#!/usr/bin/env python3
#
# Copyright (C) 2018-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os
import pwd

from copy import deepcopy
from glob import glob
from sys import exit

from vyos.base import Warning
from vyos.config import Config
from vyos.configverify import verify_vrf
from vyos.template import render
from vyos.template import is_ipv4
from vyos.utils.process import call
from vyos.utils.permission import chmod_755
from vyos.utils.network import is_addr_assigned
from vyos import ConfigError
from vyos import airbag
airbag.enable()

config_file = r'/etc/default/tftpd'

def get_config(config=None):
    if config:
        conf = config
    else:
        conf = Config()

    base = ['service', 'tftp-server']
    if not conf.exists(base):
        return None

    tftpd = conf.get_config_dict(base, key_mangling=('-', '_'),
                                 get_first_key=True,
                                 with_recursive_defaults=True)
    return tftpd

def verify(tftpd):
    # bail out early - looks like removal from running config
    if not tftpd:
        return None

    # Configuring allowed clients without a server makes no sense
    if 'directory' not in tftpd:
        raise ConfigError('TFTP root directory must be configured!')

    if 'listen_address' not in tftpd:
        raise ConfigError('TFTP server listen address must be configured!')

    for address, address_config in tftpd['listen_address'].items():
        if not is_addr_assigned(address):
            Warning(f'TFTP server listen address "{address}" not ' \
                     'assigned to any interface!')
        verify_vrf(address_config)

    return None

def generate(tftpd):
    # cleanup any available configuration file
    # files will be recreated on demand
    for i in glob(config_file + '*'):
        os.unlink(i)

    # bail out early - looks like removal from running config
    if tftpd is None:
        return None

    idx = 0
    for address, address_config in tftpd['listen_address'].items():
        config = deepcopy(tftpd)
        port = tftpd['port']
        if is_ipv4(address):
            config['listen_address'] = f'{address}:{port} -4'
        else:
            config['listen_address'] = f'[{address}]:{port} -6'

        if 'vrf' in address_config:
            config['vrf'] = address_config['vrf']

        file = config_file + str(idx)
        render(file, 'tftp-server/default.j2', config)
        idx = idx + 1

    return None

def apply(tftpd):
    # stop all services first - then we will decide
    call('systemctl stop tftpd@*.service')

    # bail out early - e.g. service deletion
    if tftpd is None:
        return None

    tftp_root = tftpd['directory']
    if not os.path.exists(tftp_root):
        os.makedirs(tftp_root)
        chmod_755(tftp_root)

    # get UNIX uid for user 'tftp'
    tftp_uid = pwd.getpwnam('tftp').pw_uid
    tftp_gid = pwd.getpwnam('tftp').pw_gid

    # get UNIX uid for tftproot directory
    dir_uid = os.stat(tftp_root).st_uid
    dir_gid = os.stat(tftp_root).st_gid

    # adjust uid/gid of tftproot directory if files don't belong to user tftp
    if (tftp_uid != dir_uid) or (tftp_gid != dir_gid):
        os.chown(tftp_root, tftp_uid, tftp_gid)

    idx = 0
    for address in tftpd['listen_address']:
        call(f'systemctl restart tftpd@{idx}.service')
        idx = idx + 1

    return None

if __name__ == '__main__':
    try:
        c = get_config()
        verify(c)
        generate(c)
        apply(c)
    except ConfigError as e:
        print(e)
        exit(1)