#!/usr/bin/expect
#
# Usage: chpasswd <username> <old_password> <new_password>
#
expect_user -re "(.*)\n(.*)\n(.*)\n"
set username $expect_out(1,string)
set oldpw $expect_out(2,string)
set newpw $expect_out(3,string)
#
# spawn su with command passwd; smbldap-passwd
#
spawn su "$username" -c "/usr/bin/passwd; /usr/sbin/smbldap-passwd"
# su
expect {
  "assword:" {
    send "$oldpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# passwd: old password
expect {
  "assword:" {
    send "$oldpw\r"
  } "Password for" {
    send_error "incorrect password\n"
    exit 1
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# passwd: new password
expect {
  "assword:" {
    send "$newpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# passwd: retype new password
expect {
  -re "BAD PASSWORD.*\n" {
    send_error $expect_out(buffer)
    exit 1
  } "assword:" {
    send "$newpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# passwd: done
expect {
  -re "^.*failed.*$" {
    send_error $expect_out(buffer)
    exit 1
  } "success" {}
  default {
    send_error "unexpected output"
    exit 1
  }
}
# smbldap-passwd: old password
expect {
  "assword:" {
    send "$oldpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# smbldap-passwd: new password
expect {
  "assword:" {
    send "$newpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# smbldap-passwd: retype new password
expect {
  -re "BAD PASSWORD.*\n" {
    send_error $expect_out(buffer)
    exit 1
  } "assword:" {
    send "$newpw\r"
  } default {
    send_error $expect_out(buffer)
    exit 1
  }
}
# smbldap-passwd: done
expect {
  -re "^.*failed.*$" {
    send_error $expect_out(buffer)
    exit 1
  }
  eof {}
}
send_error "success"