diff --git a/xCAT-server/lib/perl/xCAT/SSHInteract.pm b/xCAT-server/lib/perl/xCAT/SSHInteract.pm index 717dba38b..90ee50e1f 100644 --- a/xCAT-server/lib/perl/xCAT/SSHInteract.pm +++ b/xCAT-server/lib/perl/xCAT/SSHInteract.pm @@ -28,6 +28,7 @@ sub _startssh { close($pty); open STDIN, "<&", $tty_fd; open STDOUT,">&",$tty_fd; + open STDERR, ">&", STDOUT; close($tty); my @cmd = ("ssh","-o","StrictHostKeyChecking=no"); if ($args{"-nokeycheck"}) { @@ -58,7 +59,7 @@ sub new { my $promptex = $args{Prompt}; $promptex =~ s!^/!!; $promptex =~ s!/\z!!; - my ($prematch,$match) = $self->waitfor(Match => $args{Prompt},Match=>'/password:/i') or die "Login Failed: ",$self->lastline; + my ($prematch,$match) = $self->waitfor(Match => $args{Prompt},Match=>'/password:/i',Match=>'/REMOTE HOST IDENTIFICATION HAS CHANGED/') or die "Login Failed:", $self->lastline; if ($match =~ /password:/i) { #$self->waitfor("-match" => '/password:/i', -errmode => "return") or die "Unable to reach host ",$self->lastline; $self->print($password); @@ -74,7 +75,9 @@ sub new { *$self->{_xcatsshinteract}->{_atprompt}=1; } } elsif ($match =~ /$promptex/) { - *$self->{_xcatsshinteract}->{_atprompt}=1; + *$self->{_xcatsshinteract}->{_atprompt}=1; + } elsif ($match =~ /REMOTE HOST IDENTIFICATION HAS CHANGED/){ + die "Known_hosts issue"; } return bless($self,$class); } diff --git a/xCAT-server/lib/xcat/plugins/blade.pm b/xCAT-server/lib/xcat/plugins/blade.pm index cd8fc623c..822109fc5 100644 --- a/xCAT-server/lib/xcat/plugins/blade.pm +++ b/xCAT-server/lib/xcat/plugins/blade.pm @@ -4014,6 +4014,7 @@ sub clicmds { } my $curruser = $user; my $currpass = $pass; + my $promote_pass = $pass; #used for genesis state processing my $nokeycheck=0; #default to checking ssh key if ($args{defaultcfg}) { $curruser="USERID"; @@ -4054,6 +4055,11 @@ sub clicmds { }; my $errmsg=$@; if ($errmsg) { + if ($errmsg =~ /Known_hosts issue/) { + $errmsg = "The entry for $curraddr in known_hosts table is out of date, pls run 'makeknownhosts $curraddr -r' to delete it from known_hosts table."; + push @cfgtext, $errmsg; + return([1, \@unhandled, $errmsg]); + } if ($errmsg =~ /Login Failed/) { $errmsg = "Failed to login to $mpa"; if ($curraddr ne $mpa) { $errmsg .= " (currently at $curraddr)" } @@ -4063,13 +4069,16 @@ sub clicmds { } my $Rc=1; if ($t and not $t->atprompt) { #we sshed in, but we may be forced to deal with initial password set + if (defined($handled{USERID})) { + $promote_pass = $handled{USERID}; + } my $output = $t->get(); if ($output =~ /Enter current password/) { $t->print($currpass); $t->waitfor(-match=>"/password:/i"); - $t->print($pass); + $t->print($promote_pass); $t->waitfor(-match=>"/password:/i"); - $t->print($pass); + $t->print($promote_pass); my $result=$t->getline(); chomp($result); $result =~ s/\s*//; @@ -4078,6 +4087,7 @@ sub clicmds { $result =~ s/\s*//; } if ($result =~ /not compliant/) { + push @cfgtext,"The current account password has expired, please modify it first"; return ([1,\@unhandled,"Management module refuses requested password as insufficiently secure, try another password"]); } } @@ -4125,8 +4135,8 @@ sub clicmds { elsif (/^rscanfsp$/) { $result = rscanfsp($t,$mpa,$handled{$_},$mm); } elsif (/^solcfg$/) { $result = solcfg($t,$handled{$_},$mm); } elsif (/^network_reset$/) { $result = network($t,$handled{$_},$mpa,$mm,$node,$nodeid,1); $reset=1; } - elsif (/^(USERID)$/) {$result = passwd($t, $mpa, $1, "=".$handled{$_}, $mm);} - elsif (/^userpassword$/) {$result = passwd($t, $mpa, $1, $handled{$_}, $mm);} + elsif (/^(USERID)$/) {$result = passwd($t, $mpa, $1, "=".$handled{$_}, $promote_pass, $mm);} + elsif (/^userpassword$/) {$result = passwd($t, $mpa, $1, $handled{$_}, $promote_pass, $mm);} if (!defined($result)) {next;} push @data, "$_: @$result"; $Rc |= shift(@$result); @@ -4311,6 +4321,7 @@ sub passwd { my $mpa = shift; my $user = shift; my $pass = shift; + my $oldpass = shift; my $mm = shift; if ($pass =~ /^=/) { $pass=~ s/=//; @@ -4325,18 +4336,21 @@ sub passwd { if ($mpatab) { #my ($ent)=$mpatab->getNodeSpecAttribs($mpa, {username=>$user},qw(password)); my ($ent)=$mpatab->getAttribs({mpa=>$mpa, username=>$user},qw(password)); - my $oldpass = 'PASSW0RD'; - if (defined($ent->{password})) {$oldpass = $ent->{password}}; - my $cmd = "users -n $user -op $oldpass -p $pass -T system:$mm"; - my @data = $t->cmd($cmd); - if (!grep(/OK/i, @data)) { - return ([1, @data]); + #my $oldpass = 'PASSW0RD'; + #if (defined($ent->{password})) {$oldpass = $ent->{password}}; + my @data = (); + if ($oldpass ne $pass) { + my $cmd = "users -n $user -op $oldpass -p $pass -T system:$mm"; + my @data = $t->cmd($cmd); + if (!grep(/OK/i, @data)) { + return ([1, @data]); + } } @data = (); my $snmp_cmd = "users -n $user -ap sha -pp des -ppw $pass -T system:$mm"; @data = $t->cmd($snmp_cmd); if (!grep(/ok/i, @data)) { - $cmd = "users -n $user -op $pass -p $oldpass -T system:$mm"; + my $cmd = "users -n $user -op $pass -p $oldpass -T system:$mm"; my @back_pwd = $t->cmd($cmd); if (!grep(/OK/i, @back_pwd)) { $mpatab->setAttribs({mpa=>$mpa,username=>$user},{password=>$pass});