<?php
//-
// Copyright (c) 2011-2016 Joe Clarke <jclarke@cisco.com>
// All rights reserved.

// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
// 1. Redistributions of source code must retain the above copyright
//    notice, this list of conditions and the following disclaimer.
// 2. Redistributions in binary form must reproduce the above copyright
//    notice, this list of conditions and the following disclaimer in the
//    documentation and/or other materials provided with the distribution.

// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
// SUCH DAMAGE.

include_once '../db.inc.php';
include_once 'swreg.inc.php';
require_once '../functions.php';
require_once 'Log.php';

$dsn = "$db_driver:host=$db_host;dbname=$db_name";

$options = [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES => false,
];

try {
    $dbh = new PDO($dsn, $db_user, $db_pass, $options);
} catch (PDOException $e) {
    die($e->getMessage());
}

$logger = Log::singleton('file', LOGFILE, TOOL_NAME . ' : Verify Config');
if ($logger === false) {
    die("Failed to open logfile.\n");
}
$mask = Log::MAX(LOG_LEVEL);
$logger->setMask($mask);

$config = $_GET['config'] ?: '';
$sn = $_GET['sn'];
$md5 = $_GET['md5'] ?: '';
$image = $_GET['image'] ?: '';

header('Content-type: text/plain');

if (!isset($sn)) {
    echo "Invalid request!\r\n";
    $logger->emerg('Invalid request from ' . $_SERVER['REMOTE_ADDR'] . " config = $config, sn = $sn, md5 = $md5, image = $image");
    exit(1);
}

$logger->debug("Received request from {$_SERVER['REMOTE_ADDR']} with config = $config, sn = $sn, md5 = $md5, and image = $image");

$status = PROVISION_FAIL;
$good_config = true;
$good_image = true;

if (isset($config) && $config != '') {
    $cmd = escapeshellcmd('/usr/bin/diff ' . DEVICE_CONFIG_DIR . '/' . $config . ' ' . DEVICE_TMP_DIR . '/' . $config);

    exec($cmd, $output, $return_var);

    if (count($output) > 0 || $return_var != 0) {
        echo "ERROR: Config validation failed\r\n";
        $out_str = implode("\n", $output);
        $logger->emerg("Failed to verify config $config for $sn ({$_SERVER['REMOTE_ADDR']}) '$out_str' ($return_var)");
        call_hook('VERIFY:FAIL', array('config', $_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $image));
        $good_config = false;
    } else {
        $logger->debug("Verified config $config for $sn ({$_SERVER['REMOTE_ADDR']})");
        @unlink(DEVICE_TMP_DIR . '/' . $config);
    }
}

if (isset($md5) && $md5 != '' && isset($image) && $image != '') {
    $good_md5 = strtolower(md5_file(TFTPBOOT . '/' . $image));
    $md5 = strtolower($md5);
    if ($md5 != $good_md5) {
        echo "ERROR: Image verification failed\r\n";
        $logger->emerg("Failed to verify image $image with MD5 $md5 (good MD5: $good_md5) for $sn ({$_SERVER['REMOTE_ADDR']})");
        call_hook('VERIFY:FAIL', array('image', $_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $good_md5, $image));
        $good_image = false;
    } else {
        $logger->debug("Verified image with MD5 $md5 for $sn ({$_SERVER['REMOTE_ADDR']})");
    }
}

if ($good_config && $good_image) {
    $status = PROVISION_SUCCESS;
    echo "SUCCESS\r\n";
    call_hook('VERIFY:SUCCESS', array($_SERVER['REMOTE_ADDR'], $config, $sn, $md5, $image));
}

$sql = 'UPDATE DEVICE_MAP SET provisioned_status = ?, should_re_ztp = ? WHERE serial_number = ?';
try {
    $sth = $dbh->prepare($sql);
    $sth->execute(array($status, 0, $sn));
    $sth->closeCursor();
} catch (PDOException $e) {
    echo 'ERROR: Failed to update switch status: ' . $e->getMessage() . "\r\n";
    $logger->crit('Failed to update switch status: ' . $e->getMessage());
    exit(1);
}

$logger->close();