/*
 *  Unix SMB/CIFS implementation.
 *  RPC Pipe client / server routines
 *  Copyright (c) Andrew Tridgell              1992-2000,
 *  Copyright (c) Jean François Micouleau      1998-2000.
 *  Copyright (c) Gerald Carter                2002-2005.
 *  Copyright (c) Andreas Schneider            2010.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

#include "includes.h"
#include "printing/nt_printing_tdb.h"
#include "librpc/gen_ndr/spoolss.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"

#define FORMS_PREFIX "FORMS/"
#define DRIVERS_PREFIX "DRIVERS/"
#define PRINTERS_PREFIX "PRINTERS/"
#define SECDESC_PREFIX "SECDESC/"

#define NTDRIVERS_DATABASE_VERSION_1 1
#define NTDRIVERS_DATABASE_VERSION_2 2
#define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
#define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
#define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */

static TDB_CONTEXT *tdb_forms; /* used for forms files */
static TDB_CONTEXT *tdb_drivers; /* used for driver files */
static TDB_CONTEXT *tdb_printers; /* used for printers files */

/****************************************************************************
 generate a new TDB_DATA key for storing a printer
****************************************************************************/

static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
{
	fstring share;
	char *keystr = NULL;
	TDB_DATA key;

	fstrcpy(share, sharename);
	strlower_m(share);

	keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
	key = string_term_tdb_data(keystr ? keystr : "");

	return key;
}

/****************************************************************************
 generate a new TDB_DATA key for storing a printer security descriptor
****************************************************************************/

static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
					const char* sharename  )
{
	fstring share;
	char *keystr = NULL;
	TDB_DATA key;

	fstrcpy(share, sharename );
	strlower_m(share);

	keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
	key = string_term_tdb_data(keystr ? keystr : "");

	return key;
}

/****************************************************************************
 Upgrade the tdb files to version 3
****************************************************************************/

static bool upgrade_to_version_3(void)
{
	TDB_DATA kbuf, newkey, dbuf;

	DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));

	for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
			newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {

		dbuf = tdb_fetch(tdb_drivers, kbuf);

		if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
			DEBUG(0,("upgrade_to_version_3:moving form\n"));
			if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
				return False;
			}
			if (tdb_delete(tdb_drivers, kbuf) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
				return False;
			}
		}

		if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
			DEBUG(0,("upgrade_to_version_3:moving printer\n"));
			if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
				return False;
			}
			if (tdb_delete(tdb_drivers, kbuf) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
				return False;
			}
		}

		if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
			DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
			if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
				return False;
			}
			if (tdb_delete(tdb_drivers, kbuf) != 0) {
				SAFE_FREE(dbuf.dptr);
				DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
				return False;
			}
		}

		SAFE_FREE(dbuf.dptr);
	}

	return True;
}

/*******************************************************************
 Fix an issue with security descriptors.  Printer sec_desc must
 use more than the generic bits that were previously used
 in <= 3.0.14a.  They must also have a owner and group SID assigned.
 Otherwise, any printers than have been migrated to a Windows
 host using printmig.exe will not be accessible.
*******************************************************************/

static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
                            TDB_DATA data, void *state )
{
	NTSTATUS status;
	struct sec_desc_buf *sd_orig = NULL;
	struct sec_desc_buf *sd_new, *sd_store;
	struct security_descriptor *sec, *new_sec;
	TALLOC_CTX *ctx = state;
	int result, i;
	uint32 sd_size;
	size_t size_new_sec;

	if (!data.dptr || data.dsize == 0) {
		return 0;
	}

	if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
		return 0;
	}

	/* upgrade the security descriptor */

	status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
	if (!NT_STATUS_IS_OK(status)) {
		/* delete bad entries */
		DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si.  Deleting....\n",
			(const char *)key.dptr ));
		tdb_delete( tdb_printers, key );
		return 0;
	}

	if (!sd_orig) {
		return 0;
	}
	sec = sd_orig->sd;

	/* is this even valid? */

	if ( !sec->dacl ) {
		return 0;
	}

	/* update access masks */

	for ( i=0; i<sec->dacl->num_aces; i++ ) {
		switch ( sec->dacl->aces[i].access_mask ) {
			case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
				sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
				break;

			case GENERIC_ALL_ACCESS:
				sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
				break;

			case READ_CONTROL_ACCESS:
				sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;

			default:	/* no change */
				break;
		}
	}

	/* create a new struct security_descriptor with the appropriate owner and group SIDs */

	new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
				 &global_sid_Builtin_Administrators,
				 &global_sid_Builtin_Administrators,
				 NULL, NULL, &size_new_sec );
	if (!new_sec) {
		return 0;
	}
	sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
	if (!sd_new) {
		return 0;
	}

	if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
		DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
		return 0;
	}

	/* store it back */

	sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
		+ sizeof(struct sec_desc_buf);

	status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
		return 0;
	}

	result = tdb_store( tdb_printers, key, data, TDB_REPLACE );

	/* 0 to continue and non-zero to stop traversal */

	return (result == -1);
}

/*******************************************************************
 Upgrade the tdb files to version 4
*******************************************************************/

static bool upgrade_to_version_4(void)
{
	TALLOC_CTX *ctx;
	int result;

	DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));

	if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
		return False;

	result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );

	talloc_destroy( ctx );

	return ( result != -1 );
}

/*******************************************************************
 Fix an issue with security descriptors.  Printer sec_desc must
 use more than the generic bits that were previously used
 in <= 3.0.14a.  They must also have a owner and group SID assigned.
 Otherwise, any printers than have been migrated to a Windows
 host using printmig.exe will not be accessible.
*******************************************************************/

static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
                                  TDB_DATA data, void *state )
{
	TALLOC_CTX *ctx = talloc_tos();
	TDB_DATA new_key;

	if (!data.dptr || data.dsize == 0)
		return 0;

	/* upgrade printer records and security descriptors */

	if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
		new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
	}
	else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
		new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
	}
	else {
		/* ignore this record */
		return 0;
	}

	/* delete the original record and store under the normalized key */

	if ( tdb_delete( the_tdb, key ) != 0 ) {
		DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
			key.dptr));
		return 1;
	}

	if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
		DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
			key.dptr));
		return 1;
	}

	return 0;
}

/*******************************************************************
 Upgrade the tdb files to version 5
*******************************************************************/

static bool upgrade_to_version_5(void)
{
	TALLOC_CTX *ctx;
	int result;

	DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));

	if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
		return False;

	result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );

	talloc_destroy( ctx );

	return ( result != -1 );
}

bool nt_printing_tdb_upgrade(void)
{
	const char *drivers_path = state_path("ntdrivers.tdb");
	const char *printers_path = state_path("ntprinters.tdb");
	const char *forms_path = state_path("ntforms.tdb");
	bool drivers_exists = file_exist(drivers_path);
	bool printers_exists = file_exist(printers_path);
	bool forms_exists = file_exist(forms_path);
	const char *vstring = "INFO/version";
	int32_t vers_id;

	if (!drivers_exists && !printers_exists && !forms_exists) {
		return true;
	}

	tdb_drivers = tdb_open_log(drivers_path,
				   0,
				   TDB_DEFAULT,
				   O_RDWR|O_CREAT,
				   0600);
	if (tdb_drivers == NULL) {
		DEBUG(0,("nt_printing_init: Failed to open nt drivers "
			 "database %s (%s)\n",
			 drivers_path, strerror(errno)));
		return false;
	}

	tdb_printers = tdb_open_log(printers_path,
				    0,
				    TDB_DEFAULT,
				    O_RDWR|O_CREAT,
				    0600);
	if (tdb_printers == NULL) {
		DEBUG(0,("nt_printing_init: Failed to open nt printers "
			 "database %s (%s)\n",
			 printers_path, strerror(errno)));
		return false;
	}

	tdb_forms = tdb_open_log(forms_path,
				 0,
				 TDB_DEFAULT,
				 O_RDWR|O_CREAT,
				 0600);
	if (tdb_forms == NULL) {
		DEBUG(0,("nt_printing_init: Failed to open nt forms "
			 "database %s (%s)\n",
			 forms_path, strerror(errno)));
		return false;
	}

	/* Samba upgrade */
	vers_id = tdb_fetch_int32(tdb_drivers, vstring);
	if (vers_id == -1) {
		DEBUG(10, ("Fresh database\n"));
		tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
		vers_id = NTDRIVERS_DATABASE_VERSION_5;
	}

	if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
		if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) ||
		    (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
			if (!upgrade_to_version_3()) {
				return false;
			}

			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
			vers_id = NTDRIVERS_DATABASE_VERSION_3;
		}

		if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) ||
		    (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
			/*
			 * Written on a bigendian machine with old fetch_int
			 * code. Save as le. The only upgrade between V2 and V3
			 * is to save the version in little-endian.
			 */
			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
			vers_id = NTDRIVERS_DATABASE_VERSION_3;
		}

		if (vers_id == NTDRIVERS_DATABASE_VERSION_3) {
			if (!upgrade_to_version_4()) {
				return false;
			}
			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
			vers_id = NTDRIVERS_DATABASE_VERSION_4;
		}

		if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
			if (!upgrade_to_version_5()) {
				return false;
			}
			tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
			vers_id = NTDRIVERS_DATABASE_VERSION_5;
		}

		if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
			DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
			return false;
		}
	}

	if (tdb_drivers) {
		tdb_close(tdb_drivers);
		tdb_drivers = NULL;
	}

	if (tdb_printers) {
		tdb_close(tdb_printers);
		tdb_printers = NULL;
	}

	if (tdb_forms) {
		tdb_close(tdb_forms);
		tdb_forms = NULL;
	}

	return true;
}