#!/bin/sh
# Copyright (c) 2000-2016 Synology Inc. All rights reserved.
PACKAGE_NAME="VPNPlusServer"
PACKAGE_TARGET_DIR="/var/packages/${PACKAGE_NAME}/target"
PACKAGE_USR_CONF_DIR="/var/packages/${PACKAGE_NAME}/etc"
VPNPLUS_CONFIG="${PACKAGE_USR_CONF_DIR}/synovpnplus.conf"
RDP_CONFIG="${PACKAGE_USR_CONF_DIR}/remotedesktop/synoremotedesktop.conf"
SSL_CONFIG="${PACKAGE_USR_CONF_DIR}/sslvpn/vpnserver.conf"
VPNPLUS_TOOL="${PACKAGE_TARGET_DIR}/tool/synovpnplustool"
VPNPLUS_REPORT_DIR="${PACKAGE_TARGET_DIR}/ui/report"
REPORT_TOOL="syno_traffic_report_tool"
DDNS_TOOL="synoddnsinfo"
GET_SEC_KV="/usr/syno/bin/get_section_key_value"
GET_KV="/bin/get_key_value"
SRM_CA_PATH="/usr/syno/etc/ssl"
INTERFACE_UP_HOOK="/usr/local/libexec/net/if_link_up/"
INTERFACE_DOWN_HOOK="/usr/local/libexec/net/if_link_down/"
TOPOLOGY_CHANGE_HOOK="/usr/local/libexec/net/topology_change/"
IPV4_CHANGE_HOOK="/usr/local/libexec/net/ipv4_change"
GATEWAY_CHANGE_HOOK="/usr/local/libexec/net/gateway_change"
MYDS_LOGIN_HOOK="/usr/local/libexec/myds/login"
MYDS_LOGOUT_HOOK="/usr/local/libexec/myds/logout"
DIRSVS_JOIN_HOOK="/usr/local/libexec/dirsvs_join"
DIRSVS_LEAVE_HOOK="/usr/local/libexec/dirsvs_leave"
CERTIFICATE_CHANGE_HOOK="/usr/local/libexec/certificate/change"
IPV4_CHANGE_HOOK_DIR="/usr/libexec/net/ipv4_change"
PACKAGE_STRING_FILE="${PACKAGE_TARGET_DIR}/ui/texts/${SYNOPKG_DSM_LANGUAGE}/strings"
SQLITE3="/usr/syno/bin/sqlite3"
DB_NAME="synovpnplus.db"
DB_SCHEMA="${PACKAGE_TARGET_DIR}/etc/db/sqlite_schema.sql"
DSM_INDEX_ADD="/usr/syno/bin/pkgindexer_add"
DSM_INDEX_DEL="/usr/syno/bin/pkgindexer_del"
HTTPD_CONF_DIR="/etc/httpd/sites-enabled"
WP_HTTPD_CONF_NAME="SYNO.SDS.VPNPlus.WebPortal.Application.alt_port_ssl.conf"
RDP_HTTPD_CONF_NAME="SYNO.SDS.VPNPlus.WebPortal.Application.RemoteDesktop.alt_port_ssl.conf"
DNSSEC_ROOT_KEY_PATH="/var/lib/unbound"

. /usr/syno/etc.defaults/iptables_modules_list

# A list of PAM configuration files to install/uninstall.
PAM_FILE_LIST="
	vpnplus-l2tp
	vpnplus-openvpn
	vpnplus-pptp
	vpnplus-sstp
	vpnplus-ssl
"

is_db_existed()
{
	if [ -e "${PACKAGE_USR_CONF_DIR}/db/${DB_NAME}" ]; then
		return 0
	fi

	return 1
}

update_synoddns()
{
	if [ "xsynology_ddns" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} webportal domain_type`" ]; then
		cur_ddns=`${DDNS_TOOL} --get-syno-hostname | tr -d ' ' | awk '{print tolower($0)}'`
		${VPNPLUS_TOOL} -u -S ${VPNPLUS_CONFIG} webportal domain_name ${cur_ddns}
	fi
}

#
# Install PAM configuration files.
#
pam_install()
{
	local pam_file=""

	# install pam.d files
	for pam_file in ${PAM_FILE_LIST}; do
		if [ -e "/etc/pam.d/${pam_file}" ]; then
			rm -rf "/etc/pam.d/${pam_file}"
		fi

		ln -sf "${PACKAGE_TARGET_DIR}/etc/pam.d/${pam_file}" "/etc/pam.d/${pam_file}"
	done
}

#
# Uninstall PAM configuration files.
#
pam_uninstall()
{
	local pam_file=""

	# remove pam.d files
	for pam_file in ${PAM_FILE_LIST}; do
		rm -f "/etc/pam.d/${pam_file}"
	done
}

feasible_check_install()
{
	[ -d /usr/local/share/feasibilitycheck/syno_account.d/logout ] || mkdir -p /usr/local/share/feasibilitycheck/syno_account.d/logout
	cp "${PACKAGE_TARGET_DIR}/feasibilitycheck/vpnplusEnabled.cfg" /usr/local/share/feasibilitycheck/syno_account.d/logout
	[ -d /usr/local/bin/feasibilitycheck/syno_account.d/logout ] || mkdir -p /usr/local/bin/feasibilitycheck/syno_account.d/logout
	cp "${PACKAGE_TARGET_DIR}/feasibilitycheck/vpnplusEnabled.sh" /usr/local/bin/feasibilitycheck/syno_account.d/logout
}

feasible_check_uninstall()
{
	rm -f /usr/local/share/feasibilitycheck/syno_account.d/logout/vpnplusEnabled.cfg
	rm -f /usr/local/bin/feasibilitycheck/syno_account.d/logout/vpnplusEnabled.sh
}

resume_services()
{
	# Create TAP first
	${PACKAGE_TARGET_DIR}/scripts/ippool.sh start-all

	/sbin/start synovpnplusd

	${PACKAGE_TARGET_DIR}/scripts/radiusd.sh start &

	# sync DNS setting
	${VPNPLUS_TOOL} -f -s 2>/dev/null

	# sync l2tp ip
	${VPNPLUS_TOOL} -f -u 2>/dev/null

	# sync S2S IP
	${VPNPLUS_TOOL} -s -f 2>/dev/null

	if [ "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} pptp enable`" ]; then
		${PACKAGE_TARGET_DIR}/scripts/accel-pppd.sh start
	fi
	if [ "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} l2tp enable`" ]; then
		rm /tmp/vpnc_ipsec_ready
		${PACKAGE_TARGET_DIR}/scripts/xl2tpd.sh start
		rm ${PKG_USERCONF_DIR}/l2tp/ipsec.secrets
	fi
	if [ "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} openvpn enable`" ]; then
		${PACKAGE_TARGET_DIR}/scripts/openvpn.sh start
	fi
	if [ "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} sslvpn enable`" -o "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} sstp enable`" ]; then
		${PACKAGE_TARGET_DIR}/scripts/sslvpn.sh start
	fi
	if [ "xyes" == "x`${GET_SEC_KV} ${VPNPLUS_CONFIG} ipsec enable`" ]; then
		${PACKAGE_TARGET_DIR}/scripts/ipsec.sh start
	fi
	${PACKAGE_TARGET_DIR}/scripts/vpnportal.sh start
	${PACKAGE_TARGET_DIR}/scripts/remotedesktop.sh start
}

create_httpd_conf()
{
	if [ -e "$PACKAGE_USR_CONF_DIR/sites-enabled/$WP_HTTPD_CONF_NAME" ]; then
		cp "$PACKAGE_USR_CONF_DIR/sites-enabled/$WP_HTTPD_CONF_NAME" "$HTTPD_CONF_DIR/$WP_HTTPD_CONF_NAME"
	fi
	if [ -e "$PACKAGE_USR_CONF_DIR/sites-enabled/$RDP_HTTPD_CONF_NAME" ]; then
		cp "$PACKAGE_USR_CONF_DIR/sites-enabled/$RDP_HTTPD_CONF_NAME" "$HTTPD_CONF_DIR/$RDP_HTTPD_CONF_NAME"
	fi
	if [ "yes" = $(check_443_port) ]; then
		${VPNPLUS_TOOL} -w -s
	fi
	synoservicecfg --reload httpd-sys

}

remove_httpd_conf()
{
	if [ -e "$HTTPD_CONF_DIR/$WP_HTTPD_CONF_NAME" ]; then
		rm "$HTTPD_CONF_DIR/$WP_HTTPD_CONF_NAME"
	fi
	if [ -e "$HTTPD_CONF_DIR/$RDP_HTTPD_CONF_NAME" ]; then
		rm "$HTTPD_CONF_DIR/$RDP_HTTPD_CONF_NAME"
	fi
	if [ "yes" = $(check_443_port) ]; then
		${VPNPLUS_TOOL} -w -r
	fi
	synoservicecfg --reload httpd-sys
}

check_443_port()
{
	if [ "yes" = "`${GET_SEC_KV} ${VPNPLUS_CONFIG} sslvpn enable`" -a "443" = "`cat ${SSL_CONFIG} | jq .vpn.port.ssl.port`" ]; then
		echo "yes"
		exit 0
	fi
	if [ "yes" = "`${GET_SEC_KV} ${VPNPLUS_CONFIG} sstp enable`" -a "443" = "`cat ${SSL_CONFIG} | jq .vpn.port.sstp.port`" ]; then
		echo "yes"
		exit 0
	fi
	if [ "yes" = "`${GET_SEC_KV} ${VPNPLUS_CONFIG} webportal enable`" -a "443" = "`${GET_SEC_KV} ${VPNPLUS_CONFIG} webportal https_port`" ]; then
		echo "yes"
		exit 0
	fi
	if [ "yes" = "`$GET_KV $RDP_CONFIG enable`" -a "443" = "`$GET_KV $RDP_CONFIG https_port`" ]; then
		echo "yes"
		exit 0
	fi

	echo "no"
	exit 0
}

pause_services()
{
	${PACKAGE_TARGET_DIR}/scripts/accel-pppd.sh stop
	${PACKAGE_TARGET_DIR}/scripts/xl2tpd.sh stop
	${PACKAGE_TARGET_DIR}/scripts/openvpn.sh stop
	${PACKAGE_TARGET_DIR}/scripts/sslvpn.sh force-stop
	${PACKAGE_TARGET_DIR}/scripts/ippool.sh stop-all
	${PACKAGE_TARGET_DIR}/scripts/radiusd.sh stop
	${PACKAGE_TARGET_DIR}/scripts/vpnportal.sh stop
	${PACKAGE_TARGET_DIR}/scripts/ipsec.sh stop
	${PACKAGE_TARGET_DIR}/scripts/remotedesktop.sh stop
	/sbin/stop synovpnplusd
}

PrintMessage()
{
	local section=$1
	local key=$2
	local string=`/usr/syno/bin/get_section_key_value ${PACKAGE_STRING_FILE} $section $key`
	local diskstation=`/bin/get_key_value /etc/synoinfo.conf product`
	if [ 0 == $? ]; then
		echo $string | sed -e "s/_DISKSTATION_/${diskstation}/g" >> $SYNOPKG_TEMP_LOGFILE
	fi
}

start()
{
	local VPNCenterStatus=`/usr/syno/bin/synopkg status VPNCenter`

	if [ "$VPNCenterStatus" = "VPNCenter package is started" ]; then
		PrintMessage migration detect_vpncenter_msg
		echo "<br/>" >> $SYNOPKG_TEMP_LOGFILE
		PrintMessage migration detect_vpncenter_note
		return -1;
	fi

	if ! is_db_existed; then
		# Create database
		${SQLITE3} "${PACKAGE_USR_CONF_DIR}/db/${DB_NAME}" < ${DB_SCHEMA}
	fi

	mkdir -p "${INTERFACE_UP_HOOK}"
	mkdir -p "${INTERFACE_DOWN_HOOK}"
	mkdir -p "${TOPOLOGY_CHANGE_HOOK}"
	mkdir -p "${IPV4_CHANGE_HOOK}"
	mkdir -p "${GATEWAY_CHANGE_HOOK}"
	mkdir -p "${MYDS_LOGIN_HOOK}"
	mkdir -p "${MYDS_LOGOUT_HOOK}"
	mkdir -p "${DIRSVS_JOIN_HOOK}"
	mkdir -p "${DIRSVS_LEAVE_HOOK}"
	mkdir -p "${CERTIFICATE_CHANGE_HOOK}"
	mkdir -p "${DNSSEC_ROOT_KEY_PATH}"

	ln -sf "${PACKAGE_TARGET_DIR}/webapi/SYNO.VPNPlus.lib" /usr/syno/synoman/webapi/SYNO.VPNPlus.lib
	ln -sf "${PACKAGE_TARGET_DIR}/etc/webportal/vpnportal.auth" /usr/syno/synoman/webapi/vpnportal.auth
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-ppp-up.sh" ${INTERFACE_UP_HOOK}/vpnplus-ppp-up.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-ppp-down.sh" ${INTERFACE_DOWN_HOOK}/vpnplus-ppp-down.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-if-link-updown.sh" ${INTERFACE_UP_HOOK}/vpnplus-if-link-updown.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-if-link-updown.sh" ${INTERFACE_DOWN_HOOK}/vpnplus-if-link-updown.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-topology-change.sh" ${TOPOLOGY_CHANGE_HOOK}/vpnplus-topology-change.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/restart_openvpn.sh" ${IPV4_CHANGE_HOOK}/restart_openvpn.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-ipv4-change.sh" ${IPV4_CHANGE_HOOK}/vpnplus-ipv4-change.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-gateway-change.sh" ${GATEWAY_CHANGE_HOOK}/vpnplus-gateway-change.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-myds-login.sh" ${MYDS_LOGIN_HOOK}/vpnplus-myds-login.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-myds-logout.sh" ${MYDS_LOGOUT_HOOK}/vpnplus-myds-logout.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-join-leave-dirsvs.sh" ${DIRSVS_JOIN_HOOK}/vpnplus-join-leave-dirsvs.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnplus-join-leave-dirsvs.sh" ${DIRSVS_LEAVE_HOOK}/vpnplus-join-leave-dirsvs.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/certReload.sh" ${CERTIFICATE_CHANGE_HOOK}/certReload.sh
	ln -sf "${PACKAGE_TARGET_DIR}/scripts/vpnPlusLanHook.sh" ${IPV4_CHANGE_HOOK_DIR}/vpnPlusLanHook.sh
	ln -sf "${PACKAGE_TARGET_DIR}/etc/root_dnssec_key" "${DNSSEC_ROOT_KEY_PATH}/root.key"
	cp -f ${PACKAGE_TARGET_DIR}/etc/upstart/* /etc/init/

	/usr/syno/bin/synomoduletool --insmod ${PACKAGE_NAME} ${TC_MODULES}

	# copy CA
	${CERTIFICATE_CHANGE_HOOK}/certReload.sh copyCA

	# make default_ca.crt downloadable
	chmod 440 ${PACKAGE_USR_CONF_DIR}/certificate/ca.crt

	# restore ippool related dhcp file
	${VPNPLUS_TOOL} -f -d

	pam_install
	create_httpd_conf
	resume_services

	# rebuild tc rule
	${VPNPLUS_TOOL} -t -r &

	# update ippool config
	synowebapi --exec api=SYNO.VPNPlus.Object.Ippool method=get &

	# add schdule in /etc/crontab
	if [ "x$(grep -c /var/packages/VPNPlusServer/target/scripts/traffic_log_rotate.sh /etc/crontab)" == "x0" ]; then
		/bin/echo -e "0\t5\t*/1\t*\t*\troot\t/var/packages/VPNPlusServer/target/scripts/traffic_log_rotate.sh" >> /etc/crontab
		/sbin/restart crond &
	fi

	${DSM_INDEX_ADD} ${PACKAGE_TARGET_DIR}/ui/index.conf ${PACKAGE_TARGET_DIR}/indexdb/appindexdb
	${DSM_INDEX_ADD} ${PACKAGE_TARGET_DIR}/ui/helptoc.conf ${PACKAGE_TARGET_DIR}/indexdb/helpindexdb

	if [ "x`${REPORT_TOOL} --is_registered --reporter_id VPNPlusServer`" == "x0" ]; then
		${REPORT_TOOL} --register --reporter_id ${PACKAGE_NAME} --meta_path ${VPNPLUS_REPORT_DIR}
	fi
	${REPORT_TOOL} --enable --reporter_id ${PACKAGE_NAME}

	update_synoddns

	mkdir ${PACKAGE_TARGET_DIR}/tmp

	feasible_check_install
}

stop()
{
	pause_services
	remove_httpd_conf
	pam_uninstall
	/usr/syno/bin/synomoduletool --rmmod ${PACKAGE_NAME} ${TC_MODULES}
	rm -f /usr/syno/synoman/webapi/SYNO.VPNPlus.lib
	rm -f /usr/syno/synoman/webapi/vpnportal.auth
	rm -f /etc/init/vpnportal.conf
	rm -f /etc/init/synovpnplusd.conf
	rm -f /etc/init/vpnServer.conf
	rm -f /etc/init/openvpnServer.conf
	rm -f /etc/init/pptpServer.conf
	rm -f /etc/init/l2tpServer.conf
	rm -f /etc/init/vpnplusauthd.conf
	rm -f /etc/init/guacd.conf
	rm -f /etc/init/synoremotedesktopd.conf
	rm -f /etc/init/vpnLicense.conf
	rm -f /etc/logrotate.d/vpnportal
	rm -f ${INTERFACE_UP_HOOK}/vpnplus-ppp-up.sh
	rm -f ${INTERFACE_DOWN_HOOK}/vpnplus-ppp-down.sh
	rm -f ${INTERFACE_UP_HOOK}/vpnplus-if-link-updown.sh
	rm -f ${INTERFACE_DOWN_HOOK}/vpnplus-if-link-updown.sh
	rm -f ${TOPOLOGY_CHANGE_HOOK}/vpnplus-topology-change.sh
	rm -f ${IPV4_CHANGE_HOOK}/restart_openvpn.sh
	rm -f ${IPV4_CHANGE_HOOK}/vpnplus-ipv4-change.sh
	rm -f ${GATEWAY_CHANGE_HOOK}/vpnplus-gateway-change.sh
	rm -f ${MYDS_LOGIN_HOOK}/vpnplus-myds-login.sh
	rm -f ${MYDS_LOGOUT_HOOK}/vpnplus-myds-logout.sh
	rm -f ${DIRSVS_JOIN_HOOK}/vpnplus-join-leave-dirsvs.sh
	rm -f ${DIRSVS_LEAVE_HOOK}/vpnplus-join-leave-dirsvs.sh
	rm -f ${CERTIFICATE_CHANGE_HOOK}/certReload.sh
	rm -f ${IPV4_CHANGE_HOOK_DIR}/vpnPlusLanHook.sh
	rm -rf "${DNSSEC_ROOT_KEY_PATH}"

	# remove vpnplus tc rule
	${VPNPLUS_TOOL} -t -z

	# remove ippool related dhcp file
	${VPNPLUS_TOOL} -f -p

	# sample report data once
	${VPNPLUS_TOOL} -t -x

	# Remove schdule in /etc/crontab
	/bin/sed -i "/\/var\/packages\/VPNPlusServer\/target\/scripts\/traffic_log_rotate.sh$/{d}" /etc/crontab
	/sbin/restart crond

	${DSM_INDEX_DEL} ${PACKAGE_TARGET_DIR}/ui/index.conf ${PACKAGE_TARGET_DIR}/indexdb/appindexdb
	${DSM_INDEX_DEL} ${PACKAGE_TARGET_DIR}/ui/helptoc.conf ${PACKAGE_TARGET_DIR}/indexdb/helpindexdb

	${REPORT_TOOL} --disable --reporter_id ${PACKAGE_NAME}

	/usr/syno/bin/synosetkeyvalue $VPNPLUS_CONFIG skip_migration no

	rm -r ${PACKAGE_TARGET_DIR}/tmp

	feasible_check_uninstall
}

case $1 in
	start)
		start
	;;
	stop)
		stop
	;;
	status)
	;;
esac

exit 0
