I do not want any terminal intervention.
That means you are going to need 'root' privileges.
Your script is using expect which might be a way to
also pass your admin password to 'sudo'. And when I
say your admin password, I'm assuming when you run
this script you are logged in as an admin user, otherwise
'sudo' is not going to work, and unless you can get
root privileges you are not going to be able to change
the password of another user.
Of course if you are logged in as that user, then they
are allowed to change their own password without any
elevated privileges.
Also I am pretty sure that will not work from a shell script.
I am pretty sure passwd only accepts input from tty does it not?
I actually tested my example before I posted it.
AND it worked last night when 'sudo' was changing the password
of another account. However, this morning, it is not working
for my own account. Neither as is, nor with 'sudo'.
Your 'expect' stuff is looking better and better 🙂
I am currently using the expect command as follows:
I'm not a great 'expect' person, but it seems to me you should
be able to do this all with 'expect', including providing 'sudo'
with your admin password.
#!/usr/bin/expect
#script name = changePWreq.sh
set oldpass [lindex $argv 0]
set newpass [lindex $argv 1]
spawn /usr/bin/passwd
expect word:
sleep 1
send $oldpass
expect word:
sleep 1
send $newpass
expect word:
sleep 1
send $newpass
expect success
If this is being run by the actual user, then in theory
(as I have not tested your code), it should work.
I call the script above from the script below, which takes the user input and passes the variables in as arguments to the script above.
#Prompting User for Password
passWdNtSt="true"
while [ $passWdNtSt == true ];
do
OLDPSWD0=`/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "Please enter your old Password:" default answer "" with hidden answer buttons {"OK"} default button "OK"
set the PSWD0 to text returned of the result
end tell
EOF`
PSWD0=`/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "Please enter a new password:" default answer "" with hidden answer buttons {"OK"} default button "OK"
set the PSWD0 to text returned of the result
end tell
EOF`
PSWD1=`/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "Please verify your new password:" default answer "" with hidden answer buttons {"OK"} default button "OK"
set the PSWD1 to text returned of the result
end tell
EOF`
if [ "$PSWD0" == "$PSWD1" ]; then
passWdNtSt="false"
else
/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "Your Passwords do not match, please try again!"
end tell
EOF
fi
done
#Setting Encryption User Password
/usr/bin/'softwarevendor' --list-users --authenticate-user $USER --authenticate-password $OLDPSWD0
if [ "$?" != "0" ]; then
/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "The password you typed is incorrect. Please try again." buttons {"OK"} default button "OK"
end tell
exit
EOF
else
/usr/bin/softwarevendor --change-password --user $USER --old-password $OLDPSWD0 --new-password $PSWD0 --confirm-password $PSWD1
#Setting OSX account password
/Users/Shared/Softwarevendor/changePWreq.sh $OLDPSWD0 $PSWD0
/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "Your password has been set." buttons {"OK"} default button "OK"
end tell
EOF
fi
> /Users/Shared/Softwarevendor/changePWreq.sh $OLDPSWD0 $PSWD0
NOTE: If your users are limited to a-z A-Z 0-9
and a hand full of special characters, your script should
be OK. HOWEVER, if any of the shell magic characters
are allowed as passwords, then you are going to have problems.
$ ` | & * ( ) ? ; ' " <space> <tab>
all have meaning on the command line, and commands such as:
/Users/Shared/Softwarevendor/changePWreq.sh $OLDPSWD0 $PSWD0
is going to have a field day with unprotected magic characters.
I think if you change the way you get our osascript output and
make sure you are running 'bash' as your shell, you can do the
following which will provide shell protection quoting to any
password the user enters:
#!/usr/bin/env bash
read OLDPSWD0 < <(/usr/bin/osascript -e '
tell application "System Events"
activate
display dialog "Please enter your old Password:" default answer "" with hidden answer buttons {"OK"} default button "OK"
set the PSWD0 to text returned of the result
end tell
')
printf -v OLDPSWD0 "%q" "$OLDPSWD0"
echo $OLDPSWD0
The < space <(/usr/bin/osascript ...) is very important,
as it makes sure that the "read OLDPSWD0" happens in the
current shell context and that the osascript runs in a
subprocesses.
I changed the <<-EOD to just use the -e option as it is
easier to work with.
The printf "%q" is what converts any shell magical characters
into a quoted string so that when you $OLDPSWD0 on a command
line, all the magical characters are protected from the shell
seeing them as magical.
Apply the same style to your other osascripts and you should
be good.
The < space <(...) and the printf "%q" are actually all in
the "man bash" man page, however, as with most Unix man pages
it is not obvious 🙂