/* 
   Unix SMB/CIFS implementation.

   POSIX NTVFS backend - filename resolution

   Copyright (C) Andrew Tridgell 2004

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

/*
  this is the core code for converting a filename from the format as
  given by a client to a posix filename, including any case-matching
  required, and checks for legal characters
*/


#include "includes.h"
#include "vfs_posix.h"
#include "system/dir.h"

/*
  compare two filename components. This is where the name mangling hook will go
*/
static int component_compare(struct pvfs_state *pvfs, const char *comp, const char *name)
{
	int ret;

	ret = strcasecmp_m(comp, name);

	if (ret != 0) {
		char *shortname = pvfs_short_name_component(pvfs, name);
		if (shortname) {
			ret = strcasecmp_m(comp, shortname);
			talloc_free(shortname);
		}
	}

	return ret;
}

/*
  search for a filename in a case insensitive fashion

  TODO: add a cache for previously resolved case-insensitive names
  TODO: add mangled name support
*/
static NTSTATUS pvfs_case_search(struct pvfs_state *pvfs, struct pvfs_filename *name)
{
	/* break into a series of components */
	int num_components;
	char **components;
	char *p, *partial_name;
	int i;

	/* break up the full name info pathname components */
	num_components=2;
	p = name->full_name + strlen(pvfs->base_directory) + 1;

	for (;*p;p++) {
		if (*p == '/') {
			num_components++;
		}
	}

	components = talloc_array(name, char *, num_components);
	p = name->full_name + strlen(pvfs->base_directory);
	*p++ = 0;

	components[0] = name->full_name;

	for (i=1;i<num_components;i++) {
		components[i] = p;
		p = strchr(p, '/');
		if (p) *p++ = 0;
		if (pvfs_is_reserved_name(pvfs, components[i])) {
			return NT_STATUS_ACCESS_DENIED;
		}
	}

	partial_name = talloc_strdup(name, components[0]);
	if (!partial_name) {
		return NT_STATUS_NO_MEMORY;
	}

	/* for each component, check if it exists as-is, and if not then
	   do a directory scan */
	for (i=1;i<num_components;i++) {
		char *test_name;
		DIR *dir;
		struct dirent *de;
		char *long_component;

		/* possibly remap from the short name cache */
		long_component = pvfs_mangled_lookup(pvfs, name, components[i]);
		if (long_component) {
			components[i] = long_component;
		}

		test_name = talloc_asprintf(name, "%s/%s", partial_name, components[i]);
		if (!test_name) {
			return NT_STATUS_NO_MEMORY;
		}

		/* check if this component exists as-is */
		if (stat(test_name, &name->st) == 0) {
			if (i<num_components-1 && !S_ISDIR(name->st.st_mode)) {
				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
			}
			talloc_free(partial_name);
			partial_name = test_name;
			if (i == num_components - 1) {
				name->exists = True;
			}
			continue;
		}

		/* the filesystem might be case insensitive, in which
		   case a search is pointless unless the name is
		   mangled */
		if ((pvfs->flags & PVFS_FLAG_CI_FILESYSTEM) &&
		    !pvfs_is_mangled_component(pvfs, components[i])) {
			if (i < num_components-1) {
				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
			}
			partial_name = test_name;
			continue;
		}
		
		dir = opendir(partial_name);
		if (!dir) {
			return pvfs_map_errno(pvfs, errno);
		}

		while ((de = readdir(dir))) {
			if (component_compare(pvfs, components[i], de->d_name) == 0) {
				break;
			}
		}

		if (!de) {
			if (i < num_components-1) {
				closedir(dir);
				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
			}
		} else {
			components[i] = talloc_strdup(name, de->d_name);
		}
		test_name = talloc_asprintf(name, "%s/%s", partial_name, components[i]);
		talloc_free(partial_name);
		partial_name = test_name;

		closedir(dir);
	}

	if (!name->exists) {
		if (stat(partial_name, &name->st) == 0) {
			name->exists = True;
		}
	}

	talloc_free(name->full_name);
	name->full_name = partial_name;

	if (name->exists) {
		return pvfs_fill_dos_info(pvfs, name, -1);
	}

	return NT_STATUS_OK;
}

/*
  parse a alternate data stream name
*/
static NTSTATUS parse_stream_name(struct pvfs_filename *name, const char *s)
{
	char *p;
	name->stream_name = talloc_strdup(name, s+1);
	if (name->stream_name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}
	p = strchr_m(name->stream_name, ':');
	if (p == NULL) {
		name->stream_id = pvfs_name_hash(name->stream_name, 
						 strlen(name->stream_name));
		return NT_STATUS_OK;
	}
	if (strcasecmp_m(p, ":$DATA") != 0) {
		return NT_STATUS_OBJECT_NAME_INVALID;
	}
	*p = 0;
	if (strcmp(name->stream_name, "") == 0) {
		name->stream_name = NULL;
		name->stream_id = 0;
	} else {
		name->stream_id = pvfs_name_hash(name->stream_name, 
						 strlen(name->stream_name));
	}
						 
	return NT_STATUS_OK;	
}


/*
  convert a CIFS pathname to a unix pathname. Note that this does NOT
  take into account case insensitivity, and in fact does not access
  the filesystem at all. It is merely a reformatting and charset
  checking routine.

  errors are returned if the filename is illegal given the flags
*/
static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
			       uint_t flags, struct pvfs_filename *name)
{
	char *ret, *p, *p_start;
	NTSTATUS status;

	name->original_name = talloc_strdup(name, cifs_name);
	name->stream_name = NULL;
	name->stream_id = 0;
	name->has_wildcard = False;

	while (*cifs_name == '\\') {
		cifs_name++;
	}

	if (*cifs_name == 0) {
		name->full_name = talloc_asprintf(name, "%s/.", pvfs->base_directory);
		if (name->full_name == NULL) {
			return NT_STATUS_NO_MEMORY;
		}
		return NT_STATUS_OK;
	}

	ret = talloc_asprintf(name, "%s/%s", pvfs->base_directory, cifs_name);
	if (ret == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	p = ret + strlen(pvfs->base_directory) + 1;

	/* now do an in-place conversion of '\' to '/', checking
	   for legal characters */
	p_start = p;

	while (*p) {
		size_t c_size;
		codepoint_t c = next_codepoint(p, &c_size);
		switch (c) {
		case '\\':
			if (name->has_wildcard) {
				/* wildcards are only allowed in the last part
				   of a name */
				return NT_STATUS_ILLEGAL_CHARACTER;
			}
			if (p > p_start && p[1] == 0) {
				*p = 0;
			} else {
				*p = '/';
			}
			break;
		case ':':
			if (!(flags & PVFS_RESOLVE_STREAMS)) {
				return NT_STATUS_ILLEGAL_CHARACTER;
			}
			if (name->has_wildcard) {
				return NT_STATUS_ILLEGAL_CHARACTER;
			}
			status = parse_stream_name(name, p);
			if (!NT_STATUS_IS_OK(status)) {
				return status;
			}
			*p-- = 0;
			break;
		case '*':
		case '>':
		case '<':
		case '?':
		case '"':
			if (!(flags & PVFS_RESOLVE_WILDCARD)) {
				return NT_STATUS_OBJECT_NAME_INVALID;
			}
			name->has_wildcard = True;
			break;
		case '/':
		case '|':
			return NT_STATUS_ILLEGAL_CHARACTER;
		case '.':
			/* see if it is definately a .. or
			   . component. If it is then fail here, and
			   let the next layer up try again after
			   pvfs_reduce_name() if it wants to. This is
			   much more efficient on average than always
			   scanning for these separately */
			if (p[1] == '.' && 
			    (p[2] == 0 || p[2] == '\\') &&
			    (p == p_start || p[-1] == '/')) {
				return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
			}
			if ((p[1] == 0 || p[1] == '\\') &&
			    (p == p_start || p[-1] == '/')) {
				return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
			}
			break;
		}

		p += c_size;
	}

	name->full_name = ret;

	return NT_STATUS_OK;
}


/*
  reduce a name that contains .. components or repeated \ separators
  return NULL if it can't be reduced
*/
static NTSTATUS pvfs_reduce_name(TALLOC_CTX *mem_ctx, const char **fname, uint_t flags)
{
	codepoint_t c;
	size_t c_size, len;
	int i, num_components, err_count;
	char **components;
	char *p, *s, *ret;

	s = talloc_strdup(mem_ctx, *fname);
	if (s == NULL) return NT_STATUS_NO_MEMORY;

	for (num_components=1, p=s; *p; p += c_size) {
		c = next_codepoint(p, &c_size);
		if (c == '\\') num_components++;
	}

	components = talloc_array(s, char *, num_components+1);
	if (components == NULL) {
		talloc_free(s);
		return NT_STATUS_NO_MEMORY;
	}

	components[0] = s;
	for (i=0, p=s; *p; p += c_size) {
		c = next_codepoint(p, &c_size);
		if (c == '\\') {
			*p = 0;
			components[++i] = p+1;
		}
	}
	components[i+1] = NULL;

	/*
	  rather bizarre!

	  '.' components are not allowed, but the rules for what error
	  code to give don't seem to make sense. This is a close
	  approximation.
	*/
	for (err_count=i=0;components[i];i++) {
		if (strcmp(components[i], "") == 0) {
			continue;
		}
		if (ISDOT(components[i]) || err_count) {
			err_count++;
		}
	}
	if (err_count) {
		if (flags & PVFS_RESOLVE_WILDCARD) err_count--;

		if (err_count==1) {
			return NT_STATUS_OBJECT_NAME_INVALID;
		} else {
			return NT_STATUS_OBJECT_PATH_NOT_FOUND;
		}
	}

	/* remove any null components */
	for (i=0;components[i];i++) {
		if (strcmp(components[i], "") == 0) {
			memmove(&components[i], &components[i+1], 
				sizeof(char *)*(num_components-i));
			i--;
			continue;
		}
		if (ISDOTDOT(components[i])) {
			if (i < 1) return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
			memmove(&components[i-1], &components[i+1], 
				sizeof(char *)*(num_components-(i+1)));
			i -= 2;
			continue;
		}
	}

	if (components[0] == NULL) {
		talloc_free(s);
		*fname = talloc_strdup(mem_ctx, "\\");
		return NT_STATUS_OK;
	}

	for (len=i=0;components[i];i++) {
		len += strlen(components[i]) + 1;
	}

	/* rebuild the name */
	ret = talloc_size(mem_ctx, len+1);
	if (ret == NULL) {
		talloc_free(s);
		return NT_STATUS_NO_MEMORY;
	}

	for (len=0,i=0;components[i];i++) {
		size_t len1 = strlen(components[i]);
		ret[len] = '\\';
		memcpy(ret+len+1, components[i], len1);
		len += len1 + 1;
	}	
	ret[len] = 0;

	talloc_free(s);

	*fname = ret;
	
	return NT_STATUS_OK;
}


/*
  resolve a name from relative client format to a struct pvfs_filename
  the memory for the filename is made as a talloc child of 'name'

  flags include:
     PVFS_RESOLVE_NO_WILDCARD = wildcards are considered illegal characters
     PVFS_RESOLVE_STREAMS     = stream names are allowed

     TODO: ../ collapsing, and outside share checking
*/
NTSTATUS pvfs_resolve_name(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
			   const char *cifs_name,
			   uint_t flags, struct pvfs_filename **name)
{
	NTSTATUS status;

	*name = talloc(mem_ctx, struct pvfs_filename);
	if (*name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	(*name)->exists = False;
	(*name)->stream_exists = False;

	if (!(pvfs->fs_attribs & FS_ATTR_NAMED_STREAMS)) {
		flags &= ~PVFS_RESOLVE_STREAMS;
	}

	/* do the basic conversion to a unix formatted path,
	   also checking for allowable characters */
	status = pvfs_unix_path(pvfs, cifs_name, flags, *name);

	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD)) {
		/* it might contain .. components which need to be reduced */
		status = pvfs_reduce_name(*name, &cifs_name, flags);
		if (!NT_STATUS_IS_OK(status)) {
			return status;
		}
		status = pvfs_unix_path(pvfs, cifs_name, flags, *name);
	}

	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	/* if it has a wildcard then no point doing a stat() */
	if ((*name)->has_wildcard) {
		return NT_STATUS_OK;
	}

	/* if we can stat() the full name now then we are done */
	if (stat((*name)->full_name, &(*name)->st) == 0) {
		(*name)->exists = True;
		return pvfs_fill_dos_info(pvfs, *name, -1);
	}

	/* search for a matching filename */
	status = pvfs_case_search(pvfs, *name);

	return status;
}


/*
  do a partial resolve, returning a pvfs_filename structure given a
  base path and a relative component. It is an error if the file does
  not exist. No case-insensitive matching is done.

  this is used in places like directory searching where we need a pvfs_filename
  to pass to a function, but already know the unix base directory and component
*/
NTSTATUS pvfs_resolve_partial(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
			      const char *unix_dir, const char *fname,
			      struct pvfs_filename **name)
{
	NTSTATUS status;

	*name = talloc(mem_ctx, struct pvfs_filename);
	if (*name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	(*name)->full_name = talloc_asprintf(*name, "%s/%s", unix_dir, fname);
	if ((*name)->full_name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	if (stat((*name)->full_name, &(*name)->st) == -1) {
		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
	}

	(*name)->exists = True;
	(*name)->stream_exists = True;
	(*name)->has_wildcard = False;
	(*name)->original_name = talloc_strdup(*name, fname);
	(*name)->stream_name = NULL;
	(*name)->stream_id = 0;

	status = pvfs_fill_dos_info(pvfs, *name, -1);

	return status;
}


/*
  fill in the pvfs_filename info for an open file, given the current
  info for a (possibly) non-open file. This is used by places that need
  to update the pvfs_filename stat information, and by pvfs_open()
*/
NTSTATUS pvfs_resolve_name_fd(struct pvfs_state *pvfs, int fd,
			      struct pvfs_filename *name)
{
	dev_t device = (dev_t)0;
	ino_t inode = 0;

	if (name->exists) {
		device = name->st.st_dev;
		inode = name->st.st_ino;
	}

	if (fd == -1) {
		if (stat(name->full_name, &name->st) == -1) {
			return NT_STATUS_INVALID_HANDLE;
		}
	} else {
		if (fstat(fd, &name->st) == -1) {
			return NT_STATUS_INVALID_HANDLE;
		}
	}

	if (name->exists &&
	    (device != name->st.st_dev || inode != name->st.st_ino)) {
		/* the file we are looking at has changed! this could
		 be someone trying to exploit a race
		 condition. Certainly we don't want to continue
		 operating on this file */
		DEBUG(0,("pvfs: WARNING: file '%s' changed during resolve - failing\n",
			 name->full_name));
		return NT_STATUS_UNEXPECTED_IO_ERROR;
	}

	name->exists = True;
	
	return pvfs_fill_dos_info(pvfs, name, fd);
}


/*
  resolve the parent of a given name
*/
NTSTATUS pvfs_resolve_parent(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
			     const struct pvfs_filename *child,
			     struct pvfs_filename **name)
{
	NTSTATUS status;
	char *p;

	*name = talloc(mem_ctx, struct pvfs_filename);
	if (*name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	(*name)->full_name = talloc_strdup(*name, child->full_name);
	if ((*name)->full_name == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	p = strrchr_m((*name)->full_name, '/');
	if (p == NULL) {
		return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
	}

	/* this handles the root directory */
	if (p == (*name)->full_name) {
		p[1] = 0;
	} else {
		p[0] = 0;
	}

	if (stat((*name)->full_name, &(*name)->st) == -1) {
		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
	}

	(*name)->exists = True;
	(*name)->stream_exists = True;
	(*name)->has_wildcard = False;
	/* we can't get the correct 'original_name', but for the purposes
	   of this call this is close enough */
	(*name)->original_name = talloc_reference(*name, child->original_name);
	(*name)->stream_name = NULL;
	(*name)->stream_id = 0;

	status = pvfs_fill_dos_info(pvfs, *name, -1);

	return status;
}