#!../expect --
#Fpass - by Digital Ebola <digi@legions.org> 
#Based on passmass by Don Libes.


exp_version -exit 5.0

if {$argc==0} {
    send_user "usage: $argv0 host1 host2 host3 . . .\n"
    exit
}

expect_before -i $user_spawn_id \003 exit

proc badhost {host emsg} {
    global badhosts

    send_user "\r\n\007password not changed on $host - $emsg\n\n"
    if {0==[llength $badhosts]} {
	set badhosts $host
    } else {
	set badhosts [concat $badhosts $host]
    }
}

# set defaults
set prompt ">"

set timeout -1
stty -echo

    send_user "Login Password: "
    expect_user -re "(.*)\n"
    send_user "\n"
    set password(login) $expect_out(1,string)
    send_user "Enable Password: "
    expect_user -re "(.*)\n"
    send_user "\n"
    set password(old) $expect_out(1,string)
    send_user "New Enable Password: "
    expect_user -re "(.*)\n"
    send_user "\n"
    set password(new) $expect_out(1,string)
    send_user "Retype New Enable Password: "
    expect_user -re "(.*)\n"
    set password(newcheck) $expect_out(1,string)
    send_user "\n"
    send_user "New Telnet Password: "
    expect_user -re "(.*)\n"
    set password(telnet) $expect_out(1,string)
    send_user "\n"
    send_user "Retype New Telnet Password: "
    expect_user -re "(.*)\n"
    set password(telnet2) $expect_out(1,string)
    send_user "\n"


stty echo
trap exit SIGINT

if ![string match $password(new) $password(newcheck)] {
    send_user "mismatch enable - passwords unchanged\n"
    exit
}
if ![string match $password(telnet) $password(telnet2)] {
    send_user "mismatch telnet - passwords unchanged\n"
    exit
}
set timeout 2
set badhosts {}
for {set i 0} {$i<$argc} {incr i} {
    set arg [lindex $argv $i]
    switch -- $arg "-user" {
	incr i
	set user [lindex $argv $i]
	continue
    } "-prompt" {
	incr i
	set prompt [lindex $argv $i]
	continue
    } "-telnet" {
	set login "telnet"
	continue
    } "-timeout" {
	incr i
	set timeout [lindex $argv $i]
	continue
    }

    set host $arg
    set pid [spawn telnet $host]



    set logged_in 0
    while {1} {
	expect  "Password:"  {
	    send "$password(login)\r\r"
	} eof {
	    badhost $host "spawn failed"
	    break
	} timeout {
	    badhost $host "could not log in (or unrecognized prompt)"
	    exec kill $pid
	    expect eof
	    break
	} -re "% Bad passwords" {
	    badhost $host "Passwords BAD!"
	    exec kill $pid
	    expect eof
	    break
	} -re $prompt {
	    set logged_in 1
	    break
	}
    }

    if (!$logged_in) {
	wait
	continue
    }

	send "enable\r"
	expect "*Password:"
	send "$password(old)\r"
	expect "# "
	send "conf t\r"
	expect "*#"
	send "enable secret $password(new)\r"
	expect "*#"
	send "line vty 0 4\r"
	send_user "\n\n\n\nPassword change confirmed on $host\n"
	expect "*#"
	send "password $password(telnet)\r"
	expect "*#"
	send "write mem\r"
	expect "*#"
	send "exit\r" 
	send "\r"
	send_user "\nDone with $host\n"
	continue

	
}


if {[llength $badhosts]} {
    send_user "\nfailed to set password on $badhosts\n"
}