#!/usr/libexec/platform-python

import sys
import os
import stat
import optparse
import json
import time
from pyexpat import ExpatError

sys.path.append("/usr/share/rhn/")

from up2date_client import rhnserver
from up2date_client import up2dateAuth
from up2date_client import up2dateErrors
from up2date_client import rhnreg


def print_error_and_exit(error):
    print(json.dumps({'result': error,
                      'timestamp': time.time()}))
    sys.exit(-1)


def _read_token_file(path):
    """Read the linking token from a root-owned, mode-0600 regular file without
    following symlinks, so the secret is never placed on the command line.

    Opens with O_NOFOLLOW|O_CLOEXEC|O_NONBLOCK and validates the OPENED
    descriptor with fstat (no lstat-then-open TOCTOU): the path must be a
    regular file owned by root (or the current effective user) and not
    accessible by group/other. O_NONBLOCK keeps a planted FIFO/device from
    blocking the open forever (the open returns immediately and fstat then
    rejects the non-regular file); it has no effect on a regular-file read.
    Mirrors the O_NOFOLLOW credential-handling pattern used elsewhere in the
    tree (e.g. up2date_client/up2dateLog.py)."""
    try:
        fd = os.open(path, os.O_RDONLY | os.O_NOFOLLOW | os.O_CLOEXEC | os.O_NONBLOCK)
    except OSError as e:
        print_error_and_exit("Unable to read --linking-token-file %s: %s" % (path, e))
    try:
        st = os.fstat(fd)
        if not stat.S_ISREG(st.st_mode):
            print_error_and_exit("--linking-token-file %s must be a regular file" % path)
        if st.st_uid not in (0, os.geteuid()):
            print_error_and_exit("--linking-token-file %s must be owned by root" % path)
        if st.st_mode & 0o077:
            print_error_and_exit("--linking-token-file %s must not be accessible by "
                                 "group or others (chmod 600)" % path)
        chunks = []
        while True:
            chunk = os.read(fd, 65536)
            if not chunk:
                break
            chunks.append(chunk)
    finally:
        os.close(fd)
    return b"".join(chunks).decode("utf-8").strip()


def _resolve_token(options):
    """Return the linking token from whichever channel was requested. The
    secure channels (--linking-token-file, --linking-token-stdin) keep the
    secret off argv; the legacy value-bearing --linking-token still works but
    warns, because it exposes the token via /proc/<pid>/cmdline and process
    listings (CWE-214). The caller guarantees at most one channel was given.

    The deprecation warning is emitted only when stderr is a TTY (an
    interactive operator). When stderr is redirected/piped -- e.g. an
    automation wrapper that captures the stream and folds it into the parsed
    stdout on error paths -- the warning is suppressed so it cannot corrupt the
    JSON result the caller reads."""
    if options.token_file:
        return _read_token_file(options.token_file)
    if options.token_stdin:
        return sys.stdin.read().strip()
    if sys.stderr.isatty():
        sys.stderr.write(
            "cl-link-to-cln: warning: --linking-token exposes the token via "
            "/proc/<pid>/cmdline and process listings; use --linking-token-file "
            "or --linking-token-stdin instead.\n")
    return options.token


def main():
    parser = optparse.OptionParser()

    parser.add_option('-t', '--linking-token', dest='token',
                      help='Token to link the server. DEPRECATED: the token is '
                           'visible in /proc/<pid>/cmdline and process listings '
                           'while this runs; prefer --linking-token-file or '
                           '--linking-token-stdin.')
    parser.add_option('--linking-token-file', dest='token_file', metavar='PATH',
                      help='Read the linking token from a root-owned, mode-0600 '
                           'file instead of the command line (not exposed on argv).')
    parser.add_option('--linking-token-stdin', dest='token_stdin',
                      action='store_true', default=False,
                      help='Read the linking token from standard input instead of '
                           'the command line (not exposed on argv).')
    parser.add_option('-s', '--linking-status', dest='status', action='store_true', help='Show if status linked or not')

    options, args = parser.parse_args()

    n_token_sources = sum(1 for src in (options.token, options.token_file,
                                        options.token_stdin) if src)

    if n_token_sources and options.status:
        print_error_and_exit("Invalid usage, --linking-status and a linking token could not "
                             "be specified simultaneously")

    if n_token_sources > 1:
        print_error_and_exit("Invalid usage, specify only one of --linking-token, "
                             "--linking-token-file or --linking-token-stdin")

    if not n_token_sources and not options.status:
        print_error_and_exit("Invalid usage, a linking token (--linking-token-file, "
                             "--linking-token-stdin or --linking-token) or "
                             "--linking-status must be specified")

    system_id_xml = up2dateAuth.getSystemId()
    if not system_id_xml:
        print_error_and_exit('Unable to read system id, please ensure your server is registered in CLN')

    if n_token_sources:
        token = _resolve_token(options)
        if not token:
            print_error_and_exit("Invalid usage, the linking token is empty")
        link_server(system_id_xml, token)
        print(json.dumps({'result': 'success', 'timestamp': time.time()}))
    elif options.status:
        linked_info = get_linked_info(system_id_xml)
        print(json.dumps({'result': 'success', 'timestamp': time.time(),
                          'linked': linked_info['linked'],
                          'linkable': linked_info['linkable']}))
    else:
        print_error_and_exit('Invalid usage, only supported options are: '
                             '--linking-status or a linking token')


def link_server(system_id, token):
    s = rhnserver.RhnServer()
    try:
        s.up2date.link_server(system_id, token)
    except ExpatError as e:
        # CLN returns empty response when success
        if 'no element found' not in e.message:
            raise
    rhnreg.getAndWriteJWTTokenToFile(system_id)


def get_linked_info(system_id):
    s = rhnserver.RhnServer()
    return {'linked': s.up2date.is_server_linked(system_id),
            'linkable': s.up2date.is_server_linkable(system_id)}


if __name__ == "__main__":
    try:
        main()
    except up2dateErrors.UnknownMethodException as e:
        print_error_and_exit('CLN does not support method for linking server. %s \n'
                             'Contact CloudLinux support in case you need help: '
                             'https://cloudlinux.zendesk.com/' % str(e))
    except up2dateErrors.RhnServerException as e:
        print_error_and_exit('Server exception, reason: %s \n'
                             'Contact CloudLinux support in case you need help: '
                             'https://cloudlinux.zendesk.com/' % str(e))
    except Exception as e:
        print_error_and_exit('Failed with common exception: %s \n'
                             'Contact CloudLinux support in case you need help: '
                             'https://cloudlinux.zendesk.com/' % str(e))
