/* user.c - user handling functions for upsd

   Copyright (C) 2001  Russell Kroll <rkroll@exploits.org>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#include "common.h"
#include "parseconf.h"

#include "user.h"
#include "user-data.h"

	ulist_t	*users = NULL;

	static	ulist_t	*curr_user;

/* create a new user entry */
static void user_add(const char *un)
{
	ulist_t	*tmp, *last = NULL;

	if (!un) {
		return;
	}

	for (tmp = users; tmp != NULL; tmp = tmp->next) {

		last = tmp;

		if (!strcmp(tmp->username, un)) {
			fprintf(stderr, "Ignoring duplicate user %s\n", un);
			return;
		}
	}

	tmp = xcalloc(1, sizeof(*tmp));
	tmp->username = xstrdup(un);

	if (last) {
		last->next = tmp;
	} else {
		users = tmp;	
	}

	/* remember who we're working on */
	curr_user = tmp;
}

/* set password */
static void user_password(const char *pw)
{
	if (!curr_user) {
		upslogx(LOG_WARNING, "Ignoring password definition outside "
			"user section");
		return;
	}

	if (!pw) {
		return;
	}

	if (curr_user->password) {
		fprintf(stderr, "Ignoring duplicate password for %s\n", 
			curr_user->username);
		return;
	}

	curr_user->password = xstrdup(pw);
}

/* attach allowed instcmds to user */
static void user_add_instcmd(const char *cmd)
{
	instcmdlist_t	*tmp, *last = NULL;

	if (!curr_user) {
		upslogx(LOG_WARNING, "Ignoring instcmd definition outside "
			"user section");
		return;
	}

	if (!cmd) {
		return;
	}

	for (tmp = curr_user->firstcmd; tmp != NULL; tmp = tmp->next) {

		last = tmp;

		/* ignore duplicates */
		if (!strcasecmp(tmp->cmd, cmd)) {
			return;
		}
	}

	tmp = xcalloc(1, sizeof(*tmp));

	tmp->cmd = xstrdup(cmd);

	if (last) {
		last->next = tmp;
	} else {
		curr_user->firstcmd = tmp;
	}
}

static actionlist_t *addaction(actionlist_t *base, const char *action)
{
	actionlist_t	*tmp, *last = NULL;

	if (!action) {
		return base;
	}

	for (tmp = base; tmp != NULL; tmp = tmp->next) {

		last = tmp;
	}

	tmp = xcalloc(1, sizeof(*tmp));
	tmp->action = xstrdup(action);

	if (last) {
		last->next = tmp;
		return base;
	}

	return tmp;
}

/* attach allowed actions to user */
static void user_add_action(const char *act)
{
	if (!curr_user) {
		upslogx(LOG_WARNING, "Ignoring action definition outside "
			"user section");
		return;
	}

	curr_user->firstaction = addaction(curr_user->firstaction, act);
}

static void flushcmd(instcmdlist_t *ptr)
{
	if (!ptr) {
		return;
	}

	flushcmd(ptr->next);

	free(ptr->cmd);
	free(ptr);
}

static void flushaction(actionlist_t *ptr)
{
	if (!ptr) {
		return;
	}

	flushaction(ptr->next);

	free(ptr->action);
	free(ptr);
}

static void flushuser(ulist_t *ptr)
{
	if (!ptr) {
		return;
	}

	flushuser(ptr->next);
	flushcmd(ptr->firstcmd);
	flushaction(ptr->firstaction);

	free(ptr->username);
	free(ptr->password);
	free(ptr);
}

/* flush all user attributes - used during reload */
void user_flush(void)
{
	flushuser(users);
	users = NULL;
}

static int user_matchinstcmd(ulist_t *user, const char * cmd)
{
	instcmdlist_t	*tmp;

	for (tmp = user->firstcmd; tmp != NULL; tmp = tmp->next) {

		if (!strcasecmp(tmp->cmd, cmd)) {
			return 1;	/* good */
		}

		if (!strcasecmp(tmp->cmd, "all")) {
			return 1;	/* good */
		}
	}

	return 0;	/* fail */
}

int user_checkinstcmd(const char *un, const char *pw, const char *cmd)
{
	ulist_t	*tmp;

	if ((!un) || (!pw) || (!cmd)) {
		return 0;	/* failed */
	}

	for (tmp = users; tmp != NULL; tmp = tmp->next) {

		/* let's be paranoid before we call strcmp */

		if ((!tmp->username) || (!tmp->password)) {
			continue;
		}

		if (strcmp(tmp->username, un)) {
			continue;
		}


		if (strcmp(tmp->password, pw)) {
			/* password mismatch */
			return 0;	/* fail */
		}

		if (!user_matchinstcmd(tmp, cmd)) {
			return 0;		/* fail */
		}

		/* passed all checks */
		return 1;	/* good */
	}

	/* username not found */
	return 0;	/* fail */
}

static int user_matchaction(ulist_t *user, const char *action)
{
	actionlist_t	*tmp;

	for (tmp = user->firstaction; tmp != NULL; tmp = tmp->next) {

		if (!strcasecmp(tmp->action, action)) {
			return 1;	/* good */
		}
	}

	return 0;	/* fail */
}

int user_checkaction(const char *un, const char *pw, const char *action)
{
	ulist_t	*tmp;

	if ((!un) || (!pw) || (!action))
		return 0;	/* failed */

	for (tmp = users; tmp != NULL; tmp = tmp->next) {

		/* let's be paranoid before we call strcmp */

		if ((!tmp->username) || (!tmp->password)) {
			continue;
		}

		if (strcmp(tmp->username, un)) {
			continue;
		}

		if (strcmp(tmp->password, pw)) {
			upsdebugx(2, "user_checkaction: password mismatch");
			return 0;	/* fail */
		}

		if (!user_matchaction(tmp, action)) {
			upsdebugx(2, "user_matchaction: failed");
			return 0;	/* fail */
		}

		/* passed all checks */
		return 1;	/* good */
	}

	/* username not found */
	return 0;	/* fail */
}

/* handle "upsmon master" and "upsmon slave" for nicer configurations */
static void set_upsmon_type(char *type)
{
	/* master: login, master, fsd */
	if (!strcasecmp(type, "master")) {
		user_add_action("login");
		user_add_action("master");
		user_add_action("fsd");
		return;
	}

	/* slave: just login */
	if (!strcasecmp(type, "slave")) {
		user_add_action("login");
		return;
	}

	upslogx(LOG_WARNING, "Unknown upsmon type %s", type);
}

/* actually do something with the variable + value pairs */
static void parse_var(char *var, char *val)
{
	if (!strcasecmp(var, "password")) {
		user_password(val);
		return;
	}

	if (!strcasecmp(var, "instcmds")) {
		user_add_instcmd(val);
		return;
	}

	if (!strcasecmp(var, "actions")) {
		user_add_action(val);
		return;
	}

	if (!strcasecmp(var, "allowfrom")) {
		upslogx(LOG_WARNING, "allowfrom in upsd.users is no longer used");
		return;
	}

	/* someone did 'upsmon = type' - allow it anyway */
	if (!strcasecmp(var, "upsmon")) {
		set_upsmon_type(val);
		return;
	}

	upslogx(LOG_NOTICE, "Unrecognized user setting %s", var);
}

/* parse first var+val pair, then flip through remaining vals */
static void parse_rest(char *var, char *fval, char **arg, int next, int left)
{
	int	i;

	/* no globals supported yet, so there's no sense in continuing */
	if (!curr_user) {
		return;
	}

	parse_var(var, fval);

	if (left == 0) {
		return;
	}

	for (i = 0; i < left; i++) {
		parse_var(var, arg[next + i]);
	}
}

static void user_parse_arg(int numargs, char **arg)
{
	char	*ep;

	if ((numargs == 0) || (!arg)) {
		return;
	}

	/* ignore old file format */
	if (!strcasecmp(arg[0], "user")) {
		return;
	}

	/* handle 'foo=bar' (compressed form) */

	ep = strchr(arg[0], '=');
	if (ep) {
		*ep = '\0';

		/* parse first var/val, plus subsequent values (if any) */

		/*      0       1       2  ... */
		/* foo=bar <rest1> <rest2> ... */

		parse_rest(arg[0], ep+1, arg, 1, numargs - 1);
		return;
	}

	/* look for section headers - [username] */
	if ((arg[0][0] == '[') && (arg[0][strlen(arg[0])-1] == ']')) {

		arg[0][strlen(arg[0])-1] = '\0';
		user_add(&arg[0][1]);

		return;
	}

	if (numargs < 2) {
		return;
	}

	if (!strcasecmp(arg[0], "upsmon")) {
		set_upsmon_type(arg[1]);
	}

	/* everything after here needs arg[1] and arg[2] */
	if (numargs < 3) {
		return;
	}

	/* handle 'foo = bar' (split form) */
	if (!strcmp(arg[1], "=")) {

		/*   0 1   2      3       4  ... */
		/* foo = bar <rest1> <rest2> ... */

		/* parse first var/val, plus subsequent values (if any) */
		
		parse_rest(arg[0], arg[2], arg, 3, numargs - 3);
		return;
	}

	/* ... unhandled ... */
}

/* called for fatal errors in parseconf like malloc failures */
static void upsd_user_err(const char *errmsg)
{
	upslogx(LOG_ERR, "Fatal error in parseconf(upsd.users): %s", errmsg);
}

void user_load(void)
{
	char	fn[SMALLBUF];
	PCONF_CTX_t	ctx;

	curr_user = NULL;

	snprintf(fn, sizeof(fn), "%s/upsd.users", confpath());

	check_perms(fn);

	pconf_init(&ctx, upsd_user_err);

	if (!pconf_file_begin(&ctx, fn)) {

		pconf_finish(&ctx);

		upslogx(LOG_WARNING, "%s", ctx.errmsg);
		return;
	}

	while (pconf_file_next(&ctx)) {

		if (pconf_parse_error(&ctx)) {
			upslogx(LOG_ERR, "Parse error: %s:%d: %s",
				fn, ctx.linenum, ctx.errmsg);
			continue;
		}

		user_parse_arg(ctx.numargs, ctx.arglist);
	}

	pconf_finish(&ctx);
}