#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <tlmplib.h>
#include <tlmpdia.h>
#include "userfirewall.h"
#include "userfirewall.m"
#undef ERR
#include <signal.h>
#include <popen.h>

static const char *signal_user = NULL;
static const char *signal_ip = NULL;
static const char *signal_cmd = NULL;


static void firelogin_updfw ()
{
	if (signal_cmd != NULL && misc_lock()!=-1){
fprintf (stderr,"updfw %s\n",signal_cmd);
		POPEN pop (signal_cmd);
		if (pop.isok()) pop.wait(20);
		misc_unlock();
	}
}

static void signal_end(int no)
{
fprintf (stderr,"signal_end %d\n",no);
	if (signal_user != NULL){
		misc_logout (signal_user,signal_ip);
		firelogin_updfw();
	}
	_exit (-1);
}

<mod>
static int firelogin_getsrc(int pid, char ip[20])
{
	<glocal>
		char *ip;
		int ret;
		int pid;
	</glocal>
	glocal.ip = ip;
	glocal.ret = -1;
	glocal.pid = pid;
	ip[0] = '\0';
	<call walkpopen>("netstat","-atpn",20);
		<f oneline>
			char tb[7][100];
			if (sscanf(line,"%s %s %s %s %s %s %s",tb[0],tb[1],tb[2]
				,tb[3],tb[4],tb[5],tb[6])==7
				&& strcmp(tb[0],"tcp")==0){
				int n = atoi(tb[6]);
				if (n == glocal.pid){
					char *pt = strchr(tb[4],':');
					if (pt != NULL) *pt = '\0';
					strcpy (glocal.ip,tb[4]);
					glocal.ret = 0;
				}
			}
			return 0;
		</f>
	</call>
	return glocal.ret;
}
</mod>

<mod>
int main (int argc, char *argv[])
{
	<glocal>
		bool authenticated;
		SSTRING id,sha,groups;
		const char *cmd;
	</glocal>
	glocal.cmd = NULL;
	signal (SIGHUP,signal_end);
	signal (SIGINT,signal_end);
	signal (SIGKILL,signal_end);
	signal (SIGTERM,signal_end);
	glocal.authenticated = false;
	linuxconf_loadmsg ("userfirewall",PACKAGE_REV);
	static const char *tbempty[]={NULL};
	int ret = <call tlmpprogram>(argc,argv,tbempty);
		<f usage>
			xconf_notice (MSG_U(I_FIRELOGINUSAGE
				,"firelogin is an interactive utility to request access\n"
				 "to a network. It has a single commmand line option\n"
				 "\n"
				 "--updfw \"command to update the firewall\"\n"));
		</f>
		<f onearg>
			int ret = -1;
			if (strcmp(opt,"--updfw")==0){
				glocal.cmd = val;
				ret = 1;
			}
			return ret;
		</f>
		<f main_noarg>
			int ret = -1;
			int retry = 0;
			DIALOG dia;
			dia.newf_str (MSG_R(F_ID),glocal.id);
			dia.last_noempty();
			SSTRING pass;
			dia.newf_pass (MSG_R(F_PASSWORD),pass);
			dia.last_noempty();
			int nof = 0;
			while (1){
				MENU_STATUS code = dia.edit(MSG_U(T_FIRELOGIN,"Network login")
					,MSG_U(I_FIRELOGIN
						,"You must provide your user ID and password\n"
						 "to get access to network services")
					,help_nil
					,nof);
				if (code == MENU_CANCEL || code == MENU_ESCAPE){
					break;
				}else{
					misc_sha (pass.get(),glocal.sha);
					<call loadfile>("/etc/userfirewall/users.conf",true);
						<f oneline>
							int ret = 0;
							SSTRINGS tb;
							if (misc_splitline(line,':',tb)==7){
								if (tb.getitem(0)->cmp(glocal.id)==0){
									ret = -1;
									if (tb.getitem(1)->cmp(glocal.sha)==0){
										glocal.authenticated = true;
										glocal.groups.setfrom(tb.getitem(3)->get());
									}
								}
							}
							return ret;
						</f>
					</call>
					if (glocal.authenticated){
						dia.hide();
						char ip[20];
						if (firelogin_getsrc (getpid(),ip)==-1){
							firelogin_getsrc (getppid(),ip);
						}
						// We add the information in the status file
						misc_login (glocal.id.get(),ip,glocal.groups.get());
						signal_user = glocal.id.get();
						signal_ip = ip;
						signal_cmd = glocal.cmd;
						firelogin_updfw();
						xconf_notice (MSG_U(N_LOGGED
							,"Your network access is now enabled\n"
							 "Hit OK to end the session"));
						// We remove it from the status file
						misc_logout (glocal.id.get(),ip);
						firelogin_updfw();
						ret = 0;
						break;
					}else{
						pass.setfrom ("");
						sleep (2);
						xconf_error (MSG_U(E_IVLDPASS,"Invalid password"));
						retry ++;
						if (retry == 3) break;
						dia.reload();
					}

				}
			}
			return ret;
		</f>
	</call>
	return ret;
}