[hcoop/debian/courier-authlib.git] / authsystem.passwd.in

#! @EXPECT@ -f
#
#
# Copyright 2001-2005 Double Precision, Inc.  See COPYING for
# distribution information.
#
# This script attempts to change a system account password in an automated
# fashion.  This implemention is an "expect" script for the passwd command.
#
# This script reads two lines of text from stdin: old password, new password
# then runs the passwd command to change the password, and we attempt to parse
# the output of passwd.
#
# This implementation is for the basic "passwd" command.  If it doesn't work
# for you, sorry: you're on your own.  Some common pitfalls:
#
# * Enhanced passwd implementations that reject passwords based on dictionary
# words, etc..  This can result in unexpected output from the passwd command
# that this script may not be able to handle.  We attempt to catch the most
# common error messages, below.  Finally, we use a 30 second timeout.
#
# * I dunno - there must be other problems with this.
#

set timeout 30

expect {
	-re "(.*)\n(.*)\n" { set oldpass "$expect_out(1,string)" ; set newpass "$expect_out(2,string)" }
	eof { exit 1 }
	timeout { exit 1 }
}

set env(LC_ALL) "en_US"
spawn "@PASSWD@"

expect {
	-re "word:" { sleep 2; send "$oldpass\n" }
	eof { exit 1 }
	timeout { exit 1 }
}

expect {
	-re "nvalid" { exit 1 }
	-re "word:" { sleep 2; send "$newpass\n" }
	eof { exit 1 }
	timeout { exit 1 }
}

expect {
	-re "nvalid" { exit 1 }
	-re "NVALID" { exit 1 }
	-re "bad pass" { exit 1 }
	-re "BAD PASS" { exit 1 }
	-re "dictionary" { exit 1 }
	-re "common" { exit 1 }
	-re "short" { exit 1 }
	-re "word:" { sleep 2; send "$newpass\n" }
	eof { exit 1 }
	timeout { exit 1 }
}

expect {
	-re "nvalid" { exit 1 }
	-re "nchange" { exit 1 }
	-re "same" { exit 1 }
	eof { exit 0 }
	timeout { exit 1 }
}

exit 1
Commit	Line	Data
d9898ee8	1	#! @EXPECT@ -f
d9898ee8	2	#
d9898ee8	3	#
	4	# Copyright 2001-2005 Double Precision, Inc. See COPYING for
	5	# distribution information.
	6	#
	7	# This script attempts to change a system account password in an automated
	8	# fashion. This implemention is an "expect" script for the passwd command.
	9	#
	10	# This script reads two lines of text from stdin: old password, new password
	11	# then runs the passwd command to change the password, and we attempt to parse
	12	# the output of passwd.
	13	#
	14	# This implementation is for the basic "passwd" command. If it doesn't work
	15	# for you, sorry: you're on your own. Some common pitfalls:
	16	#
	17	# * Enhanced passwd implementations that reject passwords based on dictionary
	18	# words, etc.. This can result in unexpected output from the passwd command
	19	# that this script may not be able to handle. We attempt to catch the most
	20	# common error messages, below. Finally, we use a 30 second timeout.
	21	#
	22	# * I dunno - there must be other problems with this.
	23	#
	24
	25	set timeout 30
	26
	27	expect {
	28	-re "(.)\n(.)\n" { set oldpass "$expect_out(1,string)" ; set newpass "$expect_out(2,string)" }
	29	eof { exit 1 }
	30	timeout { exit 1 }
	31	}
	32
	33	set env(LC_ALL) "en_US"
	34	spawn "@PASSWD@"
	35
	36	expect {
	37	-re "word:" { sleep 2; send "$oldpass\n" }
	38	eof { exit 1 }
	39	timeout { exit 1 }
	40	}
	41
	42	expect {
	43	-re "nvalid" { exit 1 }
	44	-re "word:" { sleep 2; send "$newpass\n" }
	45	eof { exit 1 }
	46	timeout { exit 1 }
	47	}
	48
	49	expect {
	50	-re "nvalid" { exit 1 }
	51	-re "NVALID" { exit 1 }
	52	-re "bad pass" { exit 1 }
	53	-re "BAD PASS" { exit 1 }
	54	-re "dictionary" { exit 1 }
	55	-re "common" { exit 1 }
	56	-re "short" { exit 1 }
	57	-re "word:" { sleep 2; send "$newpass\n" }
	58	eof { exit 1 }
	59	timeout { exit 1 }
	60	}
	61
	62	expect {
	63	-re "nvalid" { exit 1 }
	64	-re "nchange" { exit 1 }
	65	-re "same" { exit 1 }
	66	eof { exit 0 }
67	timeout { exit 1 }
68	}
69
70	exit 1