#!/usr/bin/python3
#
# Copyright 2012-2021 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.

'''
This tool removes the sambaPwdMustChange value from all accounts
'''

from __future__ import print_function

import sys
import univention.admin
import univention.admin.uldap
from argparse import ArgumentParser

if __name__ == '__main__':
	ACTIONS = ('test', 'remove')

	parser = ArgumentParser(description=__doc__)
	parser.add_argument(
		"action",
		help="Test for sambaPwdMustChange values, or remove them. The default action is test.",
		choices=ACTIONS,
		nargs='?'
	)

	options = parser.parse_args()

	# check argument (action)
	if not options.action:
		print('', file=sys.stderr)
		print('warning: no action given. default is test', file=sys.stderr)
		print('', file=sys.stderr)
		options.action = 'test'

	configRegistry = univention.config_registry.ConfigRegistry()
	configRegistry.load()

	lo, position = univention.admin.uldap.getAdminConnection()

	res = lo.search('sambaPwdMustChange=*', attr=['sambaPwdMustChange'])
	if not res:
		print('No user with sambaPwdMustChange was found.')
	else:
		for ob in res:
			print('Remove sambaPwdMustChange (%s) for %s' % (ob[1].get('sambaPwdMustChange', [])[0].decode('utf-8'), ob[0],), end=' ')
			if options.action == 'remove':
				lo.modify(ob[0], [('sambaPwdMustChange', ob[1].get('sambaPwdMustChange', []), b'')])
				print('done')
			else:
				print('(testing mode)')
