#!/usr/bin/env python
# nullanvoid :: bitjammin

try:
    import configparser
    import getopt
    import ldap
    import ldap.modlist as modlist
    import logging
    import sys
except ImportError:
    print("Could not import modules!\nDid you install all the requirements!")
    exit(1)


def usage():
    print("Usage: ./update_experations.py -c /path/to/ipa_config\n")
    exit(1)


def update_expirations(base_dn, host, dm_passwd):

    logging.basicConfig(filename='/var/log/update_expirations.log',
                        filemode='a',
                        format='%(asctime)s,'
                                '%(msecs)d %(name)s %(levelname)s %(message)s',
                        level=logging.DEBUG)
    
    
    search_scope = ldap.SCOPE_SUBTREE
    ldap_attrs = ['uid', 'krbPasswordExpiration']
    ldap_filter = 'uid=*'
    
    logging.info("Running expiration updates")
    
    try:
        l = ldap.initialize("ldap://" + host)
    except ldap.LDAPError, e:
        logging.error("Failed initializing: %s", e)
    else:
        logging.info("Success initializing")
    
    
    try:
        l.simple_bind_s('cn=Directory Manager', dm_passwd)
    except ldap.LDAPError, e:
        logging.error("Failed binding: %s", e)
        sys.exit(1)
    else:
        logging.info("Success binding")
    
    
    update_count = 0
    
    
    try:
        results = l.search_ext_s(base_dn, search_scope,
                                 ldap_filter, ldap_attrs)
    except ldap.LDAPError, e:
        logging.error("Failed performing search")
    else:
        logging.info("Returned %s from search", len(results))
    
        for res in results:
    
            if (len(res[1]) < 2):
                logging.info("Entry %s has no krbPasswordExpiration"
                             "attribute... skipping", res[0])
                continue
    
            if (res[1]['krbPasswordExpiration'][0] != "20371231011529Z"):
    
                old_exp = {'krbPasswordExpiration':
                           res[1]['krbPasswordExpiration'][0]}
    
                new_exp = {'krbPasswordExpiration':['20371231011529Z']}
    
                ldif = modlist.modifyModlist(old_exp,new_exp)
    
                try:
                    l.modify_s(res[0], ldif)
                except ldap.LDAPError, e:
                    logging.error("Failed updating expiration entry: %s,"
                                  "message: %s", res[0], e)
                else:
                    logging.info("Success updating expiration for: %s", res[0])
                    update_count = update_count + 1
    
    logging.info("Updated %s records", update_count)
    logging.info("Finished running expiration updates")
    
    logging.shutdown()
    l.unbind_s()


def main():
    ipa_config_file = None

    try:
        opts, args = getopt.getopt(sys.argv[1:], "c:")
    except getopt.GetoptError as err:
        usage()
        sys.exit(1)
    for o, a in opts:
        if o == "-c":
            ipa_config_file = a
        else:
            assert False, "Invalid option: {}".format(o)

    if ipa_config_file == None:
        usage()

    ipa_config = configparser.ConfigParser()
    ipa_config.read(ipa_config_file)

    
    base_dn = ipa_config['ipa']['base_dn']
    host = ipa_config['ipa']['host']
    dm_passwd = ipa_config['ipa']['dm_passwd']

    update_expirations(base_dn, host, dm_passwd)


if __name__ == '__main__':
    main()