/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
 */

/*
 * Ruby binding for libbsm used by Puppet to record audit events
 */

#include <ruby.h>
#include <pwd.h>
#include <nss_dbdefs.h>
#include <bsm/adt.h>
#include <bsm/adt_event.h>

VALUE cPuppetAudit;

VALUE
audit_new(VALUE class)
{
	adt_session_data_t	*ah;
	VALUE			data;

	if (adt_start_session(&ah, NULL, 0) != 0) {
		perror("puppet adt_start_session");
		exit(1);
	}
	data = Data_Wrap_Struct(class, 0, 0, ah);
	rb_obj_call_init(data, 0, 0);
	return (data);
}

static VALUE
audit_init(VALUE self)
{
	adt_session_data_t	*ah;
	adt_termid_t		*tid;
	struct passwd		pwd, *result;
	char			*buffer;
	size_t			size = NSS_BUFLEN_PASSWD;

	Data_Get_Struct(self, adt_session_data_t, ah);

	if (adt_load_hostname(NULL, &tid) != 0) {
		perror("puppet adt_load_hostname");
		(void) adt_end_session(ah);
		exit(1);
	}

	if ((buffer = malloc(size)) == NULL)
		exit(1);

	/* set "puppet" as user name and preselection */
	if (getpwnam_r("puppet", &pwd, buffer, size, &result) != 0) {
		perror("puppet getpwnam_r(puppet)");
		(void) adt_end_session(ah);
		free(buffer);
		exit(1);
	}

	if (result == NULL) {
		perror("puppet getpwnam_r(puppet)");
		(void) adt_end_session(ah);
		free(buffer);
		exit(1);
	}

	if (adt_set_user(ah, result->pw_uid, result->pw_gid, result->pw_uid,
	    result->pw_gid, tid, ADT_NEW) != 0) {
		perror("puppet adt_set_user");
		free(tid);
		(void) adt_end_session(ah);
		free(buffer);
		exit(1);
	}
	free(tid);

	/* set audit context on this process */
	if (adt_set_proc(ah) != 0) {
		perror("puppet adt_set_proc");
		(void) adt_end_session(ah);
		free(buffer);
		exit(1);
	}
	free(buffer);
	return (self);
}

static VALUE
audit_start(VALUE self)
{
	adt_event_data_t	*event;
	adt_session_data_t	*ah;

	Data_Get_Struct(self, adt_session_data_t, ah);

	if ((event = adt_alloc_event(ah, ADT_puppet_session_start)) == NULL) {
		perror("adt_alloc_event(ADT_puppet_session_start)");
		(void) adt_end_session(ah);
		ah = NULL;
	} else {
		if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
			perror("adt_put_event(ADT_puppet_session_start)");
		}
		adt_free_event(event);
	}
	return (self);
}

static VALUE
audit_stop(VALUE self)
{
	adt_event_data_t	*event;
	adt_session_data_t	*ah;

	Data_Get_Struct(self, adt_session_data_t, ah);

	if ((event = adt_alloc_event(ah, ADT_puppet_session_end)) == NULL) {
		perror("adt_alloc_event(ADT_puppet_session_end)");
	} else {
		if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
			perror("adt_put_event(ADT_puppet_session_end)");
		}
		adt_free_event(event);
	}
	return (self);
}

static VALUE
audit_teardown(VALUE self)
{
	adt_session_data_t	*ah;

	Data_Get_Struct(self, adt_session_data_t, ah);

	(void) adt_end_session(ah);
	return (self);
}

void
Init_PuppetAudit()
{
	cPuppetAudit = rb_define_class("PuppetAudit", rb_cObject);
	rb_define_singleton_method(cPuppetAudit, "new", audit_new, 0);
	rb_define_method(cPuppetAudit, "initialize", audit_init, 0);
	rb_define_method(cPuppetAudit, "audit_start", audit_start, 0);
	rb_define_method(cPuppetAudit, "audit_stop", audit_stop, 0);
	rb_define_method(cPuppetAudit, "audit_teardown", audit_teardown, 0);
}