| |||||||||||
newbie needs 'expect' help Posted by gw1500se (gw1500se), 14 December 2004 I have written what I thought was a simple 'expect' script that su's to a userid and changes the password from arguments. The script works flawlessly from the command line. My problem is executing it from a php page. I suspect it has something to do with running without a terminal but I don't know how to fix it.The error I am getting is that after the 'su' runs and I get the expected prompt string, I run the 'passwd' command. I think I am getting the next expected prompt string but then 'expect' fails telling me "spawn id exp12 is not open." Here is the relevent script segment: #!/bin/sh if [ $# -ne 3 ] ; then echo "Usage: emailchpw <userid> <oldpw> <newpw>" else userid=$1 oldpw=$2 newpw=$3 data=`/usr/bin/expect 2>/dev/null <<EOF set timeout 2 spawn /usr/bin/su -m $userid expect { "Password:" {send "$oldpw\r"} timeout {puts "^Error: Unexpected results, notify IT (su)" ; exit}; } expect { $userid {send "/usr/bin/passwd $userid\r"} "su: Sorry" {puts "^Error: Invalid password or email address" ; exit} } expect { "admin:" {send "blahblah\r"} timeout {puts "^Error: Unexpected results, notify IT (pwd fail)" ; exit} } . . . EOF` . . . The error occurs while executing the last send statement. Can someone point me in the right direction on this? TIA. Posted by admin (Graham Ellis), 14 December 2004 The passwd command is intentionally written to make it hard to automate password changes - that's why it's often done through expect rather than any other scripting system, as it reads from /dev/tty and not from stdin.I suspect your problem is caused by PHP not "passing through" /dev/tty (and it would be illogical for it to do so!). How to fix? Don't know - it might be tricky. But PHP has encryption built in (see the crypt function), so you might be able to do the password encoding and change the password other than through the passwd program. Be careful not to leave any security holes ... if you provide a way of allowing users to change their passwords from a web page, there's going to be some joker who tries to break the system. Posted by gw1500se (gw1500se), 15 December 2004 Thanks for the reply.There has to be a way to accomplish this, it is just a matter of figuring out how. Your suggestion of a possible problem at least gives me some place to look. Thanks. As to security, this is a LAN only web page. It is not accessable to the outside world but I do make sure it is not vulnerable to accidental error. If an employee is even capable of hacking it, they would be summarily terminiated if they did so. This page is a thread posted to the opentalk forum
at www.opentalk.org.uk and
archived here for reference. To jump to the archive index please
follow this link.
|
| ||||||||||
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho |