#!/usr/local/bin/python2.1

import pwd
import grp
import crypt
import sys
import time
#sys.stderr.write("["+time.asctime()+"] [notice] auth.py is here\n")
import getopt
import string
import posix
import types
import time
import miscauth

# logfile
logfile="/opt/apache/logs/auth_py_log"
logsize=1024*1024


def help():
    print "Usage: auth.py [-w] [-g group] username password"
    print
    print "Check if username-password[-group] combination are correct."
    print
    print "   -w          for use with mod_auth_any in apache"
    print "   -g group    additional check up group membership"
    print

def auth_error(error):
    print "Authentication Error: %s"%error
    sys.stderr.write("["+time.asctime(time.localtime(time.time()))+
                     "] [notice] Auth.py: Authentication Error: %s\n"%error)
    sys.exit(0)
    
   
try:
    stat=posix.stat(logfile)
    size=stat[6]
except OSError, error :
    if error.errno!=2:
        auth_error("Logfile exception")
    else:
        size=0
except:
    auth_error("Logfile exception")

noold=(1==1)

if size > logsize:
    try:
        stat=posix.stat(logfile+".old")
        size=stat[6]
    except OSError, error :
        if error.errno!=2:
            auth_error("Logfile exception")
            sys.exit(0)
        else:
            noold=(1==0)
    except:
        auth_error("Logfile exception")
        sys.exit(0)

    if noold:
        try:
            posix.remove(logfile+".0")
        except:
            auth_error("Logfile exception")
            sys.exit(0)
    try:
        posix.rename(logfile,logfile+".0")
    except:
        auth_error("Logfile exception")
        sys.exit(0)

    
try:
    f_logfile=open(logfile,"a+")
except:
    auth_error("Logfile exception")
    sys.exit(0)

logstring=time.strftime("[%Y/%m/%d %H:%M:%S]",time.localtime(time.time()))+" "
   
groups=[]
users=[]
result=(1==1)
web=(1==0)
area=""

try:    
    optlist, args = getopt.getopt(sys.argv[1:],"wg:u:a:")
except:
    auth_error("Argument error")
    sys.exit(1)

for opt in optlist:
    if opt[0] == "-g":
        groups=string.split(opt[1],",")
    elif opt[0] == "-u":
        users=string.split(opt[1],",")
    elif opt[0] == "-w":
        web=(1==1)
    elif opt[0] == "-a":
        area=opt[1]

if len(args)<2:
    auth_error("Argument error")
    sys.exit(1)

name=args[0]
passwd=args[1]

if name!="":
    logstring+="name=%-20s"%name

if area!="":
    logstring+="area=%-20s"%area

if myauth.checkpwd(name,passwd):
    logstring+="passwd=ok   "
    result &= (1==1)
else:
    logstring+="passwd=fail "
    result &= (1==0)
    
if groups!=[]:
    if myauth.checkgrp(name,groups):
        result &= (1==1)
        logstring+="group=ok   "
    else:
        result &= (1==0)
        logstring+="group=fail "
else:
    logstring+="           "
    
if users!=[]:
    if myauth.checkuser(name,users):
        result &= (1==1)
        logstring+="user=ok   "
    else:
        result &= (1==0)
        logstring+="user=fail "
else:
    logstring+="          "

try:
    f_logfile.write(logstring+"\n")
except:
    auth_error("Logfile exception")
    sys.exit(0)
    
if result:
    if web:
        print "\000"
        sys.exit(0)
    else:    
        sys.exit(0)
else:
    if web:
        auth_error("Access denied")
    else:    
        sys.exit(1)