/*

   nsswitch.c - functions for parsing /etc/nsswitch.conf

   Copyright (C) 2011-2015 Arthur de Jong

   This library is free software; you can redistribute it and/or

   modify it under the terms of the GNU Lesser General Public

   License as published by the Free Software Foundation; either

   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public

   License along with this library; if not, write to the Free Software

   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

   02110-1301 USA

*/

#include "config.h"

#include <stdio.h>

#include <string.h>

#include <ctype.h>

#include <errno.h>

#include <sys/stat.h>

#include <unistd.h>

#include <time.h>

#include "common.h"

#include "log.h"

/* the cached value of whether shadow lookups use LDAP in nsswitch.conf */

#define NSSWITCH_FILE "/etc/nsswitch.conf"

#define CACHED_UNKNOWN 22

static int cached_shadow_uses_ldap = CACHED_UNKNOWN;

static time_t cached_shadow_lastcheck = 0;

#define CACHED_SHADOW_TIMEOUT (60)

static time_t nsswitch_mtime = 0;

/* the maximum line length supported of nsswitch.conf */

#define MAX_LINE_LENGTH          4096

/* check whether /etc/nsswitch.conf should be related to update

   cached_shadow_uses_ldap */

void nsswitch_check_reload(void)

{

  struct stat buf;

  time_t t;

  if ((cached_shadow_uses_ldap != CACHED_UNKNOWN) &&

      ((t = time(NULL)) > (cached_shadow_lastcheck + CACHED_SHADOW_TIMEOUT)))

  {

    cached_shadow_lastcheck = t;

    if (stat(NSSWITCH_FILE, &buf))

    {

      log_log(LOG_ERR, "stat(%s) failed: %s", NSSWITCH_FILE, strerror(errno));

      /* trigger a recheck anyway */

      cached_shadow_uses_ldap = CACHED_UNKNOWN;

      return;

    }

    /* trigger a recheck if file changed */

    if (buf.st_mtime != nsswitch_mtime)

    {

      nsswitch_mtime = buf.st_mtime;

      cached_shadow_uses_ldap = CACHED_UNKNOWN;

    }

  }

}

/* see if the line is a service definition for db and return a pointer to

   the beginning of the services list if it is */

static const char *find_db(const char *line, const char *db)

{

  int i;

  i = strlen(db);

  /* the line should begin with the db we're looking for */

  if (strncmp(line, db, i) != 0)

    return NULL;

  /* followed by a : */

  while (isspace(line[i]))

    i++;

  if (line[i] != ':')

    return NULL;

  i++;

  while (isspace(line[i]))

    i++;

  return line + i;

}

/* check to see if the list of services contains the specified service */

static int has_service(const char *services, const char *service,

                       const char *filename, int lnr)

{

  int i = 0, l;

  if (services == NULL)

    return 0;

  l = strlen(service);

  while (services[i] != '\0')

  {

    /* skip spaces */

    while (isspace(services[i]))

      i++;

    /* check if this is the service */

    if ((strncmp(services + i, service, l) == 0) && (!isalnum(services[i + l])))

      return 1;

    /* skip service name and spaces */

    i++;

    while (isalnum(services[i]))

      i++;

    while (isspace(services[i]))

      i++;

    /* skip action mappings */

    if (services[i] == '[')

    {

      i++; /* skip [ */

      while ((services[i] != ']') && (services[i] != '\0'))

        i++;

      if (services[i] != ']')

      {

        log_log(LOG_WARNING, "%s: error parsing line %d", filename, lnr);

        return 0; /* parse error */

      }

      i++; /* skip ] */

    }

  }

  return 0;

}

static int shadow_uses_ldap(void)

{

  FILE *fp;

  int lnr = 0;

  char linebuf[MAX_LINE_LENGTH];

  const char *services;

  int shadow_found = 0;

  int passwd_has_ldap = 0;

  /* open config file */

  if ((fp = fopen(NSSWITCH_FILE, "r")) == NULL)

  {

    log_log(LOG_ERR, "cannot open %s: %s", NSSWITCH_FILE, strerror(errno));

    return 0;

  }

  /* read file and parse lines */

  while (fgets(linebuf, sizeof(linebuf), fp) != NULL)

  {

    lnr++;

    /* see if we have a shadow line */

    services = find_db(linebuf, "shadow");

    if (services != NULL)

    {

      shadow_found = 1;

      if (has_service(services, MODULE_NAME, NSSWITCH_FILE, lnr))

      {

        fclose(fp);

        return 1;

      }

    }

    /* see if we have a passwd line */

    services = find_db(linebuf, "passwd");

    if (services != NULL)

      passwd_has_ldap = has_service(services, MODULE_NAME, NSSWITCH_FILE, lnr);

  }

  fclose(fp);

  if (shadow_found)

    return 0;

  return passwd_has_ldap;

}

/* check whether shadow lookups are configured to use ldap */

int nsswitch_shadow_uses_ldap(void)

{

  if (cached_shadow_uses_ldap == CACHED_UNKNOWN)

  {

    log_log(LOG_INFO, "(re)loading %s", NSSWITCH_FILE);

    cached_shadow_uses_ldap = shadow_uses_ldap();

    cached_shadow_lastcheck = time(NULL);

  }

  return cached_shadow_uses_ldap;

}