#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from json import load
from sys import exit, stdin
from getpass import getpass
from argparse import ArgumentParser
from optparse import OptionParser
from samba.samdb import SamDB
from samba.auth import system_session
from samba import getopt
import ldb
from select import select


try:
    with open('/etc/eole/smbldap-passwd.conf') as fh:
        conf = load(fh)
        URL = conf['url']
        USER = conf['user']
        PASS = conf['pass']
except:
    URL = None


def changepass(args):
    parse = OptionParser()
    lp = getopt.SambaOptions(parse).get_loadparm()
    credopt = getopt.CredentialsOptions(parse)
    if URL is not None:
        creds = credopt.get_credentials(lp)
        credopt._parse_username(None, None, f'{USER}%{PASS}', None)
        samdb = SamDB(url=URL, session_info=system_session(), credentials=creds, lp=lp)
    else:
        creds = credopt.get_credentials(lp)
        samdb = SamDB(session_info=system_session(), credentials=creds, lp=lp)
    if select([stdin,],[],[],0.0)[0]:
        stdin_str = stdin.readlines()
    else:
        stdin_str = []
    if len(stdin_str) >= 2:
        pass1 = stdin_str[0].strip()
        pass2 = stdin_str[1].strip()
    else:
        pass1 = getpass(f'Changing UNIX password for {args.name}\nNew password: ')
        pass2 = getpass('Retype new password: ')
    if pass1 != pass2:
        print("New passwords don't match!")
        exit(1)
    filter = "(&(objectClass=user)(sAMAccountName=%s))" % (ldb.binary_encode(args.name))
    samdb.setpassword(filter,
                      pass1,
                      username=args.name,
                  )
    res = samdb.search(base=samdb.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                      expression=filter, attrs=[])
    user_dn = res[0].dn
    ldif = """
dn: {user_dn}
changeType: modify
replace: userAccountControl
userAccountControl: 544
replace: accountExpires
accountExpires: 0
""".format(user_dn=user_dn)
    samdb.modify_ldif(ldif)


if __name__ == '__main__':
    parser = ArgumentParser()
    parser.add_argument('name')
    args = parser.parse_args()
    changepass(args)
