/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
 */

#include <malloc.h>
#include <synch.h>
#include <syslog.h>
#include <rpcsvc/ypclnt.h>
#include <rpcsvc/yp_prot.h>
#include <pthread.h>
#include <ctype.h>
#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#include <sys/stat.h>
#include <assert.h>
#include "ad_common.h"

static pthread_mutex_t	statelock = PTHREAD_MUTEX_INITIALIZER;
static nssad_state_t	state = {0};

static void
nssad_cfg_free_props(nssad_prop_t *props)
{
	if (props->domain_name != NULL) {
		free(props->domain_name);
		props->domain_name = NULL;
	}
	if (props->domain_controller != NULL) {
		free(props->domain_controller);
		props->domain_controller = NULL;
	}
}

static int
nssad_cfg_discover_props(const char *domain, ad_disc_t ad_ctx,
	nssad_prop_t *props)
{
	ad_disc_refresh(ad_ctx);
	if (ad_disc_set_DomainName(ad_ctx, domain) != 0)
		return (-1);
	if (props->domain_controller == NULL)
		props->domain_controller =
		    ad_disc_get_DomainController(ad_ctx, AD_DISC_PREFER_SITE,
		    NULL);
	return (0);
}

static int
nssad_cfg_reload_ad(nssad_prop_t *props, adutils_ad_t **ad)
{
	int		i;
	adutils_ad_t	*new;

	if (props->domain_controller == NULL ||
	    props->domain_controller[0].host[0] == '\0')
		return (0);
	if (adutils_ad_alloc(&new, props->domain_name,
	    ADUTILS_AD_DATA) != ADUTILS_SUCCESS)
		return (-1);
	for (i = 0; props->domain_controller[i].host[0] != '\0'; i++) {
		if (adutils_add_ds(new,
		    props->domain_controller[i].host,
		    props->domain_controller[i].port) != ADUTILS_SUCCESS) {
			adutils_ad_free(&new);
			return (-1);
		}
	}

	if (*ad != NULL)
		adutils_ad_free(ad);
	*ad = new;
	return (0);
}

static
int
update_dirs(ad_disc_ds_t **value, ad_disc_ds_t **new)
{
	if (*value == *new)
		return (0);

	if (*value != NULL && *new != NULL &&
	    ad_disc_compare_ds(*value, *new) == 0) {
		free(*new);
		*new = NULL;
		return (0);
	}

	if (*value)
		free(*value);
	*value = *new;
	*new = NULL;
	return (1);
}

static
int
nssad_cfg_refresh(nssad_cfg_t *cp)
{
	nssad_prop_t	props;

	(void) ad_disc_SubnetChanged(cp->ad_ctx);
	(void) memset(&props, 0, sizeof (props));
	if (nssad_cfg_discover_props(cp->props.domain_name, cp->ad_ctx,
	    &props) < 0)
		return (-1);
	if (update_dirs(&cp->props.domain_controller,
	    &props.domain_controller)) {
		if (cp->props.domain_controller != NULL &&
		    cp->props.domain_controller[0].host[0] != '\0')
			(void) nssad_cfg_reload_ad(&cp->props, &cp->ad);
	}
	return (0);
}

static void
nssad_cfg_destroy(nssad_cfg_t *cp)
{
	if (cp != NULL) {
		(void) pthread_rwlock_destroy(&cp->lock);
		ad_disc_fini(cp->ad_ctx);
		nssad_cfg_free_props(&cp->props);
		adutils_ad_free(&cp->ad);
		free(cp);
	}
}

static nssad_cfg_t *
nssad_cfg_create(const char *domain)
{
	nssad_cfg_t	*cp;

	if ((cp = calloc(1, sizeof (*cp))) == NULL)
		return (NULL);
	if (pthread_rwlock_init(&cp->lock, NULL) != 0) {
		free(cp);
		return (NULL);
	}
	if ((cp->ad_ctx = ad_disc_init()) == NULL)
		goto errout;
	if ((cp->props.domain_name = strdup(domain)) == NULL)
		goto errout;
	if (nssad_cfg_discover_props(domain, cp->ad_ctx, &cp->props) < 0)
		goto errout;
	if (nssad_cfg_reload_ad(&cp->props, &cp->ad) < 0)
		goto errout;
	return (cp);
errout:
	nssad_cfg_destroy(cp);
	return (NULL);
}

#define	hex_char(n)	"0123456789abcdef"[n & 0xf]

int
_ldap_filter_name(char *filter_name, const char *name, int filter_name_size)
{
	char *end = filter_name + filter_name_size;
	char c;

	for (; *name; name++) {
		c = *name;
		switch (c) {
			case '*':
			case '(':
			case ')':
			case '\\':
				if (end <= filter_name + 3)
					return (-1);
				*filter_name++ = '\\';
				*filter_name++ = hex_char(c >> 4);
				*filter_name++ = hex_char(c & 0xf);
				break;
			default:
				if (end <= filter_name + 1)
					return (-1);
				*filter_name++ = c;
				break;
		}
	}
	if (end <= filter_name)
		return (-1);
	*filter_name = '\0';
	return (0);
}

static
nss_status_t
map_adrc2nssrc(adutils_rc adrc)
{
	if (adrc == ADUTILS_SUCCESS)
		return ((nss_status_t)NSS_SUCCESS);
	if (adrc == ADUTILS_ERR_NOTFOUND)
		errno = 0;
	return ((nss_status_t)NSS_NOTFOUND);
}

/* ARGSUSED */
nss_status_t
_nss_ad_marshall_data(ad_backend_ptr be, nss_XbyY_args_t *argp)
{
	int	stat;

	if (argp->buf.result == NULL) {
		/*
		 * This suggests that the process (e.g. nscd) expects
		 * nssad to return the data in native file format in
		 * argp->buf.buffer i.e. no need to marshall the data.
		 */
		argp->returnval = argp->buf.buffer;
		argp->returnlen = strlen(argp->buf.buffer);
		return ((nss_status_t)NSS_STR_PARSE_SUCCESS);
	}

	if (argp->str2ent == NULL)
		return ((nss_status_t)NSS_STR_PARSE_PARSE);

	stat = (*argp->str2ent)(be->buffer, be->buflen,
	    argp->buf.result, argp->buf.buffer, argp->buf.buflen);

	if (stat == NSS_STR_PARSE_SUCCESS) {
		argp->returnval = argp->buf.result;
		argp->returnlen = 1; /* irrelevant */
	}
	return ((nss_status_t)stat);
}

nss_status_t
_nss_ad_sanitize_status(ad_backend_ptr be, nss_XbyY_args_t *argp,
		nss_status_t stat)
{
	if (be->buffer != NULL) {
		free(be->buffer);
		be->buffer = NULL;
		be->buflen = 0;
		be->db_type = NSS_AD_DB_NONE;
	}

	if (stat == NSS_STR_PARSE_SUCCESS) {
		return ((nss_status_t)NSS_SUCCESS);
	} else if (stat == NSS_STR_PARSE_PARSE) {
		argp->returnval = 0;
		return ((nss_status_t)NSS_NOTFOUND);
	} else if (stat == NSS_STR_PARSE_ERANGE) {
		argp->erange = 1;
		return ((nss_status_t)NSS_NOTFOUND);
	}
	return ((nss_status_t)NSS_UNAVAIL);
}

/* ARGSUSED */
static
nssad_cfg_t *
get_cfg(const char *domain)
{
	nssad_cfg_t	*cp, *lru, *prev;

	/*
	 * Note about the queue:
	 *
	 * The queue is used to hold our per domain
	 * configs. The queue is limited to CFG_QUEUE_MAX_SIZE.
	 * If the queue increases beyond that point we toss
	 * out the LRU entry. The entries are inserted into
	 * the queue at state.qtail and the LRU entry is
	 * removed from state.qhead. state.qnext points
	 * from the qtail to the qhead. Everytime a config
	 * is accessed it is moved to qtail.
	 */

	(void) pthread_mutex_lock(&statelock);

	for (cp = state.qtail, prev = NULL; cp != NULL;
	    prev = cp, cp = cp->qnext) {
		if (cp->props.domain_name == NULL ||
		    strcasecmp(cp->props.domain_name, domain) != 0)
			continue;

		/* Found config for the given domain. */

		if (state.qtail != cp) {
			/*
			 * Move the entry to the tail of the queue.
			 * This way the LRU entry can be found at
			 * the head of the queue.
			 */
			prev->qnext = cp->qnext;
			if (state.qhead == cp)
				state.qhead = prev;
			cp->qnext = state.qtail;
			state.qtail = cp;
		}

		if (ad_disc_get_TTL(cp->ad_ctx) == 0) {
			/*
			 * If there are expired items in the
			 * config, grab the write lock and
			 * refresh the config.
			 */
			(void) pthread_rwlock_wrlock(&cp->lock);
			if (nssad_cfg_refresh(cp) < 0) {
				(void) pthread_rwlock_unlock(&cp->lock);
				(void) pthread_mutex_unlock(&statelock);
				return (NULL);
			}
			(void) pthread_rwlock_unlock(&cp->lock);
		}

		/* Return the config found */
		(void) pthread_rwlock_rdlock(&cp->lock);
		(void) pthread_mutex_unlock(&statelock);
		return (cp);
	}

	/* Create new config entry for the domain */
	if ((cp = nssad_cfg_create(domain)) == NULL) {
		(void) pthread_mutex_unlock(&statelock);
		return (NULL);
	}

	/* Add it to the queue */
	state.qcount++;
	if (state.qtail == NULL) {
		state.qtail = state.qhead = cp;
		(void) pthread_rwlock_rdlock(&cp->lock);
		(void) pthread_mutex_unlock(&statelock);
		return (cp);
	}
	cp->qnext = state.qtail;
	state.qtail = cp;

	/* If the queue has exceeded its size, remove the LRU entry */
	if (state.qcount >= CFG_QUEUE_MAX_SIZE) {
		/* Detach the lru entry and destroy */
		lru = state.qhead;
		if (pthread_rwlock_trywrlock(&lru->lock) == 0) {
			for (prev = state.qtail; prev != NULL;
			    prev = prev->qnext) {
				if (prev->qnext != lru)
					continue;
				state.qhead = prev;
				prev->qnext = NULL;
				state.qcount--;
				(void) pthread_rwlock_unlock(&lru->lock);
				nssad_cfg_destroy(lru);
				break;
			}
			(void) assert(prev != NULL);
		}
	}

	(void) pthread_rwlock_rdlock(&cp->lock);
	(void) pthread_mutex_unlock(&statelock);
	return (cp);
}


/* ARGSUSED */
static
nss_status_t
ad_lookup(const char *filter, const char **attrs,
	const char *domain, adutils_result_t **result)
{
	int			retries = 0;
	adutils_rc		rc, brc;
	adutils_query_state_t	*qs;
	nssad_cfg_t		*cp;

retry:
	if ((cp = get_cfg(domain)) == NULL)
		return ((nss_status_t)NSS_NOTFOUND);

	rc = adutils_lookup_batch_start(cp->ad, 1, NULL, NULL, &qs);
	(void) pthread_rwlock_unlock(&cp->lock);
	if (rc != ADUTILS_SUCCESS)
		goto out;

	rc = adutils_lookup_batch_add(qs, filter, attrs, domain, result, &brc);
	if (rc != ADUTILS_SUCCESS) {
		adutils_lookup_batch_release(&qs);
		goto out;
	}

	rc = adutils_lookup_batch_end(&qs);
	if (rc != ADUTILS_SUCCESS)
		goto out;
	rc = brc;

out:
	if (rc == ADUTILS_ERR_RETRIABLE_NET_ERR &&
	    retries++ < ADUTILS_DEF_NUM_RETRIES)
		goto retry;
	return (map_adrc2nssrc(rc));
}


/* ARGSUSED */
nss_status_t
_nss_ad_lookup(ad_backend_ptr be, nss_XbyY_args_t *argp,
		const char *database, const char *searchfilter,
		const char *dname, int *try_idmap)
{
	nss_status_t	stat;

	*try_idmap = 0;

	/* Clear up results if any */
	(void) adutils_freeresult(&be->result);

	/* Lookup AD */
	stat = ad_lookup(searchfilter, be->attrs, dname, &be->result);
	if (stat != NSS_SUCCESS) {
		argp->returnval = 0;
		*try_idmap = 1;
		return (stat);
	}

	/* Map AD object(s) to string in native file format */
	stat = be->adobj2str(be, argp);
	if (stat == NSS_STR_PARSE_SUCCESS)
		stat = _nss_ad_marshall_data(be, argp);
	return (_nss_ad_sanitize_status(be, argp, stat));
}

static
void
clean_state()
{
	nssad_cfg_t	*cp, *curr;

	(void) pthread_mutex_lock(&statelock);
	for (cp = state.qtail; cp != NULL; ) {
		curr = cp;
		cp = cp->qnext;
		nssad_cfg_destroy(curr);
	}
	(void) memset(&state, 0, sizeof (state));
	(void) pthread_mutex_unlock(&statelock);
}

static
void
_clean_ad_backend(ad_backend_ptr be)
{
	if (be->tablename != NULL)
		free(be->tablename);
	if (be->buffer != NULL) {
		free(be->buffer);
		be->buffer = NULL;
	}
	free(be);
}


/*
 * _nss_ad_destr frees allocated memory before exiting this nsswitch shared
 * backend library. This function is called before returning control back to
 * nsswitch.
 */
/*ARGSUSED*/
nss_status_t
_nss_ad_destr(ad_backend_ptr be, void *a)
{
	(void) _clean_ad_backend(be);
	clean_state();
	return ((nss_status_t)NSS_SUCCESS);
}


/*ARGSUSED*/
nss_status_t
_nss_ad_setent(ad_backend_ptr be, void *a)
{
	return ((nss_status_t)NSS_UNAVAIL);
}


/*ARGSUSED*/
nss_status_t
_nss_ad_endent(ad_backend_ptr be, void *a)
{
	return ((nss_status_t)NSS_UNAVAIL);
}


/*ARGSUSED*/
nss_status_t
_nss_ad_getent(ad_backend_ptr be, void *a)
{
	return ((nss_status_t)NSS_UNAVAIL);
}


nss_backend_t *
_nss_ad_constr(ad_backend_op_t ops[], int nops, char *tablename,
		const char **attrs, fnf adobj2str)
{
	ad_backend_ptr	be;

	if ((be = (ad_backend_ptr) calloc(1, sizeof (*be))) == NULL)
		return (NULL);
	if ((be->tablename = (char *)strdup(tablename)) == NULL) {
		free(be);
		return (NULL);
	}
	be->ops = ops;
	be->nops = (nss_dbop_t)nops;
	be->attrs = attrs;
	be->adobj2str = adobj2str;
	(void) memset(&state, 0, sizeof (state));
	return ((nss_backend_t *)be);
}