#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "selinux_internal.h"
#include "context_internal.h"
#include <selinux/get_context_list.h>

/* context_menu - given a list of contexts, presents a menu of security contexts
 *            to the user.  Returns the number (position in the list) of
 *            the user selected context.
 */
static int context_menu (security_context_t *list)
{
    int i;              /* array index                        */
    int choice = 0;     /* index of the user's choice         */
    char response[10];  /* string to hold the user's response */

    printf ("\n\n");
    for (i = 0; list[i]; i++)
            printf ("[%d] %s\n", i+1, list[i]);

    while ((choice < 1) || (choice > i))
    {
        printf ("Enter number of choice: ");
        fflush (stdin);
        if (fgets (response, sizeof (response), stdin) == NULL)
		continue;
        fflush (stdin);
        choice = strtol (response, NULL, 10);
    }
 
    return (choice-1);
}


/* query_user_context - given a list of context, allow the user to choose one.  The 
 *                  default is the first context in the list.  Returns 0 on
 *                  success, -1 on failure
 */
int query_user_context (security_context_t *list, 
			security_context_t *usercon)
{
    char response[10] ;      /* The user's response                        */
    int choice;              /* The index in the list of the sid chosen by
                                the user                                   */

    if (!list[0])
	    return -1;

    printf ("\nYour default context is %s.\n", list[0]);
    if (list[1]) {
            printf ("Do you want to choose a different one? [n]");
            fflush (stdin);
            if (fgets (response, sizeof (response), stdin) == NULL)
		return -1;
            fflush (stdin);

            if ((response[0] == 'y') || (response[0] == 'Y'))
            {
                choice = context_menu (list);
		*usercon = strdup(list[choice]);
		if (!(*usercon))
			return -1;
		return 0;
            } 

	    *usercon = strdup(list[0]);
	    if (!(*usercon))
		    return -1;
    } else {
	    *usercon = strdup(list[0]);
	    if (!(*usercon))
		    return -1;
    }

    return 0;
}


/* get_field - given fieldstr - the "name" of a field, query the user 
 *             and set the new value of the field
 */
static void get_field (const char* fieldstr, char* newfield, int newfieldlen)
{
    int done = 0;  /* true if a non-empty field has been obtained */
 
    while (!done)  /* Keep going until we get a value for the field */
    {
        printf ("\tEnter %s ", fieldstr);
        fflush (stdin);
        if (fgets (newfield, newfieldlen, stdin) == NULL)
	    continue;
        fflush (stdin);
	if (newfield[strlen(newfield)-1] == '\n')
	    newfield[strlen(newfield)-1] = '\0';
 
        if (strlen(newfield) == 0)  
        {
            printf ("You must enter a %s\n", fieldstr);
        }
        else
        {
            done = 1;
        }
    }
}


/* manual_user_enter_context - provides a way for a user to manually enter a
 *                     context in case the policy doesn't allow a list
 *                     to be obtained.
 *                     given the userid, queries the user and places the
 *                     context chosen by the user into usercon.  Returns 0
 *                     on success.
 */
int manual_user_enter_context (const char *user, security_context_t *newcon)
{
    char response[10];     /* Used to get yes or no answers from user */
    char role[100];        /* The role requested by the user          */
    int  rolelen = 100;
    char type[100];        /* The type requested by the user          */
    int  typelen = 100;
    char level[100];       /* The level requested by the user         */
    int  levellen = 100;
    int mls_enabled = is_selinux_mls_enabled();

    context_t new_context;     /* The new context chosen by the user     */
    char *user_context = NULL; /* String value of the user's context     */
    int done = 0;              /* true if a valid sid has been obtained  */

    /* Initialize the context.  How this is done depends on whether
       or not MLS is enabled                                        */
    if (mls_enabled) 
      new_context = context_new ("user:role:type:level");
    else
      new_context = context_new ("user:role:type");

    if(!new_context)
      return -1;
  
    while (!done)
    {
        printf ("Would you like to enter a security context? [y]");
        if (fgets (response, sizeof(response), stdin) == NULL
            || (response[0] == 'n') || (response[0] == 'N')) {
            context_free(new_context);
            return -1;
	}
 
        /* Allow the user to enter each field of the context individually */
        if (context_user_set (new_context, user))
        {
            context_free (new_context);
            return -1;
        }
        get_field ("role", role, rolelen);
        if (context_role_set (new_context, role))
        {
            context_free (new_context);
            return -1;
        }
        get_field ("type", type, typelen);
        if (context_type_set (new_context, type))
        {
            context_free (new_context);
            return -1;
        }
 
	if (mls_enabled) {
		get_field ("level", level, levellen);
		if (context_range_set (new_context, level))
		{
			context_free (new_context);
			return -1;
		}
	}

        /* Get the string value of the context and see if it is valid. */
        user_context = context_str(new_context);
        if(!user_context)
        {
            context_free (new_context);
            return -1;
        }
        if (!security_check_context(user_context))
            done = 1;
        else 
            printf ("Not a valid security context\n");
    }

    *newcon = strdup(user_context);
    context_free (new_context);
    if(!(*newcon))
        return -1;
    return 0;
}