# Copyright: (c) 2021, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

import os
import sys

from ansible.module_utils.common.text.converters import to_native, to_bytes
from ctypes import CDLL, c_char_p, c_int, byref, POINTER, get_errno

try:
    _selinux_lib = CDLL('libselinux.so.1', use_errno=True)
except OSError:
    raise ImportError('unable to load libselinux.so')


def _module_setup():
    def _check_rc(rc):
        if rc < 0:
            errno = get_errno()
            raise OSError(errno, os.strerror(errno))
        return rc

    binary_char_type = type(b'')

    class _to_char_p:
        @classmethod
        def from_param(cls, strvalue):
            if strvalue is not None and not isinstance(strvalue, binary_char_type):
                strvalue = to_bytes(strvalue)

            return strvalue

    # FIXME: swap restype to errcheck

    _funcmap = dict(
        is_selinux_enabled={},
        is_selinux_mls_enabled={},
        lgetfilecon_raw=dict(argtypes=[_to_char_p, POINTER(c_char_p)], restype=_check_rc),
        # NB: matchpathcon is deprecated and should be rewritten on selabel_lookup (but will be a PITA)
        matchpathcon=dict(argtypes=[_to_char_p, c_int, POINTER(c_char_p)], restype=_check_rc),
        security_policyvers={},
        selinux_getenforcemode=dict(argtypes=[POINTER(c_int)]),
        security_getenforce={},
        lsetfilecon=dict(argtypes=[_to_char_p, _to_char_p], restype=_check_rc),
        selinux_getpolicytype=dict(argtypes=[POINTER(c_char_p)], restype=_check_rc),
    )

    _thismod = sys.modules[__name__]

    for fname, cfg in _funcmap.items():
        fn = getattr(_selinux_lib, fname, None)

        if not fn:
            raise ImportError('missing selinux function: {0}'.format(fname))

        # all ctypes pointers share the same base type
        base_ptr_type = type(POINTER(c_int))
        fn.argtypes = cfg.get('argtypes', None)
        fn.restype = cfg.get('restype', c_int)

        # just patch simple directly callable functions directly onto the module
        if not fn.argtypes or not any(argtype for argtype in fn.argtypes if type(argtype) == base_ptr_type):
            setattr(_thismod, fname, fn)
            continue

    # NB: this validation code must run after all the wrappers have been declared
    unimplemented_funcs = set(_funcmap).difference(dir(_thismod))
    if unimplemented_funcs:
        raise NotImplementedError('implementation is missing functions: {0}'.format(unimplemented_funcs))


# begin wrapper function impls

def selinux_getenforcemode():
    enforcemode = c_int()
    rc = _selinux_lib.selinux_getenforcemode(byref(enforcemode))
    return [rc, enforcemode.value]


def selinux_getpolicytype():
    con = c_char_p()
    try:
        rc = _selinux_lib.selinux_getpolicytype(byref(con))
        return [rc, to_native(con.value)]
    finally:
        _selinux_lib.freecon(con)


def lgetfilecon_raw(path):
    con = c_char_p()
    try:
        rc = _selinux_lib.lgetfilecon_raw(path, byref(con))
        return [rc, to_native(con.value)]
    finally:
        _selinux_lib.freecon(con)


def matchpathcon(path, mode):
    con = c_char_p()
    try:
        rc = _selinux_lib.matchpathcon(path, mode, byref(con))
        return [rc, to_native(con.value)]
    finally:
        _selinux_lib.freecon(con)


_module_setup()
del _module_setup

# end wrapper function impls