"""A demo of using win32net.NetValidatePasswordPolicy.

Example usage:

% NetValidatePasswordPolicy.py --password=foo change
which might return:

> Result of 'change' validation is 0: The operation completed successfully.

or depending on the policy:

> Result of 'change' validation is 2245: The password does not meet the
> password policy requirements. Check the minimum password length,
> password complexity and password history requirements.

Adding --user doesn't seem to change the output (even the PasswordLastSet seen
when '-f' is used doesn't depend on the username), but theoretically it will
also check the password history for the specified user.

% NetValidatePasswordPolicy.py auth

which always (with and without '-m') seems to return:

> Result of 'auth' validation is 2701: Password must change at next logon
"""

import sys
import win32api
import win32net, win32netcon

import optparse
from pprint import pprint

def main():
    parser = optparse.OptionParser("%prog [options] auth|change ...",
                                   description="A win32net.NetValidatePasswordPolicy demo.")

    parser.add_option("-u", "--username",
                      action="store",
                      help="The username to pass to the function (only for the "
                           "change command")

    parser.add_option("-p", "--password",
                      action="store",
                      help="The clear-text password to pass to the function "
                            "(only for the 'change' command)")

    parser.add_option("-m", "--password-matched",
                      action="store_false", default=True,
                      help="Used to specify the password does NOT match (ie, "
                           "uses False for the PasswordMatch/PasswordMatched "
                           "arg, both 'auth' and 'change' commands)")

    parser.add_option("-s", "--server",
                      action="store",
                      help="The name of the server to execute the command on")

    parser.add_option("-f", "--show_fields",
                      action="store_true", default=False,
                      help="Print the NET_VALIDATE_PERSISTED_FIELDS returned")

    options, args = parser.parse_args()

    if not args:
        args = ["auth"]

    for arg in args:
        if arg == "auth":
            input = {"PasswordMatched": options.password_matched,
                     }
            val_type = win32netcon.NetValidateAuthentication
        elif arg == "change":
            input = {"ClearPassword": options.password,
                     "PasswordMatch": options.password_matched,
                     "UserAccountName": options.username,
                     }
            val_type = win32netcon.NetValidatePasswordChange
        else:
            parser.error("Invalid arg - must be 'auth' or 'change'")

        try:
            fields, status = win32net.NetValidatePasswordPolicy(options.server,
                                                         None, val_type, input)
        except NotImplementedError:
            print("NetValidatePasswordPolicy not implemented on this platform.")
            return 1
        except win32net.error as exc:
            print("NetValidatePasswordPolicy failed: ", exc)
            return 1

        if options.show_fields:
            print("NET_VALIDATE_PERSISTED_FIELDS fields:")
            pprint(fields)

        print("Result of %r validation is %d: %s" % \
                    (arg, status, win32api.FormatMessage(status).strip()))

    return 0

if __name__=='__main__':
    sys.exit(main())