/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright (C) 2005 - 2012 Red Hat, Inc.
 * Copyright (C) 2006 - 2008 Novell, Inc.
 */

#include "nm-default.h"

#include "nm-vpn-manager.h"

#include "nm-vpn-plugin-info.h"
#include "nm-vpn-connection.h"
#include "nm-setting-vpn.h"
#include "nm-vpn-dbus-interface.h"
#include "nm-core-internal.h"

typedef struct {
    GSList *      plugins;
    GFileMonitor *monitor_etc;
    GFileMonitor *monitor_lib;
    gulong        monitor_id_etc;
    gulong        monitor_id_lib;

    /* This is only used for services that don't support multiple
     * connections, to guard access to them. */
    GHashTable *active_services;
} NMVpnManagerPrivate;

struct _NMVpnManager {
    GObject             parent;
    NMVpnManagerPrivate _priv;
};

struct _NMVpnManagerClass {
    GObjectClass parent;
};

G_DEFINE_TYPE(NMVpnManager, nm_vpn_manager, G_TYPE_OBJECT)

#define NM_VPN_MANAGER_GET_PRIVATE(self) _NM_GET_PRIVATE(self, NMVpnManager, NM_IS_VPN_MANAGER)

/*****************************************************************************/

static void
vpn_state_changed(NMVpnConnection *vpn, GParamSpec *pspec, NMVpnManager *manager)
{
    NMVpnManagerPrivate *   priv  = NM_VPN_MANAGER_GET_PRIVATE(manager);
    NMActiveConnectionState state = nm_active_connection_get_state(NM_ACTIVE_CONNECTION(vpn));
    const char *            service_name = nm_vpn_connection_get_service(vpn);

    if (state == NM_ACTIVE_CONNECTION_STATE_DEACTIVATED) {
        g_hash_table_remove(priv->active_services, service_name);
        g_signal_handlers_disconnect_by_func(vpn, vpn_state_changed, manager);
        g_object_unref(manager);
    }
}

gboolean
nm_vpn_manager_activate_connection(NMVpnManager *manager, NMVpnConnection *vpn, GError **error)
{
    NMVpnManagerPrivate *priv;
    NMVpnPluginInfo *    plugin_info;
    const char *         service_name;
    NMDevice *           device;

    g_return_val_if_fail(NM_IS_VPN_MANAGER(manager), FALSE);
    g_return_val_if_fail(NM_IS_VPN_CONNECTION(vpn), FALSE);
    g_return_val_if_fail(!error || !*error, FALSE);

    priv   = NM_VPN_MANAGER_GET_PRIVATE(manager);
    device = nm_active_connection_get_device(NM_ACTIVE_CONNECTION(vpn));
    g_assert(device);
    if (nm_device_get_state(device) != NM_DEVICE_STATE_ACTIVATED
        && nm_device_get_state(device) != NM_DEVICE_STATE_SECONDARIES) {
        g_set_error_literal(error,
                            NM_MANAGER_ERROR,
                            NM_MANAGER_ERROR_DEPENDENCY_FAILED,
                            "The base device for the VPN connection was not active.");
        return FALSE;
    }

    service_name = nm_vpn_connection_get_service(vpn);

    plugin_info = nm_vpn_plugin_info_list_find_by_service(priv->plugins, service_name);
    if (!plugin_info) {
        g_set_error(error,
                    NM_MANAGER_ERROR,
                    NM_MANAGER_ERROR_CONNECTION_NOT_AVAILABLE,
                    "The VPN service '%s' was not installed.",
                    service_name);
        return FALSE;
    }

    if (!nm_vpn_plugin_info_supports_multiple(plugin_info)
        && g_hash_table_contains(priv->active_services, service_name)) {
        g_set_error(error,
                    NM_MANAGER_ERROR,
                    NM_MANAGER_ERROR_CONNECTION_NOT_AVAILABLE,
                    "The '%s' plugin only supports a single active connection.",
                    nm_vpn_plugin_info_get_name(plugin_info));
        return FALSE;
    }

    nm_vpn_connection_activate(vpn, plugin_info);

    if (!nm_vpn_plugin_info_supports_multiple(plugin_info)) {
        /* Block activations of the connections of the same service type. */
        g_hash_table_add(priv->active_services, g_strdup(service_name));
        g_signal_connect(vpn,
                         "notify::" NM_ACTIVE_CONNECTION_STATE,
                         G_CALLBACK(vpn_state_changed),
                         g_object_ref(manager));
    }

    return TRUE;
}

/*****************************************************************************/

static void
try_add_plugin(NMVpnManager *self, NMVpnPluginInfo *plugin_info)
{
    NMVpnManagerPrivate *priv = NM_VPN_MANAGER_GET_PRIVATE(self);
    const char *         program;

    program = nm_vpn_plugin_info_get_program(plugin_info);
    if (!program || !*program)
        return;

    /* Make sure we don't add dupes.
     * We don't really allow reload of the same file. What we do allow is however to
     * delete a file and re-add it. */
    if (nm_vpn_plugin_info_list_find_by_filename(priv->plugins,
                                                 nm_vpn_plugin_info_get_filename(plugin_info)))
        return;
    if (!nm_vpn_plugin_info_list_add(&priv->plugins, plugin_info, NULL))
        return;
}

static void
vpn_dir_changed(GFileMonitor *    monitor,
                GFile *           file,
                GFile *           other_file,
                GFileMonitorEvent event_type,
                gpointer          user_data)
{
    NMVpnManager *       self = NM_VPN_MANAGER(user_data);
    NMVpnManagerPrivate *priv = NM_VPN_MANAGER_GET_PRIVATE(self);
    NMVpnPluginInfo *    plugin_info;
    gs_free char *       path  = NULL;
    GError *             error = NULL;

    path = g_file_get_path(file);
    if (!nm_vpn_plugin_info_validate_filename(path))
        return;

    switch (event_type) {
    case G_FILE_MONITOR_EVENT_DELETED:
        plugin_info = nm_vpn_plugin_info_list_find_by_filename(priv->plugins, path);
        if (!plugin_info)
            break;

        nm_log_dbg(LOGD_VPN, "vpn: service file %s deleted", path);
        nm_vpn_plugin_info_list_remove(&priv->plugins, plugin_info);
        break;
    case G_FILE_MONITOR_EVENT_CREATED:
    case G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT:
        plugin_info = nm_vpn_plugin_info_list_find_by_filename(priv->plugins, path);
        if (plugin_info) {
            /* we don't support reloading an existing plugin. You can only remove the file
             * and re-add it. By reloading we want to support the use case of installing
             * a VPN plugin after NM started. No need to burden ourself with a complete
             * reload. */
            break;
        }

        if (!_nm_vpn_plugin_info_check_file(path, TRUE, TRUE, 0, NULL, NULL, &error)) {
            nm_log_dbg(LOGD_VPN, "vpn: ignore changed service file %s (%s)", path, error->message);
            g_clear_error(&error);
            break;
        }
        plugin_info = nm_vpn_plugin_info_new_from_file(path, &error);
        if (!plugin_info) {
            nm_log_dbg(LOGD_VPN,
                       "vpn: ignore changed service file %s due to invalid content (%s)",
                       path,
                       error->message);
            g_clear_error(&error);
            break;
        }

        nm_log_dbg(LOGD_VPN, "vpn: service file %s created or modified", path);
        try_add_plugin(self, plugin_info);
        g_object_unref(plugin_info);
        break;
    default:
        nm_log_dbg(LOGD_VPN, "vpn: service file %s change event %d", path, event_type);
        break;
    }
}

/*****************************************************************************/

NM_DEFINE_SINGLETON_GETTER(NMVpnManager, nm_vpn_manager_get, NM_TYPE_VPN_MANAGER);

static void
nm_vpn_manager_init(NMVpnManager *self)
{
    NMVpnManagerPrivate *priv = NM_VPN_MANAGER_GET_PRIVATE(self);
    GFile *              file;
    GSList *             infos, *info;
    const char *         conf_dir_etc = _nm_vpn_plugin_info_get_default_dir_etc();
    const char *         conf_dir_lib = _nm_vpn_plugin_info_get_default_dir_lib();

    /* Watch the VPN directory for changes */
    file              = g_file_new_for_path(conf_dir_lib);
    priv->monitor_lib = g_file_monitor_directory(file, G_FILE_MONITOR_NONE, NULL, NULL);
    g_object_unref(file);
    if (priv->monitor_lib) {
        priv->monitor_id_lib =
            g_signal_connect(priv->monitor_lib, "changed", G_CALLBACK(vpn_dir_changed), self);
    }

    file              = g_file_new_for_path(conf_dir_etc);
    priv->monitor_etc = g_file_monitor_directory(file, G_FILE_MONITOR_NONE, NULL, NULL);
    g_object_unref(file);
    if (priv->monitor_etc) {
        priv->monitor_id_etc =
            g_signal_connect(priv->monitor_etc, "changed", G_CALLBACK(vpn_dir_changed), self);
    }

    /* first read conf_dir_lib. The name files are not really user configuration, but
     * plugin configuration. Hence we expect ~newer~ plugins to install their files
     * in /usr/lib/NetworkManager. We want to prefer those files.
     * In case of no-conflict, the order doesn't matter. */
    infos = _nm_vpn_plugin_info_list_load_dir(conf_dir_lib, TRUE, 0, NULL, NULL);
    for (info = infos; info; info = info->next)
        try_add_plugin(self, info->data);
    g_slist_free_full(infos, g_object_unref);

    infos = _nm_vpn_plugin_info_list_load_dir(conf_dir_etc, TRUE, 0, NULL, NULL);
    for (info = infos; info; info = info->next)
        try_add_plugin(self, info->data);
    g_slist_free_full(infos, g_object_unref);

    priv->active_services = g_hash_table_new_full(nm_str_hash, g_str_equal, g_free, NULL);
}

static void
dispose(GObject *object)
{
    NMVpnManagerPrivate *priv = NM_VPN_MANAGER_GET_PRIVATE(object);

    if (priv->monitor_etc) {
        if (priv->monitor_id_etc)
            g_signal_handler_disconnect(priv->monitor_etc, priv->monitor_id_etc);
        g_file_monitor_cancel(priv->monitor_etc);
        g_clear_object(&priv->monitor_etc);
    }

    if (priv->monitor_lib) {
        if (priv->monitor_id_lib)
            g_signal_handler_disconnect(priv->monitor_lib, priv->monitor_id_lib);
        g_file_monitor_cancel(priv->monitor_lib);
        g_clear_object(&priv->monitor_lib);
    }

    while (priv->plugins)
        nm_vpn_plugin_info_list_remove(&priv->plugins, priv->plugins->data);

    g_hash_table_unref(priv->active_services);

    G_OBJECT_CLASS(nm_vpn_manager_parent_class)->dispose(object);
}

static void
nm_vpn_manager_class_init(NMVpnManagerClass *manager_class)
{
    GObjectClass *object_class = G_OBJECT_CLASS(manager_class);

    object_class->dispose = dispose;
}