/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
#include <stropts.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stropts.h>
#include <sys/sockio.h>
#include <errno.h>
#include <sys/list.h>
#include <auth_attr.h>
#include <auth_list.h>
#include <secdb.h>
#include <libilb.h>
#include "libilb_impl.h"
#include "ilbd.h"

/*
 * logs error messages, either to stderr or syslog, depending on
 * the -d option
 */
static boolean_t	ilbd_debugging = B_FALSE;

/* Socket to issue ioctl() to the kernel */
static	int	ksock = -1;

void
ilbd_enable_debug(void)
{
	ilbd_debugging = B_TRUE;
}

boolean_t
is_debugging_on(void)
{
	return (ilbd_debugging);
}

/*
 * All routines log to syslog, unless the daemon is running in
 * the foreground, in which case the logging goes to stderr.
 * The following logging functions are available:
 *
 *
 *      logdebug(): A printf-like function for outputting debug messages
 *      (messages at LOG_DEBUG) that are only of use to developers.
 *
 *      logerr(): A printf-like function for outputting error messages
 *      (messages at LOG_ERR) from the daemon.
 *
 *      logperror*(): A set of functions used to output error messages
 *      (messages at LOG_ERR); these automatically append strerror(errno)
 *      and a newline to the message passed to them.
 *
 * NOTE: since the logging functions write to syslog, the messages passed
 *      to them are not eligible for localization.  Thus, gettext() must
 *      *not* be used.
 *
 */
/* PRINTFLIKE2 */
void
ilbd_log(int pri, const char *fmt, ...)
{
	va_list ap;
	va_start(ap, fmt);

	if (ilbd_debugging == B_TRUE) {
		(void) vfprintf(stderr, fmt, ap);
		(void) fprintf(stderr, "\n");
	} else {
		vsyslog(pri, fmt, ap);
	}
	va_end(ap);

}

/* PRINTFLIKE1 */
void
logperror(const char *str)
{
	if (ilbd_debugging == B_TRUE)
		(void) fprintf(stderr, "%s: %s\n", str, strerror(errno));
	else
		syslog(LOG_ERR, "%s: %m", str);
}


ilb_status_t
ilbd_check_client_config_auth(const struct passwd *pwd)
{
	if (chkauthattr(NET_ILB_CONFIG_AUTH, pwd->pw_name) == 0) {
		logdebug("user %s is not authorized for"
		    " configuration operation", pwd->pw_name);
		return (ILB_STATUS_CFGAUTH);
	}
	return (ILB_STATUS_OK);

}

ilb_status_t
ilbd_check_client_enable_auth(const struct passwd *pwd)
{
	if (chkauthattr(NET_ILB_ENABLE_AUTH, pwd->pw_name) == 0) {
		logdebug("user %s is not authorized for"
		    " enable/disable operation", pwd->pw_name);
		return (ILB_STATUS_CFGAUTH);
	}
	return (ILB_STATUS_OK);

}

/*
 * input param. "err" should be one of the errnos defined in
 * /usr/include/sys/errno.h
 * this list is NOT complete.
 */
ilb_status_t
ilb_map_errno2ilbstat(int err)
{
	ilb_status_t	rc = ILB_STATUS_INTERNAL;

	switch (err) {
	case 0:
		rc = ILB_STATUS_OK; /* for completeness' sake */
		break;
	case EINVAL:
		rc = ILB_STATUS_EINVAL;
		break;
	case ENOENT:
		rc = ILB_STATUS_ENOENT;
		break;
	case ENOMEM:
		rc = ILB_STATUS_ENOMEM;
		break;
	case EINPROGRESS:
		rc = ILB_STATUS_INPROGRESS;
		break;
	case EEXIST:
		rc = ILB_STATUS_EEXIST;
		break;
	}
	return (rc);
}

static int
i_get_kcmd_sz(void *cmdp)
{
	int		sz;

	switch (((ilb_rule_cmd_t *)cmdp)->cmd) {
	case ILB_DESTROY_RULE:
	case ILB_ENABLE_RULE:
	case ILB_DISABLE_RULE:
		sz = sizeof (ilb_name_cmd_t);
		break;
	case ILB_CREATE_RULE:
	case ILB_LIST_RULE:
		sz = sizeof (ilb_rule_cmd_t);
		break;
	case ILB_NUM_RULES:
		sz = sizeof (ilb_num_rules_cmd_t);
		break;
	case ILB_NUM_SERVERS:
		sz = sizeof (ilb_num_servers_cmd_t);
		break;
	case ILB_ADD_SERVERS: {
		ilb_servers_info_cmd_t *kcmd = (ilb_servers_info_cmd_t *)cmdp;

		sz = sizeof (*kcmd) + ((kcmd->num_servers - 1) *
		    sizeof (kcmd->servers));
		break;
	}
	case ILB_RULE_NAMES: {
		ilb_rule_names_cmd_t *kcmd = (ilb_rule_names_cmd_t *)cmdp;

		sz = sizeof (*kcmd) +
		    ((kcmd->num_names - 1) * sizeof (kcmd->buf));
		break;
	}
	case ILB_DEL_SERVERS:
	case ILB_ENABLE_SERVERS:
	case ILB_DISABLE_SERVERS: {
		ilb_servers_cmd_t *kcmd = (ilb_servers_cmd_t *)cmdp;

		sz = sizeof (*kcmd) +
		    ((kcmd->num_servers - 1) * sizeof (kcmd->servers));
		break;
	}
	default: sz = -1;
		break;
	}
	return (sz);
}

/*
 * parameter 'sz' is optional (indicated by == 0); if it's not set
 * we try to derive it from cmdp->cmd
 */
ilb_status_t
do_ioctl(void *cmdp, ssize_t sz)
{
	struct strioctl	ioc;
	int		i_rc;

	if (ksock == -1) {
		ksock = socket(AF_INET, SOCK_DGRAM, 0);
		if (ksock == -1) {
			logperror("do_ioctl: AF_INET socket call"
			    "  failed");
			return (ILB_STATUS_INTERNAL);
		}
	}

	(void) memset(&ioc, 0, sizeof (ioc));
	ioc.ic_cmd = SIOCILB;
	ioc.ic_timout = 0;
	ioc.ic_dp = cmdp;

	if (sz == 0) {
		sz = i_get_kcmd_sz(cmdp);

		if (sz == -1) {
			logdebug("do_ioctl: unknown command");
			return (ILB_STATUS_INVAL_CMD);
		}
	}

	ioc.ic_len = sz;

	i_rc = ioctl(ksock, I_STR, (caddr_t)&ioc);
	if (i_rc == -1) {
		logdebug("do_ioctl: SIOCILB ioctl (%d) failed: %s",
		    *(ilb_cmd_t *)cmdp, strerror(errno));
		return (ilb_map_errno2ilbstat(errno));
	}

	return (ILB_STATUS_OK);
}

/*
 * Create an OK reply to a client request.  It is assumed that the passed
 * in buffer is large enough to hold the reply.
 */
void
ilbd_reply_ok(uint32_t *rbuf, size_t *rbufsz)
{
	ilb_comm_t *ic = (ilb_comm_t *)rbuf;

	ic->ic_cmd = ILBD_CMD_OK;
	/* Default is one exchange of request/response. */
	ic->ic_flags = ILB_COMM_END;
	*rbufsz = sizeof (ilb_comm_t);
}

/*
 * Create an error reply to a client request.  It is assumed that the passed
 * in buffer is large enough to hold the reply.
 */
void
ilbd_reply_err(uint32_t *rbuf, size_t *rbufsz, ilb_status_t status)
{
	ilb_comm_t *ic = (ilb_comm_t *)rbuf;

	ic->ic_cmd = ILBD_CMD_ERROR;
	/* Default is one exchange of request/response. */
	ic->ic_flags = ILB_COMM_END;
	*(ilb_status_t *)&ic->ic_data = status;
	*rbufsz = sizeof (ilb_comm_t) + sizeof (ilb_status_t);
}