Expect Script to Check and Change Firmware

Question

Hello I am trying to create a expect script to check to see if a computer has a firmware password already in place, if it doesn't then allow for a password update. Any help would be much appreciated.

#!/usr/bin/expect
#check to see if firmware password exists

set verifyPassword 'spawn firmwarepasswd -check'

#if no firmware password exists
if {verifyPassword != ""} {

    spawn firmwarepasswd -setpasswd

    expect "Enter new password:"

    send "1sCrowStrong[\r";

    expect "Re-enter new password:"

    send "1sCrowStrong[\r";

    puts "Password set"

    interact

#if password 1 exists
} else if { verifyPassword == "isfr33d0mfr33?\r" } {

   spawn firmwarepasswd -delete

   expect "Enter password:"

   send "isfr33d0mfr33?\r";

   puts "Password Changed"

   interact

#if password 2 exists

} else {

    spawn firmwarepasswd -delete

    expect "Enter password:"

    send "rapt0r samm1j\r";

    puts "Password Updates"

    interact
}

I have built on the advice and answers that were given and here is what I have thus far. But its still giving me errors.

#!/usr/bin/expect


#Create variable to check to see if firmwarepassword is set Y/N
set verifyPassword [exec firmwarepasswd -check]

#If no firmwarepasswd exists then hardset password
if {$verifyPassword eq "Password Enabled: No"} 

{
spawn firmwarepasswd -setpasswd
expect {Enter new password:}
send {1sCrowStrong[\r};
expect "Re-enter new password:"
send {1sCrowStrong[\r};
expect eof
puts ["Password set"]
}

#If 2nd gen password exists then delete the password and hardset the         designated password
else {$verifyPassword eq "Password Enabled: Yes"} 

{
spawn firmwarepasswd -delete
expect "Enter password:"
send {isfr33d0mfr33?\r};
expect eof
puts ["Password Deleted"]

spawn firmwarepasswd -setpasswd
expect {Enter new password:}
send {1sCrowStrong[\r"}
expect {Re-enter new password:}
send {1sCrowStrong[\r};
expect eof
puts ["Password set"]
}

#If 3rd gen password exists then delete the password and hardset the designated password
if {$verifyPassword eq "Password Enabled: Yes"} {

spawn firmwarepasswd -delete
expect "Enter password:"
send {rapt0r samm1j\r};
expect eof
puts ["Password Deleted"]

spawn firmwarepasswd -setpasswd
expect "Enter new password:"
send {1sCrowStrong[\r};
expect "Re-enter new password:"
send {1sCrowStrong[\r};
expect eof
puts ["Password set"]

}

Answer 1

It's a bit unclear what you are asking for.

Anyways, I do have a few tips that should help you when you're scripting this.

Instead of having a variable for verifyPassword you should just spawn the check command like so

spawn firmwarepasswd -check 

expect { 
    "expected output here"{
        //code
    }
    "next expected ouput" {
        //code
    }
    "last expected output" {
       //code
    }
}

If you want to send output to the user use send_user

e.g.

send_user "hello world"

Lastly, it is a security issue and bad practice to hardcode passwords into your scripts. If you need to ask for a password from the user use something like stty -echo in your script so you can securely ask for a password.

Answer 2

I get the impression that firmwarepasswd -check is not interactive at all, so you can do this:

#!/usr/bin/expect

set verifyPassword [exec firmwarepasswd -check]

#if no firmware password exists
if {$verifyPassword eq ""} {

    spawn firmwarepasswd -setpasswd
    expect "Enter new password:"
    send "1sCrowStrong[\r";
    expect "Re-enter new password:"
    send "1sCrowStrong[\r";
    expect eof
    puts "Password set"

#if password 1 exists
} elseif { $verifyPassword eq "isfr33d0mfr33?" } {

   spawn firmwarepasswd -delete
   expect "Enter password:"
   send "isfr33d0mfr33?\r";
   expect eof
   puts "Password Changed"

#if password 2 exists
} else {

    spawn firmwarepasswd -delete
    expect "Enter password:"
    send "rapt0r samm1j\r";
    expect eof
    puts "Password Updated"

}

I've fixed the syntax errors and altered the conditions to match what your comments say.