#!/usr/bin/env python
# Authors: Rob Crittenden <rcritten@redhat.com>
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2008  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

import sys
try:
    from optparse import OptionParser
    from ipaserver import ipaldap
    from ipa import entity, ipaerror, ipautil, config
    from ipaserver import installutils
    from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
    import ldap
    import logging
    import re
    import krbV
    import platform
    import shlex
    import time
    import random
except ImportError:
    print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:

    %s
""" % sys.exc_value
    sys.exit(1)

def parse_options():
    usage = "%prog [options] <enable|disable>\n"
    usage += "%prog [options]\n"
    parser = OptionParser(usage=usage, formatter=config.IPAFormatter())

    parser.add_option("-d", "--debug", action="store_true", dest="debug",
                      help="Display debugging information about the update(s)")
    parser.add_option("-y", dest="password",
                      help="File containing the Directory Manager password")

    config.add_standard_options(parser)
    options, args = parser.parse_args()

    config.init_config(options)

    return options, args

def get_dirman_password():
    """Prompt the user for the Directory Manager password and verify its
       correctness.
    """
    password = installutils.read_password("Directory Manager", confirm=False, validate=False)

    return password

def main():
    retval = 0
    loglevel = logging.NOTSET
    files=['/usr/share/ipa/schema_compat.uldif']

    options, args = parse_options()
    if options.debug:
        loglevel = logging.DEBUG

    if len(args) != 1:
        print "You must specify one action, either enable or disable"
        sys.exit(1)
    elif args[0] != "enable" and args[0] != "disable":
        print "Unrecognized action [" + args[0] + "]"
        sys.exit(1)

    logging.basicConfig(level=loglevel,
                        format='%(levelname)s %(message)s')

    dirman_password = ""
    if options.password:
        pw = read_file(options.password)
        dirman_password = pw[0].strip()
    else:
        dirman_password = get_dirman_password()

    try:
        try:
            conn = ipaldap.IPAdmin(installutils.get_fqdn())
            conn.do_simple_bind(bindpw=dirman_password)
        except ldap.LDAPError, e:
            print "An error occurred while connecting to the server."
            print "%s" % e[0]['desc']
            return 1

        if args[0] == "enable":
            try:
                conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
                              ldap.SCOPE_BASE, "(objectclass=*)")
                print "Plugin already Enabled"
                retval = 2
            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
                print "Enabling plugin"
            except ldap.LDAPError, e:
                print "An error occurred while talking to the server."
                print "%s" % e[0]['desc']
                retval = 1

            if retval == 0:
                ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
                retval = ld.update(files)
                if retval == 0:
                    print "This setting will not take effect until you restart Directory Server."

        elif args[0] == "disable":
            # Make a quick hack foir now, directly delete the entries by name,
            # In future we should add delete capabilites to LDAPUpdate
            try:
                conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
                              ldap.SCOPE_BASE, "(objectclass=*)")
                conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
                conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
                conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
            except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
                print "Plugin is already disabled"
                retval = 2
            except ldap.LDAPError, e:
                print "An error occurred while talking to the server."
                print "%s" % e[0]['desc']
                retval = 1

        else:
            retval = 1

    finally:
        if conn:
            conn.unbind()

    return retval

try:
    if __name__ == "__main__":
        sys.exit(main())
except BadSyntax, e:
    print "There is a syntax error in this update file:"
    print "  %s" % e
    sys.exit(1)
except RuntimeError, e:
    print "%s" % e
    sys.exit(1)
except SystemExit, e:
    sys.exit(e)
except KeyboardInterrupt, e:
    sys.exit(1)
except config.IPAConfigError, e:
    print "An IPA server to update cannot be found. Has one been configured yet?"
    print "The error was: %s" % e
    sys.exit(1)
except ipaerror, e:
    print "An error occurred while performing operations: %s" % e
    sys.exit(1)