#!/bin/sh -e
#
# Password Battler Version 2, for LDAP
#
# Prerequiste: ldapsearch
# Prerequiste: battlerV2
#
# $Id: passwdbattler.in,v 1.21 2021/05/16 07:09:55 kabe Exp $

## if autodetection does not work, set them manually as below
#: ${LDAPBASE:='dc=example,dc=ac,dc=jp'}
#: ${LDAPURI:='ldap://ldap.example.ac.jp'}
#export LDAPBASE LDAPURI
## set these if LDAP server won't accept anonymous bind
#: ${LDAPBINDDN="CN=ldapbind,CN=Users,${LDAPBASE}"}
#: ${LDAPBINDPW='password'}
## set these if LDAP server urges TLS encryption
#Z=-Z
export LDAPTLS_REQCERT=never

# detect binary, if _BATTLERV2 test environ is not defined
if [ -z "$_BATTLERV2" ]; then
	test -x @LIBEXECDIR@/battlerV2 && BATTLER=@LIBEXECDIR@/battlerV2
else
	test -x "$_BATTLERV2" && BATTLER="$_BATTLERV2"
fi
## last resort
[ ! -x "$BATTLER" ] && BATTLER=`dirname $0`/battlerV2
if [ ! -x "$BATTLER" ]; then
	echo Cannot find libexec/battlerV2 binary. Abort. >&2
	exit 1
fi

# read settings
test -r @ETCDIR@/pwbrc && . @ETCDIR@/pwbrc

if [ ! -z "$HOME" -a -r "$HOME/.pwbrc" ]; then
	# user defined, if bind password is private
	. "$HOME/.pwbrc"
fi

# last resort or testing in source directory
if [ -z "$LDAPURI" -o -z "$LDAPBASE" ]; then
	if [ -r `dirname $0`/pwbrc ]; then
		. `dirname $0`/pwbrc
	fi
fi

# test for mandatory settings
if [ -z "$LDAPURI" -o -z "$LDAPBASE" ]; then
	echo ERROR: mandatory LDAPURI or LDAPBASE is not set.
	echo Invoke passwdbattler-genrc to generate the pwbrc setting file.
	exit 1
fi


## stream LDIF to <uid> <score>
Ldif2UidScore () {
	awk '
		/^sAMAccountName:/{uid=$2;next}
		/^uid:/{uid=$2}
		/^pwdLastSet:/{c=$2}
		/^entryCSN:/{c=$2}
		/^$/&&uid!=""&&c!=""&&c!=0{
			print uid,c
			uid="";c=""
		}
	' |
	#while read uid c; do
	#	echo $uid `${BATTLER} "$c"`
	#done
	${BATTLER}	#no arg; use stream mode
}

ScoreOf () {
	set -- `ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \
	    '(|(uid='${1}')(&(sAMAccountName='${1}')(|(userAccountControl=512)(userAccountControl=544))))' \
	    uid entryCSN sAMAccountName pwdLastSet |
	Ldif2UidScore`
	if [ $# -lt 2 ]; then
		# user not found
		return 1
	fi
	echo "$2"
}

## LOGNAME should have been set in POSIX, but whatever
: ${LOGNAME:=${USER}}
: ${LOGNAME:=`id -nu`}
: ${LOGNAME:=`whoami`}

case "$1" in
-CHAMP)
	LTMP=/tmp/ltmp$$.out
	trap "rm $LTMP" 0 1 2 15
	ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \
	    -E pr=1000/noprompt \
	    '(|(uid=*)(&(objectClass=user)(!(objectClass=computer))(|(userAccountControl=512)(userAccountControl=544))))' \
	    uid entryCSN sAMAccountName pwdLastSet |
	Ldif2UidScore |
	sort -k 2nbr > $LTMP
	{
		read uid s; set x    $uid $s; shift
		read uid s; set "$@" $uid $s
		read uid s; set "$@" $uid $s
		echo "BEST3:" "$@"
	} < $LTMP
	tail -3 $LTMP | {
		read uid s; set x $uid $s     ; shift
		read uid s; set x $uid $s "$@"; shift
		read uid s; set x $uid $s "$@"; shift
		echo "WORST3:" "$@"
	}
	rm $LTMP
	trap 0 1 2 15
	;;
-MATCH)
	ENEMY="$2"
	ENESCO=`ScoreOf ${ENEMY}`
	MYSCO=`ScoreOf ${LOGNAME}`
	if [ "$MYSCO" -gt "$ENESCO" ]; then
		echo "YOU WIN."
	else
		echo "YOU DIED."
		exit 2
	fi
	;;
-HISTO)
	if MYSCO=`ScoreOf ${LOGNAME}`; then :; else
		MYSCO=0
		echo WARNING: you are not an LDAP user. Your score unknown.
	fi
	ldapsearch -x -LL ${Z} ${LDAPBINDDN+-D} $LDAPBINDDN ${LDAPBINDPW+-w} ${LDAPBINDPW} \
	    -E pr=1000/noprompt \
	    '(|(uid=*)(&(objectClass=user)(!(objectClass=computer))(|(userAccountControl=512)(userAccountControl=544))))' \
	    uid entryCSN sAMAccountName pwdLastSet |
	Ldif2UidScore |
	awk -v mysco=$MYSCO '
	BEGIN{min=99999;max=0;}
	$2<min{min=$2}
	$2>max{max=$2}
	{h[int($2)]++}
	END{
		xmax=0
		ymin=int(min/1000)*1000
		ystep=int((max-min)/20/100)*100

		# get xmax first
		for(y=ymin;y<=max;y+=ystep){
			x=0;
			for(yy=y;yy<(y+ystep);yy++)x+=h[yy];
			if(x>xmax)xmax=x;
		}
		xscale=1.0;
		if (xmax>70)xscale=70.0/xmax

		# plot
		for(y=ymin;y<=max;y+=ystep){
			x=0;
			for(yy=y;yy<(y+ystep);yy++)x+=h[yy];
			if (mysco!=0 && y<=mysco && mysco<(y+ystep)) {
				# counts lower than me
				lo=0
				for(yy=y;yy<mysco;yy++)lo+=h[yy];
				# counts higher than me
				hi=0
				for(    ;yy<(y+ystep);yy++)hi+=h[yy];
				# scale lo and hi
				lo=lo*xscale
				hi=hi*xscale
				# plot lo "*" hi
				printf("%5d|%s*%s\n",y,
					substr("=======================================================================",1,lo),
					substr("=======================================================================",1,hi))
			} else {
				# normal plot without me
				printf("%5d|%s\n",y,substr("============================================================================*",1,x*xscale))
			}
		}
		printf("Total users: %d\n", NR)
	}
	'
	;;
-EXERC|"")
	if MYSCO=`ScoreOf ${LOGNAME}`; then :; else
		if [ -n "$LDAPBINDPW" ]; then
			echo You '('${LOGNAME}')' seems to be not an LDAP user, or LDAPBINDPW in '~/.pwbrc' needs updating. Abort.
			echo Invoke '"'passwdbattler-genrc -i'"' to set current password.
		exit 1
		else
			echo You '('${LOGNAME}')' seems to be not an LDAP user. Abort.
		exit 1
		fi
	fi
	echo "YOUR SCORE is" $MYSCO
	;;
-h|-help|'-?'|?*)
	echo Password Battler Version 2
	echo `basename $0` '[options]'
	echo '  options:'
	echo '    -CHAMP                championship (all LDAP entries)'
	echo '    -HISTO                histogram (all LDAP entries)'
	echo '    -EXERC (default)      exercise (display your score)'
	echo '    -MATCH enemy          match (you vs. enemy)'
	exit 1
	;;
esac