#!/usr/bin/env python3

import os
import subprocess

PAM_USER = os.environ.get('PAM_USER')
PAM_TYPE = os.environ.get('PAM_TYPE')

PASSWD = '/etc/passwd'

EXCLUDE_USERS = [
    '_apt', '_chrony', '_rpc', 'adm', 'astra-admin', 'astra-console', 'audio', 'backup', 'bin', 'bind', 'cdrom',
    'crontab', 'custodia', 'daemon', 'dialout', 'dip', 'dirsrv', 'disk', 'fax', 'floppy', 'games', 'gluster', 'gnats',
    'input', 'ipaapi', 'irc', 'kdcproxy', 'kmem', 'kvm', 'list', 'lp', 'mail', 'man', 'messagebus', 'netdev', 'news',
    'nobody', 'nogroup', 'opendnssec', 'operator', 'pkiuser', 'plugdev', 'postgres', 'proxy', 'rabbitmq', 'rdma',
    'redis', 'render', 'root', 'sambashare', 'sasl', 'shadow', 'softhsm', 'src', 'ssh', 'sshd', 'ssl-cert', 'sssd',
    'staff', 'statd', 'sudo', 'sync', 'sys', 'systemd-coredump', 'systemd-journal', 'systemd-network', 'systemd-resolve',
    'systemd-timesync', 'tape', 'tty', 'users', 'utmp', 'uucp', 'video', 'voice', 'winbindd_priv', 'www-data', 'zabbix'
]

if PAM_TYPE == 'open_session' and PAM_USER not in EXCLUDE_USERS:

    if os.path.exists(PASSWD):
        with open(PASSWD, 'r') as pwd:
            pwd_lines = pwd.readlines()
        local_users = [_.split(':')[0] for _ in pwd_lines]
    else:
        local_users = EXCLUDE_USERS
    
    if PAM_USER not in local_users:
        cmd = [
            'aldpro-salt-call', '--local', '-m', '/srv/aldpro-salt/roots/_modules/',
            'state.single', 'module.run',
            'aldpro_user.store_domain_user', '-c', '/srv/aldpro-salt/config',
            'queue=True'
        ]
        subprocess.Popen(
            cmd,
            stdin=subprocess.PIPE,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        ).communicate()
