#!/usr/bin/python3
#
# Like what you see? Join us!
# https://www.univention.com/about-us/careers/vacancies/
#
# Copyright 2004-2025 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.

"""Check for unused dhcp records"""

import ldap
from ldap.filter import filter_format

import univention.config_registry
import univention.uldap


def main():
    # type: () -> None
    ucr = univention.config_registry.ConfigRegistry()
    ucr.load()

    baseDN = ucr['ldap/base']

    lo = univention.uldap.getAdminConnection().lo

    # check for dhcp records without matching computer object
    computers = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, 'objectClass=univentionDhcpHost', ['dhcpHWAddress'])

    print("Found no computer objects for these dhcp records:\n")

    for comp in computers:
        mac = comp[1]["dhcpHWAddress"][0]
        if mac.find(b" ") >= 0:
            mac = mac.split(b" ")[1].decode('utf-8')

        match_cmp_rec = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, filter_format('(&(objectClass=univentionHost)(macAddress=%s))', [mac]), [])

        if len(match_cmp_rec) == 0:
            print("\t%s" % comp[0])
    print()

    # check for dns host records without matching computers objects (match IP)

    deadEndRecords = {}  # needed later for reverse lookup checks
    allRecords = {}

    computers = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, 'objectClass=dNSZone', ['aRecord', 'relativeDomainName', 'zoneName'])

    print("Found no computer objects for these dns records:\n")

    for comp in computers:
        if "aRecord" in comp[1]:
            relative_domain_name = comp[1]['relativeDomainName'][0].decode('utf-8')
            zone_name = comp[1]['zoneName'][0].decode('utf-8')
            allRecords[relative_domain_name + "." + zone_name] = comp
            match_cmp_rec = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, filter_format('(&(objectClass=univentionHost)(aRecord=%s))', (comp[1]["aRecord"][0].decode('utf-8'),)), [])
            if len(match_cmp_rec) == 0:
                deadEndRecords[relative_domain_name + "." + zone_name] = comp
                print("\t%s" % comp[0])
    print()

    # check for dns reverse lookup records without match computer names

    computers = lo.search_s(baseDN, ldap.SCOPE_SUBTREE, 'objectClass=dNSZone', ['pTRRecord'])

    print("Found no computer objects for these dns reverse lookup records:\n")

    for comp in computers:
        if 'pTRRecord' in comp[1]:
            parts = comp[1]['pTRRecord'][0].split(b".")
            relative_domain_name = parts[0].decode('utf-8')
            zone_name = b".".join(parts[1:-1]).decode('utf-8')

            # check if there is a corresponding valid forward entry for this object
            if relative_domain_name + "." + zone_name in deadEndRecords:
                print("\t%s" % comp[0])
            elif relative_domain_name + "." + zone_name not in allRecords:
                print("\t%s" % comp[0])


if __name__ == "__main__":
    main()
