#!/bin/bash

if [ $# -eq 0 -o "$1" == "--help" -o "$1" == "help" ]
then
echo "Usage: $0 <command>
Commands:
  help			this help

  cleanup		cleanup temporary and status files

  ipv6_start		start ipv6 interface
  ipv6_stop		stop ipv6 interface

  connected [-q]	status of the connection (quiet)
  get_public_ip 	get public ip

  enable [-v|-vh]	generate new access code (and view it (in human mode))
  disable    		invalidate access code
  enabled [-q]		query for enabled (quiet)
  access_code [-h]	get actual access code (human)

  register [-q] 	register access code (quiet)
  register_if_ip_changed 	register only if IPv6 address changed
  registered [-q] 	returns status (quiet)
"
exit 1
fi

cd /opt/euro-beta
E3G_VPS_DOMAIN="e3g.spintec.com"
SPINTEC_SERVER_PORT=5507
SSH_PUBLIC_PORT=22222
SPINTEC_PUBLIC_PORT=33322
SPINTEC_VPN_SERVER=`./systools/get_spintec_vpn_addr`
SPINTEC_PUBLIC_IP=`echo $SPINTEC_VPN_SERVER | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' || host $SPINTEC_VPN_SERVER | awk '/has address/ {print $4}'`
#SPINTEC_PUBLIC_IP=`host intranet.spintec.com | grep -vi ipv6 | grep address | awk '{print $4}'`

FIXED_ACCESS_CODE_FILE="/root/.nxac_fixed"
ACCESS_CODE_FILE="/root/.nxac"
REGISTER_STATUS_FILE="/root/.remote_access_registered"
PUBLIC_IP_FILE="/tmp/current_public_ip"
REMOTE_ACCESS_USER="remote3g"
GPG_PUBRING="/opt/euro-beta/.gnupg/pubring.gpg"
GPG_KEY=51506A45

MIREDO_PATH="/opt/miredo/sbin"
MIREDO="miredo"

DIR=`pwd`
cd /opt/euro-beta

IS_E3G_LEGACY=`test -f systools/distr/euro3g_standalone_system || echo LEGACY`


has_support()
{
  CUR_DATE=`date '+%Y-%m-%d'`
  MNT_DATE=`./systools/get_eurodb_config_val MaintenanceExpireDate`
  if [ "$CUR_DATE" \> "$MNT_DATE" ]
  then
    return 1
  else
    return 0
  fi
}


cleanup()
{
  rm -f $PUBLIC_IP_FILE
}

connected()
{
{
	DONE=0
	(
	  ping -c1 -n 8.8.8.8 &
	  ping -c1 -n $SPINTEC_PUBLIC_IP &
	  ping -c1 -n www.google.com &
	  ( sleep 2.5; echo Network is unreachable ) &
	) |
	while [ $DONE = 0 ] && read X
	do
	#  echo got: $X >> /tmp/log.txt
	  if  echo $X | grep -q '^64 bytes from'
	  then
	    DONE=1
	    [ "$1" == "-q" ] || echo Connected
	    return 0
	  elif echo $X | grep -q 'Network is unreachable'
	  then
	#       echo returning >>/tmp/log.txt
	    [ "$1" == "-q" ] || echo Disconnected
	    return 1
	  fi
	done
} 2>/dev/null
}
  



get_teredo_ip()
{
  LANG=C ifconfig teredo 2>/dev/null | tr '/' ' ' | awk '/inet6 addr:.*Global/ { print $3 } /inet6 .*<global>/ { print $2}'
#  ADDR=`service miredo get-ip`
#  [ $ADDR ] && echo $ADDR
}

get_ipv4_ip()
{
  systools/whatismyip
}

get_vpn_ip()
{
	LANG=C ifconfig 2>/dev/null | tr ':' ' '| awk '/inet addr 10\.0/ { print $3 } /inet 10\.0/ { print $2}' | tail -1 
}

get_public_ip()
{
  TEREDO_IP=`get_teredo_ip`
  if [ $TEREDO_IP ]
  then
	echo $TEREDO_IP
	return
  fi
  IP4=`systools/whatismyip`
  echo $IP4
}

ipv6_start()
{
  service miredo start
#  service portbridge start >/dev/null
}

ipv6_stop()
{
#  service portbridge stop
  service miredo stop
}


gen_access_code()
{
  RESERVED_CODE=`cat $FIXED_ACCESS_CODE_FILE`
  if [ -e $FIXED_ACCESS_CODE_FILE ] && [ -n $RESERVED_CODE ]
  then
    if has_support
    then
      cat $FIXED_ACCESS_CODE_FILE > $ACCESS_CODE_FILE
      return
    fi
  fi
  printf "%06d" $(($RANDOM*$RANDOM%1000000)) > $ACCESS_CODE_FILE
}

get_system_uuid()
{
  cat /etc/fstab | awk '/UUID.* \/ / {print gensub("UUID=(.*)","\\1",1,$1)}'
}

get_last_update()
{
  if [ $IS_E3G_LEGACY ]
  then
    rpm -q -g Application/Euro3G --last 2>&1 | grep Euro3GUpdate | head -1 | cut -d'-' -f 2-3 | cut -d' ' -f 1
  else
    dpkg -l euro3g-bp | grep euro3g-bp | awk '{ print $3 }'
  fi
}

remote_access_enabled()
{
  if [ "$1" != "-q" ]
  then
    if [ -e $ACCESS_CODE_FILE ]
    then
	echo "Enabled"
    else
	echo "Disabled"
    fi
  fi 
  [ -e $ACCESS_CODE_FILE ]
}

remote_access_enable()
{
  if ! remote_access_enabled -q 
  then
	gen_access_code
  fi
  
  PWD='spintec'`get_access_code`
  if [ $IS_E3G_LEGACY ]
  then 
  	passwd -f -u $REMOTE_ACCESS_USER >/dev/null 2>&1
	echo $PWD | passwd --stdin $REMOTE_ACCESS_USER >/dev/null 2>&1
  else
	passwd -u $REMOTE_ACCESS_USER >/dev/null 2>&1
	echo -e "$PWD\n$PWD" | passwd $REMOTE_ACCESS_USER >/dev/null 2>&1
  fi
#  expect -c 'spawn passwd '$REMOTE_ACCESS_USER'; expect "password: ";  send "'$PWD'\r"; expect -re "Retype.*password: ";  send "'$PWD'\r"; expect "successfully"' >/dev/null
  [ "$1" == "-v" ] && echo `get_access_code`
  [ "$1" == "-vh" ] && echo `get_access_code -h`
}

remote_access_disable()
{
  passwd -f -l $REMOTE_ACCESS_USER >/dev/null 2>&1
  if [ -f "$ACCESS_CODE_FILE" ]
  then
    rm $ACCESS_CODE_FILE
  fi
}

get_access_code()
{
  remote_access_enabled -q || return
  CODE=`[ -e $ACCESS_CODE_FILE ] && cat $ACCESS_CODE_FILE`
  if [ "$1" == "-h" ] 
  then
    if [ -e $FIXED_ACCESS_CODE_FILE ]
    then
        echo "RISERVATO"
    else   
		echo ${CODE:0:2} ${CODE:2:2} ${CODE:4:2}
    fi
  else
	echo $CODE
  fi 
}

remote_access_enable_if_disabled()
{
  remote_access_enabled -q || remote_access_enable
}

_register()
{
  UUID=`get_system_uuid`
#  SPINTEC_SERVER=`systools/get_eurodb_config_val VPNServer`
#  SPINTEC_SERVER_IP=`echo $SPINTEC_SERVER | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' || host $SPINTEC_SERVER | awk '/has address/ {print $4}'`
  PUBLIC_IP=`get_public_ip`
  SYSNAME=`systools/get_system_name`
  SPINKEY=`systools/spinkey 2>/dev/null`
  ACCESS_CODE=`get_access_code`
  PERMANENT_LINK=`systools/get_eurodb_config_val WebPermanentLink`
  PORT=$SSH_PUBLIC_PORT;
  RESOLUTION=800x600
  if [ -f /opt/euro-beta/e3g_wide_screen ] 
  then
    RESOLUTION=1366x768
  fi

  VPS_NAME=$SPINKEY
  PORT_OFFSET=$SPINKEY
  [ $SPINKEY ] || SPINKEY=0
  [ $VPS_NAME ] || VPS_NAME="0"
  [ $PORT_OFFSET ] || PORT_OFFSET=`ifconfig | egrep 'inet (addr:)?10\.1' |tr '.' ' '| awk '{ print 5000+(256*$4+$5-2)/4 }' | tail -1`
  [ $PORT_OFFSET ] || PORT_OFFSET=0
  PORT_VPS=$((20000+$PORT_OFFSET))
  IP_VPS=`host H${VPS_NAME}.$E3G_VPS_DOMAIN | grep -vi ipv6 | grep address | awk '{print $4}'`

  if [ "$PUBLIC_IP" == "$SPINTEC_PUBLIC_IP" ]
  then
    PORT=$SPINTEC_PUBLIC_PORT
  fi
  cat >/tmp/remote_access_info <<EOF
system_id $SYSNAME
spinkey $SPINKEY
ip $PUBLIC_IP
vpn_ip `get_vpn_ip`
ipv4_ip `get_ipv4_ip`
port $PORT
access_code $ACCESS_CODE
permanent_link $PERMANENT_LINK
last_update `get_last_update`
uuid $UUID
ip_vps $IP_VPS
port_vps $PORT_VPS
resolution $RESOLUTION
EOF

CHK=`(echo "spintec remote access"; cat /tmp/remote_access_info) | md5sum | sed 's/ .*//'`
FILE=`cat /tmp/remote_access_info | base64 -w0` 
curl -s $SPINTEC_VPN_SERVER/remote_access/e3g_regist.php -d chk=$CHK -d data=$FILE >$REGISTER_STATUS_FILE

# gpg encrypt
#( cat /tmp/remote_access_info | gpg -a -e -r $GPG_KEY --always-trust --keyring $GPG_PUBRING; echo .) | nc $SPINTEC_VPN_SERVER $SPINTEC_SERVER_PORT >$REGISTER_STATUS_FILE
  if [ "$1" != '-q' ] 
  then 
	if cat $REGISTER_STATUS_FILE | grep -q '200 OK'
	then
		echo OK
	else
		echo ERROR
	fi
  fi
  if cat $REGISTER_STATUS_FILE | grep -q '200 OK'
  then
	echo $PUBLIC_IP >$PUBLIC_IP_FILE
  else
 	rm -f $PUBLIC_IP_FILE
  fi
  cat $REGISTER_STATUS_FILE | grep -q '200 OK'

}

register()
{
  if _register -q
  then
    echo OK
    return 0
  fi
  if ! cat $REGISTER_STATUS_FILE | grep -q '409 Conflict'
  then
    echo ERROR
    return 1
  fi
# mame conflict
  [ "$1" != '-q' ] && echo "Conflict, retrying"
  remote_access_disable -q
  remote_access_enable -q
  _register $1
}


registered()
{
  register $1 
}

register_if_ip_change()
{
  IP=`get_public_ip`
  if [ -z "$IP"]
  then
    	rm -f $PUBLIC_IP_FILE
    	return
  fi
  if [ ! -f $PUBLIC_IP_FILE -o "$IP" != `cat $PUBLIC_IP_FILE` ]
  then 
	register
  fi
}


# main
case $1 in
	cleanup)		cleanup ;;
	ipv6_start)		ipv6_start ;;
	ipv6_stop)		ipv6_stop ;;
	connected) 		connected ;;
	get_public_ip)		connected -q && get_public_ip ;;
	enable)			remote_access_enable $2 ;;
	disable)		remote_access_disable ;;
	enabled)		remote_access_enabled $2 ;;
	access_code)		get_access_code $2 ;;
	register)		register $2 ;;
	registered)		registered $2 ;;
	register_if_ip_changed) register_if_ip_changed ;;

	uuid)			get_system_uuid ;;

	*)			cd $DIR; $0 help ;;
esac
