#!/usr/bin/env python3

# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import sys
import yaml

hostgroupsFilename = "/opt/so/saltstack/local/salt/firewall/hostgroups.local.yaml"

def showUsage(args):
  print('Usage: {} <COMMAND> [ARGS...]'.format(sys.argv[0]))
  print('  Available commands:');
  print('   help     - Prints this usage information.');
  print('   included - Lists the IPs included in the given hostgroup. Args: <hostgroup>');
  print('   excluded - Lists the IPs excluded from the given hostgroup. Args: <hostgroup>');
  print('   include  - Adds the given IP (or CIDR) to the given hostgroup. Args: <hostgroup> <ip/CIDR>');
  print('   exclude  - Removes the given IP (or CIDR) from the given hostgroup. Args: <hostgroup> <ip/CIDR>');
  print('   addgroup - Adds a new hostgroup. Args: <hostgroup>');
  sys.exit(1)

def loadYaml(filename):
  file = open(filename, "r")
  return yaml.load(file.read())

def writeYaml(filename, content):
  file = open(filename, "w")
  return yaml.dump(content, file)

def listIps(name, mode):
  content = loadYaml(hostgroupsFilename)
  if name not in content['firewall']['hostgroups']:
    print('Hostgroup does not exist', file=sys.stderr)
    return 4
  hostgroup = content['firewall']['hostgroups'][name]
  ips = hostgroup['ips'][mode]
  if ips is not None:
    for ip in ips:
      print(ip)
  return 0

def addIp(name, ip, mode):
  content = loadYaml(hostgroupsFilename)
  if name not in content['firewall']['hostgroups']:
    print('Hostgroup does not exist', file=sys.stderr)
    return 4
  hostgroup = content['firewall']['hostgroups'][name]
  ips = hostgroup['ips'][mode]
  if ips is None:
    ips = []
    hostgroup['ips'][mode] = ips
  if ip not in ips:
    ips.append(ip)
  else:
    print('Already exists', file=sys.stderr)
    return 3
  writeYaml(hostgroupsFilename, content)
  return 0

def addgroup(args):
  if len(args) != 1:
    print('Missing hostgroup name argument', file=sys.stderr)
    showUsage(args)

  name = args[0]
  content = loadYaml(hostgroupsFilename)
  if name in content['firewall']['hostgroups']:
    print('Already exists', file=sys.stderr)
    return 3
  content['firewall']['hostgroups'][name] = { 'ips': { 'insert': [], 'delete': [] }}
  writeYaml(hostgroupsFilename, content)
  return 0

def included(args):
  if len(args) != 1:
    print('Missing hostgroup name argument', file=sys.stderr)
    showUsage(args)
  return listIps(args[0], 'insert')

def excluded(args):
  if len(args) != 1:
    print('Missing hostgroup name argument', file=sys.stderr)
    showUsage(args)
  return listIps(args[0], 'delete')

def include(args):
  if len(args) != 2:
    print('Missing hostgroup name or ip argument', file=sys.stderr)
    showUsage(args)
  return addIp(args[0], args[1], 'insert')

def exclude(args):
  if len(args) != 2:
    print('Missing hostgroup name or ip argument', file=sys.stderr)
    showUsage(args)
  return addIp(args[0], args[1], 'delete')

def main():
  args = sys.argv[1:]
  if len(args) == 0:
    showUsage(None)

  commands = {
    "help": showUsage,
    "included": included,
    "excluded": excluded,
    "include": include,
    "exclude": exclude,
    "addgroup": addgroup
  }
  
  cmd = commands.get(args[0], showUsage)
  code = cmd(args[1:])
  sys.exit(code)

if __name__ == "__main__":
  main()