/***********************************************************/

/*  ntux: native translation und extension                 */

/*  Copyright (C) 2016--2018  Z. Gilboa                    */

/*  Released under GPLv2 and GPLv3; see COPYING.NTUX.      */

/***********************************************************/

#include <psxabi/sys_sysapi.h>

#include <psxabi/sys_stat.h>

#include <psxabi/sys_errno.h>

#include <psxxfi/xfi_base.h>

#include <psxxfi/xfi_acl.h>

#include <psxxfi/xfi_fs.h>

#include <psxxfi/xfi_ofd.h>

#include <psxxfi/xfi_unicode.h>

#include <ntapi/nt_object.h>

#include <ntapi/nt_acl.h>

#include <ntapi/nt_file.h>

#include <ntux/ntux.h>

#include "ntux_driver_impl.h"

#include "ntux_nolibc_impl.h"

#include "ntux_errinfo_impl.h"

#define __SID_SYSTEM			{1,1,{{0,0,0,0,0,5}},{18}}

#define __SID_ADMINISTRATORS		{1,2,{{0,0,0,0,0,5}},{32,544}}

static const nt_sid    sid_system       = __SID_SYSTEM;

static const nt_sid_os sid_admins       = __SID_ADMINISTRATORS;

static int ntux_cmd_chmod_ret(int fd, struct __ofd * ofd, void * hasync, int ret)

{

	if (hasync)

		__xfi_close_handle(hasync);

	if (ofd)

		__xfi_ofd_ref_dec(ofd);

	if (fd >= 0)

		__sys_close(fd);

	return ret;

}

static nt_sid * ntux_cmd_chmod_sid_from_name(const char * name)

{

	if (!strcmp(name,"Administrators"))

		return (nt_sid *)&sid_admins;

	else if (!strcmp(name,"SYSTEM"))

		return (nt_sid *)&sid_system;

	else

		return 0;

}

int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit)

{

	intptr_t		ret;

	int32_t			status;

	int			fdout;

	int			fdcwd;

	const unsigned char *	unit;

	nt_sd *			srcsd;

	nt_sd_common_buffer	dstsd;

	nt_sd_common_meta	meta;

	nt_sid *		owner;

	nt_sid *		group;

	uint32_t		access_owner;

	uint32_t		access_group;

	uint32_t		access_other;

	uint32_t		access_admin;

	uint32_t		ace_flags;

	uint32_t		sec_mask;

	size_t			size;

	int			fd      = -1;

	struct __ofd *		ofd     = 0;

	void *			hasync  = 0;

	uint32_t		buf[0x300];

	/* ACE propagation: +p, -p */

	if (!dctx->cctx->strmode)

		ace_flags = 0;

	else if (!strcmp(dctx->cctx->strmode,"+p"))

		ace_flags = NT_ACE_CONTAINER_INHERIT | NT_ACE_OBJECT_INHERIT;

	else if (!strcmp(dctx->cctx->strmode,"-p"))

		ace_flags = 0;

	else

		return ntux_cmd_chmod_ret(

			0,0,0,

			NTUX_CUSTOM_ERROR(

				dctx,

				NTUX_ERR_FLEE_ERROR));

	/* initial --owner and --group support: Administrators, SYSTEM */

	owner = 0;

	group = 0;

	if (dctx->cctx->owner)

		if (!(owner = ntux_cmd_chmod_sid_from_name(dctx->cctx->owner)))

			return ntux_cmd_chmod_ret(

				0,0,0,

				NTUX_CUSTOM_ERROR(

					dctx,

					NTUX_ERR_NOT_IMPLEMENTED));

	if (dctx->cctx->group)

		if (!(group = ntux_cmd_chmod_sid_from_name(dctx->cctx->group)))

			return ntux_cmd_chmod_ret(

				0,0,0,

				NTUX_CUSTOM_ERROR(

					dctx,

					NTUX_ERR_NOT_IMPLEMENTED));

	/* init */

	ntux_driver_set_ectx(

		dctx,0,dunit);

	unit = (const unsigned char *)dunit;

	/* fdctx */

	fdout = ntux_driver_fdout(dctx);

	fdcwd = ntux_driver_fdcwd(dctx);

	/* fd */

	if ((ret = __sys_openat(fdcwd,unit,0,0)) < 0)

		if (ntux_errno_set(dctx,ret))

			return ntux_cmd_chmod_ret(

				0,0,0,

				NTUX_SYSTEM_ERROR(dctx));

	fd = ret;

	/* ofd */

	if (!(ofd = __xfi_ofd_ref_inc(fd)))

		return ntux_cmd_chmod_ret(

			fd,0,0,

			NTUX_CUSTOM_ERROR(

				dctx,

				NTUX_ERR_FLOW_ERROR));

	/* hasync */

	sec_mask  = NT_SEC_READ_CONTROL;

	sec_mask |= NT_SEC_WRITE_DAC;

	sec_mask |= owner ? NT_SEC_WRITE_OWNER : 0;

	if ((status = __xfi_fs_open_async(

			&hasync,

			ofd->info.hfile,0,

			sec_mask,

			NT_FILE_SHARE_READ

				| NT_FILE_SHARE_WRITE

				| NT_FILE_SHARE_DELETE)))

		if (ntux_errno_set(dctx,EACCES))

			return ntux_cmd_chmod_ret(

				fd,ofd,0,

				NTUX_SYSTEM_ERROR(dctx));

	/* srcsd */

	srcsd = (nt_sd *)buf;

	if ((status = __xfi_query_security_object(

			hasync,

			NT_OWNER_SECURITY_INFORMATION

				| NT_GROUP_SECURITY_INFORMATION

				| NT_DACL_SECURITY_INFORMATION,

			srcsd,sizeof(buf),&size)))

		if (ntux_errno_set(dctx,ENXIO))

			return ntux_cmd_chmod_ret(

				fd,ofd,hasync,

				NTUX_SYSTEM_ERROR(dctx));

	if ((status = __xfi_acl_init_common_descriptor_meta(

			&meta,srcsd,

			NT_ACL_INIT_COMMON_DESCRIPTION_META_STRICT_MODE)))

		if (ntux_errno_set(dctx,EBADF))

			return ntux_cmd_chmod_ret(

				fd,ofd,hasync,

				NTUX_SYSTEM_ERROR(dctx));

	/* source permissions */

	access_owner  = meta.owner_ace  ? meta.owner_ace->mask  : 0;

	access_group  = meta.group_ace  ? meta.group_ace->mask  : 0;

	access_other  = meta.other_ace  ? meta.other_ace->mask  : 0;

	access_admin  = meta.admin_ace  ? meta.admin_ace->mask  : 0;

	/* initial --strmode support, retaining previous options as needed */

	if (!dctx->cctx->strmode) {

		ace_flags |= meta.owner_ace  ? meta.owner_ace->header.ace_flags : 0;

		ace_flags |= meta.group_ace  ? meta.group_ace->header.ace_flags : 0;

		ace_flags |= meta.other_ace  ? meta.other_ace->header.ace_flags : 0;

		ace_flags |= meta.admin_ace  ? meta.admin_ace->header.ace_flags : 0;

	}

	/* updated dacl */

	__xfi_acl_init_common_descriptor(

		&dstsd,

		owner ? owner : meta.owner,

		group ? group : meta.group,

		0,0,

		access_owner,access_group,access_other,

		access_admin,meta.system_acc,

		ace_flags);

	sec_mask  = NT_DACL_SECURITY_INFORMATION;

	sec_mask |= owner ? NT_OWNER_SECURITY_INFORMATION : 0;

	if ((status = __xfi_set_security_object(

			hasync,sec_mask,&dstsd.sd)))

		if (ntux_errno_set(dctx,EPERM))

			return ntux_cmd_chmod_ret(

				fd,ofd,hasync,

				NTUX_SYSTEM_ERROR(dctx));

	/* changes */

	(void)fdout;

	/* all done */

	return ntux_cmd_chmod_ret(fd,ofd,hasync,0);

}