#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include "userfirewall.h"
#include "userfirewall.m"
#include <tlmplib.h>
#include <tlmpnet.h>

<mod>
static int fire_answer (
	const char *id,
	const char *challenge,
	SSTRING &answer)
{
	int ret = -1;
	glocal const char *id = id;
	glocal SSTRING secret;
	<call loadfile>("/etc/userfirewall/suppliers.conf",true);
	<f oneline>
		int ret = 0;
		SSTRINGS tb;
		int nb = str_splitline (line,':',tb);
		if (nb == 2 && tb.getitem(0)->cmp(glocal.id)==0){
			glocal.secret.setfrom(tb.getitem(1)->get());
			ret = -1;
		}
		return ret;
		</f>
	</call>
	if (glocal.secret.is_filled()){
		// Ok we have the challenge
		answer.setfrom (challenge);
		answer.strip_end();
		answer.append (glocal.secret);
		misc_sha (answer.get(),answer);
		ret = 0;
	}else{
		fprintf (stderr,MSG_U(E_NOSECRET,"No secret for id %s\n"),id);
		syslog (LOG_ERR,MSG_R(E_NOSECRET),id);
	}
	return ret;
}
</mod>

<mod>
int main (int argc, char *argv[])
{
	glocal const char *fhost = NULL;
	glocal const char *port = "999";
	glocal const char *id = NULL;
	glocal bool is_pipe = false;
	glocal int timeout = 10;

	openlog ("firesendid",LOG_PID,LOG_DAEMON);
	int ret = <call tlmpprogram>(argc,argv,"userfirewall");
	<f init>
		setproginfo ("firesendid",version
			,MSG_U(I_FIRESENDID
				,"Send a firewall change request\n"
				 "\n"
				 "firesendid options --pipe\n"
				 "firesendid options login userid IP number [ group ... ]\n"
				 "firesendid options logout userid IP number [ group ... ]\n"
				 "firesendid options reset\n"
			));
		setarg ('h',"fhost",MSG_U(I_FHOST,"Firewall server"),glocal.fhost,true);
		setarg ('p',"port",MSG_U(I_FPORT,"Server TCP port"),glocal.port,false);
		setarg ('i',"id",MSG_U(I_ID,"Supplier ID (secret)"),glocal.id,true);
		setarg ('t',"timeout",MSG_U(I_TIMEOUT,"Time out"),glocal.timeout,false);
		setarg ('P',"pipe",MSG_U(I_PIPE,"Receive commands from a standard input"),glocal.is_pipe,false);
	</f>
	<f main_noarg>
		return main (0,NULL);
	</f>
	<f main>
		glocal int ret = -1;
		if (glocal.id == NULL){
			fprintf (stderr,MSG_U(E_MISSID,"Missing option --id\n"));
			usage();
		}else if (glocal.fhost == NULL){
			fprintf (stderr,MSG_U(E_MISSHOST,"Missing option --fhost\n"));
			usage();
		}else{
			glocal int argc = argc;
			glocal char **argv = argv;
			glocal int state = 0;
			<call tcpconnect>(glocal.fhost,glocal.port,glocal.timeout);
			<f time_out>
				syslog (LOG_ERR,MSG_U(E_TIMEOUT
					,"Timeout while talking to %s. state=%d. Ending connection")
					,info.host,glocal.state);
				end = true;
			</f>
			<f fail>
				fprintf (stderr,MSG_U(E_NOCONNECT,"Connection failed to the firewall %s\n")
					,info.host);
				syslog (LOG_ERR,MSG_R(E_NOCONNECT),info.host);
			</f>
			<f init>
				glocal.state++;
			</f>
			<f oneline>
				// Ok, we have received the challenge
				SSTRING answer;
				glocal.state++;
				if (fire_answer(glocal.id,line,answer)!=-1){
					sendf ("%s %s\n",glocal.id,answer.get());
					if (glocal.argc > 0){
						int len = 2;	// Space for newline
						for (int i=0; i<glocal.argc; i++){
							len += 1 + strlen(glocal.argv[i]);
						}
						char buf[len];
						char *pt = buf;
						for (int i=0; i<glocal.argc; i++){
							if (i>0) *pt++ = ' ';
							pt = stpcpy (pt,glocal.argv[i]);
						}
						*pt++ = '\n';
						send (buf,(int)(pt-buf));
					}else if (glocal.is_pipe){
						char buf[1000];
						while (fgets(buf,sizeof(buf)-1,stdin)!=NULL){
							send (buf);
						}
					}
					glocal.ret = 0;
				}
				end = true;
			</f>
			<f end>
				// The server closed the connection
				syslog (LOG_ERR,MSG_U(E_SERVEREND
					,"Server %s closed the connection")
					,info.host);
			</f>
			</call>
		}
		return glocal.ret;
	</f>
	</call>
	return ret;
}
</mod>