/*
 *
 *  Connection Manager
 *
 *  Copyright (C) 2007-2010  Intel Corporation. All rights reserved.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2 as
 *  published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 */

/*
 * Support for vpn plugins.  Common code to manage a provider object,
 * tun device and a task associated with an external vpn process.  The
 * vpn plugin is responsible for launching the external process and
 * handling notification callbacks to clock the provider state machine.
 *
 * TODO(sleffler) seems to make more sense in src than plugins
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
#include <stdio.h>
#include <errno.h>
#include <stdint.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <linux/if_tun.h>
#include <net/if.h>

#include <dbus/dbus.h>

#include <glib.h>

#include <connman/provider.h>
#include <connman/log.h>
#include <connman/rtnl.h>
#include <connman/task.h>
#include <connman/inet.h>

#include "vpn.h"

#define _DBG_VPN(fmt, arg...) DBG(DBG_VPN, fmt, ## arg)

struct vpn_data {
	struct connman_provider *provider;
	char *if_name;
	unsigned flags;
	struct connman_rtnl rtnl;
	enum vpn_state state;
	struct connman_task *task;
	void *vpn_specific_data;
};

struct vpn_driver_data {
	const char *name;
	const char *program;
	struct vpn_driver *vpn_driver;
	struct connman_provider_driver provider_driver;
};

static GHashTable *driver_hash = NULL;

static int kill_tun(struct connman_provider *provider)
{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	struct ifreq ifr;
	int fd, err;

	if (data == NULL)
		return -1;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver !=NULL &&
		vpn_driver_data->vpn_driver->flags == VPN_FLAG_NO_TUN)
		return 0;

	memset(&ifr, 0, sizeof(ifr));
	ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
	strncpy(ifr.ifr_name, data->if_name, sizeof(ifr.ifr_name));

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0) {
		err = -errno;
		connman_error("Failed to open /dev/net/tun to device %s: %s",
			      data->if_name, strerror(errno));
		return err;
	}

	if (ioctl(fd, TUNSETIFF, (void *)&ifr)) {
		err = -errno;
		connman_error("Failed to TUNSETIFF for device %s to it: %s",
			      data->if_name, strerror(errno));
		close(fd);
		return err;
	}

	if (ioctl(fd, TUNSETPERSIST, 0)) {
		err = -errno;
		connman_error("Failed to set tun device %s nonpersistent: %s",
			      data->if_name, strerror(errno));
		close(fd);
		return err;
	}
	close(fd);
	_DBG_VPN("Killed tun device %s", data->if_name);
	return 0;
}

void vpn_died(struct connman_task *task, void *user_data,
    enum connman_provider_error error)
{
	struct connman_provider *provider = user_data;
	struct vpn_data *data = connman_provider_get_data(provider);

	_DBG_VPN("provider %p data %p", provider, data);

	if (data != NULL) {
		kill_tun(provider);
		connman_provider_set_data(provider, NULL);
		connman_rtnl_unregister(&data->rtnl);

		_DBG_VPN("provider %p vpn state %d", provider, data->state);
		switch (data->state) {
		case VPN_STATE_CONNECT:
		case VPN_STATE_RECONNECT:
			connman_provider_indicate_error(provider, error);
			break;
		default:
			connman_provider_set_state(provider,
						CONNMAN_PROVIDER_STATE_IDLE);
			break;
		}
	}

	connman_provider_set_index(provider, -1);
	connman_provider_set_interface(provider, NULL);
	if (data != NULL) {
		connman_provider_unref(data->provider);
		g_free(data);
	}

	connman_task_destroy(task);
}

int vpn_set_ifname(struct connman_provider *provider, const char *ifname)
{
	struct vpn_data *data = connman_provider_get_data(provider);
	int index;

	_DBG_VPN("provider %p ifname %s", provider, ifname);

	if (data == NULL) {
		_DBG_VPN("%s: provider data not accessible", __func__);
		return -EIO;
	}

	if (ifname == NULL) {
		_DBG_VPN("%s: ifname not provided", __func__);
		return -EIO;
	}

	index = connman_inet_ifindex(ifname);
	if (index < 0) {
		_DBG_VPN("%s: could not get ifindex from %s", __func__, ifname);
		return -EIO;
	}

	data->if_name = (char *)g_strdup(ifname);
	connman_provider_set_index(provider, index);
	connman_provider_set_interface(provider, data->if_name);

	return 0;
}

void *vpn_get_specific_data(struct connman_provider *vpn)
{
	struct vpn_data *data;

	data = connman_provider_get_data(vpn);
	if (data == NULL)
		return NULL;
	return data->vpn_specific_data;
}

void vpn_set_specific_data(struct connman_provider *vpn,
			   void *vpn_specific_data)
{
	struct vpn_data *data;

	data = connman_provider_get_data(vpn);
	if (data == NULL)
		return;
	data->vpn_specific_data = vpn_specific_data;
}

static void vpn_newlink(void *user_data, int index, unsigned short type,
    const char *ifname, unsigned flags, int change)
{
	struct connman_provider *provider = user_data;
	struct vpn_data *data;

	data = connman_provider_get_data(provider);
	_DBG_VPN("provider %p vpn state %d cur flags 0x%x new flags 0x%x",
	    provider, data->state, data->flags, flags);

	if ((data->flags & IFF_UP) != (flags & IFF_UP)) {
		if (flags & IFF_UP) {
			data->state = VPN_STATE_READY;
			connman_provider_set_state(provider,
					CONNMAN_PROVIDER_STATE_READY);
		}
	}
	data->flags = flags;
}

static DBusMessage *vpn_notify(struct connman_task *task,
			DBusMessage *msg, void *user_data)
{
	struct connman_provider *provider = user_data;
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	enum vpn_state state;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
	if (vpn_driver_data == NULL)
		return NULL;

	/*
	 * NB: Drivers return a state value but it's just used
	 * to determine success/failure (i.e. it does not, for
	 * example, indicate the new state of the vpn).  This is
	 * inherited from upstream and should be re-done...
	 */
	state = vpn_driver_data->vpn_driver->notify(msg, provider);
	if (state != VPN_STATE_CONNECT) {
		connman_provider_set_state(provider,
					CONNMAN_PROVIDER_STATE_DISCONNECT);
		return NULL;
	}

	if (data->state == VPN_STATE_CONNECT) {
		data->rtnl.index = connman_provider_get_index(provider);
		connman_rtnl_register(&data->rtnl);
		connman_inet_ifup(data->rtnl.index);
	} else if (data->state == VPN_STATE_RECONNECT) {
		data->state = VPN_STATE_READY;
		connman_provider_set_state(provider,
					CONNMAN_PROVIDER_STATE_READY);
	}
	return NULL;
}

void vpn_reconnect(struct connman_provider *provider)
{
	struct vpn_data *data = connman_provider_get_data(provider);

	if (data == NULL) {
		connman_error("%s: no vpn data for provider %p",
		    __func__, provider);
		return;
	}
	/* drop default route, et al so vpn can re-resolve remote hostnames */
	connman_provider_ipconfig_clear(provider);

	data->state = VPN_STATE_RECONNECT;
	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);
}

static int vpn_create_tun(struct connman_provider *provider)
{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct ifreq ifr;
	int i, fd, index;
	int ret = 0;

	if (data == NULL) {
		connman_error("%s: called out of order", __func__);
		return -EIO;
	}

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0) {
		i = -errno;
		connman_error("%s: failed to open /dev/net/tun: %s",
			      __func__, strerror(errno));
		ret = i;
		goto exist_err;
	}

	memset(&ifr, 0, sizeof(ifr));
	ifr.ifr_flags = IFF_TUN | IFF_NO_PI;

	for (i = 0; i < 256; i++) {
		sprintf(ifr.ifr_name, "vpn%d", i);

		if (!ioctl(fd, TUNSETIFF, (void *)&ifr))
			break;
	}

	if (i == 256) {
		connman_error("%s: failed to find available tun device",
			      __func__);
		close(fd);
		ret = -ENODEV;
		goto exist_err;
	}

	data->if_name = (char *)g_strdup(ifr.ifr_name);
	if (!data->if_name) {
		ret = -ENOMEM;
		goto exist_err;
	}

	if (ioctl(fd, TUNSETPERSIST, 1)) {
		i = -errno;
		connman_error("%s: failed to set tun persistent: %s",
			      __func__, strerror(errno));
		close(fd);
		ret = i;
		goto exist_err;
	}

	close(fd);

	index = connman_inet_ifindex(data->if_name);
	if (index < 0) {
		connman_error("%s: failed to get tun ifindex", __func__);
		kill_tun(provider);
		ret = -EIO;
		goto exist_err;
	}
	connman_provider_set_index(provider, index);
	connman_provider_set_interface(provider, data->if_name);

	return 0;

exist_err:
	return ret;
}

static int vpn_connect(struct connman_provider *provider)
{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;
	int ret = 0;

	if (data != NULL) {
		_DBG_VPN("%s: data != NULL", __func__);
		return -EISCONN;
	}

	data = g_try_new0(struct vpn_data, 1);
	if (data == NULL)
		return -ENOMEM;

	data->provider = connman_provider_ref(provider);
	data->flags = 0;
	data->task = NULL;
	data->state = VPN_STATE_IDLE;

	/* NB: index set when register'ing, may not be available here */
	RTNL_INIT(&data->rtnl,
	    connman_provider_get_ident(provider),	/* name */
	    CONNMAN_RTNL_PRIORITY_DEFAULT,		/* priority */
	    CONNMAN_RTNL_DEVICE_ANY,
	    provider					/* private */
	);
	data->rtnl.newlink = vpn_newlink;

	connman_provider_set_data(provider, data);

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);

	if (vpn_driver_data != NULL && vpn_driver_data->vpn_driver != NULL &&
		vpn_driver_data->vpn_driver->flags != VPN_FLAG_NO_TUN) {

		ret = vpn_create_tun(provider);
		if (ret < 0)
			goto exist_err;
	}

	data->task = connman_task_create(vpn_driver_data->program);

	if (data->task == NULL) {
		ret = -ENOMEM;
		kill_tun(provider);
		goto exist_err;
	}

	if (connman_task_set_notify(data->task, "notify",
					vpn_notify, provider)) {
		ret = -ENOMEM;
		kill_tun(provider);
		connman_task_destroy(data->task);
		data->task = NULL;
		goto exist_err;
	}

	ret = vpn_driver_data->vpn_driver->connect(provider, data->task,
							data->if_name);
	if (ret < 0) {
		kill_tun(provider);
		connman_task_destroy(data->task);
		data->task = NULL;
		goto exist_err;
	}

	_DBG_VPN("%s started with dev %s",
		vpn_driver_data->provider_driver.name, data->if_name);

	data->state = VPN_STATE_CONNECT;

	connman_provider_set_state(provider, CONNMAN_PROVIDER_STATE_CONNECT);

	return -EINPROGRESS;

exist_err:
	connman_provider_set_index(provider, -1);
	connman_provider_set_interface(provider, NULL);
	connman_provider_set_data(provider, NULL);
	connman_provider_unref(data->provider);
	g_free(data);

	return ret;
}

static int vpn_probe(struct connman_provider *provider)
{
	return 0;
}

static int vpn_disconnect(struct connman_provider *provider)
{
	struct vpn_data *data = connman_provider_get_data(provider);
	struct vpn_driver_data *vpn_driver_data;
	const char *name;

	_DBG_VPN("disconnect provider %p data %p", provider, data);

	if (data == NULL)
		return 0;

	name = connman_provider_get_driver_name(provider);
	vpn_driver_data = g_hash_table_lookup(driver_hash, name);
	if (vpn_driver_data->vpn_driver->disconnect)
		vpn_driver_data->vpn_driver->disconnect();

	connman_rtnl_unregister(&data->rtnl);

	data->state = VPN_STATE_DISCONNECT;
	connman_task_stop(data->task);

	return 0;
}

static int vpn_remove(struct connman_provider *provider)
{
	struct vpn_data *data;

	data = connman_provider_get_data(provider);
	if (data == NULL)
		return 0;

	connman_rtnl_unregister(&data->rtnl);
	connman_task_stop(data->task);

	g_usleep(G_USEC_PER_SEC);
	kill_tun(provider);
	connman_provider_set_data(provider, NULL);
	return 0;
}

int vpn_register(const char *name, struct vpn_driver *vpn_driver,
			const char *program)
{
	struct vpn_driver_data *data;

	_DBG_VPN("name %s program %s", name, program);

	data = g_try_new0(struct vpn_driver_data, 1);
	if (data == NULL)
		return -ENOMEM;

	data->name = name;
	data->program = program;

	data->vpn_driver = vpn_driver;

	data->provider_driver.name = name;
	data->provider_driver.disconnect = vpn_disconnect;
	data->provider_driver.connect = vpn_connect;
	data->provider_driver.probe = vpn_probe;
	data->provider_driver.remove = vpn_remove;
	data->provider_driver.append_props = vpn_driver->append_props;
	data->provider_driver.save_props = vpn_driver->save_props;
	data->provider_driver.load_props = vpn_driver->load_props;

	if (driver_hash == NULL) {
		driver_hash = g_hash_table_new_full(g_str_hash,
							g_str_equal,
							NULL, g_free);
	}

	g_hash_table_insert(driver_hash, (char *)name, data);

	connman_provider_driver_register(&data->provider_driver);

	return 0;
}

void vpn_unregister(const char *name)
{
	struct vpn_driver_data *data;

	data = g_hash_table_lookup(driver_hash, name);
	if (data == NULL)
		return;

	connman_provider_driver_unregister(&data->provider_driver);

	g_hash_table_remove(driver_hash, name);

	if (g_hash_table_size(driver_hash) == 0)
		g_hash_table_destroy(driver_hash);
}