/*
   netgroup.c - NSS lookup functions for netgroup entries

   Copyright (C) 2006 West Consulting
   Copyright (C) 2006, 2007, 2008, 2010 Arthur de Jong
   Copyright (C) 2010 Symas Corporation

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with this library; if not, write to the Free Software
   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
   02110-1301 USA
*/

#include "config.h"

#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include "prototypes.h"
#include "common.h"
#include "compat/attrs.h"
#include "common/set.h"

/* we redefine this here because we need to return NSS_STATUS_RETURN
   instead of NSS_STATUS_NOTFOUND */
#undef ERROR_OUT_NOSUCCESS
#define ERROR_OUT_NOSUCCESS(fp) \
  (void)tio_close(fp); \
  fp=NULL; \
  return NSS_STATUS_RETURN;

/* function for reading a single result entry */
static nss_status_t read_netgrent(
        TFILE *fp,struct __netgrent *result,
        char *buffer,size_t buflen,int *errnop)
{
  int32_t tmpint32;
  int type;
  size_t bufptr=0;
  /* read netgroup type */
  READ_INT32(fp,type);
  if (type==NSLCD_NETGROUP_TYPE_NETGROUP)
  {
    /* the response is a reference to another netgroup */
    result->type=group_val;
    READ_BUF_STRING(fp,result->val.group);
  }
  else if (type==NSLCD_NETGROUP_TYPE_TRIPLE)
  {
    /* the response is a host/user/domain triple */
    result->type=triple_val;
    /* read host and revert to NULL on empty string */
    READ_BUF_STRING(fp,result->val.triple.host);
    if (result->val.triple.host[0]=='\0')
    {
      result->val.triple.host=NULL;
      bufptr--; /* free unused space */
    }
    /* read user and revert to NULL on empty string */
    READ_BUF_STRING(fp,result->val.triple.user);
    if (result->val.triple.user[0]=='\0')
    {
      result->val.triple.user=NULL;
      bufptr--; /* free unused space */
    }
    /* read domain and revert to NULL on empty string */
    READ_BUF_STRING(fp,result->val.triple.domain);
    if (result->val.triple.domain[0]=='\0')
    {
      result->val.triple.domain=NULL;
      bufptr--; /* free unused space */
    }
  }
  else
    return NSS_STATUS_UNAVAIL;
  /* we're done */
  return NSS_STATUS_SUCCESS;
}

#ifdef NSS_FLAVOUR_GLIBC

/* thread-local file pointer to an ongoing request */
static __thread TFILE *netgrentfp;

/* start a request to get a netgroup by name */
nss_status_t _nss_ldap_setnetgrent(
        const char *group,struct __netgrent UNUSED(*result))
{
  /* we cannot use NSS_SETENT() here because we have a parameter that is only
     available in this function */
  int32_t tmpint32;
  int errnocp;
  int *errnop;
  if (!_nss_ldap_enablelookups)
    return NSS_STATUS_UNAVAIL;
  errnop=&errnocp;
  /* check parameter */
  if ((group==NULL)||(group[0]=='\0'))
    return NSS_STATUS_UNAVAIL;
  /* open a new stream and write the request */
  NSLCD_REQUEST(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,WRITE_STRING(netgrentfp,group));
  return NSS_STATUS_SUCCESS;
}

/* get a single netgroup tuple from the stream */
nss_status_t _nss_ldap_getnetgrent_r(
        struct __netgrent *result,
        char *buffer,size_t buflen,int *errnop)
{
  NSS_GETENT(netgrentfp,NSLCD_ACTION_NETGROUP_BYNAME,
             read_netgrent(netgrentfp,result,buffer,buflen,errnop));
}

/* close the stream opened with setnetgrent() above */
nss_status_t _nss_ldap_endnetgrent(struct __netgrent UNUSED(*result))
{
  NSS_ENDENT(netgrentfp);
}

#endif /* NSS_FLAVOUR_GLIBC */

#ifdef NSS_FLAVOUR_SOLARIS

/* this is the backend structure for the {set,get,end}ent() functions */
struct setnetgrent_backend
{
  nss_backend_op_t *ops; /* function-pointer table */
  int n_ops; /* number of function pointers */
  TFILE *fp; /* the file pointer for {set,get,end}ent() functions */
  SET *seen_groups; /* netgroups seen, for loop detection */
  SET *unseen_groups; /* netgroups that need to be chased */
};

/* easy way to get sets from back-end */
#define NETGROUP_BE(be) ((struct setnetgrent_backend*)(be))

/* access arguments */
#define SETNETGRENT_ARGS(args) ((struct nss_setnetgrent_args *)(args))
#define GETNETGRENT_ARGS(args) ((struct nss_getnetgrent_args *)(args))

/* return a netgroup that has not been traversed */
static char *find_unseen_netgroup(nss_backend_t *be)
{
  char *group;
  while (1)
  {
    group=set_pop(NETGROUP_BE(be)->unseen_groups);
    if (group==NULL)
      return NULL;
    if (!set_contains(NETGROUP_BE(be)->seen_groups,group))
    {
      set_add(NETGROUP_BE(be)->seen_groups,group);
      return group;
    }
  }
}

static nss_status_t netgroup_nslcd_setnetgrent(nss_backend_t *be,const char *group)
{
  /* we cannot use NSS_SETENT() here because we have a parameter that is only
     available in this function */
  int32_t tmpint32;
  int errnocp;
  int *errnop;
  errnop=&errnocp;
  /* check parameter */
  if ((group==NULL)||(group[0]=='\0'))
    return NSS_STATUS_UNAVAIL;
  /* open a new stream and write the request */
  NSLCD_REQUEST(NETGROUP_BE(be)->fp,NSLCD_ACTION_NETGROUP_BYNAME,
                WRITE_STRING(NETGROUP_BE(be)->fp,group));
  return NSS_STATUS_SUCCESS;
}

static nss_status_t netgroup_nslcd_getnetgrent(nss_backend_t *be,struct __netgrent *result,char *buffer,size_t buflen,void *args)
{
  NSS_GETENT(NETGROUP_BE(be)->fp,NSLCD_ACTION_NETGROUP_BYNAME,
             read_netgrent(NETGROUP_BE(be)->fp,result,buffer,buflen,errnop));
}

static nss_status_t netgroup_setnetgrent_setnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args))
{
  return NSS_STATUS_SUCCESS;
}

static nss_status_t netgroup_setnetgrent_getnetgrent(nss_backend_t *be,void *args)
{
  struct __netgrent result;
  char *group=NULL;
  int done=0;
  nss_status_t status,rc;
  GETNETGRENT_ARGS(args)->status=NSS_NETGR_NO;
  while (!done)
  {
    status=netgroup_nslcd_getnetgrent(be,&result,GETNETGRENT_ARGS(args)->buffer,
                                         GETNETGRENT_ARGS(args)->buflen,args);
    if (status!=NSS_STATUS_SUCCESS)
    {
      if (errno==ENOENT)
      {
        /* done with the current netgroup */
        /* explore nested netgroup,if any */
        int found=0;
        while (!found)
        {
          /* find a nested netgroup to pursue further */
          group=find_unseen_netgroup(be);
          if (group==NULL)
          {
            /* no more netgroup */
            found=1; done=1;
            errno=ENOENT;
          }
          else
          {
            rc=netgroup_nslcd_setnetgrent(be,group);
            if (rc==NSS_STATUS_SUCCESS)
              found=1;
            free(group);
            group=NULL;
          }
        } /* while !found */
      }
      else
      { /* err!=ENOENT */
        done=1;
      }
    }
    else
    { /* status==NSS_STATUS_SUCCESS */
      if (result.type==group_val)
      {
        /* a netgroup nested within the current netgroup */
        set_add(NETGROUP_BE(be)->unseen_groups,result.val.group);
      }
      else if (result.type==triple_val)
      {
        GETNETGRENT_ARGS(args)->retp[NSS_NETGR_MACHINE]=result.val.triple.host;
        GETNETGRENT_ARGS(args)->retp[NSS_NETGR_USER]=result.val.triple.user;
        GETNETGRENT_ARGS(args)->retp[NSS_NETGR_DOMAIN]=result.val.triple.domain;
        GETNETGRENT_ARGS(args)->status=NSS_NETGR_FOUND;
        done=1;
      }
      else
      {
        /* NSS_STATUS_SUCCESS,but type is not group_val or triple_val */
        /* should not be here,log a message */
        status=NSS_STATUS_NOTFOUND;
        done=1;
      }
    }
  } /* while !done */
  return status;
}

static nss_status_t netgroup_setnetgrent_endnetgrent(nss_backend_t UNUSED(*be),void UNUSED(*args))
{
  NSS_ENDENT(NETGROUP_BE(be)->fp);
}

static nss_status_t netgroup_setnetgrent_destructor(nss_backend_t *be,void *UNUSED(args))
{
  struct setnetgrent_backend *ngbe=(struct setnetgrent_backend *)be;
  if (ngbe->fp!=NULL)
    (void)tio_close(ngbe->fp);
  set_free(ngbe->seen_groups);
  set_free(ngbe->unseen_groups);
  free(ngbe);
  return NSS_STATUS_SUCCESS;
}

static nss_backend_op_t netgroup_setnetgrent_ops[]={
  netgroup_setnetgrent_destructor,
  netgroup_setnetgrent_endnetgrent,
  netgroup_setnetgrent_setnetgrent,
  netgroup_setnetgrent_getnetgrent,
};

static nss_status_t netgroup_setnetgrent_constructor(nss_backend_t *be,void *args)
{
  struct setnetgrent_backend *ngbe;
  nss_status_t retv;
  NSS_AVAILCHECK;
  SETNETGRENT_ARGS(args)->iterator=NULL;        /* initialize */
  /* allocate a back-end specific to this request */
  ngbe=(struct setnetgrent_backend *)malloc(sizeof(struct setnetgrent_backend));
  if (ngbe==NULL)
    return NSS_STATUS_UNAVAIL;
  ngbe->ops=netgroup_setnetgrent_ops;
  ngbe->n_ops=sizeof(netgroup_setnetgrent_ops)/sizeof(nss_backend_op_t);
  ngbe->fp=NULL;
  ngbe->seen_groups=set_new();
  ngbe->unseen_groups=set_new();
  /* start the first search */
  retv=netgroup_nslcd_setnetgrent(be,SETNETGRENT_ARGS(args)->netgroup);
  if (retv!=NSS_STATUS_SUCCESS)
  {
    netgroup_setnetgrent_destructor(be,args);
    return retv;
  }
  /* return the new back-end */
  SETNETGRENT_ARGS(args)->iterator=(nss_backend_t *)ngbe;
  return NSS_STATUS_SUCCESS;
}

static nss_backend_op_t netgroup_ops[]={
  nss_ldap_destructor,
  NULL,
  NULL,
  NULL,
  NULL,/* TODO:_nss_ldap_netgr_in,*/
  netgroup_setnetgrent_constructor
};

nss_backend_t *_nss_ldap_netgroup_constr(const char UNUSED(*db_name),
                  const char UNUSED(*src_name),const char UNUSED(*cfg_args))
{
  return nss_ldap_constructor(netgroup_ops,sizeof(netgroup_ops));
}

#endif /* NSS_FLAVOUR_SOLARIS */