#!/usr/bin/perl
#
# Password synchronization command for windows
#
# Copyright(c) SECIOSS CORPORATION 2011
#

use strict;
use lib '/opt/secioss/lib/perl';
use LISM;
use Config::General;
use Net::LDAP::Util qw(ldap_error_desc);
use Data::Dumper;

my %opt;

my $config = Config::General->new('/opt/secioss/var/www/cgi-bin/lism/lismapi.conf');
my %param = $config->getall;
our $BASEDN = defined($param{'basedn'}) ? $param{'basedn'} : 'o=lism,o=cgi';
our $PASSWD = $param{'adminpw'};
our $SYNCDIR = $param{'syncdir'};
our $CONF = $param{'conf'};

sub passwordsync
{
    my ($lism, $user, $password, $attr) = @_;
    my @modinfo;

    my $basedn = "ou=SP,$BASEDN";

    my ($rc, @entries) = $lism->search($basedn, 2, 1, 0, 0, "(&(objectClass=Person)($attr=$user))", 0, 'uid');
    if ($rc) {
        print STDERR "Searching user($user) failed: ".ldap_error_desc($rc)."($rc)\n";
        return $rc;
    } elsif (!@entries) {
        print STDERR "No such user($user)\n";
        return 32;
    } elsif (@entries > 1) {
        print STDERR "User($user) is not unique\n";
        return 1;
    }

    my ($dn) = ($entries[0] =~ /^dn: (.*)\n/);
    push(@modinfo, 'REPLACE', 'userPassword', $password);
    $rc = $lism->modify($dn, @modinfo);
    if ($rc) {
        print STDERR "Changing password failed($user): ".ldap_error_desc($rc)."($rc)\n";
    }

    return $rc;
}

my $lism = new LISM;
$lism->config('basedn', $BASEDN);
$lism->config('admindn', "cn=pwsync,$BASEDN");
$lism->config('adminpw', $PASSWD);
$lism->config('syncdir', $SYNCDIR);
$lism->config('conf', $CONF);
if (defined($param{'logfile'})) {
    $lism->config('logfile', $param{'logfile'});
}

my $rc = $lism->init();
if ($rc) {
    print STDERR "Bad configuration\n";
    exit 1;
}
$lism->bind("cn=pwsync,$BASEDN", $PASSWD);

my $user = $ARGV[0];
my $password = $ARGV[1];
my $attr = defined($ARGV[2]) ? $ARGV[2] : 'uid';

$rc = passwordsync($lism, $user, $password, $attr);

exit ($rc);
