ${destdir} expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) ControlLinuxServer: permision denided\r"; exit ${step}3 } "Command not found" { puts "(${step}.3) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.4) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes\r"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: /tmp/hp_sum deleted\r" } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } # Remove entry from remote firewall set portno 4242 set ips [ gethostipaddress ${ifconfigpath} ] if { ${iptablespathl} != "" || ${ip6tablespathl} != "" } { puts "${step}: remove local firewall entries\r" set cmd [string first ":" ${host} ] if { $cmd > -1 } { if { ${ip6tablespathl} != "" } { exec ${ip6tablespathl} -D INPUT 1 exec ${ip6tablespathl} -D OUTPUT 1 } } else { if { ${iptablespathl} != "" } { exec ${iptablespathl} -D INPUT 1 exec ${iptablespathl} -D OUTPUT 1 } } } if { ${iptablespathr} != "" || ${ip6tablespathr} != "" } { foreach ip ${ips} { puts ${ip} puts "${step}: removeentryfromfirewall\r" # Remove from the INPUT chain set cmd [string first ":" ${ip} ] set exist_flag 0 if { $cmd > -1 } { if { ${ip6tablespathr} != "" } { spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${ip6tablespathr} -D INPUT -p ALL -s ${ip} -j ACCEPT set exist_flag 1 } } else { if { ${iptablespathr} != "" } { spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${iptablespathr} -D INPUT -p ALL -s ${ip} -j ACCEPT set exist_flag 1 } } if { ${exist_flag} } { expect { "assword:" { puts "(${step}.1) sending password "; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) iptables: permision denided\r"; exit ${step}2 } "Command not found" { puts "($step.3) iptables: command not found\r"; exit ${step}3 } "fingerprint" { puts "(${step}.4) sending yes"; send ${spawn_id} "yes\r"; exp_continue} timeout { puts "timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.5) iptables opened port in firewall\r" } else { puts "(${step}.6) iptables: no route to the host\r"; exit ${step}6 }; } } } # Remove from the OUTPUT chain set cmd [string first ":" ${ip} ] set exist_flag 0 if { $cmd > -1 } { if { ${ip6tablespathr} != "" } { spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${ip6tablespathr} -D OUTPUT -p ALL -d ${ip} -j ACCEPT set exist_flag 1 } } else { if { ${iptablespathr} != "" } { spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} ${iptablespathr} -D OUTPUT -p ALL -d ${ip} -j ACCEPT set exist_flag 1 } } if { ${exist_flag} } { expect { "assword:" { puts "(${step}.1) sending password "; send "${passwd}\r"; set connected_flag 1; exp_continue } "denied" { puts "(${step}.2) iptables: permision denided\r"; exit ${step}2 } "Command not found" { puts "($step.3) iptables: command not found\r"; exit ${step}3 } "fingerprint" { puts "(${step}.4) sending yes"; send ${spawn_id} "yes\r"; exp_continue} timeout { puts "timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.5) iptables opened port in firewall\r" } else { puts "(${step}.6) iptables: no route to the host\r"; exit ${step}6 }; } } } } } } #### Check if a remote host supports ssh set step 8 if { ${service_control} == "check" } { puts "(${step}.0) ControlLinuxServer: Connecting to host ${host}\r" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} pwd set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit ${step}3} "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: connected succesfully\r" } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } } #### Reboot remote host set step 9 if { ${service_control} == "reboot" } { set rebootargs $env(HPSUM_REBOOTARGS) puts "(${step}.0) ControlLinuxServer: Rebooting host ${host}\r" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} /sbin/shutdown ${rebootargs} set connected_flag 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit ${step}3} "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r"; exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: Host ${host} rebooted succesfully\r" } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } } #### Check for active service on remote host set step 10 if { ${service_control} == "checkservice" } { set service_exe $env(HPSUM_SERVICE_EXE) set srvcstatus [ checkforservice ${step} ${service_exe} ${sshpath} ${host} ${user} ${passwd} ${sshprm0} ${sshprm1} ] exit ${srvcstatus} } #### Check if user has root rights set step 11 if { ${service_control} == "checkRootrights" } { puts "(${step}.0) ControlLinuxServer: Connecting to host ${host}\r" spawn ${sshpath} ${sshprm0} ${sshprm1} ${sshdst} id set connected_flag 0 set rootId 0 expect { "assword:" { puts "(${step}.1) ControlLinuxServer: sending password\r"; send "${passwd}\r"; set connected_flag 1; exp_continue } "Command not found" { puts "(${step}.2) ControlLinuxServer: command not found\r"; exit ${step}5 } "not permitted" { puts "(${step}.3) ControlLinuxServer: Operation not permitted\r"; exit ${step}6 } "denied" { puts "(${step}.4) ControlLinuxServer: wrong username or password\r"; exit ${step}3} "fingerprint" { puts "(${step}.5) ControlLinuxServer: sending yes"; send "yes\r"; exp_continue} timeout { puts "(${step}.6) ControlLinuxServer: timeout\r", exit ${step}1 } eof { if {${connected_flag}} { puts "(${step}.7) ControlLinuxServer: connected succesfully\r" set output [split $expect_out(buffer) "\r"] foreach line $output { set index [string last "gid=" $line] if {${index} != -1} { set groupid [split $line " "] set gid [split [lindex $groupid 1] "="] set gid [lindex [split [lindex $gid 1] "("] 0] puts "guid : $gid \r" if {${gid} == 0} { puts " its root.. gid is 0" exit 100 } break } } set grps [split [lindex $groupid 2] ","] foreach line $grps { set index [string last "root" $line] puts "$index" if {${index} != -1} { puts "its root\r" exit 100 } } puts "user does not have enough rights\r" exit 107 } else { puts "(${step}.8) ControlLinuxServer: no route to the host\r"; exit ${step}2 }; } } }