#!/usr/bin/env ruby

require 'fileutils'
require 'etc'
require 'time'

require 'active_samba_ldap'
require 'active_samba_ldap/command'

include ActiveSambaLdap::GetTextSupport

argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
  default = ActiveSambaLdap::Configuration::ClassMethods::Private.new({})
  options.start_uid = Integer(default.start_uid)
  options.start_gid = Integer(default.start_gid)
  options.administrator = ActiveSambaLdap::User::DOMAIN_ADMIN_NAME
  admin_rid = ActiveSambaLdap::User::DOMAIN_ADMIN_RID
  admins_rid = ActiveSambaLdap::Group::DOMAIN_ADMINS_RID
  guest_rid = ActiveSambaLdap::User::DOMAIN_GUEST_RID
  guests_rid = ActiveSambaLdap::Group::DOMAIN_GUESTS_RID
  options.administrator_uid = ActiveSambaLdap::User.rid2uid(admin_rid)
  options.administrator_gid = ActiveSambaLdap::Group.rid2gid(admins_rid)
  options.guest = ActiveSambaLdap::User::DOMAIN_GUEST_NAME
  options.guest_uid = ActiveSambaLdap::User.rid2uid(guest_rid)
  options.guest_gid = ActiveSambaLdap::Group.rid2gid(guests_rid)
  options.export_ldif = nil
  options.import_ldif = nil

  opts.on("-u", "--start-uid=UID", Integer,
          _("first uid number to allocate"),
          "(#{options.start_uid})") {|options.start_uid|}
  opts.on("-g", "--start-gid=GID", Integer,
          _("first gid number to allocate"),
          "(#{options.start_gid})") {|options.start_gid|}
  opts.on("-a", "--administrator=NAME",
          _("administrator login name"),
          "(#{options.administrator})") {|options.administrator|}
  opts.on("--administrator-uid=UID", Integer,
          _("administrator's uid number"),
          "(#{options.administrator_uid})") {|options.administrator_uid|}
  opts.on("--administrator-gid=GID", Integer,
          _("administrator's gid number"),
          "(#{options.administrator_gid})") {|options.administrator_gid|}
  opts.on("-g", "--guest=NAME",
          _("guest login name"),
          "(#{options.guest})") {|options.guest|}
  opts.on("--guest-uid=UID", Integer,
          _("guest's uid number"),
          "(#{options.guest_uid})") {|options.guest_uid|}
  opts.on("--guest-gid=GID", Integer,
          _("guest's gid number"),
          "(#{options.guest_gid})") {|options.guest_gid|}
  opts.on("-e", "--export-ldif=LDIF",
          _("export LDIF file")) {|options.export_ldif|}
#   opts.on("-i", "--import-ldif=LDIF",
#           _("import LDIF file")) {|options.import_ldif|}
end

unless Process.uid.zero?
  $stderr.puts(_("need root authority."))
  exit 1
end

ActiveSambaLdap::Base.establish_connection("update")

entries, opts = ActiveSambaLdap::Base.populate(options.marshal_dump)

def init_administrator(opts, entries)
  admin_name = opts[:administrator]
  user_class = opts[:user_class]
  admin = entries.find do |entry|
    entry.is_a?(user_class) and entry.uid == admin_name
  end
  return if admin.new_entry?

  prompt = _("Password for %s: ") % admin_name
  password = ActiveSambaLdap::Command.read_password(prompt)
  prompt2 = _("Retype password for %s: ") % admin_name
  password2 = ActiveSambaLdap::Command.read_password(prompt2)
  unless password == password2
    $stderr.puts(_("Passwords don't match."))
    exit 1
  end

  admin.change_password(password)
  admin.change_samba_password(password)
  admin.enable
  admin.save!
end

init_administrator(opts, entries)

if options.export_ldif
  File.open(options.export_ldif, "w") do |out|
    out.puts(entries.join("\n"))
  end
end

ActiveSambaLdap::Base.restart_nscd

ActiveSambaLdap::Base.clear_active_connections!
