#!/bin/sh
#
# Copyright (c) 2006 David Bird <david@coova.com>
# Licensed under GPL. See http://coova.org/
#

IPTABLES=/sbin/iptables
IFCONFIG=/sbin/ifconfig

CHILLI=@ETCCHILLI@
RUN_D=@VARRUN@
SBIN=@SBINDIR@
ARPCHECK=$RUN_D/chilli.arp
LKFILE=$RUN_D/chilli.run
MAIN_CONF=$CHILLI/main.conf
LOCAL_CONF=$CHILLI/local.conf
HS_CONF=$CHILLI/hs.conf
HS_TEMP=/tmp/hs.conf
CMDSOCK=$RUN_D/chilli.sock
PIDFILE=$RUN_D/chilli.pid

[ -f $CHILLI/defaults ] && . $CHILLI/defaults
[ -f $CHILLI/config ]   && . $CHILLI/config

[ -f /etc/sysconfig/chilli ] && . /etc/sysconfig/chilli

HS_UAMPORT=${HS_UAMPORT:-3990}
HS_RADIUS=${HS_RADIUS:-$HS_UAMSERVER}
HS_RADSECRET=${HS_RADSECRET:-$HS_UAMSECRET}
HS_RADAUTH=${HS_RADAUTH:-1812}
HS_RADACCT=${HS_RADACCT=1813}
HS_ADMUSR=${HS_ADMUSR:-chillispot}
HS_ADMPWD=${HS_ADMPWD:-chillispot}
HS_ADMINTERVAL=${HS_ADMINTERVAL:-60}
HS_RADCONF=${HS_RADCONF:-off}
HS_RADCONF_SERVER=${HS_RADCONF_SERVER:-rad01.coova.org}
HS_RADCONF_SERVERS=${HS_RADCONF_SERVERS:+$(echo "$HS_RADCONF_SERVERS"|sed 's/[;, ]/ /g')}
HS_RADCONF_SECRET=${HS_RADCONF_SECRET:-coova-anonymous}
HS_RADCONF_AUTHPORT=${HS_RADCONF_AUTHPORT:-1812}
HS_RADCONF_ACCTPORT=${HS_RADCONF_ACCTPORT:-1813}
HS_RADCONF_USER=${HS_RADCONF_USER:-coovachilli}
HS_RADCONF_PWD=${HS_RADCONF_PWD:-coovachilli}
HS_DNS_DOMAIN=${HS_DNS_DOMAIN:-lan}
HS_MACAUTHMODE=${HS_MACAUTHMODE:-off}
HS_USELOCALUSERS=${HS_USELOCALUSERS:-off}
HS_OPENIDAUTH=${HS_OPENIDAUTH:-off}
HS_ACCTUPDATE=${HS_ACCTUPDATE:-off}
HS_WISPRLOGIN=${HS_WISPRLOGIN:-$HS_UAMSERVICE}
HS_PAP_OK=${HS_PAP_OK:-on}
HS_DNS1=${HS_DNS1:-$HS_DNS}
HS_DNS1=${HS_DNS1:-$(grep '^nameserver' /etc/resolv.conf | head -n1 | awk '{print $2}')}
HS_WANIF=${HS_WANIF:-$(route -n|grep '^0.0.0.0'|head -n1|awk '{print $8}')}

bailout() { echo $1; exit; }

check_required() {
    [ -z "$HS_MODE" ]  && bailout "HS_MODE is required"
}
    
configs1=
addconfig1() { [ -n "$*" ] && configs1="$configs1
$*"; }
configs2=
addconfig2() { [ -n "$*" ] && configs2="$configs2
$*"; }

writeconfig() {
    [ "$HS_ANYIP" = "on" ] && {
	addconfig1 "uamanyip"
    }

    addconfig1 ${HS_DYNIP:+"dynip $HS_DYNIP/${HS_DYNIP_MASK:-255.255.255.0}"}
    addconfig1 ${HS_STATIP:+"statip $HS_STATIP/${HS_STATIP_MASK:-255.255.255.0}"}
    addconfig1 ${HS_SSID:+"ssid $HS_SSID"}
    addconfig1 ${HS_NASIP:+"nasip $HS_NASIP"}
    addconfig1 ${HS_NASMAC:+"nasmac $HS_NASMAC"}
    addconfig1 ${HS_DNS_DOMAIN:+"domain $HS_DNS_DOMAIN"}
    addconfig1 ${HS_DNS1:+"dns1 $HS_DNS1"}
    addconfig1 ${HS_DNS2:+"dns2 $HS_DNS2"}

    addconfig1 ${HS_UAMHOMEPAGE:+"uamhomepage $(eval echo $HS_UAMHOMEPAGE)"}
    addconfig1 ${HS_WISPRLOGIN:+"wisprlogin $HS_WISPRLOGIN"}
    addconfig1 ${HS_WWWDIR:+"wwwdir $HS_WWWDIR"}
    addconfig1 ${HS_WWWBIN:+"wwwbin $HS_WWWBIN"}
    addconfig1 ${HS_UAMUIPORT:+"uamuiport $HS_UAMUIPORT"}

    [ -n "$HS_UAMDOMAINS" ] && {
	HS_UAMDOMAINS=$(echo $HS_UAMDOMAINS|sed 's/,/ /g')
	for s in $HS_UAMDOMAINS; do
	    addconfig1 "uamdomain $s"
	done
    }

    HS_MACALLOW=$(echo $HS_MACALLOW|sed 's/ /,/g')
    HS_MACALLOW=$(echo $HS_MACALLOW|sed 's/[:-]//g')
    addconfig1 ${HS_MACALLOW:+"macallowed $HS_MACALLOW"}

    HS_UAMALLOW=$(echo $HS_UAMALLOW|sed 's/ /,/g')
    uamallow=${HS_UAMALLOW:+",$HS_UAMALLOW"}

    [ "$HS_WEB_ADMIN" = "http"  ] || [ "$HS_WEB_ADMIN" = "both" ] && webadmin="$webadmin,$HS_UAMLISTEN:80"
    [ "$HS_WEB_ADMIN" = "https" ] || [ "$HS_WEB_ADMIN" = "both" ] && webadmin="$webadmin,$HS_UAMLISTEN:443"
    [ "$HS_LOCAL" = "on" ] && webadmin="$webadmin,$HS_UAMLISTEN:$HS_LOCAL_PORT"
    [ "$HS_MACAUTHMODE" = "local" ] && addconfig1 "macallowlocal"
    [ "$HS_USELOCALUSERS" = "on" ] && {
	touch $CHILLI/localusers
	addconfig1 "localusers $CHILLI/localusers"
    }

    [ -n "$HS_LOC_NAME" ] && {
	loc_name=$(echo "$HS_LOC_NAME"   | sed 's/"//g')
	addconfig1 "locationname \"$loc_name\""
	isocc=$(echo    "$HS_LOC_ISOCC"  | sed 's/[^a-zA-Z]//g')
	cc=$(echo       "$HS_LOC_CC"     | sed 's/[^0-9]//g')
	ac=$(echo       "$HS_LOC_AC"     | sed 's/[^0-9]//g')
	network=$(echo  "$HS_LOC_NETWORK"| sed 's/[^a-zA-Z0-9]/_/g')
	provider=$(echo "$HS_PROVIDER"   | sed 's/[^a-zA-Z0-9]/_/g')
	[ -n "$provider" ] && provider="$provider,"
	[ -n "$HS_SSID" ] && { 
	    [ -n "$network" ] && network="${network}_"
	    network="$network$HS_SSID"
	}
	loc_name=$(echo "$HS_LOC_NAME"   | sed 's/[^a-zA-Z0-9]/_/g')
	loc_id="isocc=$isocc,cc=$cc,ac=$ac,network=$provider$network"
	addconfig1 "radiuslocationname $loc_name"
	addconfig1 "radiuslocationid $loc_id"
    }

    # Application walled garden entries:
    [ "$HS_USE_MAP" = "on" ] && addconfig1 "uamdomain .google.com"

    (cat <<EOF
# THIS FILE IS AUTOMATICALLY GENERATED
cmdsocket       $CMDSOCK
pidfile         $PIDFILE
net		$HS_NETWORK/$HS_NETMASK
uamlisten	$HS_UAMLISTEN
uamport         $HS_UAMPORT
dhcpif		$HS_LANIF
adminuser       $HS_ADMUSR
adminpasswd     $HS_ADMPWD
uamallowed	coova.org,$HS_UAMSERVER,$HS_RADIUS$webadmin$uamallow
uamanydns
$configs1
EOF
    ) > $MAIN_CONF 
    if [ "x$HS_RADCONF" != "xon" -a "x$HS_RADCONF" != "xurl" ]; then 
	rm -f $HS_CONF 2>/dev/null

	[ "$HS_PAP_OK" = "on" ] && addconfig2 "papalwaysok"
	[ "$HS_MACAUTH" = "on" ] && addconfig2 "macauth"
	[ "$HS_MACAUTHDENY" = "on" ] && addconfig2 "macauthdeny"
	[ "$HS_WPAGUESTS" = "on" ] && addconfig2 "wpaguests"
	[ "$HS_OPENIDAUTH" = "on" ] && addconfig2 "openidauth"
	[ "$HS_ACCTUPDATE" = "on" ] && addconfig2 "acctupdate"
	[ "$HS_DNSPARANOIA" = "on" ] && addconfig2 "dnsparanoia"
	[ -n "$HS_UAMSECRET" ] && addconfig2 "uamsecret $HS_UAMSECRET"
	test ${HS_DEFSESSIONTIMEOUT:-0} -gt 0 && addconfig2 "defsessiontimeout $HS_DEFSESSIONTIMEOUT"
	test ${HS_DEFIDLETIMEOUT:-0} -gt 0 && addconfig2 "defidletimeout $HS_DEFIDLETIMEOUT"
	test ${HS_DEFBANDWIDTHMAXDOWN:-0} -gt 0 && addconfig2 "defbandwidthmaxdown $HS_DEFBANDWIDTHMAXDOWN"
	test ${HS_DEFBANDWIDTHMAXUP:-0} -gt 0 && addconfig2 "ddefbandwidthmaxup $HS_DEFBANDWIDTHMAXUP"
	test ${HS_DEFINTERIMINTERVAL:-0} -gt 0 && addconfig2 "definteriminterval $HS_DEFINTERIMINTERVAL"
	test ${HS_COAPORT:-0} -gt 0 && addconfig2 "coaport $HS_COAPORT"
	[ -n "$HS_POSTAUTH_PROXY" -a -n "$HS_POSTAUTH_PROXYPORT" ] && {
	    addconfig2 "postauthproxy $HS_POSTAUTH_PROXY"
	    addconfig2 "postauthproxyport $HS_POSTAUTH_PROXYPORT"
	}

	# these are settings you would typically get from a centralized source
	# but, if not, they are also just configurable normally. a better way is needed
	# to manage settings and ensure they are not repeated

	(cat <<EOF
radiusserver1	$HS_RADIUS
radiusserver2	${HS_RADIUS2:-$HS_UAMSERVER}
radiussecret	$HS_RADSECRET
radiusauthport  ${HS_RADAUTH:-1812}
radiusacctport  ${HS_RADACCT:-1813}
uamserver	$(eval echo $HS_UAMFORMAT)
radiusnasid	${HS_NASID:-nas01}
$configs2
EOF
	) >> $MAIN_CONF 
    fi
}

checkfornew() {
    if [ -x /usr/bin/cmp ]; then
	cmp -s $HS_TEMP $HS_CONF || (
	    mv $HS_TEMP $HS_CONF
	    killall -HUP chilli 2>/dev/null >/dev/null
	)
    else
        # no diff, so lets copy and let chilli
        # refresh on its own (interval option)
	mv $HS_TEMP $HS_CONF
    fi
}

radiusconfig() {
    touch $LOCAL_CONF $HS_CONF 
    if [ "x$HS_RADCONF" = "xurl" ]; then 
	for s in $HS_RADCONF_URL $HS_RADCONF_URLS; do
	    sep='?'
	    opt=
	    qs="config=chilli&mac=$HS_NASMAC&nasid=$HS_NASID&nasip=$HS_NASIP&ssid=$HS_SSID"
	    [ "$s" = "$(echo $s|awk -F'?' '{ print $1 }')" ] || sep='&'
	    [ "$HS_RADCONF_USER" = "" ] || opt="-u '$HS_RADCONF_USER:$HS_RADCONF_PWD'"
	    curl -k -A CoovaAP $opt "$s$sep$qs" 2>/dev/null > $HS_TEMP && { checkfornew; break; }
	done
    elif [ "x$HS_RADCONF" = "xon" ]; then 
	for s in $HS_RADCONF_SERVER $HS_RADCONF_SERVERS; do
	    $SBIN/chilli_radconfig \
		--radiusserver1="$s" \
		--radiussecret="$HS_RADCONF_SECRET" \
		--radiusauthport="$HS_RADCONF_AUTHPORT" \
		--radiusacctport="$HS_RADCONF_ACCTPORT" \
		--nasip="$HS_NASIP" \
		--nasmac="$HS_NASMAC" \
		--adminuser="$HS_RADCONF_USER" \
		--adminpasswd="$HS_RADCONF_PWD" \
		> $HS_TEMP && {	checkfornew; break; }
	done
#    elif [ "x$HS_LOCAL" != "xon" ]; then 
#	$SBIN/chilli_radconfig > $HS_TEMP && { checkfornew; break; }
    fi
}