Trapping sudo failures via Net::OpenSSH

rastoboy has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Brothers,

I'm having a surprisingly agonizing time trapping sudo failures via the awesome Net::OpenSSH module.

I've been trying it by using Expect, which I posted about here:
http://perlmonks.org/?node_id=890815

No matter what I do, success works great--successful sudos are not a problem--and I can even trap failures--but once I've failed to sudo I can't do any more Net::OpenSSH commands, and in fact the whole program comes to a screaching halt, unless I ctrl-c or interact in some other way, since it is prompting for another password try.

What I would like to do (I think) is simply attempt to sudo, close that connection, and then try again, this time capturing the output. If I get the expected output, then I know the sudo attempt worked. If I don't, then I need to do something else.

Here is what I'm trying currently:

#!/usr/bin/perl

use strict;
use warnings;

use Net::OpenSSH;

foreach my $host (qw/rasto@172.16.0.100 rasto@172.16.0.101/) {
my $pass2 = 'orange!';

my $ssh = Net::OpenSSH->new($host);
$ssh->error and die "unable to connect to remote host: " . $ssh->error
+;
$ssh->system('sudo -K'); #just ensuring that sudo prompts for password

my ($in, $out, $err, $pid) = $ssh->open3('sudo ls');

sleep 1;

print $in $pass2 . "\n";
close $in;
close $out;
close $err;
waitpid ($pid, 0);

my $ssh2 = Net::OpenSSH->new($host);
$ssh2->error and die "unable to connect to remote host: " . $ssh2->err
+or;

my @capture = $ssh2->capture('sudo ls 2>&1');


print @capture;

}
[download]

The first machine has a different sudo password, and thus will fail. But when I try this I get:

rasto@frodo:~/cc$ ./test.pl 
channel 2: bad ext data
channel 2: bad ext data
channel 2: bad ext data
channel 2: bad ext data
channel 2: bad ext data
channel 2: bad ext data
[download]

And if I hit ctrl-c I'll get the password prompt:

Password:
[download]

What I'm kinda thinking is that one of the very cool features of Net::OpenSSH, which I've made heavy use of (thank you Salva!), is that it automagically prompts you if a remote machine puts up a sudo password prompt during a session, and it Just Works. So it's like attaching/re-attaching STDIN, STDOUT intelligently (I presume). But now that functionality is getting in my way?

Comment on Trapping sudo failures via Net::OpenSSH Select or Download Code

Replies are listed 'Best First'.
Re: Trapping sudo failures via Net::OpenSSH by rastoboy (Monk) on Mar 06, 2011 at 18:50 UTC
Got it! After a process of elimination, I discovered that the weird errors likely had to do with reading/writing to filehandles that weren't ready to be written to/read from, and I recalled Zentara's post to me in a very similar situation: http://perlmonks.org/?node_id=884178 And indeed, I found that utilizing IO::Select to only read/write to known ready filehandles that got rid of the bizarre errors. Then it was just a matter of finding the correct voodoo to keep the program from prompting me (the user) for a password, ever, which was basically a matter of appending a bunch of \n's to the password writing process. Lame, yes--but it works :-) If anyone knows of more elegant ways to do this, that would be great, but this works: #!/usr/bin/perl use strict; use warnings; use Net::OpenSSH; use IO::Select; foreach my $host (qw/rasto@172.16.0.102 rasto@172.16.0.100/) { print "doing $host\n"; my $pass2 = 'orange!'; my $ssh = Net::OpenSSH->new($host); $ssh->error and die "unable to connect to remote host: " . $ssh->e +rror; $ssh->system('sudo -K'); my( $in, $out, $err, $pid ) = $ssh->open3("sudo ls"); my $sel = new IO::Select( $in, $err ); my( @readready, @writeready ); foreach my $fh ( $sel->can_write(5) ) { if( $fh == $in && fileno $in ) { syswrite( $in, $pass2 . "\n\n\n\n\n\n" ); } } my @output; foreach my $fh ( $sel->can_read(5) ) { print "inside foreach\n"; @output = <$err>; } if( grep { $_ =~ /Sorry/gsm } @output ) { print "fail\n"; } else { print "success!\n"; } close $in; close $out; close $err; } [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: Trapping sudo failures via Net::OpenSSH
by rastoboy (Monk) on Mar 06, 2011 at 18:50 UTC

http://perlmonks.org/?node_id=884178

And indeed, I found that utilizing IO::Select to only read/write to known ready filehandles that got rid of the bizarre errors. Then it was just a matter of finding the correct voodoo to keep the program from prompting me (the user) for a password, ever, which was basically a matter of appending a bunch of \n's to the password writing process. Lame, yes--but it works :-)

If anyone knows of more elegant ways to do this, that would be great, but this works:

#!/usr/bin/perl

use strict;
use warnings;

use Net::OpenSSH;
use IO::Select;

foreach my $host (qw/rasto@172.16.0.102 rasto@172.16.0.100/) {
    print "doing $host\n";
    my $pass2 = 'orange!';

    my $ssh = Net::OpenSSH->new($host);
    $ssh->error and die "unable to connect to remote host: " . $ssh->e
+rror;
    $ssh->system('sudo -K');

    my( $in, $out, $err, $pid ) = $ssh->open3("sudo ls");
    my $sel = new IO::Select( $in, $err );
    my( @readready, @writeready );
    foreach my $fh ( $sel->can_write(5) ) {
        if( $fh == $in && fileno $in ) {
            syswrite( $in, $pass2 . "\n\n\n\n\n\n" );

        }
    }
    my @output;
    foreach my $fh ( $sel->can_read(5) ) {
        print "inside foreach\n";
        @output = <$err>;
    }
    if( grep { $_ =~ /Sorry/gsm } @output ) {
        print "fail\n";
    }
    else { print "success!\n"; }
    close $in;
    close $out;
    close $err;
}
[download]

[reply]
[d/l]