#!/usr/local/bin/perl -w

use blib '../blib/';
use AFS::KAS;
use AFS::KTC_PRINCIPAL;
use AFS::KTC_TOKEN;
use AFS::KTC_EKEY;
use AFS qw(checkafs raise_exception);

die "Usage: admin user \n" if ($#ARGV != 1);

raise_exception(1);

$admin = AFS::KTC_PRINCIPAL->new(shift);
$user  = AFS::KTC_PRINCIPAL->new(shift);
$key   = AFS::KTC_EKEY->ReadPassword($admin->principal . "'s Password:");

$reason = '';
$token = AFS::KTC_TOKEN->GetAdminToken($admin, $key, 300, 1, $reason);
if ($reason) { print "reason = $reason\n"; }
checkafs('AdminToken');

$kas = AFS::KAS->AuthServerConn($token, &AFS::KA_MAINTENANCE_SERVICE);
checkafs('AuthServerConn');

$entry = $kas->getentry($user->name, $user->instance);
print "\n\nUser data for ", $user->name, $user->instance, ": \n";
foreach my $tp_key (sort keys %$entry) {
    printf("%20s  %s\n",$tp_key, $$entry{$tp_key});
}

my $flags    = 1;        # (1 = normal, 4 = admin)
my $expire   = 925715000;
my $maxassoc = 0;
my $lifetime = 48*60*60; #unit is secs; => 48 hrs
my $pwexpire = 10;       #number of days
my $pw_reuse = 2;        #pwreuse allowed: [ 1 = yes ], [ 2 = no ], [ 0 = not changed ]
my $nfail    = 4;        #(nfail - 1) tries are allowed; => 3 tries
my $locktime = 3;        #unit is 8.5 min => 3 * (8.5)
my $spare2   = 0;

my $packed= (($pwexpire << 24) | ($pw_reuse  << 16) | ($nfail << 8) | $locktime );
#my $ok = $kas->setfields($user->name, $user->instance, $flags, $expire, $lifetime, $maxassoc, $packed, $spare2);
my $ok = $kas->KAM_SetFields($user->name, $user->instance, $flags, $expire, $lifetime, $maxassoc, $packed, $spare2);
printf("KAS setfields: %s \n", $ok ? 'yes' : 'no');
checkafs('SetFields');

$entry = $kas->getentry($user->name, $user->instance);
print "\n\nUser data for ", $user->name, $user->instance, ": \n";
foreach my $tp_key (sort keys %$entry) {
    printf("%20s  %s\n",$tp_key, $$entry{$tp_key});
}
