1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
#!/usr/bin/expect -f
###############################################################################
# $Id: sun-elom.exp 1003 2011-01-26 18:26:06Z chris.m.dunlap $
###############################################################################
# Adapted for ELOM from sun-ilom.exp by Dave Love <d.love@liverpool.ac.uk>
# (mods not significant for copyright purposes).
# Works with ELOM 3.15, at least.
#
# Written by Chris Dunlap <cdunlap@llnl.gov>.
# Copyright (C) 2007-2011 Lawrence Livermore National Security, LLC.
# Copyright (C) 2001-2007 The Regents of the University of California.
# UCRL-CODE-2002-009.
#
# This file is part of ConMan: The Console Manager.
# For details, see <http://conman.googlecode.com/>.
###############################################################################
# This script connects to a console managed by the Embedded Lights Out
# Manager (ELOM) on a Sun server using the SSH protocol.
#
# This script can be specified in "conman.conf" in the following manner:
#
# console name="zot" dev="/path/to/sun-elom.exp HOST USER PSWD"
#
# HOST is the hostname of the Sun ELOM server.
# USER is the username being authenticated.
# PSWD is the corresponding password.
#
# Since this command-line will persist in the process listing for the duration
# of the connection, passing sensitive information like PSWD in this manner is
# not recommended. Instead, consider using either a command-line argument
# default or the password database (see below).
###############################################################################
##
# Set "exp_internal" to 1 to print diagnostics describing internal operations.
# This is helpful in diagnosing pattern-match failures.
##
exp_internal 0
##
# Set "log_user" to 1 to show the underlying dialogue establishing a connection
# to the console.
##
log_user 0
##
# The "timeout" specifies the number of seconds before the connection attempt
# times-out and terminates the connection.
##
set timeout 10
##
# If "session_override" is set, an existing connection to this console session
# will be terminated and the new connection will be established. Subsequent
# attempts to steal this console session will be thwarted.
# Otherwise, an existing connection to this console session will cause the new
# connection to fail with "console session already in use". If the console
# session is not in use and the connection succeeds, the console session may
# subsequently be stolen thereby causing this connection to terminate with
# "console session stolen".
##
set session_override 1
##
# The "password_db" specifies the location of the password database.
# This avoids exposing sensitive information on the command-line without
# needing to modify this script.
# Whitespace and lines beginning with '#' are ignored. The file format is:
# <host-regex> : <user> : <pswd>
##
set password_db "/etc/conman.pswd"
##
# Command-line argument defaults can be specified here. This avoids exposing
# sensitive information on the command-line.
##
# set user "root"
# set pswd "changeme"
###############################################################################
set env(PATH) "/usr/bin:/bin"
proc get_password {host user index} {
global password_db
set db_pswd {}
if {! [info exists password_db]} {
return
}
if {[catch {open $password_db} input]} {
return
}
while {[gets $input line] != -1} {
if {[regexp {^[ \t]*#} $line]} {
continue
}
set record [split $line ":"]
set db_host [string trim [lindex $record 0]]
if {[catch {regexp "^$db_host$" $host} got_host_match]} {
continue
}
if {! $got_host_match && [string length $db_host]} {
continue
}
set db_user [string trim [lindex $record 1]]
if {[string compare $db_user $user]} {
continue
}
set db_pswd [string trim [lindex $record $index]]
break
}
close $input
return $db_pswd
}
if {! $argc} {
set prog [lindex [split $argv0 "/"] end]
send_user "Usage: $prog <host> <user> <pswd>\r\n"
exit 1
}
if {$argc > 0} {
set host [lindex $argv 0]
}
if {$argc > 1} {
set user [lindex $argv 1]
}
if {$argc > 2} {
set pswd [lindex $argv 2]
}
set authenticated 0
set connected 0
if {! [info exists host]} {
send_user "Error: Unspecified hostname.\r\n"
exit 1
}
if {! [info exists user]} {
send_user "Error: Unspecified username.\r\n"
exit 1
}
if {! [info exists pswd]} {
set pswd [get_password $host $user 2]
if {! [string length $pswd]} {
send_user "Error: Unspecified password.\r\n"
exit 1
}
}
if {! [info exists session_override]} {
set session_override 0
}
set override $session_override
if {[catch "spawn ssh -a -e \& -l $user -p 22 -x $host" spawn_result]} {
send_user "Error: $spawn_result.\r\n"
exit 1
}
expect {
-re "console activate successful.\[^\r]*\r+\n" {
;
}
-gl "start: Permission Denied" {
send_user "Error: Permission denied.\r\n"
exit 1
}
-gl "console already active on another session" {
send_user "Error: Console session already in use.\r\n"
exit 1
}
-re "Invalid command ('\[^']*')" {
send_user "Error: Invalid ELOM command $expect_out(1,string).\r\n"
exit 1
}
-re "^ssh: (\[^\r]*)\r+\n" {
send_user "Error: $expect_out(1,string).\r\n"
exit 1
}
eof {
send_user "Error: Connection closed by remote host.\r\n"
exit 1
}
timeout {
send_user "Error: Timed-out.\r\n"
exit 1
}
-nocase -gl "Are you sure you want to continue connecting (yes/no)? \$" {
send "yes\r"
exp_continue -continue_timer
}
-nocase -gl "Password: \$" {
if {$authenticated == 0} {
send "$pswd\r"
incr authenticated
exp_continue -continue_timer
} else {
send_user "Error: Permission denied.\r\n"
exit 1
}
}
-nocase -gl "-> \$" {
if {$connected != 0} {
send_user "Error: Unexpected ELOM response.\r\n"
exit 1
} elseif {$override != 0} {
send "stop /SP/AgentInfo/console\r"
set override 0
} else {
send "start /SP/AgentInfo/console\r"
incr connected
}
exp_continue -continue_timer
}
-re "\[^\r]*\r+\n" {
exp_continue -continue_timer
}
}
send_user "Connection established via ssh (pid $spawn_result).\r\n"
set timeout 2
interact {
# Replace "&B" with serial-break.
"&B" {
send "\033B"
}
# Match subsequent patterns against spawned process, not user's keystrokes.
-o
# Disable "ESC (" sequence for stopping console and returning to ELOM prompt.
-re "\r\nSerial console stopped.\r\n\r\n-> \$" {
send "start /SP/AgentInfo/console\r"
expect -re "\r\nconsole activate successful\[^\r]*\r+\n"
}
# Prevent theft of console if "session_override" is enabled; o/w, exit.
-re "\r\n-> \$" {
if {$session_override == 0} {
send_user "\r\nConsole session stolen.\r\n"
exit 1
}
send "start /SP/AgentInfo/console\r"
expect {
-re "\r\nSerial console is in use.\r\n" {
send_user "\r\nConsole session stolen.\r\n"
exit 1
}
-re "\r\nconsole activate successful\[^\r]*\r+\n"
}
}
}
|
