#!/usr/bin/expect

#  version 0.3 for Mac OSX Server 10.4.x
#  
#  Free Software by Matt Richard <matt.richard at fandm.edu>
#
#  This script changes a user's password on an Open Directory master.  It 
#  is intended to be called by a web front-end.
#
#  Protect this file and don't allow users to view the contents.


# uncomment to turn on verbose output
# log_user 1

set root "root";
set rootpass "-changeme-";  
set admin "diradmin";
set adminpass "-changemetoo-";

set success false;

# make sure we were called with two arguments
if {$argc==2} {
    set uid "[lindex $argv 0]"
    set pass "[lindex $argv 1]"
    
    # Mac OSX doesn't always grab control of the spawned process.
    # This loop keeps trying until proper control has been grabbed
    # and our work has been done.
    # see Apple bug #  4421623
    
    while {$success == false} {
        eval spawn login $root

        # 'system date' slows down the response just a bit which helps
        # with the OSX/Expect bug discussed above.

        expect "Password:" { system date; send "$rootpass\r" }

        #if we got the root prompt back as stdout we grabbed control.
		expect {
		    "root#" { 
		        send "/usr/bin/passwd -i opendirectory -l /LDAPv3/127.0.0.1 $uid\n"
			    expect "New password:" { send "$pass\n" }
			    expect "Retype new password:" { send "$pass\n" }
			    expect "root:"   { send "$adminpass\n" }
			    expect "root#"  {send "exit\n" }
                expect eof
		        set success true
		        exit
		    }
		  
		    # if we got the password back as stdout, we didn't grab control.
		    $pass { set success false }
		}
	}
}

if {$argc!=2} {
    send_user "<br>error!\n<br>"
}