/*
 * Copyright (C) 2013 - Alejandro T. Colombini
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

#include <stdio.h>
#include <string.h>
#include <mysql/plugin_auth.h>
#include <mysql.h>

#define MAX_BUFFER_SIZE		256
#define CONFIG_FILE			_CONFIG_DIR"/proxy_auth.cnf"
#define SQL_FILE			_SQL_DIR"/proxy_auth.sql"

static char * strcat_quoted (char * query, const char * str, int str_len)
{
	int quoted_len = str_len + 2;
	char *buff, q[quoted_len];

	buff = stpcpy (q, "'");
	buff = stpcpy (buff, str);
	buff = stpcpy (buff, "'");
	strcat (query, q);
	return query;
}

static char * get_stmt (const char * user, int user_len, const char * pass, int pass_len)
{
	long stmt_len, q_len;
	size_t prev;
	char * buffer, * query;
	FILE * file;

	if (!(file = fopen (SQL_FILE, "r")))
		return NULL;

//	Get the size of file

	if (fseek (file, 0, SEEK_END) < 0
	|| (stmt_len = ftell (file)) < 0
	|| fseek (file, 0, SEEK_SET) < 0)
	{
		fclose (file);
		return NULL;
	}

	char stmt[stmt_len + 1];

//	Get the contents of file

	if (fread (stmt, stmt_len, 1, file) < 1)
	{
		fclose (file);
		return NULL;
	}

	fclose (file);
	stmt[stmt_len] = '\0';

	q_len = stmt_len + user_len + pass_len + 1;
	query = malloc (q_len);
	strcpy (query, "");

//	Substitute #user and #pass in stmt by the contents of user and pass

	buffer = stmt;
	prev = (size_t) stmt;

	while ((buffer = strstr (buffer, "#")))
	{
		int offset = 1, tok_len = 5;
		char token[tok_len + 1];

		strncat (query, (char *) prev, (size_t) (buffer - prev));
		strncpy (token, buffer, tok_len);
		token[tok_len] = '\0';

		if (!strcmp (token, "#user"))
		{
			strcat_quoted (query, user, user_len);
			offset = tok_len;
		}
		else if (!strcmp (token, "#pass"))
		{
			strcat_quoted (query, pass, pass_len);
			offset = tok_len;
		}
		else
			strcat (query, "#");

		buffer = buffer + offset;
		prev = (size_t) buffer;
	}

	strncat (query, (char *) prev, prev);
	return query;
}

static int proxy_auth_main (MYSQL_PLUGIN_VIO * vio, MYSQL_SERVER_AUTH_INFO * info)
{
	int i = 0, res = CR_ERROR;
	int pass_len, name_len = info->user_name_length;
	unsigned char * pkt;
	char buffer[MAX_BUFFER_SIZE], config[3][MAX_BUFFER_SIZE];
	char * query;
	FILE * file;
	MYSQL conn;

//	Check for the username

	if (info->user_name == NULL)
		if ((name_len = vio->read_packet(vio, &pkt)) < 0)
			return CR_ERROR;

	if (name_len > MYSQL_USERNAME_LENGTH)
		return CR_ERROR;

//	Read the password and check if it's valid

	if ((pass_len = vio->read_packet (vio, &pkt)) < 0)
		return CR_ERROR;

	if (!pass_len || *pkt == '\0')
	{
		info->password_used = PASSWORD_USED_NO;
		return CR_ERROR;
	}

	char pass[pass_len + 1];
	memcpy (pass, pkt, pass_len);
	pass[pass_len] = '\0';

	info->password_used = PASSWORD_USED_YES;

//	Get connection data from CONFIG_FILE

	if (!(file = fopen (CONFIG_FILE, "r")))
		return CR_ERROR;

	while (i < 3 && fgets (buffer, MAX_BUFFER_SIZE, file))
		if (buffer[0] != '#'
		&& buffer[0] != '\n'
		&& buffer[0] != ' ')
		{
			int len;
			strcpy (config[i], buffer);
			len = strlen (config[i]);
			config[i][len-1] = '\0';
			i++;
		}

	if (i < 3)
		return CR_ERROR;

	fclose (file);

//	Connect to the database

	mysql_init (&conn);

	if (!mysql_real_connect (&conn,
		NULL, config[0], config[1], config[2], 0, "/var/run/mysqld/mysqld.sock", 0))
	{
		mysql_close (&conn);
		return CR_ERROR;
	}

//	Form the query, send it and then set the results on info

	if (!(query = get_stmt (info->user_name, name_len, pass, pass_len)))
	{
		mysql_close (&conn);
		return CR_ERROR;
	}

	if (!mysql_query (&conn, query))
	{
		MYSQL_RES * result;

		if ((result = mysql_store_result (&conn)))
		{
			MYSQL_ROW row = mysql_fetch_row (result);

			if (row && row[0])
			{
				unsigned long row_len = mysql_fetch_lengths (result)[0];

				if (row_len > 0 && row_len <= MYSQL_USERNAME_LENGTH)
				{
					strcpy (info->external_user, info->user_name);
					strncpy (info->authenticated_as, row[0], row_len);
					res = CR_OK;
				}
			}

			mysql_free_result (result);
		}
	}

	mysql_close (&conn);
	free (query);
	return res;
}

static struct st_mysql_auth proxy_auth_handler =
{
	 MYSQL_AUTHENTICATION_INTERFACE_VERSION
	,"mysql_clear_password" // Cleartext plugin required in the client
	,proxy_auth_main
};

mysql_declare_plugin(proxy_auth)
{
	 MYSQL_AUTHENTICATION_PLUGIN
	,&proxy_auth_handler
	,"proxy_auth"
	,"Alejandro T. Colombini"
	,"Proxy user authentication server-side plugin"
	,PLUGIN_LICENSE_GPL
	,NULL
	,NULL
	,0x0100 // version 1.0
	,NULL
	,NULL
	,NULL
	,0
}
mysql_declare_plugin_end;