#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <crypt.h>
#if 0 /* FRITZBOX */
#ifdef HAVE_SHADOW_H
#include <shadow.h>
#endif
#endif /* FRITZBOX */
#ifdef TIME_WITH_SYS_TIME
#  include <sys/time.h>
#  include <time.h>
#else
#  ifdef HAVE_SYS_TIME_H
#    include <sys/time.h>
#  else
#    include <time.h>
#  endif
#endif
#include <sys/wait.h>
#include <errno.h>
#include <signal.h>
typedef void (*sighandler_t)(int);


#include "usermap.h"

#include "extern.h"



/* If name is "ftp" or "anonymous", the name is not in
   PATH_FTPUSERS, and ftp account exists, set cred, then just return.
   If account doesn't exist, ask for passwd anyway.  Otherwise, check user
   requesting login privileges.  Disallow anyone who does not have a standard
   shell as returned by getusershell().  Disallow anyone mentioned in the file
   PATH_FTPUSERS to allow people such as root and uucp to be avoided.  */

int
auth_user (const char *display_name, const char *real_name, struct credentials *pcred)
{

#if 1 // FRITZBOX
	char map_buffer[64];
	real_name = usermap_mapuser(real_name, map_buffer, sizeof(map_buffer));
#endif

  pcred->guest = 0;

  switch (pcred->auth_type)
    {
#ifdef WITH_PAM
    case AUTH_TYPE_PAM:
#error WITH_PAM not supported (name may be 0)
      return pam_user (name, pcred);
#endif
#ifdef WITH_KERBEROS
    case AUTH_TYPE_KERBEROS:
      return -1;
#endif
#ifdef WITH_KERBEROS5
    case AUTH_TYPE_KERBEROS5:
      return -1;
#endif
#ifdef WITH_OPIE
    case AUTH_TYPE_OPIE:
      return -1;
#endif
    case AUTH_TYPE_PASSWD:
    default:
      {
	size_t len;
	if (pcred->message)
	  free (pcred->message);
	len = 64 + strlen (display_name);
	pcred->message = calloc (1, len);
	if (pcred->message == NULL)
	  return -1;

#if 0 /* FRITZBOX */
	/* check for anonymous logging */
	if (strcmp (real_name, "ftp") == 0
	    || strcmp (real_name, "anonymous") == 0)
	  {
	    int err = 0;
	    if (checkuser (PATH_FTPUSERS , "ftp")
		|| checkuser (PATH_FTPUSERS, "anonymous"))
	      {
		snprintf (pcred->message, len, "User %s access denied.", display_name);
		err = 1;
	      }
	    else if (sgetcred ("ftp", pcred) == 0)
	      {
		pcred->guest = 1;
		strcpy (pcred->message,
			"Guest login ok, type your name as password.");
	      }
	    else
	      {
		snprintf (pcred->message, len, "User %s unknown.", display_name);
		err = 1;
	      }
	    return err;
	  }
#endif

	int failed = 1;
	if (pcred->access_from_internet) {
		size_t rnlen = strlen(real_name) + 3 + 1;
		char * real_name_internet = calloc(1, rnlen);
		if (real_name_internet) {
			snprintf(real_name_internet, rnlen, "%sint", real_name);
			failed = sgetcred (display_name, real_name_internet, pcred);
			free(real_name_internet);
		}
	} else {
		failed = sgetcred (display_name, real_name, pcred);
	}
	if (failed) {
		free(pcred->message);
		pcred->message = 0;
		return 1;
	}
#if 1 /* FRITZBOX */
	pcred->dochroot = 0;
#else
	pcred->dochroot = checkuser(PATH_FTPCHROOT, pcred->name);
#endif

	snprintf (pcred->message, len,
		  "Password required for %s.", display_name);
	return 0;
      }
    } /* switch (auth_type) */
  return -1;
}

// check if GUI should behave as near as possible like a firmware without boxusers (pre PERF12)
int IsPrePERF12CompatibilityMode(void)
{
	return usermap_is_compatibility_mode();
}

int IsSkipAuthenticationFromHomenetwork(/*OUT*/char **pskip_username)
{
	return usermap_is_skip_auth_from_homenetwork(pskip_username);
}


static int CheckPassword(const char *passwd, const char *cred_passwd)
{
	char *xpasswd;
	const char *salt = cred_passwd;
	/* Try to authenticate the user.  */
	if (cred_passwd == NULL || *cred_passwd == '\0')
	  return 1; /* Failed. */

#if 1 /* FRITZBOX */
	if (0 == strcmp(cred_passwd, "any")) {
		return 0; /* OK, no PW check */
	}
#endif

	xpasswd = CRYPT (passwd, salt);

	int fail = (!xpasswd || strcmp (xpasswd, cred_passwd) != 0);
	return fail;
}

int
auth_pass (const char *passwd, struct credentials *pcred)
{
  switch (pcred->auth_type)
    {
#ifdef WITH_PAM
    case AUTH_TYPE_PAM:
      return pam_pass (passwd, pcred);
#endif
#ifdef WITH_KERBEROS
    case AUTH_TYPE_KERBEROS:
      return -1;
#endif
#ifdef WITH_KERBEROS5
    case AUTH_TYPE_KERBEROS5:
      return -1;
#endif
#ifdef WITH_OPIE
    case AUTH_TYPE_OPIE:
      return -1;
#endif
    case AUTH_TYPE_PASSWD:
    default:
      return CheckPassword(passwd, pcred->passwd);
    } /* switch (auth_type) */
  return -1;
}

int
sgetcred (const char *display_name, const char *real_name, struct credentials *pcred)
{
  struct passwd *p;

  p = getpwnam (real_name);
  if (p == NULL)
    return 1;

  if (pcred->name)
    free (pcred->name);
  if (pcred->display_name)
    free (pcred->display_name);
  if (pcred->passwd)
    free (pcred->passwd);
  if (pcred->homedir)
    free (pcred->homedir);
  if (pcred->rootdir)
    free (pcred->rootdir);
  if (pcred->shell)
    free (pcred->shell);

#if 0 /* FRITZBOX - no shadow */
#if defined(HAVE_GETSPNAM) && defined(HAVE_SHADOW_H)
  if (p->pw_passwd == NULL || strlen (p->pw_passwd) == 1)
    {
      struct  spwd *spw;

      setspent ();
      spw = getspnam (p->pw_name);
      if (spw != NULL)
	{
	  time_t now;
	  long today;
	  now = time ((time_t *) 0);
	  today = now / (60 * 60 * 24);
	  if ((spw->sp_expire > 0 && spw->sp_expire < today)
	      || (spw->sp_max > 0 && spw->sp_lstchg > 0
		  && (spw->sp_lstchg + spw->sp_max < today)))
	    {
	      /*reply (530, "Login expired."); */
	      p->pw_passwd = NULL;
	    }
	  else
	    p->pw_passwd = spw->sp_pwdp;
	}
      endspent ();
    }
#endif
#endif /* FRITZBOX - no Shadow */

  pcred->uid = p->pw_uid;
  pcred->gid = p->pw_gid;
  pcred->name = sgetsave (p->pw_name);
  pcred->display_name = sgetsave (display_name);
  pcred->passwd = sgetsave (p->pw_passwd);
#if 1 // FRITZBOX
  pcred->rootdir = sgetsave ("/root-not-set");
  pcred->homedir = sgetsave ("/home-not-set");
#else
  pcred->rootdir = sgetsave (p->pw_dir);
  pcred->homedir = sgetsave ("/");
#endif
  pcred->shell = sgetsave (p->pw_shell);

  return 0;
}