/*
   Copyright (c) 2011-2012 Red Hat, Inc. <http://www.redhat.com>
   This file is part of GlusterFS.

   This file is licensed to you under your choice of the GNU Lesser
   General Public License, version 3 or any later version (LGPLv3 or
   later), or the GNU General Public License, version 2 (GPLv2), in all
   cases as published by the Free Software Foundation.
*/
#include <glusterfs/compat.h>
#include <glusterfs/syscall.h>

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <sys/param.h> /* for PATH_MAX */

/* NOTE (USE_LIBGLUSTERFS):
 * ------------------------
 * When USE_LIBGLUSTERFS debugging sumbol is passed; perform
 * glusterfs translator like initialization so that glusterfs
 * globals, contexts are valid when glustefs api's are invoked.
 * We unconditionally pass then while building gsyncd binary.
 */
#ifdef USE_LIBGLUSTERFS
#include <glusterfs/glusterfs.h>
#include <glusterfs/globals.h>
#include <glusterfs/defaults.h>
#endif

#include <glusterfs/common-utils.h>
#include <glusterfs/run.h>
#include "procdiggy.h"

#define _GLUSTERD_CALLED_ "_GLUSTERD_CALLED_"
#define _GSYNCD_DISPATCHED_ "_GSYNCD_DISPATCHED_"
#define GSYNCD_CONF_TEMPLATE "geo-replication/gsyncd_template.conf"
#define GSYNCD_PY "gsyncd.py"
#define RSYNC "rsync"

int restricted = 0;

static int
duplexpand(void **buf, size_t tsiz, size_t *len)
{
    size_t osiz = tsiz * *len;
    char *p = realloc(*buf, osiz << 1);
    if (!p) {
        return -1;
    }

    memset(p + osiz, 0, osiz);
    *buf = p;
    *len <<= 1;

    return 0;
}

static int
str2argv(char *str, char ***argv)
{
    char *p = NULL;
    char *savetok = NULL;
    char *temp = NULL;
    char *temp1 = NULL;
    int argc = 0;
    size_t argv_len = 32;
    int ret = 0;
    int i = 0;

    assert(str);
    temp = str = strdup(str);
    if (!str)
        goto error;

    *argv = calloc(argv_len, sizeof(**argv));
    if (!*argv)
        goto error;

    while ((p = strtok_r(str, " ", &savetok))) {
        str = NULL;

        argc++;
        if (argc == argv_len) {
            ret = duplexpand((void *)argv, sizeof(**argv), &argv_len);
            if (ret == -1)
                goto error;
        }
        temp1 = strdup(p);
        if (!temp1)
            goto error;
        (*argv)[argc - 1] = temp1;
    }

    free(temp);
    return argc;

error:
    fprintf(stderr, "out of memory\n");
    free(temp);
    for (i = 0; i < argc - 1; i++)
        free((*argv)[i]);
    free(*argv);
    return -1;
}

static int
invoke_gsyncd(int argc, char **argv)
{
    int i = 0;
    int j = 0;
    char *nargv[argc + 4];
    char *python = NULL;

    if (chdir("/") == -1)
        goto error;

    j = 0;
    python = getenv("PYTHON");
    if (!python)
        python = PYTHON;
    nargv[j++] = python;
    nargv[j++] = GSYNCD_PREFIX "/python/syncdaemon/" GSYNCD_PY;
    for (i = 1; i < argc; i++)
        nargv[j++] = argv[i];

    nargv[j++] = NULL;

    execvp(python, nargv);

    fprintf(stderr, "exec of '%s' failed\n", python);
    return 127;

error:
    fprintf(stderr, "gsyncd initializaion failed\n");
    return 1;
}

static int
find_gsyncd(pid_t pid, pid_t ppid, char *name, void *data)
{
    char buf[NAME_MAX * 2] = {
        0,
    };
    char path[PATH_MAX] = {
        0,
    };
    char *p = NULL;
    int zeros = 0;
    int ret = 0;
    int fd = -1;
    pid_t *pida = (pid_t *)data;

    if (ppid != pida[0])
        return 0;

    snprintf(path, sizeof path, PROC "/%d/cmdline", pid);
    fd = open(path, O_RDONLY);
    if (fd == -1)
        return 0;
    ret = sys_read(fd, buf, sizeof(buf));
    sys_close(fd);
    if (ret == -1)
        return 0;
    for (zeros = 0, p = buf; zeros < 2 && p < buf + ret; p++)
        zeros += !*p;

    ret = 0;
    switch (zeros) {
        case 2:
            if ((strcmp(basename(buf), basename(PYTHON)) ||
                 strcmp(basename(buf + strlen(buf) + 1), GSYNCD_PY)) == 0) {
                ret = 1;
                break;
            }
            /* fallthrough */
        case 1:
            if (strcmp(basename(buf), GSYNCD_PY) == 0)
                ret = 1;
    }

    if (ret == 1) {
        if (pida[1] != -1) {
            fprintf(stderr, GSYNCD_PY " sibling is not unique");
            return -1;
        }
        pida[1] = pid;
    }

    return 0;
}

static int
invoke_rsync(int argc, char **argv)
{
    int i = 0;
    char path[PATH_MAX] = {
        0,
    };
    pid_t pid = -1;
    pid_t ppid = -1;
    pid_t pida[] = {-1, -1};
    char *name = NULL;
    char buf[PATH_MAX + 1] = {
        0,
    };
    int ret = 0;

    assert(argv[argc] == NULL);

    if (argc < 2 || strcmp(argv[1], "--server") != 0)
        goto error;

    for (i = 2; i < argc && argv[i][0] == '-'; i++)
        ;

    if (!(i == argc - 2 && strcmp(argv[i], ".") == 0 &&
          argv[i + 1][0] == '/')) {
        fprintf(stderr, "need an rsync invocation without protected args\n");
        goto error;
    }

    /* look up sshd we are spawned from */
    for (pid = getpid();; pid = ppid) {
        ppid = pidinfo(pid, &name);
        if (ppid < 0) {
            fprintf(stderr, "sshd ancestor not found\n");
            goto error;
        }
        if (strcmp(name, "sshd") == 0) {
            GF_FREE(name);
            break;
        }
        GF_FREE(name);
    }
    /* look up "ssh-sibling" gsyncd */
    pida[0] = pid;
    ret = prociter(find_gsyncd, pida);
    if (ret == -1 || pida[1] == -1) {
        fprintf(stderr, "gsyncd sibling not found\n");
        goto error;
    }
    /* check if rsync target matches gsyncd target */
    snprintf(path, sizeof path, PROC "/%d/cwd", pida[1]);
    ret = sys_readlink(path, buf, sizeof(buf));
    if (ret == -1 || ret == sizeof(buf))
        goto error;
    if (strcmp(argv[argc - 1], "/") == 0 /* root dir cannot be a target */ ||
        (strcmp(argv[argc - 1], path) /* match against gluster target */ &&
         strcmp(argv[argc - 1], buf) /* match against file target */) != 0) {
        fprintf(stderr, "rsync target does not match " GEOREP " session\n");
        goto error;
    }

    argv[0] = RSYNC;

    execvp(RSYNC, argv);

    fprintf(stderr, "exec of " RSYNC " failed\n");
    return 127;

error:
    fprintf(stderr, "disallowed " RSYNC " invocation\n");
    return 1;
}

static int
invoke_gluster(int argc, char **argv)
{
    int i = 0;
    int j = 0;
    int optsover = 0;
    char *ov = NULL;

    for (i = 1; i < argc; i++) {
        ov = strtail(argv[i], "--");
        if (ov && !optsover) {
            if (*ov == '\0')
                optsover = 1;
            continue;
        }
        switch (++j) {
            case 1:
                if (strcmp(argv[i], "volume") != 0)
                    goto error;
                break;
            case 2:
                if (strcmp(argv[i], "info") != 0)
                    goto error;
                break;
            case 3:
                break;
            default:
                goto error;
        }
    }

    argv[0] = "gluster";
    execvp(SBIN_DIR "/gluster", argv);
    fprintf(stderr, "exec of gluster failed\n");
    return 127;

error:
    fprintf(stderr, "disallowed gluster invocation\n");
    return 1;
}

struct invocable {
    char *name;
    int (*invoker)(int argc, char **argv);
};

struct invocable invocables[] = {{"rsync", invoke_rsync},
                                 {"gsyncd", invoke_gsyncd},
                                 {"gluster", invoke_gluster},
                                 {NULL, NULL}};

int
main(int argc, char **argv)
{
    int ret = -1;
    char *evas = NULL;
    struct invocable *i = NULL;
    char *b = NULL;
    char *sargv = NULL;
    int j = 0;

#ifdef USE_LIBGLUSTERFS
    glusterfs_ctx_t *ctx = NULL;

    ctx = glusterfs_ctx_new();
    if (!ctx)
        return ENOMEM;

    if (glusterfs_globals_init(ctx))
        return 1;

    THIS->ctx = ctx;
    ret = default_mem_acct_init(THIS);
    if (ret) {
        fprintf(stderr, "internal error: mem accounting failed\n");
        return 1;
    }
#endif

    evas = getenv(_GLUSTERD_CALLED_);
    if (evas && strcmp(evas, "1") == 0)
        /* OK, we know glusterd called us, no need to look for further config
         *...although this conclusion should not inherit to our children
         */
        unsetenv(_GLUSTERD_CALLED_);
    else {
        /* we regard all gsyncd invocations unsafe
         * that do not come from glusterd and
         * therefore restrict it
         */
        restricted = 1;

        if (!getenv(_GSYNCD_DISPATCHED_)) {
            evas = getenv("SSH_ORIGINAL_COMMAND");
            if (evas)
                sargv = evas;
            else {
                evas = getenv("SHELL");
                if (evas && strcmp(basename(evas), "gsyncd") == 0 &&
                    argc == 3 && strcmp(argv[1], "-c") == 0)
                    sargv = argv[2];
            }
        }
    }

    if (!(sargv && restricted))
        return invoke_gsyncd(argc, argv);

    argc = str2argv(sargv, &argv);

    if (argc == -1) {
        fprintf(stderr, "internal error\n");
        return 1;
    }

    if (setenv(_GSYNCD_DISPATCHED_, "1", 1) == -1) {
        fprintf(stderr, "internal error\n");
        goto out;
    }

    b = basename(argv[0]);
    for (i = invocables; i->name; i++) {
        if (strcmp(b, i->name) == 0)
            return i->invoker(argc, argv);
    }

    fprintf(stderr, "invoking %s in restricted SSH session is not allowed\n",
            b);

out:
    for (j = 1; j < argc; j++)
        free(argv[j]);
    free(argv);
    return 1;
}