#!/bin/bash


debug=1
CONFIGFILE=/etc/linuxmuster-chilli.conf


# Source debconf library.
. /usr/share/debconf/confmodule

db_version 2.0

# create config if not exists
if [ ! -e $CONFIGFILE ]; then
    echo "# Config file for my linuxmuster-chillispot" > $CONFIGFILE
    echo "LDAP_SERVER=" >> $CONFIGFILE
    echo "BASEDN=" >> $CONFIGFILE
    echo "LDAP_PASS=" >> $CONFIGFILE
    echo "HS_NETWORK=" >> $CONFIGFILE
    echo "HS_NETMASK=" >> $CONFIGFILE
    echo "HS_NAMESERVERS=" >> $CONFIGFILE
    echo "HS_LDAPGROUPS=" >> $CONFIGFILE
    echo "HS_IDLETIMEOUT=" >> $CONFIGFILE
    echo "LOGGING=" >> $CONFIGFILE
    echo "HS_UAMALLOW=" >> $CONFIGFILE
    echo "HS_HEADING=" >> $CONFIGFILE
fi

db_get linuxmuster-chilli/ldap-server
if [ "$RET" ]; then
    LDAP_SERVER=$RET;
fi

db_get linuxmuster-chilli/base-dn
if [ "$RET" ]; then
    BASEDN=$RET;
fi

db_get linuxmuster-chilli/ldap-pass
if [ "$RET" ]; then
    LDAP_PASS=$RET;
fi

db_get linuxmuster-chilli/hs-network
if [ "$RET" ]; then
    HS_NETWORK=$RET;
fi

db_get linuxmuster-chilli/hs-netmask
if [ "$RET" ]; then
    HS_NETMASK=$RET;
fi

db_get linuxmuster-chilli/hs-nameservers
if [ "$RET" ]; then
    HS_NAMESERVERS=$RET;
fi

db_get linuxmuster-chilli/hs-ldapgroups
if [ "$RET" ]; then
    HS_LDAPGROUPS=$RET;
fi

db_get linuxmuster-chilli/hs-idletimeout
if [ "$RET" ]; then
    HS_IDLETIMEOUT=$RET;
fi

db_get linuxmuster-chilli/logging
if [ "$RET" ]; then
    LOGGING=$RET;
fi

db_get linuxmuster-chilli/hs-uamallow
if [ "$RET" ]; then
    HS_UAMALLOW=$RET;
fi

db_get linuxmuster-chilli/hs-heading
if [ "$RET" ]; then
    HS_HEADING=$RET;
fi
# new an deleted values to config
test -z "$HS_NAMESERVERS" || grep -Eq '^ *HS_NAMESERVERS=' $CONFIGFILE || \
            echo "HS_NAMESERVERS=" >> $CONFIGFILE
test -z "$HS_LDAPGROUPS" || grep -Eq '^ *HS_LDAPGROUPS=' $CONFIGFILE || \
            echo "HS_LDAPGROUPS=" >> $CONFIGFILE
test -z "$HS_HEADING" || grep -Eq '^ *HS_HEADING=' $CONFIGFILE || \
            echo "HS_HEADING=" >> $CONFIGFILE
test -z "$HS_UAMALLOW" || grep -Eq '^ *HS_UAMALLOW=' $CONFIGFILE || \
            echo "HS_UAMALLOW=" >> $CONFIGFILE
test -z "$LOGGING" || grep -Eq '^ *LOGGING=' $CONFIGFILE || \
            echo "LOGGING=" >> $CONFIGFILE
test -z "$HS_IDLETIMEOUT" || grep -Eq '^ *HS_IDLETIMEOUT=' $CONFIGFILE || \
            echo "HS_IDLETIMEOUT=" >> $CONFIGFILE

# write config
cp -a -f $CONFIGFILE $CONFIGFILE.tmp
sed -e "s/^ *LDAP_SERVER=.*/LDAP_SERVER=\"$LDAP_SERVER\"/" \
    -e "s/^ *BASEDN=.*/BASEDN=\"$BASEDN\"/" \
    -e "s/^ *LDAP_PASS=.*/LDAP_PASS=\"$LDAP_PASS\"/" \
    -e "s/^ *HS_NETWORK=.*/HS_NETWORK=\"$HS_NETWORK\"/" \
    -e "s/^ *HS_NETMASK=.*/HS_NETMASK=\"$HS_NETMASK\"/" \
    -e "s/^ *HS_LDAPGROUPS=.*/HS_LDAPGROUPS=\"$HS_LDAPGROUPS\"/" \
    -e "s/^ *HS_IDLETIMEOUT=.*/HS_IDLETIMEOUT=\"$HS_IDLETIMEOUT\"/" \
    -e "s/^ *HS_NAMESERVERS=.*/HS_NAMESERVERS=\"$HS_NAMESERVERS\"/" \
    -e "s/^ *LOGGING=.*/LOGGING=\"$LOGGING\"/" \
    -e "s/^ *HS_UAMALLOW=.*/HS_UAMALLOW=\"$HS_UAMALLOW\"/" \
    -e "s/^ *HS_HEADING=.*/HS_HEADING=\"$HS_HEADING\"/" \
    < $CONFIGFILE > $CONFIGFILE.tmp
mv -f $CONFIGFILE.tmp $CONFIGFILE

# generate radius shared secret
SHARED_SECRET=`pwgen -s -n 20`
UAM_SECRET=`pwgen -s -n 20`
# calculate network and client side ip adress
HS_IP=`ipcalc -b ${HS_NETWORK}/${HS_NETMASK}  | grep HostMin | awk '{print $2}'`
HS_NETWORK=`ipcalc -b ${HS_NETWORK}/${HS_NETMASK}  | grep Network | awk '{print $2}' | awk -F'/' '{print $1}'`

HS_DNS1=`echo $HS_NAMESERVERS | cut -d" " -f 1`
HS_DNS2=`echo $HS_NAMESERVERS | cut -d" " -f 2`

LOGGINGSTRING="no"
$LOGGING && LOGGINGSTRING="yes"

if [ $debug ]; then
    echo "BASEDN: $BASEDN"
    echo "LDAP_SERVER: $LDAP_SERVER"
    echo "LDAP_PASS: $LDAP_PASS"
    echo "HS_IP: $HS_IP"
    echo "HS_NETWORK: $HS_NETWORK"
    echo "HS_NETPASK: $HS_NETMASK"
    echo "HS_NAMESERVERS: $HS_NAMESERVERS"
    echo "HS_DNS1: $HS_DNS1"
    echo "HS_DNS2: $HS_DNS2"
    echo "HS_LDAPGROUPS: $HS_LDAPGROUPS"
    echo "HS_IDLETIMEOUT: $HS_LDAPGROUPS"
    echo "LOGGING: $LOGGING"
    echo "LOGGINGSTRING: $LOGGINGSTRING"
    echo "not in configfile"
    echo "SHARED_SECRET: $SHARED_SECRET"
    echo "UAM_SECRET: $UAM_SECRET"
    echo "HS_LDAPGROUPS: $HS_LDAPGROUPS"
fi

if [ "x$HS_LDAPGROUPS" == "x" ]; then
    LDAP_GROUP_CHECKING_STRING=""
else
    T=""
    for group in $HS_LDAPGROUPS; do
        if [ ${#T} -gt 0 ]; then
                T=${T}" || "
        fi
        T=${T}"LDAP-Group == \"$group\" "
    done
    T="Auth-Type LDAP { @LMCNEWLINE@ ldap @LMCNEWLINE@ if (${T}"
    T=${T}" ) { @LMCNEWLINE@ "
    T=${T}"     noop @LMCNEWLINE@ } @LMCNEWLINE@ "
    T=${T}"     else { @LMCNEWLINE@ "
    T=${T}"     reject @LMCNEWLINE@ } @LMCNEWLINE@ }"
    LDAP_GROUP_CHECKING_STRING=$T
fi


# copying www files to apache directory
mkdir -p /var/www/hotspot/cgi-bin
cp /etc/chilli/www/* /var/www/hotspot
# patching configuration files
echo "Patching configuration ..."

cd /var/lib/linuxmuster-chilli/tpl

find -type f | xargs -i -t sh -c \
    "sed -e    's%@@ldap_server@@%${LDAP_SERVER}%g
                s%@@ldap_pass@@%${LDAP_PASS}%g
                s%@@basedn@@%${BASEDN}%g
                s%@@hs_network@@%${HS_NETWORK}%g
                s%@@hs_netmask@@%${HS_NETMASK}%g
                s%@@uam_secret@@%${UAM_SECRET}%g
                s%@@hs_ip@@%${HS_IP}%g
                s%@@hs_dns1@@%${HS_DNS1}%g
                s%@@hs_dns2@@%${HS_DNS2}%g
                s%@@ldap_group_checking_string@@%${LDAP_GROUP_CHECKING_STRING}%g
                s%@@hs_idletimeout@@%${HS_IDLETIMEOUT}%g
                s%@@logging@@%${LOGGINGSTRING}%g
                s%@@shared_secret@@%${SHARED_SECRET}%g
                s%@@hs_uamallow@@%${HS_UAMALLOW}%g
                s%@@hs_heading@@%${HS_HEADING}%g
                s%@@serverip@@%${serverip}%g' {} > /{}" 2> /dev/null 1> /dev/null

# insert newlines
sed -i 's%@LMCNEWLINE@%\n%g' /etc/freeradius/sites-enabled/default

# ensure the permissions are correct
chown root.freerad /etc/freeradius/clients.conf
chmod 640 /etc/freeradius/clients.conf
chmod 755 /etc/chilli/ipup.sh
chmod a+x /var/www/hotspot/cgi-bin/hotspotlogin.cgi

# apache config
mkdir -p /etc/apache2/ssl/
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
a2enmod ssl
a2ensite hotspot


# restart services
restart rsyslog
/etc/init.d/freeradius restart
/etc/init.d/chilli restart
/etc/init.d/ffproxy restart
/etc/init.d/apache2 restart

# dh_installdeb will replace this with shell code automatically

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

db_stop

exit 0
