1#!/usr/local/bin/expect -f 2# 3# 4# Copyright 2001-2005 Double Precision, Inc. See COPYING for 5# distribution information. 6# 7# This script attempts to change a system account password in an automated 8# fashion. This implemention is an "expect" script for the passwd command. 9# 10# This script reads two lines of text from stdin: old password, new password 11# then runs the passwd command to change the password, and we attempt to parse 12# the output of passwd. 13# 14# This implementation is for the basic "passwd" command. If it doesn't work 15# for you, sorry: you're on your own. Some common pitfalls: 16# 17# * Enhanced passwd implementations that reject passwords based on dictionary 18# words, etc.. This can result in unexpected output from the passwd command 19# that this script may not be able to handle. We attempt to catch the most 20# common error messages, below. Finally, we use a 30 second timeout. 21# 22# * I dunno - there must be other problems with this. 23# 24 25set timeout 30 26 27expect { 28 -re "(.*)\n(.*)\n" { set oldpass "$expect_out(1,string)" ; set newpass "$expect_out(2,string)" } 29 eof { exit 1 } 30 timeout { exit 1 } 31} 32 33set env(LC_ALL) "en_US" 34spawn "@PASSWD@" 35 36expect { 37 -re "word:" { sleep 2; send "$oldpass\n" } 38 eof { exit 1 } 39 timeout { exit 1 } 40} 41 42expect { 43 -re "nvalid" { exit 1 } 44 -re "word:" { sleep 2; send "$newpass\n" } 45 eof { exit 1 } 46 timeout { exit 1 } 47} 48 49expect { 50 -re "nvalid" { exit 1 } 51 -re "NVALID" { exit 1 } 52 -re "bad pass" { exit 1 } 53 -re "BAD PASS" { exit 1 } 54 -re "dictionary" { exit 1 } 55 -re "common" { exit 1 } 56 -re "short" { exit 1 } 57 -re "word:" { sleep 2; send "$newpass\n" } 58 eof { exit 1 } 59 timeout { exit 1 } 60} 61 62expect { 63 -re "nvalid" { exit 1 } 64 -re "nchange" { exit 1 } 65 -re "same" { exit 1 } 66 eof { exit 0 } 67 timeout { exit 1 } 68} 69 70exit 1 71