/*-
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Copyright (c) 1980, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/param.h>
#include <sys/capsicum.h>
#include <sys/disk.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/wait.h>

#include <assert.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <ifaddrs.h>
#include <netdb.h>
#include <paths.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>

#include <arpa/inet.h>

#include <net/if.h>
#include <net/if_dl.h>
#include <net/route.h>

#include <netinet/in.h>
#include <netinet/netdump/netdump.h>

#ifdef HAVE_CRYPTO
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#endif

static int	verbose;

static _Noreturn void
usage(void)
{
	fprintf(stderr,
    "usage: dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz] <device>\n"
    "       dumpon [-i index] [-r] [-v] [-k <pubkey>] [-Zz]\n"
    "              [-g <gateway>] -s <server> -c <client> <iface>\n"
    "       dumpon [-v] off\n"
    "       dumpon [-v] -l\n");
	exit(EX_USAGE);
}

/*
 * Look for a default route on the specified interface.
 */
static char *
find_gateway(const char *ifname)
{
	struct ifaddrs *ifa, *ifap;
	struct rt_msghdr *rtm;
	struct sockaddr *sa;
	struct sockaddr_dl *sdl;
	struct sockaddr_in *dst, *mask, *gw;
	char *buf, *next, *ret;
	size_t sz;
	int error, i, ifindex, mib[7];

	/* First look up the interface index. */
	if (getifaddrs(&ifap) != 0)
		err(EX_OSERR, "getifaddrs");
	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
		if (ifa->ifa_addr->sa_family != AF_LINK)
			continue;
		if (strcmp(ifa->ifa_name, ifname) == 0) {
			sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr;
			ifindex = sdl->sdl_index;
			break;
		}
	}
	if (ifa == NULL)
		errx(1, "couldn't find interface index for '%s'", ifname);
	freeifaddrs(ifap);

	/* Now get the IPv4 routing table. */
	mib[0] = CTL_NET;
	mib[1] = PF_ROUTE;
	mib[2] = 0;
	mib[3] = AF_INET;
	mib[4] = NET_RT_DUMP;
	mib[5] = 0;
	mib[6] = -1; /* FIB */

	for (;;) {
		if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0)
			err(EX_OSERR, "sysctl(NET_RT_DUMP)");
		buf = malloc(sz);
		error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0);
		if (error == 0)
			break;
		if (errno != ENOMEM)
			err(EX_OSERR, "sysctl(NET_RT_DUMP)");
		free(buf);
	}

	ret = NULL;
	for (next = buf; next < buf + sz; next += rtm->rtm_msglen) {
		rtm = (struct rt_msghdr *)(void *)next;
		if (rtm->rtm_version != RTM_VERSION)
			continue;
		if ((rtm->rtm_flags & RTF_GATEWAY) == 0 ||
		    rtm->rtm_index != ifindex)
			continue;

		dst = gw = mask = NULL;
		sa = (struct sockaddr *)(rtm + 1);
		for (i = 0; i < RTAX_MAX; i++) {
			if ((rtm->rtm_addrs & (1 << i)) != 0) {
				switch (i) {
				case RTAX_DST:
					dst = (void *)sa;
					break;
				case RTAX_GATEWAY:
					gw = (void *)sa;
					break;
				case RTAX_NETMASK:
					mask = (void *)sa;
					break;
				}
			}
			sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa));
		}

		if (dst->sin_addr.s_addr == INADDR_ANY &&
		    mask->sin_addr.s_addr == 0) {
			ret = inet_ntoa(gw->sin_addr);
			break;
		}
	}
	free(buf);
	return (ret);
}

static void
check_link_status(const char *ifname)
{
	struct ifaddrs *ifap, *ifa;

	if (getifaddrs(&ifap) != 0)
		err(EX_OSERR, "getifaddrs");

	for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
		if (strcmp(ifname, ifa->ifa_name) != 0)
			continue;
		if ((ifa->ifa_flags & IFF_UP) == 0) {
			warnx("warning: %s's link is down", ifname);
		}
		break;
	}
	freeifaddrs(ifap);
}

static void
check_size(int fd, const char *fn)
{
	int name[] = { CTL_HW, HW_PHYSMEM };
	size_t namelen = nitems(name);
	unsigned long physmem;
	size_t len;
	off_t mediasize;
	int minidump;

	len = sizeof(minidump);
	if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 &&
	    minidump == 1)
		return;
	len = sizeof(physmem);
	if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0)
		err(EX_OSERR, "can't get memory size");
	if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0)
		err(EX_OSERR, "%s: can't get size", fn);
	if ((uintmax_t)mediasize < (uintmax_t)physmem)
		errx(EX_IOERR, "%s is smaller than physical memory", fn);
}

#ifdef HAVE_CRYPTO
static void
_genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
{
	FILE *fp;
	RSA *pubkey;

	assert(pubkeyfile != NULL);
	assert(kdap != NULL);

	fp = NULL;
	pubkey = NULL;

	fp = fopen(pubkeyfile, "r");
	if (fp == NULL)
		err(1, "Unable to open %s", pubkeyfile);

	/*
	 * Obsolescent OpenSSL only knows about /dev/random, and needs to
	 * pre-seed before entering cap mode.  For whatever reason,
	 * RSA_pub_encrypt uses the internal PRNG.
	 */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
	{
		unsigned char c[1];
		RAND_bytes(c, 1);
	}
#endif

	if (caph_enter() < 0)
		err(1, "Unable to enter capability mode");

	pubkey = RSA_new();
	if (pubkey == NULL) {
		errx(1, "Unable to allocate an RSA structure: %s",
		    ERR_error_string(ERR_get_error(), NULL));
	}

	pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL);
	fclose(fp);
	fp = NULL;
	if (pubkey == NULL)
		errx(1, "Unable to read data from %s: %s", pubkeyfile,
		    ERR_error_string(ERR_get_error(), NULL));

	/*
	 * RSA keys under ~1024 bits are trivially factorable (2018).  OpenSSL
	 * provides an API for RSA keys to estimate the symmetric-cipher
	 * "equivalent" bits of security (defined in NIST SP800-57), which as
	 * of this writing equates a 2048-bit RSA key to 112 symmetric cipher
	 * bits.
	 *
	 * Use this API as a seatbelt to avoid suggesting to users that their
	 * privacy is protected by encryption when the key size is insufficient
	 * to prevent compromise via factoring.
	 *
	 * Future work: Sanity check for weak 'e', and sanity check for absence
	 * of 'd' (i.e., the supplied key is a public key rather than a full
	 * keypair).
	 */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	if (RSA_security_bits(pubkey) < 112)
#else
	if (RSA_size(pubkey) * 8 < 2048)
#endif
		errx(1, "Small RSA keys (you provided: %db) can be "
		    "factored cheaply.  Please generate a larger key.",
		    RSA_size(pubkey) * 8);

	kdap->kda_encryptedkeysize = RSA_size(pubkey);
	if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) {
		errx(1, "Public key has to be at most %db long.",
		    8 * KERNELDUMP_ENCKEY_MAX_SIZE);
	}

	kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
	if (kdap->kda_encryptedkey == NULL)
		err(1, "Unable to allocate encrypted key");

	/*
	 * If no cipher was specified, choose a reasonable default.
	 */
	if (kdap->kda_encryption == KERNELDUMP_ENC_NONE)
		kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20;
	else if (kdap->kda_encryption == KERNELDUMP_ENC_AES_256_CBC &&
	    kdap->kda_compression != KERNELDUMP_COMP_NONE)
		errx(EX_USAGE, "Unpadded AES256-CBC mode cannot be used "
		    "with compression.");

	arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key));
	if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key,
	    kdap->kda_encryptedkey, pubkey,
	    RSA_PKCS1_OAEP_PADDING) != (int)kdap->kda_encryptedkeysize) {
		errx(1, "Unable to encrypt the one-time key: %s",
		    ERR_error_string(ERR_get_error(), NULL));
	}
	RSA_free(pubkey);
}

/*
 * Run genkey() in a child so it can use capability mode without affecting
 * the rest of the runtime.
 */
static void
genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
{
	pid_t pid;
	int error, filedes[2], status;
	ssize_t bytes;

	if (pipe2(filedes, O_CLOEXEC) != 0)
		err(1, "pipe");
	pid = fork();
	switch (pid) {
	case -1:
		err(1, "fork");
		break;
	case 0:
		close(filedes[0]);
		_genkey(pubkeyfile, kdap);
		/* Write the new kdap back to the parent. */
		bytes = write(filedes[1], kdap, sizeof(*kdap));
		if (bytes != sizeof(*kdap))
			err(1, "genkey pipe write");
		bytes = write(filedes[1], kdap->kda_encryptedkey,
		    kdap->kda_encryptedkeysize);
		if (bytes != (ssize_t)kdap->kda_encryptedkeysize)
			err(1, "genkey pipe write kda_encryptedkey");
		_exit(0);
	}
	close(filedes[1]);
	/* Read in the child's genkey() result into kdap. */
	bytes = read(filedes[0], kdap, sizeof(*kdap));
	if (bytes != sizeof(*kdap))
		errx(1, "genkey pipe read");
	if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE)
		errx(1, "Public key has to be at most %db long.",
		    8 * KERNELDUMP_ENCKEY_MAX_SIZE);
	kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize);
	if (kdap->kda_encryptedkey == NULL)
		err(1, "Unable to allocate encrypted key");
	bytes = read(filedes[0], kdap->kda_encryptedkey,
	    kdap->kda_encryptedkeysize);
	if (bytes != (ssize_t)kdap->kda_encryptedkeysize)
		errx(1, "genkey pipe read kda_encryptedkey");
	error = waitpid(pid, &status, WEXITED);
	if (error == -1)
		err(1, "waitpid");
	if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
		errx(1, "genkey child exited with status %d",
		    WEXITSTATUS(status));
	else if (WIFSIGNALED(status))
		errx(1, "genkey child exited with signal %d",
		    WTERMSIG(status));
	close(filedes[0]);
}
#endif

static void
listdumpdev(void)
{
	static char ip[200];

	char dumpdev[PATH_MAX];
	struct diocskerneldump_arg ndconf;
	size_t len;
	const char *sysctlname = "kern.shutdown.dumpdevname";
	int fd;

	len = sizeof(dumpdev);
	if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) {
		if (errno == ENOMEM) {
			err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n",
				sysctlname);
		} else {
			err(EX_OSERR, "Sysctl get '%s'\n", sysctlname);
		}
	}
	if (strlen(dumpdev) == 0)
		(void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev));

	if (verbose) {
		char *ctx, *dd;
		unsigned idx;

		printf("kernel dumps on priority: device\n");
		idx = 0;
		ctx = dumpdev;
		while ((dd = strsep(&ctx, ",")) != NULL)
			printf("%u: %s\n", idx++, dd);
	} else
		printf("%s\n", dumpdev);

	/* If netdump is enabled, print the configuration parameters. */
	if (verbose) {
		fd = open(_PATH_NETDUMP, O_RDONLY);
		if (fd < 0) {
			if (errno != ENOENT)
				err(EX_OSERR, "opening %s", _PATH_NETDUMP);
			return;
		}
		if (ioctl(fd, DIOCGKERNELDUMP, &ndconf) != 0) {
			if (errno != ENXIO)
				err(EX_OSERR, "ioctl(DIOCGKERNELDUMP)");
			(void)close(fd);
			return;
		}

		printf("server address: %s\n",
		    inet_ntop(ndconf.kda_af, &ndconf.kda_server, ip,
			sizeof(ip)));
		printf("client address: %s\n",
		    inet_ntop(ndconf.kda_af, &ndconf.kda_client, ip,
			sizeof(ip)));
		printf("gateway address: %s\n",
		    inet_ntop(ndconf.kda_af, &ndconf.kda_gateway, ip,
			sizeof(ip)));
		(void)close(fd);
	}
}

static int
opendumpdev(const char *arg, char *dumpdev)
{
	int fd, i;

	if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
		strlcpy(dumpdev, arg, PATH_MAX);
	else {
		i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg);
		if (i < 0)
			err(EX_OSERR, "%s", arg);
		if (i >= PATH_MAX)
			errc(EX_DATAERR, EINVAL, "%s", arg);
	}

	fd = open(dumpdev, O_RDONLY);
	if (fd < 0)
		err(EX_OSFILE, "%s", dumpdev);
	return (fd);
}

int
main(int argc, char *argv[])
{
	char dumpdev[PATH_MAX];
	struct diocskerneldump_arg ndconf, *kdap;
	struct addrinfo hints, *res;
	const char *dev, *pubkeyfile, *server, *client, *gateway;
	int ch, error, fd;
	bool gzip, list, netdump, zstd, insert, rflag;
	uint8_t ins_idx;
#ifdef HAVE_CRYPTO
	int cipher = KERNELDUMP_ENC_NONE;
#endif

	gzip = list = netdump = zstd = insert = rflag = false;
	kdap = NULL;
	pubkeyfile = NULL;
	server = client = gateway = NULL;
	ins_idx = KDA_APPEND;

	while ((ch = getopt(argc, argv, "C:c:g:i:k:lrs:vZz")) != -1)
		switch ((char)ch) {
		case 'C':
#ifdef HAVE_CRYPTO
			if (strcasecmp(optarg, "chacha") == 0 ||
			    strcasecmp(optarg, "chacha20") == 0)
				cipher = KERNELDUMP_ENC_CHACHA20;
			else if (strcasecmp(optarg, "aes-cbc") == 0 ||
			    strcasecmp(optarg, "aes256-cbc") == 0)
				cipher = KERNELDUMP_ENC_AES_256_CBC;
			else
				errx(EX_USAGE, "Unrecognized cipher algorithm "
				    "'%s'", optarg);
			break;
#else
			errx(EX_USAGE,
			    "Built without crypto support, -C is unhandled.");
			break;
#endif
		case 'c':
			client = optarg;
			break;
		case 'g':
			gateway = optarg;
			break;
		case 'i':
			{
			int i;

			i = atoi(optarg);
			if (i < 0 || i >= KDA_APPEND - 1)
				errx(EX_USAGE,
				    "-i index must be between zero and %d.",
				    (int)KDA_APPEND - 2);
			insert = true;
			ins_idx = i;
			}
			break;
		case 'k':
			pubkeyfile = optarg;
			break;
		case 'l':
			list = true;
			break;
		case 'r':
			rflag = true;
			break;
		case 's':
			server = optarg;
			break;
		case 'v':
			verbose = 1;
			break;
		case 'Z':
			zstd = true;
			break;
		case 'z':
			gzip = true;
			break;
		default:
			usage();
		}

	if (gzip && zstd)
		errx(EX_USAGE, "The -z and -Z options are mutually exclusive.");

	if (insert && rflag)
		errx(EX_USAGE, "The -i and -r options are mutually exclusive.");

	argc -= optind;
	argv += optind;

	if (list) {
		listdumpdev();
		exit(EX_OK);
	}

	if (argc != 1)
		usage();

#ifdef HAVE_CRYPTO
	if (cipher != KERNELDUMP_ENC_NONE && pubkeyfile == NULL) {
		errx(EX_USAGE, "-C option requires a public key file.");
	} else if (pubkeyfile != NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
		ERR_load_crypto_strings();
#else
		if (!OPENSSL_init_crypto(0, NULL))
			errx(EX_UNAVAILABLE, "Unable to initialize OpenSSL");
#endif
	}
#else
	if (pubkeyfile != NULL)
		errx(EX_UNAVAILABLE,"Unable to use the public key."
				    " Recompile dumpon with OpenSSL support.");
#endif

	if (server != NULL && client != NULL) {
		dev = _PATH_NETDUMP;
		netdump = true;
	} else if (server == NULL && client == NULL && argc > 0) {
		if (strcmp(argv[0], "off") == 0) {
			rflag = true;
			dev = _PATH_DEVNULL;
		} else
			dev = argv[0];
		netdump = false;

		if (strcmp(dev, _PATH_DEVNULL) == 0) {
			/*
			 * Netdump has its own configuration tracking that
			 * is not removed when using /dev/null.
			 */
			fd = open(_PATH_NETDUMP, O_RDONLY);
			if (fd != -1) {
				bzero(&ndconf, sizeof(ndconf));
				ndconf.kda_index = KDA_REMOVE_ALL;
				ndconf.kda_af = AF_INET;
				error = ioctl(fd, DIOCSKERNELDUMP, &ndconf);
				if (error != 0)
					err(1, "ioctl(%s, DIOCSKERNELDUMP)",
					    _PATH_NETDUMP);
				close(fd);
			}
		}
	} else
		usage();

	fd = opendumpdev(dev, dumpdev);
	if (!netdump && !gzip && !zstd && !rflag)
		check_size(fd, dumpdev);

	kdap = &ndconf;
	bzero(kdap, sizeof(*kdap));

	if (rflag)
		kdap->kda_index = KDA_REMOVE;
	else
		kdap->kda_index = ins_idx;

	kdap->kda_compression = KERNELDUMP_COMP_NONE;
	if (zstd)
		kdap->kda_compression = KERNELDUMP_COMP_ZSTD;
	else if (gzip)
		kdap->kda_compression = KERNELDUMP_COMP_GZIP;

	if (netdump) {
		memset(&hints, 0, sizeof(hints));
		hints.ai_family = AF_INET;
		hints.ai_protocol = IPPROTO_UDP;
		res = NULL;
		error = getaddrinfo(server, NULL, &hints, &res);
		if (error != 0) {
			if (error == EAI_SYSTEM)
				err(EX_OSERR, "%s", gai_strerror(error));
			errx(EX_NOHOST, "%s", gai_strerror(error));
		}
		server = inet_ntoa(
		    ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr);
		freeaddrinfo(res);

		if (strlcpy(ndconf.kda_iface, argv[0],
		    sizeof(ndconf.kda_iface)) >= sizeof(ndconf.kda_iface))
			errx(EX_USAGE, "invalid interface name '%s'", argv[0]);
		if (inet_aton(server, &ndconf.kda_server.in4) == 0)
			errx(EX_USAGE, "invalid server address '%s'", server);
		if (inet_aton(client, &ndconf.kda_client.in4) == 0)
			errx(EX_USAGE, "invalid client address '%s'", client);

		if (gateway == NULL) {
			gateway = find_gateway(argv[0]);
			if (gateway == NULL) {
				if (verbose)
					printf(
				    "failed to look up gateway for %s\n",
					    server);
				gateway = server;
			}
		}
		if (inet_aton(gateway, &ndconf.kda_gateway.in4) == 0)
			errx(EX_USAGE, "invalid gateway address '%s'", gateway);
		ndconf.kda_af = AF_INET;
	}

#ifdef HAVE_CRYPTO
	if (pubkeyfile != NULL) {
		kdap->kda_encryption = cipher;
		genkey(pubkeyfile, kdap);
	}
#endif
	error = ioctl(fd, DIOCSKERNELDUMP, kdap);
	if (error != 0)
		error = errno;
	if (error == EINVAL && (gzip || zstd)) {
		/* Retry without compression in case kernel lacks support. */
		kdap->kda_compression = KERNELDUMP_COMP_NONE;
		error = ioctl(fd, DIOCSKERNELDUMP, kdap);
		if (error == 0)
			warnx("Compression disabled; kernel may lack gzip or zstd support.");
		else
			error = errno;
	}
	/* Emit a warning if the user configured a downed interface. */
	if (error == 0 && netdump)
		check_link_status(kdap->kda_iface);
	explicit_bzero(kdap->kda_encryptedkey, kdap->kda_encryptedkeysize);
	free(kdap->kda_encryptedkey);
	explicit_bzero(kdap, sizeof(*kdap));
	if (error != 0) {
		if (netdump) {
			/*
			 * Be slightly less user-hostile for some common
			 * errors, especially as users don't have any great
			 * discoverability into which NICs support netdump.
			 */
			if (error == ENODEV)
				errx(EX_OSERR, "Unable to configure netdump "
				    "because the interface driver does not yet "
				    "support netdump.");
		}
		errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)");
	}

	if (verbose)
		listdumpdev();

	exit(EX_OK);
}