/*

 * Unlabeled Functions

 *

 * Author: Paul Moore <paul@paul-moore.com>

 *

 */

/*

 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2007

 *

 * This program is free software: you can redistribute it and/or modify

 * it under the terms of version 2 of the GNU General Public License as

 * published by the Free Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see <http://www.gnu.org/licenses/>.

 *

 */

#include <stdlib.h>

#include <stdio.h>

#include <string.h>

#include <errno.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <arpa/inet.h>

#include <libnetlabel.h>

#include "netlabelctl.h"

/**

 * Set the NetLabel accept flag

 * @param argc the number of arguments

 * @param argv the argument list

 *

 * Set the kernel's unlabeled packet allow flag.  Returns zero on success,

 * negative values on failure.

 *

 */

static int unlbl_accept(int argc, char *argv[])

{

	int rc;

	uint8_t flag;

	/* sanity check */

	if (argc != 1 || argv == NULL || argv[0] == NULL)

		return -EINVAL;

	/* set or reset the flag? */

	if (strcasecmp(argv[0], "on") == 0 || strcmp(argv[0], "1") == 0)

		flag = 1;

	else if (strcasecmp(argv[0], "off") == 0 || strcmp(argv[0], "0") == 0)

		flag = 0;

	else

		return -EINVAL;

	rc = nlbl_unlbl_accept(NULL, flag);

	if (rc < 0)

		return rc;

	return 0;

}

/**

 * Query the NetLabel unlabeled module and display the results

 *

 * Query the unlabeled module and display the results.  Returns zero on

 * success, negative values on failure.

 *

 */

static int unlbl_list(void)

{

	int rc;

	uint8_t flag;

	struct nlbl_addrmap *addr_p = NULL, *addr_p_new;

	struct nlbl_addrmap *addrdef_p = NULL;

	struct nlbl_addrmap *iter_p;

	size_t count;

	uint32_t iter;

	/* display the accept flag */

	rc = nlbl_unlbl_list(NULL, &flag;;

	if (rc < 0)

		return rc;

	if (opt_pretty != 0)

		printf("Accept unlabeled packets : %s\n",

		       (flag ? "on" : "off"));

	else

		printf("accept:%s", (flag ? "on" : "off"));

	/* get the static label mappings */

	rc = nlbl_unlbl_staticlist(NULL, &addr_p);

	if (rc < 0)

		return rc;

	count = rc;

	rc = nlbl_unlbl_staticlistdef(NULL, &addrdef_p);

	if (rc > 0) {

		addr_p_new = realloc(addr_p, sizeof(*addr_p) * (count + rc));

		if (addr_p_new == NULL)

			goto list_return;

		addr_p = addr_p_new;

		memcpy(&addr_p[count], addrdef_p, sizeof(*addr_p) * rc);

		count += rc;

	}

	/* display the static label mappings */

	if (opt_pretty != 0) {

		printf("Configured NetLabel address mappings (%zu)\n", count);

		for (iter = 0; iter < count; iter++) {

			iter_p = &addr_p[iter];

			/* interface */

			if (iter == 0 ||

			    iter_p->dev == NULL ||

			    strcmp(addr_p[iter - 1].dev, iter_p->dev) != 0) {

				printf(" interface: ");

				if (iter_p->dev != NULL)

					printf("%s\n", iter_p->dev);

				else

					printf("DEFAULT\n");

			}

			/* address */

			printf("   address: ");

			nlctl_addr_print(&iter_p->addr);

			printf("\n");

			/* label */

			printf("    label: \"%s\"\n", iter_p->label);

		}

	} else {

		if (count > 0)

			printf(" ");

		for (iter = 0; iter < count; iter++) {

			iter_p = &addr_p[iter];

			/* interface */

			printf("interface:");

			if (iter_p->dev != NULL)

				printf("%s,", iter_p->dev);

			else

				printf("DEFAULT,");

			/* address */

			printf("address:");

			nlctl_addr_print(&iter_p->addr);

			printf(",");

			/* label */

			printf("label:\"%s\"", iter_p->label);

			if (iter + 1 < count)

				printf(" ");

		}

		printf("\n");

	}

list_return:

	if (addr_p != NULL) {

		for (iter = 0; iter < count; iter++) {

			if (addr_p[iter].dev != NULL)

				free(addr_p[iter].dev);

			if (addr_p[iter].label != NULL)

				free(addr_p[iter].label);

		}

		free(addr_p);

	}

	return rc;

}

/**

 * Add a static/fallback label configuration

 * @param argc the number of arguments

 * @param argv the argument list

 *

 * Add a fallback label configuration to the kernel.  Returns zero on success,

 * negative values on failure.

 *

 */

static int unlbl_add(int argc, char *argv[])

{

	uint32_t iter;

	uint8_t def_flag = 0;

	nlbl_netdev dev = NULL;

	struct nlbl_netaddr addr;

	nlbl_secctx label = NULL;

	/* sanity checks */

	if (argc <= 0 || argv == NULL || argv[0] == NULL)

		return -EINVAL;

	memset(&addr, 0, sizeof(addr));

	/* parse the arguments */

	for (iter = 0; iter < argc && argv[iter] != NULL; iter++) {

		if (strncmp(argv[iter], "interface:", 10) == 0) {

			dev = argv[iter] + 10;

		} else if (strncmp(argv[iter], "default", 7) == 0) {

			def_flag = 1;

		} else if (strncmp(argv[iter], "label:", 6) == 0) {

			label = argv[iter] + 6;

		} else if (strncmp(argv[iter], "address:", 8) == 0) {

			if (nlctl_addr_parse(argv[iter] + 8, &addr) != 0)

				return -EINVAL;

		}

	}

	/* add the mapping */

	if (def_flag != 0)

		return nlbl_unlbl_staticadddef(NULL, &addr, label);

	else

		return nlbl_unlbl_staticadd(NULL, dev, &addr, label);

}

/**

 * Delete a static/fallback label configuration

 * @param argc the number of arguments

 * @param argv the argument list

 *

 * Deletes a fallback label configuration to the kernel.  Returns zero on

 * success, negative values on failure.

 *

 */

static int unlbl_del(int argc, char *argv[])

{

	uint32_t iter;

	uint8_t def_flag = 0;

	nlbl_netdev dev = NULL;

	struct nlbl_netaddr addr;

	/* sanity checks */

	if (argc <= 0 || argv == NULL || argv[0] == NULL)

		return -EINVAL;

	memset(&addr, 0, sizeof(addr));

	/* parse the arguments */

	for (iter = 0; iter < argc && argv[iter] != NULL; iter++) {

		if (strncmp(argv[iter], "interface:", 10) == 0) {

			dev = argv[iter] + 10;

		} else if (strncmp(argv[iter], "default", 7) == 0) {

			def_flag = 1;

		} else if (strncmp(argv[iter], "address:", 8) == 0) {

			if (nlctl_addr_parse(argv[iter] + 8, &addr) != 0)

				return -EINVAL;

		}

	}

	/* add the mapping */

	if (def_flag != 0)

		return nlbl_unlbl_staticdeldef(NULL, &addr);

	else

		return nlbl_unlbl_staticdel(NULL, dev, &addr);

}

/**

 * Entry point for the NetLabel unlabeled functions

 * @param argc the number of arguments

 * @param argv the argument list

 *

 * Parses the argument list and performs the requested operation.  Returns zero

 * on success, negative values on failure.

 *

 */

int unlbl_main(int argc, char *argv[])

{

	int rc;

	/* sanity checks */

	if (argc <= 0 || argv == NULL || argv[0] == NULL)

		return -EINVAL;

	/* handle the request */

	if (strcmp(argv[0], "accept") == 0) {

		/* accept flag */

		rc = unlbl_accept(argc - 1, argv + 1);

	} else if (strcmp(argv[0], "list") == 0) {

		/* list */

		rc = unlbl_list();

	} else if (strcmp(argv[0], "add") == 0) {

		/* add */

		rc = unlbl_add(argc - 1, argv + 1);

	} else if (strcmp(argv[0], "del") == 0) {

		/* del */

		rc = unlbl_del(argc - 1, argv + 1);

	} else {

		/* unknown request */

		rc = -EINVAL;

	}

	return rc;

}