# Copyright 2015 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""Logic to read the set of users and groups installed on a system."""

from __future__ import print_function

import collections
import os

from chromite.lib import cros_logging as logging
from chromite.lib import locking
from chromite.lib import osutils


# These fields must be in the order expected in /etc/passwd entries.
User = collections.namedtuple(
    'User', ('user', 'password', 'uid', 'gid', 'gecos', 'home', 'shell'))

# These fields must be in the order expected in /etc/group entries.
Group = collections.namedtuple(
    'Group', ('group', 'password', 'gid', 'users'))


def UserToEntry(user):
  """Returns the database file entry corresponding to |user|."""
  return ':'.join([user.user, user.password, str(user.uid), str(user.gid),
                   user.gecos, user.home, user.shell])


def GroupToEntry(group):
  """Returns the database file entry corresponding to |group|."""
  return ':'.join([group.group, group.password,
                   str(group.gid), ','.join(group.users)])


class UserDB(object):
  """An object that understands the users and groups installed on a system."""

  # Number of times to attempt to acquire the write lock on a database.
  # The max wait time for the lock is the nth triangular number of seconds.
  # So in this case, T(24) * 1 second = 300 seconds.
  _DB_LOCK_RETRIES = 24

  def __init__(self, sysroot):
    self._sysroot = sysroot
    self._user_cache = None
    self._group_cache = None

  @property
  def _user_db_file(self):
    """Returns path to user database (aka /etc/passwd in the sysroot)."""
    return os.path.join(self._sysroot, 'etc', 'passwd')

  @property
  def _group_db_file(self):
    """Returns path to group database (aka /etc/group in the sysroot)."""
    return os.path.join(self._sysroot, 'etc', 'group')

  @property
  def _users(self):
    """Returns a list of User tuples."""
    if self._user_cache is not None:
      return self._user_cache

    self._user_cache = {}
    passwd_contents = osutils.ReadFile(self._user_db_file)

    for line in passwd_contents.splitlines():
      pieces = line.split(':')
      if len(pieces) != 7:
        logging.warning('Ignored invalid line in users file: "%s"', line)
        continue

      user, password, uid, gid, gecos, home, shell = pieces

      try:
        uid_as_int = int(uid)
        gid_as_int = int(gid)
      except ValueError:
        logging.warning('Ignored invalid uid (%s) or gid (%s).', uid, gid)
        continue

      if user in self._user_cache:
        logging.warning('Ignored duplicate user definition for "%s".', user)
        continue

      self._user_cache[user] = User(user=user, password=password,
                                    uid=uid_as_int, gid=gid_as_int,
                                    gecos=gecos, home=home, shell=shell)
    return self._user_cache

  @property
  def _groups(self):
    """Returns a list of Group tuples."""
    if self._group_cache is not None:
      return self._group_cache

    self._group_cache = {}
    group_contents = osutils.ReadFile(self._group_db_file)

    for line in group_contents.splitlines():
      pieces = line.split(':')
      if len(pieces) != 4:
        logging.warning('Ignored invalid line in group file: "%s"', line)
        continue

      group, password, gid, users = pieces

      try:
        gid_as_int = int(gid)
      except ValueError:
        logging.warning('Ignored invalid or gid (%s).', gid)
        continue

      if group in self._group_cache:
        logging.warning('Ignored duplicate group definition for "%s".',
                        group)
        continue

      users = users.split(',')

      self._group_cache[group] = Group(group=group, password=password,
                                       gid=gid_as_int, users=users)
    return self._group_cache

  def GetUserEntry(self, username, skip_lock=False):
    """Returns a user's database entry.

    Args:
      username: name of user to get the entry for.
      skip_lock: True iff we should skip getting a lock before reading the
        database.

    Returns:
      database entry as a string.
    """
    if skip_lock:
      return UserToEntry(self._users[username])

    # Clear the user cache to force ourselves to reparse while holding a lock.
    self._user_cache = None

    with locking.PortableLinkLock(
        self._user_db_file + '.lock', max_retry=self._DB_LOCK_RETRIES):
      return UserToEntry(self._users[username])

  def GetGroupEntry(self, groupname, skip_lock=False):
    """Returns a group's database entry.

    Args:
      groupname: name of group to get the entry for.
      skip_lock: True iff we should skip getting a lock before reading the
        database.

    Returns:
      database entry as a string.
    """
    if skip_lock:
      return GroupToEntry(self._groups[groupname])

    # Clear the group cache to force ourselves to reparse while holding a lock.
    self._group_cache = None

    with locking.PortableLinkLock(
        self._group_db_file + '.lock', max_retry=self._DB_LOCK_RETRIES):
      return GroupToEntry(self._groups[groupname])

  def UserExists(self, username):
    """Returns True iff a user called |username| exists in the database.

    Args:
      username: name of a user (e.g. 'root')

    Returns:
      True iff the given |username| has an entry in /etc/passwd.
    """
    return username in self._users

  def GroupExists(self, groupname):
    """Returns True iff a group called |groupname| exists in the database.

    Args:
      groupname: name of a group (e.g. 'root')

    Returns:
      True iff the given |groupname| has an entry in /etc/group.
    """
    return groupname in self._groups

  def ResolveUsername(self, username):
    """Resolves a username to a uid.

    Args:
      username: name of a user (e.g. 'root')

    Returns:
      The uid of the given username.  Raises ValueError on failure.
    """
    user = self._users.get(username)
    if user:
      return user.uid

    raise ValueError('Could not resolve unknown user "%s" to uid.' % username)

  def ResolveGroupname(self, groupname):
    """Resolves a groupname to a gid.

    Args:
      groupname: name of a group (e.g. 'wheel')

    Returns:
      The gid of the given groupname.  Raises ValueError on failure.
    """
    group = self._groups.get(groupname)
    if group:
      return group.gid

    raise ValueError('Could not resolve unknown group "%s" to gid.' % groupname)

  def AddUser(self, user):
    """Atomically add a user to the database.

    If a user named |user.user| already exists, this method will simply return.

    Args:
      user: user_db.User object to add to database.
    """
    # Try to avoid grabbing the lock in the common case that a user already
    # exists.
    if self.UserExists(user.user):
      logging.info('Not installing user "%s" because it already existed.',
                   user.user)
      return

    # Clear the user cache to force ourselves to reparse.
    self._user_cache = None

    with locking.PortableLinkLock(self._user_db_file + '.lock',
                                  max_retry=self._DB_LOCK_RETRIES):
      # Check that |user| exists under the lock in case we're racing to create
      # this user.
      if self.UserExists(user.user):
        logging.info('Not installing user "%s" because it already existed.',
                     user.user)
        return

      self._users[user.user] = user
      new_users = sorted(self._users.itervalues(), key=lambda u: u.uid)
      contents = '\n'.join([UserToEntry(u) for u in new_users])
      osutils.WriteFile(self._user_db_file, contents, atomic=True, sudo=True)
      print('Added user "%s" to %s:' % (user.user, self._user_db_file))
      print(' - password entry: %s' % user.password)
      print(' - id: %d' % user.uid)
      print(' - group id: %d' % user.gid)
      print(' - gecos: %s' % user.gecos)
      print(' - home: %s' % user.home)
      print(' - shell: %s' % user.shell)

  def AddGroup(self, group):
    """Atomically add a group to the database.

    If a group named |group.group| already exists, this method will simply
    return.

    Args:
      group: user_db.Group object to add to database.
    """
    # Try to avoid grabbing the lock in the common case that a group already
    # exists.
    if self.GroupExists(group.group):
      logging.info('Not installing group "%s" because it already existed.',
                   group.group)
      return

    # Clear the group cache to force ourselves to reparse.
    self._group_cache = None

    with locking.PortableLinkLock(self._group_db_file + '.lock',
                                  max_retry=self._DB_LOCK_RETRIES):
      # Check that |group| exists under the lock in case we're racing to create
      # this group.
      if self.GroupExists(group.group):
        logging.info('Not installing group "%s" because it already existed.',
                     group.group)
        return

      self._groups[group.group] = group
      new_groups = sorted(self._groups.itervalues(), key=lambda g: g.gid)
      contents = '\n'.join([GroupToEntry(g) for g in new_groups])
      osutils.WriteFile(self._group_db_file, contents, atomic=True, sudo=True)
      print('Added group "%s" to %s:' % (group.group, self._group_db_file))
      print(' - group id: %d' % group.gid)
      print(' - password entry: %s' % group.password)
      print(' - user list: %s' % ','.join(group.users))