/*
 * ssh server - serve SSH protocol v2
 *	/net/ssh does most of the work; we copy bytes back and forth
 */
#include <u.h>
#include <libc.h>
#include <ip.h>
#include <auth.h>
#include "ssh2.h"

char *confine(char *, char *);
char *get_string(char *, char *);
void newchannel(int, char *, int);
void runcmd(int, int, char *, char *, char *, char *);

int errfd, toppid, sflag, tflag, prevent;
int debug;
char *idstring;
char *netdir;				/* /net/ssh/<conn> */
char *nsfile = nil;
char *restdir;
char *shell;
char *srvpt;
char *uname;

void
usage(void)
{
	fprint(2, "usage: %s [-i id] [-s shell] [-r dir] [-R dir] [-S srvpt] "
		"[-n ns] [-t] [netdir]\n", argv0);
	exits("usage");
}

static int
getctlfd(void)
{
	int ctlfd;
	char *name;

	name = smprint("%s/clone", netdir);
	ctlfd = -1;
	if (name)
		ctlfd = open(name, ORDWR);
	if (ctlfd < 0) {
		syslog(0, "ssh", "server can't clone: %s: %r", name);
		exits("open clone");
	}
	free(name);
	return ctlfd;
}

static int
getdatafd(int ctlfd)
{
	int fd;
	char *name;

	name = smprint("%s/data", netdir);
	fd = -1;
	if (name)
		fd = open(name, OREAD);
	if (fd < 0) {
		syslog(0, "ssh", "can't open %s: %r", name);
		hangup(ctlfd);
		exits("open data");
	}
	free(name);
	return fd;
}

static void
auth(char *buf, int n, int ctlfd)
{
	int fd;

	fd = open("#¤/capuse", OWRITE);
	if (fd < 0) {
		syslog(0, "ssh", "server can't open capuse: %r");
		hangup(ctlfd);
		exits("capuse");
	}
	if (write(fd, buf, n) != n) {
		syslog(0, "ssh", "server write `%.*s' to capuse failed: %r",
			n, buf);
		hangup(ctlfd);
		exits("capuse");
	}
	close(fd);
}

/*
 * mount tunnel if there isn't one visible.
 */
static void
mounttunnel(int ctlfd)
{
	int fd;
	char *p, *np, *q;

	if (access(netdir, AEXIST) >= 0)
		return;

	p = smprint("/srv/%s", srvpt? srvpt: "ssh");
	np = strdup(netdir);
	if (p == nil || np == nil)
		sysfatal("out of memory");
	q = strstr(np, "/ssh");
	if (q != nil)
		*q = '\0';
	fd = open(p, ORDWR);
	if (fd < 0) {
		syslog(0, "ssh", "can't open %s: %r", p);
		hangup(ctlfd);
		exits("open");
	}
	if (mount(fd, -1, np, MBEFORE, "") < 0) {
		syslog(0, "ssh", "can't mount %s in %s: %r", p, np);
		hangup(ctlfd);
		exits("can't mount");
	}
	free(p);
	free(np);
}

static int
authnewns(int ctlfd, char *buf, int size, int n)
{
	char *p, *q;

	USED(size);
	if (n <= 0)
		return 0;
	buf[n] = '\0';
	if (strcmp(buf, "n/a") == 0)
		return 0;

	auth(buf, n, ctlfd);

	p = strchr(buf, '@');
	if (p == nil)
		return 0;
	++p;
	q = strchr(p, '@');
	if (q) {
		*q = '\0';
		uname = strdup(p);
	}
	if (!tflag && newns(p, nsfile) < 0) {
		syslog(0, "ssh", "server: newns(%s,%s) failed: %r", p, nsfile);
		return -1;
	}
	return 0;
}

static void
listenloop(char *listfile, int ctlfd, char *buf, int size)
{
	int fd, n;

	while ((fd = open(listfile, ORDWR)) >= 0) {
		n = read(fd, buf, size - 1);
		fprint(errfd, "read from listen file returned %d\n", n);
		if (n <= 0) {
			syslog(0, "ssh", "read on listen failed: %r");
			break;
		}
		buf[n >= 0? n: 0] = '\0';
		fprint(errfd, "read %s\n", buf);

		switch (fork()) {
		case 0:					/* child */
			close(ctlfd);
			newchannel(fd, netdir, atoi(buf));  /* never returns */
		case -1:
			syslog(0, "ssh", "fork failed: %r");
			hangup(ctlfd);
			exits("fork");
		}
		close(fd);
	}
	if (fd < 0)
		syslog(0, "ssh", "listen failed: %r");
}

void
main(int argc, char *argv[])
{
	char *listfile;
	int ctlfd, fd, n;
	char buf[Arbpathlen], path[Arbpathlen];

	rfork(RFNOTEG);
	toppid = getpid();
	shell = "/bin/rc -il";
	ARGBEGIN {
	case 'd':
		debug++;
		break;
	case 'i':
		idstring = EARGF(usage());
		break;
	case 'n':
		nsfile = EARGF(usage());
		break;
	case 'R':
		prevent = 1;
		/* fall through */
	case 'r':
		restdir = EARGF(usage());
		break;
	case 's':
		sflag = 1;
		shell = EARGF(usage());
		break;
	case 'S':
		srvpt = EARGF(usage());
		break;
	case 't':
		tflag = 1;
		break;
	default:
		usage();
		break;
	} ARGEND;

	errfd = -1;
	if (debug)
		errfd = 2;

	/* work out network connection's directory */
	if (argc >= 1)
		netdir = argv[0];
	else				/* invoked by listen1 */
		netdir = getenv("net");
	if (netdir == nil) {
		syslog(0, "ssh", "server netdir is nil");
		exits("nil netdir");
	}
	syslog(0, "ssh", "server netdir is %s", netdir);

	uname = getenv("user");
	if (uname == nil)
		uname = "none";

	/* extract dfd and cfd from netdir */
	ctlfd = getctlfd();
	fd = getdatafd(ctlfd);

	n = read(fd, buf, sizeof buf - 1);
	if (n < 0) {
		syslog(0, "ssh", "server read error for data file: %r");
		hangup(ctlfd);
		exits("read cap");
	}
	close(fd);
	authnewns(ctlfd, buf, sizeof buf, n);

	/* get connection number in buf */
	n = read(ctlfd, buf, sizeof buf - 1);
	buf[n >= 0? n: 0] = '\0';

	/* tell netssh our id string */
	fd2path(ctlfd, path, sizeof path);
	if (0 && idstring) {			/* was for coexistence */
		syslog(0, "ssh", "server conn %s, writing \"id %s\" to %s",
			buf, idstring, path);
		fprint(ctlfd, "id %s", idstring);
	}

	/* announce */
	fprint(ctlfd, "announce session");

	/* construct listen file name */
	listfile = smprint("%s/%s/listen", netdir, buf);
	if (listfile == nil) {
		syslog(0, "ssh", "out of memory");
		exits("out of memory");
	}
	syslog(0, "ssh", "server listen is %s", listfile);

	mounttunnel(ctlfd);
	listenloop(listfile, ctlfd, buf, sizeof buf);
	hangup(ctlfd);
	exits(nil);
}

/* an abbreviation.  note the assumed variables. */
#define REPLY(s)	if (want_reply) fprint(reqfd, s);

static void
forkshell(char *cmd, int reqfd, int datafd, int want_reply)
{
	switch (fork()) {
	case 0:
		if (sflag)
			snprint(cmd, sizeof cmd, "-s%s", shell);
		else
			cmd[0] = '\0';
		USED(cmd);
		syslog(0, "ssh", "server starting ssh shell for %s", uname);
		/* runcmd doesn't return */
		runcmd(reqfd, datafd, "con", "/bin/ip/telnetd", "-nt", nil);
	case -1:
		REPLY("failure");
		syslog(0, "ssh", "server can't fork: %r");
		exits("fork");
	}
}

static void
forkcmd(char *cmd, char *p, int reqfd, int datafd, int want_reply)
{
	char *q;

	switch (fork()) {
	case 0:
		if (restdir && chdir(restdir) < 0) {
			syslog(0, "ssh", "can't chdir(%s): %r", restdir);
			exits("can't chdir");
		}
		if (!prevent || (q = getenv("sshsession")) &&
		    strcmp(q, "allow") == 0)
			get_string(p+1, cmd);
		else
			confine(p+1, cmd);
		syslog(0, "ssh", "server running `%s' for %s", cmd, uname);
		/* runcmd doesn't return */
		runcmd(reqfd, datafd, "rx", "/bin/rc", "-lc", cmd);
	case -1:
		REPLY("failure");
		syslog(0, "ssh", "server can't fork: %r");
		exits("fork");
	}
}

void
newchannel(int fd, char *conndir, int channum)
{
	char *p, *reqfile, *datafile;
	int n, reqfd, datafd, want_reply, already_done;
	char buf[Maxpayload], cmd[Bigbufsz];

	close(fd);

	already_done = 0;
	reqfile = smprint("%s/%d/request", conndir, channum);
	if (reqfile == nil)
		sysfatal("out of memory");
	reqfd = open(reqfile, ORDWR);
	if (reqfd < 0) {
		syslog(0, "ssh", "can't open request file %s: %r", reqfile);
		exits("net");
	}
	datafile = smprint("%s/%d/data", conndir, channum);
	if (datafile == nil)
		sysfatal("out of memory");
	datafd = open(datafile, ORDWR);
	if (datafd < 0) {
		syslog(0, "ssh", "can't open data file %s: %r", datafile);
		exits("net");
	}
	while ((n = read(reqfd, buf, sizeof buf - 1)) > 0) {
		fprint(errfd, "read from request file returned %d\n", n);
		for (p = buf; p < buf + n && *p != ' '; ++p)
			;
		*p++ = '\0';
		want_reply = (*p == 't');
		/* shell, exec, and various flavours of failure */
		if (strcmp(buf, "shell") == 0) {
			if (already_done) {
				REPLY("failure");
				continue;
			}
			forkshell(cmd, reqfd, datafd, want_reply);
			already_done = 1;
			REPLY("success");
		} else if (strcmp(buf, "exec") == 0) {
			if (already_done) {
				REPLY("failure");
				continue;
			}
			forkcmd(cmd, p, reqfd, datafd, want_reply);
			already_done = 1;
			REPLY("success");
		} else if (strcmp(buf, "pty-req") == 0 ||
		    strcmp(buf, "window-change") == 0) {
			REPLY("success");
		} else if (strcmp(buf, "x11-req") == 0 ||
		    strcmp(buf, "env") == 0 || strcmp(buf, "subsystem") == 0) {
			REPLY("failure");
		} else if (strcmp(buf, "xon-xoff") == 0 ||
		    strcmp(buf, "signal") == 0 ||
		    strcmp(buf, "exit-status") == 0 ||
		    strcmp(buf, "exit-signal") == 0) {
			;
		} else
			syslog(0, "ssh", "server unknown channel request: %s",
				buf);
	}
	if (n < 0)
		syslog(0, "ssh", "server read failed: %r");
	exits(nil);
}

char *
get_string(char *q, char *s)
{
	int n;

	n = nhgetl(q);
	q += 4;
	memmove(s, q, n);
	s[n] = '\0';
	q += n;
	return q;
}

char *
confine(char *q, char *s)
{
	int i, n, m;
	char *p, *e, *r, *buf, *toks[Maxtoks];

	n = nhgetl(q);
	q += 4;
	buf = malloc(n+1);
	if (buf == nil)
		return nil;
	memmove(buf, q, n);
	buf[n]  = 0;
	m = tokenize(buf, toks, nelem(toks));
	e = s + n + 1;
	for (i = 0, r = s; i < m; ++i) {
		p = strrchr(toks[i], '/');
		if (p == nil)
			r = seprint(r, e, "%s ", toks[i]);
		else if (p[0] != '\0' && p[1] != '\0')
			r = seprint(r, e, "%s ", p+1);
		else
			r = seprint(r, e, ". ");
	}
	free(buf);
	q += n;
	return q;
}

void
runcmd(int reqfd, int datafd, char *svc, char *cmd, char *arg1, char *arg2)
{
	char *p;
	int fd, cmdpid, child;

	cmdpid = rfork(RFPROC|RFMEM|RFNOTEG|RFFDG|RFENVG);
	switch (cmdpid) {
	case -1:
		syslog(0, "ssh", "fork failed: %r");
		exits("fork");
	case 0:
		if (restdir == nil) {
			p = smprint("/usr/%s", uname);
			if (p && access(p, AREAD) == 0 && chdir(p) < 0) {
				syslog(0, "ssh", "can't chdir(%s): %r", p);
				exits("can't chdir");
			}
			free(p);
		}
		p = strrchr(cmd, '/');
		if (p)
			++p;
		else
			p = cmd;

		dup(datafd, 0);
		dup(datafd, 1);
		dup(datafd, 2);
		close(datafd);
		putenv("service", svc);
		fprint(errfd, "starting %s\n", cmd);
		execl(cmd, p, arg1, arg2, nil);

		syslog(0, "ssh", "cannot exec %s: %r", cmd);
		exits("exec");
	default:
		close(datafd);
		fprint(errfd, "waiting for child %d\n", cmdpid);
		while ((child = waitpid()) != cmdpid && child != -1)
			fprint(errfd, "child %d passed\n", child);
		if (child == -1)
			fprint(errfd, "wait failed: %r\n");

		syslog(0, "ssh", "server closing ssh session for %s", uname);
		fprint(errfd, "closing connection\n");
		fprint(reqfd, "close");
		p = smprint("/proc/%d/notepg", toppid);
		if (p) {
			fd = open(p, OWRITE);
			fprint(fd, "interrupt");
			close(fd);
		}
		exits(nil);
	}
}