/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */


#include <stdio.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>	/* creat() declaration */
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
#include <grp.h>
#include <locale.h>
#include <libintl.h>
#include <pkglib.h>
#include "install.h"
#include "libadm.h"
#include "libinst.h"
#include "pkginstall.h"
#include "messages.h"

extern char	tmpdir[], instdir[];
extern int	pkgverbose;

static int	do_exec(int update, char *script, char *output,
			char *inport, char *alt_user);
static char	path[PATH_MAX];
static char	*resppath = NULL;
static int	fd;
static int	respfile_defined = 0;
static int	respfile_ro = 0;	/* read only resp file */

/*
 * This informs the calling routine if a read-only response file has been
 * provided on the command line.
 */
int
rdonly_respfile(void)
{
	return (respfile_ro);
}

int
is_a_respfile(void)
{
	return (respfile_defined);
}

/*
 * This function creates a working copy of the checkinstall script.
 * This is needed in situations where the packages parent directories modes
 * are set too restrictively, i.e. 700.
 *
 * Returns: A pointer to the location of the copied checkinstall
 * script or NULL
 */

char *
dup_chkinstall(char *script)
{
	char	*dstpath;
	size_t	dstpathLen;
	int	r;
static	char	*tmpname = "checkinstallXXXXXX";

	/* determine length for destination script path */

	dstpathLen = strlen(tmpdir) + strlen(tmpname) + 3;

	/* allocate storage to hold destination script path */

	dstpath = (char *)malloc(dstpathLen);
	if (dstpath == (char *)NULL) {
		return ((char *)NULL);
	}

	/* create destination script path */

	(void) snprintf(dstpath, dstpathLen, "%s/%s", tmpdir, tmpname);

	if (mktemp(dstpath) == NULL) {
		progerr(ERR_TMPFILE_CHK);
		(void) free(dstpath);
		return (NULL);
	}

	/* make copy of script */

	r = copyf(script, dstpath, (time_t)0);
	if (r != 0) {
		progerr(ERR_CANNOT_COPY, script, dstpath);
		return (NULL);
	}

	/* Make the copy of the script readable by all */

	if (chmod(dstpath, 0444) != 0) {
		progerr(ERR_CHMOD_CHK);
		(void) free(dstpath);
		return (NULL);
	}

	return (dstpath);
}

/*
 * This function creates a temporary working copy of a read-only response
 * file. It changes the resppath pointer to point to the working copy.
 */
static int
dup_respfile(void)
{
	char	tpath[PATH_MAX];
	int	r;

	(void) strlcpy(tpath, path, sizeof (tpath));

	(void) snprintf(path, sizeof (path), "%s/respXXXXXX", tmpdir);

	resppath = mktemp(path);
	if (resppath == NULL) {
		progerr(ERR_TMPRESP);
		return (99);
	}

	/* Copy the contents of the user's response file to the working copy. */

	r = copyf(tpath, resppath, (time_t)0);
	if (r != 0) {
		progerr(ERR_NORESPCOPY, tpath, resppath);
		return (99);
	}

	/*
	 * Make it writable by the non-privileged installation user-id,
	 * but readable by the world.
	 */

	if (chmod(resppath, 0644) != 0) {
		progerr(ERR_CHMOD, resppath);
		return (99);
	}

	respfile_ro = 0;

	return (0);
}

/*
 * This function establishes the response file passed on the command line if
 * it's called with a valid string. If called with NULL, it checks to see if
 * there's a response file already. If there isn't, it creates a temporary.
 */
int
set_respfile(char *respfile, char *pkginst, int resp_stat)
{
	if (respfile == NULL && !respfile_defined) {
		/* A temporary response file needs to be constructed. */
		(void) snprintf(path, sizeof (path), "%s/respXXXXXX", tmpdir);
		resppath = mktemp(path);
		if (resppath == NULL) {
			progerr(ERR_TMPRESP);
			return (99);
		}
	} else {
		/* OK, we're being passed a response file or directory. */
		if (isdir(respfile) == 0) {
			(void) snprintf(path, sizeof (path),
				"%s/%s", respfile, pkginst);
		} else {
			(void) strlcpy(path, respfile, sizeof (path));
		}

		resppath = path;
		respfile_ro = resp_stat;
	}

	respfile_defined++;

	return (0);
}

/* This exposes the working response file. */
char *
get_respfile(void)
{
	return (resppath);
}

/*
 * Execute the request script if present assuming the response file
 * isn't read only.
 */
int
reqexec(int update, char *script, int non_abi_scripts,
	boolean_t enable_root_user)
{
	char	*req_user;

	/*
	 * determine which alternative user to execute the request script as
	 * if the default user "install" is not defined.
	 */

	if (enable_root_user == B_TRUE) {
		/* use the root user */
		req_user = CHK_USER_ROOT;
	} else if (non_abi_scripts != 0) {
		/* non-compliant package user */
		req_user = CHK_USER_NON;
	} else {
		/* standard non-privileged user */
		req_user = CHK_USER_ALT;
	}

	/*
	 * If we can't get to the the script or the response file, skip this.
	 */
	if (access(script, F_OK) != 0 || respfile_ro)
		return (0);

	/* No interact means no interact. */
	if (echoGetFlag() == B_FALSE) {
		ptext(stderr, ERR_INTR);
		return (5);
	}

	/* If there's no response file, create one. */
	if (!respfile_defined)
		if (set_respfile(NULL, NULL, 0))
			return (99);

	/* Clear out the old response file (if there is one). */
	if ((access(resppath, F_OK) == 0) && unlink(resppath)) {
		progerr(ERR_RMRESP, resppath);
		return (99);
	}

	/*
	 * Create a zero length response file which is only writable
	 * by the non-privileged installation user-id, but is readable
	 * by the world
	 */
	if ((fd = open(resppath, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644)) < 0) {
		progerr(ERR_CRERESP, resppath);
		return (99);
	}
	(void) close(fd);

	return (do_exec(update, script, resppath, REQ_STDIN, req_user));
}

int
chkexec(int update, char *script)
{
	/*
	 * If we're up against a read-only response file from the command
	 * line. Create a working copy.
	 */
	if (respfile_ro) {
		if (dup_respfile())

			return (99);

		/* Make sure we can get to it. */
		if ((access(resppath, F_OK) != 0)) {
			progerr(ERR_ACCRESP, resppath);
			return (7);
		}
	}

	/* If there's no response file, create a fresh one. */
	else if (!respfile_defined) {
		if (set_respfile(NULL, NULL, 0))
			return (99);

		/*
		 * create a zero length response file which is only writable
		 * by the non-priveledged installation user-id, but is readable
		 * by the world
		 */
		fd = open(resppath, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644);
		if (fd < 0) {
			progerr(ERR_CRERESP, resppath);
			return (99);
		}
		(void) close(fd);
	}

	return (do_exec(update, script, resppath, CHK_STDIN, CHK_USER_ALT));
}

static int
do_exec(int update, char *script, char *output, char *inport, char *alt_user)
{
	char		*gname;
	char		*tmp_script;
	char		*uname;
	gid_t		instgid;
	int		retcode = 0;
	struct group	*grp;
	struct passwd	*pwp;
	uid_t		instuid;

	/*
	 * Determine which user to run the request script as:
	 * - if CHK_USER is a valid user, run the script as CHK_USER
	 * - otherwise, if alt_user is a valid user, run the script
	 * -- as alt_user
	 * - otherwise, output an error message and return failure
	 */

	if ((pwp = getpwnam(CHK_USER)) != (struct passwd *)NULL) {
		instuid = pwp->pw_uid;
		uname = CHK_USER;
	} else if ((pwp = getpwnam(alt_user)) != (struct passwd *)NULL) {
		instuid = pwp->pw_uid;
		uname = alt_user;
	} else {
		ptext(stderr, ERR_BADUSER, CHK_USER, CHK_USER_ALT);
		return (1);
	}

	/*
	 * Determine which group to run the request script as:
	 * - If CHK_GRP is a valid group, run the script as CHK_GRP
	 * - otherwise, assume group "1" user "other"
	 */

	if ((grp = getgrnam(CHK_GRP)) != (struct group *)NULL) {
		instgid = grp->gr_gid;
		gname = CHK_GRP;
	} else {
		instgid = (gid_t)1;	/* "other" group id */
		gname = "other";	/* "other" group name */
	}

	echoDebug(DBG_DO_EXEC_REQUEST_USER, script, output, uname, instuid,
		gname, instgid);

	(void) chown(output, instuid, instgid);

	/*
	 * Copy the checkinstall script to tmpdir in case parent directories
	 * are restrictive, i.e. 700. Only do this for non updates, i.e.
	 * package installs and not patch package installs.
	 */
	if (update) {
		tmp_script = strdup(script);
	} else if ((tmp_script = dup_chkinstall(script)) == NULL) {
		/* Use the original checkinstall script */
		tmp_script = strdup(script);
	}

	if (pkgverbose)
		retcode = pkgexecl(inport, CHK_STDOUT, uname, CHK_GRP, SHELL,
		    "-x", tmp_script, output, NULL);
	else
		retcode = pkgexecl(inport, CHK_STDOUT, uname, CHK_GRP, SHELL,
		    tmp_script, output, NULL);

	free(tmp_script);
	return (retcode);
}