/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Library General Public License as
   published by the Free Software Foundation; either version 2 of the
   License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Library General Public License for more details.

   You should have received a copy of the GNU Library General Public
   License along with the GNU C Library; see the file COPYING.LIB.  If not,
   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.  */

#include <nss.h>
#include <pwd.h>
#include <ctype.h>
#include <errno.h>
#include <string.h>
#include <bits/libc-lock.h>
#include <rpcsvc/yp.h>
#include <rpcsvc/ypclnt.h>

#include "nss-nis.h"

/* Get the declaration of the parser function.  */
#define ENTNAME pwent
#define STRUCTURE passwd
#define EXTERN_PARSER
#include <nss/nss_files/files-parse.c>

/* Protect global state against multiple changers */
__libc_lock_define_initialized (static, lock)

static bool_t new_start = 1;
static char *oldkey = NULL;
static int oldkeylen = 0;

enum nss_status
_nss_nis_setpwent (void)
{
  __libc_lock_lock (lock);

  new_start = 1;
  if (oldkey != NULL)
    {
      free (oldkey);
      oldkey = NULL;
      oldkeylen = 0;
    }

  __libc_lock_unlock (lock);

  return NSS_STATUS_SUCCESS;
}

enum nss_status
_nss_nis_endpwent (void)
{
  __libc_lock_lock (lock);

  new_start = 1;
  if (oldkey != NULL)
    {
      free (oldkey);
      oldkey = NULL;
      oldkeylen = 0;
    }

  __libc_lock_unlock (lock);

  return NSS_STATUS_SUCCESS;
}

static enum nss_status
internal_nis_getpwent_r (struct passwd *pwd, char *buffer, size_t buflen,
			 int *errnop)
{
  struct parser_data *data = (void *) buffer;
  char *domain;
  int parse_res;

  if (yp_get_default_domain (&domain))
    return NSS_STATUS_UNAVAIL;

  /* Get the next entry until we found a correct one. */
  do
    {
      enum nss_status retval;
      char *result, *outkey, *result2, *p;
      int len, keylen, len2;
      size_t namelen;

      if (new_start)
        retval = yperr2nss (yp_first (domain, "passwd.byname",
                                      &outkey, &keylen, &result, &len));
      else
        retval = yperr2nss ( yp_next (domain, "passwd.byname",
                                      oldkey, oldkeylen,
                                      &outkey, &keylen, &result, &len));

      if (retval != NSS_STATUS_SUCCESS)
        {
	  if (retval == NSS_STATUS_NOTFOUND)
	    *errnop = ENOENT;
          else if (retval == NSS_STATUS_TRYAGAIN)
            *errnop = errno;
          return retval;
        }

      /* Check for adjunct style secret passwords.  They can be
	 recognized by a password starting with "##".  */
      p = strchr (result, ':');
      if (p != NULL	/* This better should be true in all cases.  */
	  && p[1] == '#' && p[2] == '#'
	  && (namelen = p - result,
	      yp_match (domain, "passwd.adjunct.byname", result, namelen,
			&result2, &len2)) == YPERR_SUCCESS)
	{
	  /* We found a passwd.adjunct entry.  Merge encrypted
	     password therein into original result.  */
	  char *encrypted = strchr (result2, ':');
	  char *endp;
	  size_t restlen;

	  if (encrypted == NULL
	      || (endp = strchr (++encrypted, ':')) == NULL
	      || (p = strchr (p + 1, ':')) == NULL)
	    {
	      /* Invalid format of the entry.  This never should happen
		 unless the data from which the NIS table is generated is
		 wrong.  We simply ignore it.  */
	      free (result2);
	      goto non_adjunct;
	    }

	  restlen = len - (p - result);
	  if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
	    {
	      free (result2);
	      free (result);
	      *errnop = ERANGE;
	      return NSS_STATUS_TRYAGAIN;
	    }

	  __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
					   ":", 1),
				encrypted, endp - encrypted),
		     p, restlen + 1);
	  p = buffer;

	  free (result2);
	}
      else
	{
	non_adjunct:
	  if ((size_t) (len + 1) > buflen)
	    {
	      free (result);
	      *errnop = ERANGE;
	      return NSS_STATUS_TRYAGAIN;
	    }

	  p = strncpy (buffer, result, len);
	  buffer[len] = '\0';
	}

      while (isspace (*p))
        ++p;
      free (result);

      parse_res = _nss_files_parse_pwent (p, pwd, data, buflen, errnop);
      if (parse_res == -1)
	{
	  free (outkey);
	  *errnop = ERANGE;
	  return NSS_STATUS_TRYAGAIN;
	}

      free (oldkey);
      oldkey = outkey;
      oldkeylen = keylen;
      new_start = 0;
    }
  while (parse_res < 1);

  return NSS_STATUS_SUCCESS;
}

enum nss_status
_nss_nis_getpwent_r (struct passwd *result, char *buffer, size_t buflen,
		     int *errnop)
{
  int status;

  __libc_lock_lock (lock);

  status = internal_nis_getpwent_r (result, buffer, buflen, errnop);

  __libc_lock_unlock (lock);

  return status;
}

enum nss_status
_nss_nis_getpwnam_r (const char *name, struct passwd *pwd,
		     char *buffer, size_t buflen, int *errnop)
{
  struct parser_data *data = (void *) buffer;
  enum nss_status retval;
  char *domain, *result, *result2, *p;
  int len, len2, parse_res;
  size_t namelen;

  if (name == NULL)
    {
      *errnop = EINVAL;
      return NSS_STATUS_UNAVAIL;
    }

  if (yp_get_default_domain (&domain))
    return NSS_STATUS_UNAVAIL;

  namelen = strlen (name);

  retval = yperr2nss (yp_match (domain, "passwd.byname", name,
				namelen, &result, &len));

  if (retval != NSS_STATUS_SUCCESS)
    {
      if (retval == NSS_STATUS_NOTFOUND)
	*errnop = ENOENT;
      else if (retval == NSS_STATUS_TRYAGAIN)
	*errnop = errno;
      return retval;
    }

  /* Check for adjunct style secret passwords.  They can be recognized
     by a password starting with "##".  */
  p = strchr (result, ':');
  if (p != NULL	/* This better should be true in all cases.  */
      && p[1] == '#' && p[2] == '#'
      && yp_match (domain, "passwd.adjunct.byname", name, namelen,
		   &result2, &len2) == YPERR_SUCCESS)
    {
      /* We found a passwd.adjunct entry.  Merge encrypted password
	 therein into original result.  */
      char *encrypted = strchr (result2, ':');
      char *endp;
      size_t restlen;

      if (encrypted == NULL
	  || (endp = strchr (++encrypted, ':')) == NULL
	  || (p = strchr (p + 1, ':')) == NULL)
	{
	  /* Invalid format of the entry.  This never should happen
	     unless the data from which the NIS table is generated is
	     wrong.  We simply ignore it.  */
	  free (result2);
	  goto non_adjunct;
	}

      restlen = len - (p - result);
      if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
	{
	  free (result2);
	  free (result);
	  *errnop = ERANGE;
	  return NSS_STATUS_TRYAGAIN;
	}

      __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, name, namelen),
				       ":", 1),
			    encrypted, endp - encrypted),
		 p, restlen + 1);
      p = buffer;

      free (result2);
    }
  else
    {
    non_adjunct:
      if ((size_t) (len + 1) > buflen)
	{
	  free (result);
	  *errnop = ERANGE;
	  return NSS_STATUS_TRYAGAIN;
	}

      p = strncpy (buffer, result, len);
      buffer[len] = '\0';
    }

  while (isspace (*p))
    ++p;
  free (result);

  parse_res = _nss_files_parse_pwent (p, pwd, data, buflen, errnop);
  if (parse_res < 1)
    {
      if (parse_res == -1)
        return NSS_STATUS_TRYAGAIN;
      else
	{
	  *errnop = ENOENT;
	  return NSS_STATUS_NOTFOUND;
	}
    }
  else
    return NSS_STATUS_SUCCESS;
}

enum nss_status
_nss_nis_getpwuid_r (uid_t uid, struct passwd *pwd,
		     char *buffer, size_t buflen, int *errnop)
{
  struct parser_data *data = (void *) buffer;
  enum nss_status retval;
  char *domain, *result, *p, *result2;
  int len, nlen, parse_res, len2;
  char buf[32];
  size_t namelen;

  if (yp_get_default_domain (&domain))
    return NSS_STATUS_UNAVAIL;

  nlen = sprintf (buf, "%d", uid);

  retval = yperr2nss (yp_match (domain, "passwd.byuid", buf,
				nlen, &result, &len));

  if (retval != NSS_STATUS_SUCCESS)
    {
      if (retval == NSS_STATUS_NOTFOUND)
	*errnop = ENOENT;
      else if (retval == NSS_STATUS_TRYAGAIN)
	*errnop = errno;
      return retval;
    }

  /* Check for adjunct style secret passwords.  They can be recognized
     by a password starting with "##".  */
  p = strchr (result, ':');
  if (p != NULL	/* This better should be true in all cases.  */
      && p[1] == '#' && p[2] == '#'
      && (namelen = p - result,
	  yp_match (domain, "passwd.adjunct.byname", result, namelen,
		    &result2, &len2)) == YPERR_SUCCESS)
    {
      /* We found a passwd.adjunct entry.  Merge encrypted password
	 therein into original result.  */
      char *encrypted = strchr (result2, ':');
      char *endp;
      size_t restlen;

      if (encrypted == NULL
	  || (endp = strchr (++encrypted, ':')) == NULL
	  || (p = strchr (p + 1, ':')) == NULL)
	{
	  /* Invalid format of the entry.  This never should happen
	     unless the data from which the NIS table is generated is
	     wrong.  We simply ignore it.  */
	  free (result2);
	  goto non_adjunct;
	}

      restlen = len - (p - result);
      if ((size_t) (namelen + (endp - encrypted) + restlen + 2) > buflen)
	{
	  free (result2);
	  free (result);
	  *errnop = ERANGE;
	  return NSS_STATUS_TRYAGAIN;
	}

      __mempcpy (__mempcpy (__mempcpy (__mempcpy (buffer, result, namelen),
				       ":", 1),
			    encrypted, endp - encrypted),
		 p, restlen + 1);
      p = buffer;

      free (result2);
    }
  else
    {
    non_adjunct:
      if ((size_t) (len + 1) > buflen)
	{
	  free (result);
	  *errnop = ERANGE;
	  return NSS_STATUS_TRYAGAIN;
	}

      p = strncpy (buffer, result, len);
      buffer[len] = '\0';
    }

  while (isspace (*p))
    ++p;
  free (result);

  parse_res = _nss_files_parse_pwent (p, pwd, data, buflen, errnop);
  if (parse_res < 1)
    {
      if (parse_res == -1)
        return NSS_STATUS_TRYAGAIN;
     else
       {
	 *errnop = ENOENT;
	 return NSS_STATUS_NOTFOUND;
       }
    }
  else
    return NSS_STATUS_SUCCESS;
}