#!/usr/local/bin/expect -f

# Author: Kevin P. Inscoe <kevin@inscoe.org>.
# File: setrootpass.exp
# Date of creation: May 5, 2004.
# Warranty: None expressed or implied.
# License: The Open Software License. V1.1 http://www.opensource.org/licenses/osl.php
#
# OSI Certified Open Source Software. http://www.opensource.org/licenses/
#
# Prerequisites: Expect 5.0 (minimum).

exp_version -exit 5.0

# The purpose of this program is 
#
# ssh to remote host as a low level account and su to root. The change
# the root password from old-root-password to new-root-password.
#
# It is assumed the remote login is password less via OpenSSH (see
# http://kevininscoe.com/pub/scripts/pushkeys.txt)
#
# All the scripts can be found at
# http://kevininscoe.com/pub/scripts/password_management/setrootpass/
#

if {$argc!=4} {
        send_user "usage: setrootpass.exp host old-root-password new-root-password low-level-password\n"
        exit
}

# Grab command line arguments
set host [lindex $argv 0]
set oldpasswd [lindex $argv 1]
set passwd [lindex $argv 2]
set llevel [lindex $argv 3]

# do_root

proc do_root {host oldpasswd passwd llevel} {

# sign on to remote host as low-level account and then su - using the suplied password
# then set the root paswd using the passwd command

        # Variables
        set prompt "*doroot*"
        set rprompt "root*doroot*"

        set timeout 20
        spawn /usr/local/bin/ssh $host
        expect "continue connecting (yes/no)?" { send "yes\r" }
        expect "password:" { send "$llevel\r" }
        exec sleep 5
        send "sh\r"
        exec sleep 3
        # set a known prompt so we can expect it
        send "PS1=$prompt; export PS1\r"
        exec sleep 3
        expect "$prompt"
        send "su -\r"
        expect "Password:"
        send "$oldpasswd\r"
        expect "Sorry" { puts "SU FAILED FOR $host\n" }
        expect "wheel" { puts "SU FAILED FOR $host\n" }
        expect "incorrect password" { puts "SU FAILED FOR $host\n" }
        expect "execute permission denied" { puts "SU FAILED FOR $host\n" }
        exec sleep 3
        send "sh\r"
        exec sleep 3
        send "PS1=$rprompt; export PS1\r"
        exec sleep 3
        expect "$rprompt"
        send_user "\n+++ Beginning passwd as root: $host +++\n"
        send "passwd root\r"
        expect "New password:" { send "$passwd\r" }
        expect "Re-enter new password:" { send "$passwd\r" }
        expect "Retype new password:" { send "$passwd\r" }
        expect "$rprompt"
        send_user "\n+++ Ended passwd as root: $host +++\n"
        # Display command output
        expect "$rprompt"
        # Exit sh from root
        send "exit\r"
        exec sleep 3
        # Exit root
        send "exit\r"
        # Now back at non-root login
        expect "$prompt"
        # Exit sh from non-root
        send "exit\r"
        exec sleep 3
        # Exit from non-root
        send "exit\r"
        exec sleep 5
        close; wait
        send_user "\n"
}

# Call our main routine
do_root $host $oldpasswd $passwd $llevel

send_user "\nsetrootpass.exp: Complete.\n"
exit