#! /usr/bin/python -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2007  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; version 2 only
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

import sys
from optparse import OptionParser
import ipa
import ipa.group
import ipa.ipaclient as ipaclient
import ipa.config
import ipa.ipaerror

import xmlrpclib
import kerberos
import ldap
import errno

def usage():
    print "ipa-groupmod [-a|--add] [-r|--remove] user group"
    print "ipa-groupmod [-d|--desc description STRING] [--addattr attribute=value] [--delattr attribute] [--setattr attribute=value] group"
    sys.exit(1)

def set_add_usage(which):
    print "%s option usage: --%s NAME=VALUE" % (which, which)

def parse_options():
    parser = OptionParser()
    parser.add_option("-a", "--add", dest="add", action="store_true",
                      help="Add a user to the group")
    parser.add_option("-r", "--remove", dest="remove", action="store_true",
                      help="Remove a user from the group")
    parser.add_option("-d", "--description", dest="desc", 
                      help="Modify the description of the group")
    parser.add_option("--addattr", dest="addattr",
                      help="Adds an attribute or values to that attribute, attr=value",
                      action="append")
    parser.add_option("--delattr", dest="delattr",
                      help="Remove an attribute", action="append")
    parser.add_option("--setattr", dest="setattr",
                      help="Set an attribute, dropping any existing values that may exist",
                      action="append")
    parser.add_option("--usage", action="store_true",
                      help="Program usage")

    args = ipa.config.init_config(sys.argv)
    options, args = parser.parse_args(args)

    if (not options.add and not options.remove) and (not options.desc and
        not options.addattr and not options.delattr and not options.setattr):
        usage()

    return options, args

def get_group(client, options, group_cn):
    try:
        attrs = ['*']

        # in case any attributes being modified are operational such as
        # nsaccountlock. Any attribute to be deleted needs to be included
        # in the original record so it can be seen as being removed.
        if options.delattr:
            for d in options.delattr:
                attrs.append(d)
        group = client.get_entry_by_cn(group_cn, sattrs=attrs)

    except ipa.ipaerror.IPAError, e:
        print "%s" % e.message
        return None

    return group

def main():
    group=ipa.group.Group()
    options, args = parse_options()

    if (options.add or options.remove) and (len(args) != 3):
        usage()
    elif ((options.desc or options.addattr or options.delattr or options.setattr) and (len(args) != 2)):
        usage()

    try:
        client = ipaclient.IPAClient()
        if options.add:
            group = get_group(client, options, args[2])
            if group is None:
                return 1
            users = args[1].split(',')
            for user in users:
                client.add_user_to_group(user, group.dn)
                print user + " successfully added to " + args[2]
        elif options.remove:
            group = get_group(client, options, args[2])
            if group is None:
                return 1
            users = args[1].split(',')
            for user in users:
                client.remove_user_from_group(user, group.dn)
                print user + " successfully removed"
        else:
            group = get_group(client, options, args[1])
            if group is None:
                return 1

            if options.desc:
                group.setValue('description', options.desc)

            if options.delattr:
                for d in options.delattr:
                    group.delValue(d)

            if options.setattr:
                for s in options.setattr:
                    s = s.split('=')
                    if len(s) != 2:
                        set_add_usage("set")
                        sys.exit(1)
                    (attr,value) = s
                    group.setValue(attr, value)

            if options.addattr:
                for a in options.addattr:
                    a = a.split('=')
                    if len(a) != 2:
                        set_add_usage("add")
                        sys.exit(1)
                    (attr,value) = a
                    cvalue = group.getValue(attr)
                    if cvalue:
                        if isinstance(cvalue,str):
                            cvalue = [cvalue]
                        value = cvalue + [value]
                    group.setValue(attr, value)

            client.update_group(group)
            print args[1] + " successfully updated"
    except xmlrpclib.Fault, fault:
        if fault.faultCode == errno.ECONNREFUSED:
            print "The IPA XML-RPC service is not responding."
        else:
            print fault.faultString
        return 1
    except kerberos.GSSError, e:
        print "Could not initialize GSSAPI: %s/%s" % (e[0][0][0], e[0][1][0])
        return 1
    except xmlrpclib.ProtocolError, e:
        print "Unable to connect to IPA server: %s" % (e.errmsg)
        return 1
    except ipa.ipaerror.IPAError, e:
        print "%s" % (e.message)
        return 1

    return 0

if __name__ == "__main__":
    sys.exit(main())