#!/usr/bin/python
import sys, getopt, pexpect
def main(argv):
        username = ''
        password = ''
        try:
                opts, args = getopt.getopt(argv,"hu:p:",["username=","password="])
        except getopt.GetoptError:
                print 'check-pwd.py -u <username> -p <password>'
                sys.exit(2)
        for opt, arg in opts:
                if opt == '-h':
                        print 'check-pwd.py -u <username> -p <password>'
                        sys.exit()
                elif opt in ("-u", "--username"):
                        username = arg
                elif opt in ("-p", "--password"):
                        password = arg
        print pam(username=username, password=password)
def pam(username, password):
        try:
                child = pexpect.spawn('/bin/su - %s'%(username))
                child.expect('Password:')
                child.sendline(password)
                result=child.expect(['su: incorrect password','Shell access is not permitted.',username])
                child.expect(pexpect.EOF);
                child.close()
        except Exception, err:
                child.close()
                print ("Error authenticating. Reason: %s"%(err))
                return False
        if result == 0:
                print ("Authentication failed for user %s."%(username))
                return False
        elif result == 1:
                print ("Authentication succeeded for user %s."%(username))
                return True
        else:
                print ("Authentication succeeded for user %s."%(username))
                return True

if __name__ == '__main__':
        main(sys.argv[1:])