/* ifpermit.c
 *
 * Copyright (c) 2024 Apple Inc. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Implementation of a permitted interface list object, which maintains a list of
 * interfaces on which we are permitted to provide some service.
 */

#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include <pwd.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <time.h>
#include <dns_sd.h>
#include <net/if.h>
#include <inttypes.h>
#include <sys/resource.h>
#include <netinet/icmp6.h>
#include "srp.h"
#include "ifpermit.h"
#include "dns-msg.h"
#include "ioloop.h"
#include "srp-mdns-proxy.h"

// If we aren't able to allocate a permitted interface list, we still need to return a non-NULL value so that we don't
// fail open. So all of these functions need to treat this particular value as special but not dereference it.
#define PERMITTED_INTERFACE_LIST_BLOCKED (ifpermit_list_t *)1

typedef struct ifpermit_name ifpermit_name_t;
struct ifpermit_name {
    ifpermit_name_t *next;
    char *name; // Interface name
    uint32_t ifindex; // Interface index
    int count;        // Number of permittors for this interface
};

struct ifpermit_list {
	int ref_count;
    ifpermit_name_t *names;
};

void
ifpermit_list_add(ifpermit_list_t *permits, const char *name)
{
	if (permits == PERMITTED_INTERFACE_LIST_BLOCKED) {
		ERROR("blocked permit list when adding " PUB_S_SRP, name);
        return;
	}
    ifpermit_name_t **pname = &permits->names;
    ifpermit_name_t *permit_name;
    while (*pname != NULL) {
        permit_name = *pname;
        if (!strcmp(name, permit_name->name)) {
        success:
            permit_name->count++;
            INFO("%d permits for interface " PUB_S_SRP " with index %d", permit_name->count, name, permit_name->ifindex);
            return;
        }
        pname = &permit_name->next;
    }
    permit_name = calloc(1, sizeof(*permit_name));
    if (permit_name != NULL) {
        permit_name->name = strdup(name);
        if (permit_name->name == NULL) {
            free(permit_name);
            permit_name = NULL;
        } else {
            permit_name->ifindex = if_nametoindex(name);
            if (permit_name->ifindex == 0) {
                ERROR("if_nametoindex for interface " PUB_S_SRP " returned 0.", name);
                free(permit_name->name);
                free(permit_name);
                return;
            }
            *pname = permit_name;
            goto success;
        }
    }
    ERROR("no memory to add permit for " PUB_S_SRP, name);
}

void
ifpermit_list_remove(ifpermit_list_t *permits, const char *name)
{
	if (permits == PERMITTED_INTERFACE_LIST_BLOCKED) {
		ERROR("blocked permit list when removing " PUB_S_SRP, name);
        return;
    }
    ifpermit_name_t **pname = &permits->names;
    ifpermit_name_t *permit_name;
    while (*pname != NULL) {
        permit_name = *pname;
        if (!strcmp(name, permit_name->name)) {
            permit_name->count--;
            INFO("%d permits for interface " PUB_S_SRP " with index %d", permit_name->count, name, permit_name->ifindex);
            if (permit_name->count == 0) {
                *pname = permit_name->next;
                free(permit_name->name);
                free(permit_name);
            }
            return;
        }
        pname = &permit_name->next;
    }

    FAULT("permit remove for interface " PUB_S_SRP " which does not exist", name);
}

static void
ifpermit_list_finalize(ifpermit_list_t *list)
{
    if (list != NULL && list != PERMITTED_INTERFACE_LIST_BLOCKED) {
        ifpermit_name_t *names = list->names, *next = NULL;
        while (names != NULL) {
            next = names->next;
            free(names->name);
            free(names);
            names = next;
        }
        free(list);
    }
}

void
ifpermit_list_retain_(ifpermit_list_t *list, const char *file, int line)
{
    if (list != NULL && list != PERMITTED_INTERFACE_LIST_BLOCKED) {
        RETAIN(list, ifpermit_list);
    }
}

void
ifpermit_list_release_(ifpermit_list_t *list, const char *file, int line)
{
    if (list != NULL && list != PERMITTED_INTERFACE_LIST_BLOCKED) {
        RELEASE(list, ifpermit_list);
    }
}

ifpermit_list_t *
ifpermit_list_create_(const char *file, int line)
{
    ifpermit_list_t *permits = calloc(1, sizeof(*permits));
    if (permits == NULL) {
        return PERMITTED_INTERFACE_LIST_BLOCKED;
    }
    RETAIN(permits, ifpermit_list);
    return permits;
}

bool
ifpermit_interface_is_permitted(ifpermit_list_t *permits, uint32_t ifindex)
{
    if (permits != NULL && permits != PERMITTED_INTERFACE_LIST_BLOCKED) {
        for (ifpermit_name_t *name = permits->names; name != NULL; name = name->next) {
            if (name->ifindex == ifindex) {
                return true;
            }
        }
    }
    return false;
}

void ifpermit_add_permitted_interface_to_server_(srp_server_t *NONNULL server_state, const char *NONNULL name,
                                                 const char *file, int line)
{
    if (server_state->permitted_interfaces == NULL) {
        server_state->permitted_interfaces = ifpermit_list_create_(file, line);
    }
    ifpermit_list_add(server_state->permitted_interfaces, name);
}

// Local Variables:
// mode: C
// tab-width: 4
// c-file-style: "bsd"
// c-basic-offset: 4
// fill-column: 120
// indent-tabs-mode: nil
// End: