#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
XXX

The services hash is a table of a couple of the services, defaulting to off.  
The configuration files are (re)written regardless of the changes.  Additionally,
there is no error handling for external calls (exec).
"""

import sys
sys.path.insert(1, '/usr/lib/vmware/python2.2/site-packages')

from vmware import Utility
Utility.python_required('2.2.3')

import os
import string
from commands import getoutput
from optik import OptionParser, make_option, SUPPRESS_HELP, OptionValueError
from vmware.authentication.PAMManager import PAMManager
from vmware.authentication.NISManager import NISManager
from vmware.authentication.LDAPManager import LDAPManager
from vmware.authentication.LoginManager import LoginManager
from vmware.authentication.KerberosManager import KerberosManager
from vmware.authentication.NSSManager import NSSManager
from vmware.authentication.NSCDManager import NSCDManager
from vmware.authentication.FirewallManager import FirewallManager

from vmware.authentication.Exceptions import InvalidCertificateException
from vmware.authentication.Exceptions import CertificatePermissionException

Managers = { }
Services = { }
Firewalls = { }
Firewall = FirewallManager()

def enablemd5(option, opt, value, parser):
   Managers['PAM'].EnableMD5Password()
   Managers['LDAP'].EnableMD5()

   Services['LDAP'] = "True"

def disablemd5(option, opt, value, parser):
   Managers['PAM'].DisableMD5Password()
   Managers['LDAP'].DisableMD5()

   Services['LDAP'] = "True"

def enableshadow(option, opt, value, parser):
   Managers['PAM'].EnableShadowPassword()

   Services['PAM'] = "True"

def disableshadow(option, opt, value, parser):
   Managers['PAM'].DisableShadowPassword()

   Services['PAM'] = "True"

def enablenis(option, opt, value, parser):
   setattr(parser.values, opt, True)
   Managers['NSS'].AddLookupOrder('passwd', 'nis')
   Managers['NSS'].AddLookupOrder('hosts', 'nis')
   Managers['NSS'].AddLookupOrder('protocols', 'nis')
   Managers['NSS'].AddLookupOrder('services', 'nis')
   Managers['NSS'].AddLookupOrder('automount', 'nis')
   
   Managers['PAM'].AddArgument('password', 'pam_unix.so', 'nis')
   Managers['PAM'].AddArgument('password', 'pam_unix2.so', 'nis')

   Firewalls['nisClient'] = True
   Services['NIS'] = "True"

def disablenis(option, opt, value, parser):
   Managers['NSS'].DelLookupOrder('passwd', 'nis')
   Managers['NSS'].DelLookupOrder('hosts', 'nis')
   Managers['NSS'].DelLookupOrder('protocols', 'nis')
   Managers['NSS'].DelLookupOrder('services', 'nis')
   Managers['NSS'].DelLookupOrder('automount', 'nis')

   Managers['PAM'].DelArgument('password', 'pam_unix.so', 'nis')
   Managers['PAM'].DelArgument('password', 'pam_unix2.so', 'nis')

   Firewalls['nisClient'] = False
   Services['NIS'] = "False"

def nisdomain(option, opt, value, parser):
   setattr(parser.values, opt, value)
   if value == "":
      raise OptionValueError("%s option requires a value" % opt)
   Managers['NIS'].NISDomain(value)

def nisserver(option, opt, value, parser):
   setattr(parser.values, opt, value)
   if value == "":
      raise OptionValueError("%s option requires a value" % opt)
   Managers['NIS'].NISServer(value)

def enableldap(option, opt, value, parser):
   Managers['NSS'].AddLookupOrder('passwd', 'ldap')
   Managers['NSS'].AddLookupOrder('protocols', 'ldap')
   Managers['NSS'].AddLookupOrder('services', 'ldap')
   Managers['NSS'].AddLookupOrder('automount', 'ldap')

   Firewalls['LDAP'] = True
   Services['LDAP'] = "True"

def disableldap(option, opt, value, parser):
   Managers['NSS'].DelLookupOrder('passwd', 'ldap')
   Managers['NSS'].DelLookupOrder('protocols', 'ldap')
   Managers['NSS'].DelLookupOrder('services', 'ldap')
   Managers['NSS'].DelLookupOrder('automount', 'ldap')

   Firewalls['LDAP'] = False
   Services['LDAP'] = "False"

def enableldapauth(option, opt, value, parser):
   Managers['PAM'].DelModule('pam_ldap.so', 'auth')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_ldap.so', 'auth',
                             'sufficient', None, 1)

   Managers['PAM'].DelModule('pam_ldap.so', 'account')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_ldap.so', 'account', 
                             'sufficient', None, 1)

   Managers['PAM'].DelModule('pam_ldap.so', 'password')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_ldap.so', 'password', 
                             'sufficient', 'use_first_pass', 1)

   Managers['PAM'].DelModule('pam_ldap.so', 'session')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_ldap.so', 'session', 
                             'optional', None, 1)

   Firewalls['LDAP'] = True
   Services['LDAP'] = "True"

def disableldapauth(option, opt, value, parser):
   Managers['PAM'].DelModule('pam_ldap.so', 'auth')
   Managers['PAM'].DelModule('pam_ldap.so', 'account')
   Managers['PAM'].DelModule('pam_ldap.so', 'password')
   Managers['PAM'].DelModule('pam_ldap.so', 'session')

   Services['LDAP'] = "False"
   Firewalls['LDAP'] = False

def ldapserver(option, opt, value, parser):
   Managers['LDAP'].SetLDAPServer(value)

def ldapbasedn(option, opt, value, parser):
   Managers['LDAP'].SetBaseDN(value)

def enableldaptls(option, opt, value, parser):
   try:
      Managers['LDAP'].EnableTLS()
   except (InvalidCertificateException):
      print "The certificate specified for TLS authentication is invalid."
      sys.exit(2)
   except (CertificatePermissionException):
      print "Failed to set permission on certificates for TLS authentication."
      sys.exit(2)

   Firewall.EnableService('LDAPS')

def disableldaptls(option, opt, value, parser):
   Managers['LDAP'].DisableTLS()

   Firewall.DisableService('LDAPS')

def enableldapssl(option, opt, value, parser):
   Managers['LDAP'].EnableSSL()

def disableldapssl(option, opt, value, parser):
   Managers['LDAP'].DisableSSL()

def enablekrb5(option, opt, value, parser):
   # XXX installed krb files are bogus.  Should really 
   # handle krb support same way --enablead is handled.
   setattr(parser.values, opt, True)
   Managers['Kerberos'].Reset();
   Managers['PAM'].DelModule('pam_krb5.so', 'auth')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'auth', 
                             'sufficient', 'use_first_pass', 2)
   
   Managers['PAM'].DelModule('pam_krb5.so', 'account')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'account', 
                             'sufficient', None, 1)

   Managers['PAM'].DelModule('pam_krb5.so', 'password')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'password', 
                             'sufficient', 'use_authtok', 1)

   Managers['PAM'].DelModule('pam_krb5.so', 'session')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'session', 
                             'optional', None, 1)

   Firewalls['kerberos'] = True
   Services['Kerberos'] = "True"

def disablekrb5(option, opt, value, parser):
   Managers['Kerberos'].Reset();
   Managers['PAM'].DelModule('pam_krb5.so', 'auth')
   Managers['PAM'].DelModule('pam_krb5.so', 'account')
   Managers['PAM'].DelModule('pam_krb5.so', 'password')
   Managers['PAM'].DelModule('pam_krb5.so', 'session')

   Firewalls['kerberos'] = False
   Services['Kerberos'] = "True"

def krb5realm(option, opt, value, parser):
   setattr(parser.values, opt, True)
   Managers['Kerberos'].SetKerberosRealm(value)

def krb5kdc(option, opt, value, parser):
   setattr(parser.values, opt, True)
   Managers['Kerberos'].SetKerberosDistributionCenter(value)

def krb5adminserver(option, opt, value, parser):
   setattr(parser.values, opt, True)
   Managers['Kerberos'].SetKerberosAdminServer(value)

def enablead(option, opt, value, parser):

   # We ship with broken krb.conf files, so need to nuke them first
   Managers['Kerberos'].Reset();

   Managers['PAM'].DelModule('pam_krb5.so', 'auth')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'auth', 
                             'sufficient', 'use_first_pass', 2)
   
   Managers['PAM'].DelModule('pam_krb5.so', 'account')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'account', 
                             'sufficient', None, 0)

   Managers['PAM'].DelModule('pam_krb5.so', 'password')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'password', 
                             'sufficient', 'use_authtok', 2)

   Managers['PAM'].DelModule('pam_krb5.so', 'session')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_krb5.so', 'session', 
                             'sufficient', None, 2)

   Firewalls['activeDirectorKerberos'] = True
   Services['Kerberos'] = "True"

def disablead(option, opt, value, parser):
   Managers['Kerberos'].Reset();
   Managers['PAM'].DelModule('pam_krb5.so', 'auth')
   Managers['PAM'].DelModule('pam_krb5.so', 'account')
   Managers['PAM'].DelModule('pam_krb5.so', 'password')
   Managers['PAM'].DelModule('pam_krb5.so', 'session')

   Firewalls['activeDirectorKerberos'] = False
   Services['Kerberos'] = "False"

def addomain(option, opt, value, parser):
   Managers['Kerberos'].SetKerberosRealm(value)

def addc(option, opt, value, parser):
   Managers['Kerberos'].SetActiveDirectoryDomain(value)

def usepamqc(option, opt, value, parser):
   args = 'min='

   for i in range(0,5):
      if value[i] == -1:
         args += 'disabled,'
      else:
         args += '%d,' % value[i]

   args = args[:-1]

   if value[5] == -1:
      args += ' similar=deny match=0'
   else:
      args += ' similar=deny match=%d' % value[5]

   Managers['PAM'].DelModule('pam_cracklib.so', 'password')
   Managers['PAM'].DelModule('pam_passwdqc.so', 'password')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_passwdqc.so', 
                             'password', 'required', args, 0)

def usecrack(option, opt, value, parser):
   args = 'retry=%d minlen=%d lcredit=%d ucredit=%d dcredit=%d ocredit=%d type=' % value

   Managers['PAM'].DelModule('pam_cracklib.so', 'password')
   Managers['PAM'].DelModule('pam_passwdqc.so', 'password')
   Managers['PAM'].AddModule('/lib/security/$ISA/pam_cracklib.so', 
                             'password', 'required', args, 0)

def enablecache(option, opt, value, parser):
   Managers['NSCD'].EnableCache()
   Services['NSCD'] = "True"

def disablecache(option, opt, value, parser):
   Managers['NSCD'].DisableCache()
   Services['NSCD'] = "False"

def passmaxdays(option, opt, value, parser):
   Managers['Login'].SetPassMaxDays(value)

def passmindays(option, opt, value, parser):
   Managers['Login'].SetPassMinDays(value)

def passminlen(option, opt, value, parser):
   Managers['Login'].SetPassMinLen(value)

def passwarnage(option, opt, value, parser):
   Managers['Login'].SetPassWarnAge(value)

def maxfailedlogins(option, opt, value, parser):
   Managers['PAM'].DelModule('pam_tally.so', 'auth')
   Managers['PAM'].DelModule('pam_tally.so', 'account')

   if value > 0:
      Managers['PAM'].AddModule('/lib/security/pam_tally.so', 'auth', 'required', 'no_magic_root', 0)
      Managers['PAM'].AddModule('/lib/security/pam_tally.so', 'account', 'required', 'deny=%i no_magic_root' % value, 0)

def unsupported(option, opt, value, parser):
   print 'Option %s is unsupported, you will have to configure it manually' % opt

def dummy(option, opt, value, parser):
   pass


def reqs_error(opt, reqs):
   if len(reqs)>1:
      reqs_txt = " and ".join(reqs)
      reqs_txt += ' options'
   else:
      reqs_txt = '%s option' % reqs[0]
      
   print >> sys.stderr, "Error: %s option requires %s to be specified." % (opt, reqs_txt)
   sys.exit(1)
      
def check_required_options(options, opts, reqs):
   """
   check if reqs are set when opt is set.
   Set 'opt' in callback function.
   
   options: parser.values object.
   opts:     key options.
   reqs:    list of required options. 
   """
   for opt in opts:
      if getattr(options, opt, None):
         #check if reqs are set
         notset = []
         for req in reqs:
            if opt == req:
               continue
            if not getattr(options, req, None):
               notset.append(req)
         if notset:
            reqs_error(opt, notset)


def main():
   global Managers, Services

   Managers['PAM'] = PAMManager()
   Managers['NIS'] = NISManager()
   Managers['LDAP'] = LDAPManager()
   Managers['Login'] = LoginManager()
   Managers['Kerberos'] = KerberosManager()
   Managers['NSS'] = NSSManager()
   Managers['NSCD'] = NSCDManager()

   Services = { 'PAM' : "Unset", 'NIS' : "Unset", 'LDAP' : "Unset", 
                'Kerberos' : "Unset", 'NSS' : "Unset", 'NSCD' : "Unset" }

   probe = False

   usage =  "esxcfg-auth [options]"

   options_list = [
      make_option(None, "--enablemd5",
                  action="callback", callback=enablemd5,
                  nargs=0,
                  help="Enable MD5 password storage"),
      make_option(None, "--disablemd5",
                  action="callback", callback=disablemd5,
                  nargs=0,
                  help="Disable MD5 password storage"),
      make_option(None, "--enableshadow",
                  action="callback", callback=enableshadow,
                  nargs=0,
                  help="Enable Shadow password storage"),
      make_option(None, "--disableshadow",
                  action="callback", callback=disableshadow,
                  nargs=0,
                  help="Disable Shadow password storage"),
      make_option(None, "--enablenis",
                  action="callback", callback=enablenis,
                  nargs=0,
                  help="Enable NIS Authentication"),
      make_option(None, "--disablenis",
                  action="callback", callback=disablenis,
                  nargs=0,
                  help="Disable NIS Authentication"),
      make_option(None, "--nisdomain",
                  action="callback", callback=nisdomain,
                  nargs=1, type="string", metavar="domain",
                  help="Set the NIS domain"),
      make_option(None, "--nisserver",
                  action="callback", callback=nisserver,
                  nargs=1, type="string", metavar="server",
                  help="Set the NIS server"),
      make_option(None, "--enableldap",
                  action="callback", callback=enableldap,
                  nargs=0,
                  help="Enable LDAP User Management"),
      make_option(None, "--disableldap",
                  action="callback",
                  callback=disableldap,
                  nargs=0,
                  help="Disable LDAP User Management"),
      make_option(None, "--enableldapauth",
                  action="callback", callback=enableldapauth,
                  nargs=0,
                  help="Enable LDAP Authentication"),
      make_option(None, "--disableldapauth",
                  action="callback", callback=disableldapauth,
                  nargs=0,
                  help="Disable LDAP Authentication"),
      make_option(None, "--ldapserver",
                  action="callback", callback=ldapserver,
                  nargs=1, type="string", metavar="server",
                  help="Set the LDAP Server"),
      make_option(None, "--ldapbasedn",
                  action="callback", callback=ldapbasedn,
                  nargs=1, type="string", metavar="basedn",
                  help="Set the base DN for the LDAP server"),
      make_option(None, "--enableldaptls",
                  action="callback", callback=enableldaptls,
                  nargs=0,
                  help="Enable TLS connections for LDAP"),
      make_option(None, "--disableldaptls",
                  action="callback", callback=disableldaptls,
                  nargs=0,
                  help="Disable TLS connections for LDAP"),
#       make_option(None, "--enableldapssl",
#                   action="callback", callback=enableldapssl,
#                   nargs=0,
#                   help="Enable SSL connections for LDAP"),
#       make_option(None, "--disableldapssl",
#                   action="callback", callback=disableldapssl,
#                   nargs=0,
#                   help="Disable SSL connections for LDAP"),
      make_option(None, "--enablekrb5",
                  action="callback", callback=enablekrb5,
                  nargs=0,
                  help="Enable Kererbos Authentication"),
      make_option(None, "--disablekrb5",
                  action="callback", callback=disablekrb5,
                  nargs=0,
                  help="Disable Kererbos Authentication"),
      make_option(None, "--krb5realm",
                  action="callback", callback=krb5realm,
                  nargs=1, type="string", metavar="domain",
                  help="Set the Kerberos Realm"),
      make_option(None, "--krb5kdc",
                  action="callback", callback=krb5kdc,
                  nargs=1, type="string", metavar="server",
                  help="Set the Kebreros Key Distribution Center"),
      make_option(None, "--krb5adminserver",
                  action="callback", callback=krb5adminserver,
                  nargs=1, type="string", metavar="server",
                  help="Set the Kerberos Admin Server"),
      make_option(None, "--enablead",
                  action="store_true",
                  dest="ad_enabled",
                  help="Enable Active Directory Authentication"),
      make_option(None, "--disablead",
                  action="callback", callback=disablead,
                  nargs=0,
                  help="Disable Active Directory Authentication"),
      make_option(None, "--addomain",
                  action="store",
                  type="string", dest="ad_domain", metavar="domain",
                  help="Set the Active Directory Domain"),
      make_option(None, "--addc",
                  action="store",
                  type="string", dest="ad_server", metavar="server",
                  help="Set the Active Directory Domain Controller"),
      make_option(None, "--usepamqc",
                  action="callback", callback=usepamqc,
                  nargs=6, type="int", metavar="values",
                  help="Enable the pam_passwdqc module"),
      make_option(None, "--usecrack",
                  action="callback", callback=usecrack,
                  nargs=6, type="int", metavar="values",
                  help="Enable the pam_cracklib module"),
      make_option(None, "--enablecache",
                  action="callback", callback=enablecache,
                  nargs=0,
                  help="Enables caching of login credentials"),
      make_option(None, "--disablecache",
                  action="callback", callback=disablecache,
                  nargs=0,
                  help="Disables caching of login credentials"),
      make_option(None, "--enablesmbauth",
                  action="callback", callback=unsupported,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--passmaxdays",
                  action="callback", callback=passmaxdays,
                  nargs=1, type="int", metavar="days",
                  help="Set the maximum number of days a password remains valid."),
      make_option(None, "--passmindays",
                  action="callback", callback=passmindays,
                  nargs=1, type="int", metavar="days",
                  help="Set the minimum number of days a password remains valid."),
      make_option(None, "--passwarnage",
                  action="callback", callback=passwarnage,
                  nargs=1, type="int", metavar="days",
                  help="Set the number of days a warning is given before a password expires."),
      make_option(None, "--disablesmbauth",
                  action="callback", callback=unsupported,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--smbworkgroup",
                  action="callback", callback=unsupported,
                  nargs=1, metavar="none",
                  help=SUPPRESS_HELP),
      make_option(None, "--smbservers",
                  action="callback", callback=unsupported,
                  nargs=1, metavar="none",
                  help=SUPPRESS_HELP),
      make_option(None, "--enablehesiod",
                  action="callback", callback=unsupported,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--disablehesiod",
                  action="callback", callback=unsupported,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--hesiodlhs",
                  action="callback", callback=unsupported,
                  nargs=1, metavar="none",
                  help=SUPPRESS_HELP),
      make_option(None, "--hesiodrhs",
                  action="callback", callback=unsupported,
                  nargs=1, metavar="none",
                  help=SUPPRESS_HELP),
      make_option(None, "--nostart",
                  action="callback", callback=dummy,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--kickstart",
                  action="callback", callback=dummy,
                  nargs=0,
                  help=SUPPRESS_HELP),
      make_option(None, "--maxfailedlogins",
                  action="callback", callback=maxfailedlogins,
                  nargs=1, type="int", metavar="count",
                  help="Sets the maximum number of login failures before the account is locked out, setting to 0 will disable this"),
#       make_option(None, "--usage",
#                   action="callback", callback=unsupported,
#                   nargs=0,
#                   help="Unsupported Option"),
      make_option("-p", "--probe",
                  action="store_true",
                  dest="probe",
                  help="Print the settings to the console"),
      make_option("-v", "--verbose",
                  action="store_true",
                  dest="verbose",
                  help="Enable verbose logging")
                  ]

   # If no arguments are passed, present the user with the usage info
   if len(sys.argv) == 1:
      sys.argv.append("-h")

   # Parse the arguments
   parser = OptionParser(usage, options_list);
   (options, args) = parser.parse_args()


   # nis option check
   check_required_options(options,
                          ["--nisdomain", "--nisserver"],
                          ["--enablenis", "--nisdomain", "--nisserver"])
   
   # krb5 option check
   check_required_options(options,
                          ["--enablekrb5", "--krb5realm", "--krb5kdc", "--krb5adminserver"],
                          ["--enablekrb5", "--krb5realm", "--krb5kdc", "--krb5adminserver"])

   # if --enablenis is set and yp.conf doesn't have any ypdomain information,
   # --nisdomain and --nisserer should be specified
   if getattr(options, "--enablenis", None) and \
          not getattr(options, "--nisdomain", None):
      # check NISManager can probe any ypdomain information.
      if len(Managers['NIS'].ypdomains) == 0:
         print >> sys.stderr, "Error: NIS information is not set. Specify it with --nisdomain and --nisserver options"
         sys.exit(1)
         
      
      
   # Active Directory authentication is a modified kerberos authentication
   # It must be applied in a specific order, as such, we store to variables
   # and manually call if needed.
   if options.ad_enabled is True:
      if not (options.ad_domain and options.ad_server):
         reqs_error('--enablead', ['--addomain', '--addc'])

      enablead(None, None, None, None)
      addomain(None, None, options.ad_domain, None)
      addc(None, None, options.ad_server, None)



   debugOut = ""
   # write settings
   for Manager in Managers.iterkeys():
      # each Manager should have dirty flag, and 
      # only dirty managers have to write configs.
      if Managers[Manager].dirty:
         debugOut += "Writing config files of %s ... " % Manager
         Managers[Manager].WriteConfig()
         debugOut += "Done\n"

   # (en|dis)able Firewall
   for svc in Firewalls:
      if Firewalls[svc]:
         debugOut += "Firewall: Enable %s\n" % svc
         Firewall.EnableService(svc)
      else:
         debugOut += "Firewall: Disable %s\n" % svc
         Firewall.DisableService(svc)
         
   # External Calls from RedHat (see authconfig for sync'ing)
   if Managers['PAM'].ShadowEnabled():
      debugOut += getoutput(os.path.join('/', 'usr', 'sbin', 'pwconv'))
      debugOut += getoutput(os.path.join('/', 'usr', 'sbin', 'grpconv'))
   else:
      debugOut += getoutput(os.path.join('/', 'usr', 'sbin', 'pwunconv'))
      debugOut += getoutput(os.path.join('/', 'usr', 'sbin', 'grpunconv'))

   if Services['NIS'] == "True":
      debugOut += getoutput('%s %s' % (os.path.join('/', 'bin', 'domainname'), Managers['NIS'].DefaultNISDomain()))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--add portmap'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--level 345 portmap on'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'service'), 'portmap start'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--add ypbind'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--level 345 ypbind on'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'service'), 'ypbind start'))
   elif Services['NIS'] == "False":
      debugOut += getoutput('%s %s' % (os.path.join('/', 'bin', 'domainname'), '"(none)"'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--del ypbind'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'service'), 'ypbind stop'))

   if Services['NSCD'] == "True":
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--add nscd'))
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--level 345 nscd on'))
   elif Services['NSCD'] == "False":
      debugOut += getoutput('%s %s' % (os.path.join('/', 'sbin', 'chkconfig'), '--del nscd'))

   if parser.values.verbose:
      print debugOut

   # print the current settings
   if parser.values.probe:
      print "\n---- Current settings ----"
      for Manager in Managers.iterkeys():
         Managers[Manager].PrintConfig()

if __name__ == '__main__':
   main()
