#!/bin/sh

# customized items of package
if [ -z "$SYNOPKG_PKGNAME" ]; then
	# prior DSM 3.2, start script will be run without environment variable
	#  at boot time, thus we need a workaround to gather name and version info
	PACKAGE_NAME="VPNCenter"
	PACKAGE_VER=`get_key_value "/var/packages/${PACKAGE_NAME}/INFO" "version"`
else
	PACKAGE_NAME=$SYNOPKG_PKGNAME
	PACKAGE_VER=$SYNOPKG_PKGVER
fi
PRIVATE_LOCATION="/var/packages/VPNCenter/target"
PACKAGE_LIMIT_KEY="synovpn_limit"

PKG_APP_PATH="${PRIVATE_LOCATION}/app"
PKG_INDEXDB_PATH="${PRIVATE_LOCATION}/indexdb"
APP_PATH="/usr/syno/synoman/webman/3rdparty/VPNCenter"

# hook
PACKAGE_HOOK_LOCATION="/usr/local/libexec"
IPV4_HOOK_PATH="${PACKAGE_HOOK_LOCATION}/net/ipv4_change"

# general routines
DSM_CONFIG="/etc.defaults/synoinfo.conf"
DSM_INDEX_ADD="/usr/syno/bin/pkgindexer_add"
DSM_INDEX_DEL="/usr/syno/bin/pkgindexer_del"
PACKAGE_ENABLED="/var/packages/${PACKAGE_NAME}/enabled"
PACKAGE_LIMIT=`get_key_value ${DSM_CONFIG} ${PACKAGE_LIMIT_KEY}`
PKG_USERCONF_DIR="/usr/syno/etc/packages/VPNCenter"

# 0: $1 == $2
# 1: $1 > $2
# 2: $1 < $2
compare()
{
	return `echo $1 $2 | awk '{print ($1 == $2)? 0 : ($1 > $2)? 1 : 2}'`
}

PORT_CHECK()
{

	# before start package, use netstat to check if port 1723 (PPTP) / 1701 (L2TP) / 500 and 4500 (IPSec) are listen by other process.
	local pptpRun=`/bin/get_key_value ${PKG_USERCONF_DIR}/synovpn.conf runpptpd`
	if [ "yes" != "$pptpRun" ]; then
		PPTP_PORT_STATUS=`netstat -lnt | grep ':1723 '`
		if [ "x${PPTP_PORT_STATUS}" != "x" ]; then
			/bin/echo "The default port of PPTP (TCP port 1723) is used by other process, please make sure it is avaliable before starting VPN Server" > ${SYNOPKG_TEMP_LOGFILE}
			exit 1
		fi
	fi


	local l2tpRun=`/bin/get_key_value ${PKG_USERCONF_DIR}/synovpn.conf runl2tpd`
	if [ "yes" = "${l2tpRun}" ]; then
		L2TP_PORT_STATUS=`netstat -lnu | grep ':1701 \|:500 \|:4500 '`
		if [ "x${L2TP_PORT_STATUS}" != "x" ]; then
			/bin/echo "The default ports of L2TP/IPSec (UDP port 1701, 500, 4500) is used by other process, please make sure they are avaliable before starting VPN Server" > ${SYNOPKG_TEMP_LOGFILE}
			exit 1
		fi
	fi

}

start()
{
	# Check Port
	PORT_CHECK

	# start vpn services

	# sync DNS setting
	${PRIVATE_LOCATION}/bin/synovpnnet sync_dns 2>/dev/null

	# update ip adress then start l2tp service
	${PRIVATE_LOCATION}/bin/synovpnnet update_l2tp_if 2>/dev/null

	# replace all 0.0.0.0 to 127.0.0.1 on /etc/hosts file
	${PRIVATE_LOCATION}/bin/synovpnnet update_etc_host 2>/dev/null

	# restore plain text PSK for l2tp
	${PRIVATE_LOCATION}/bin/synovpnnet restore_psk 2>/dev/null

	# copy synovpnnet to /tmp for hibernation
	cp -f ${PRIVATE_LOCATION}/bin/synovpnnet /tmp/synovpnnet

	rm /tmp/vpnc_ipsec_ready

	${PRIVATE_LOCATION}/scripts/accel-pppd.sh start
	${PRIVATE_LOCATION}/scripts/l2tpd.sh start
	${PRIVATE_LOCATION}/scripts/openvpn.sh start

	local l2tpRun=`/bin/get_key_value ${PKG_USERCONF_DIR}/synovpn.conf runl2tpd`
	if [ "yes" = "${l2tpRun}" ]; then
		local count=0
		while [ ! -e "/tmp/vpnc_ipsec_ready" ]; do
			sleep 1
			count=$((count+1))

			if [ ${count} -ge 30 ]; then
				break
			fi
		done
	fi

	rm ${PKG_USERCONF_DIR}/l2tp/ipsec.secrets

	# index help and add help to dsm
	${DSM_INDEX_ADD} ${PKG_APP_PATH}/index.conf ${PKG_INDEXDB_PATH}/appindexdb
	${DSM_INDEX_ADD} ${PKG_APP_PATH}/helptoc.conf ${PKG_INDEXDB_PATH}/helpindexdb

	# register ipv4 change hook
	if [ ! -d "${IPV4_HOOK_PATH}" ]; then
		/bin/mkdir -p ${IPV4_HOOK_PATH}
	fi
	/bin/ln -s ${PRIVATE_LOCATION}/scripts/restart_openvpn.sh ${IPV4_HOOK_PATH}/restart_openvpn.sh
	/bin/ln -s ${PRIVATE_LOCATION}/scripts/restart_l2tp.sh ${IPV4_HOOK_PATH}/restart_l2tp.sh
}

stop()
{
	# unregister ipv4 change hook
	/bin/rm ${IPV4_HOOK_PATH}/restart_openvpn.sh
	/bin/rm ${IPV4_HOOK_PATH}/restart_l2tp.sh

	# remove index and help entry
	${DSM_INDEX_DEL} ${PKG_APP_PATH}/index.conf ${PKG_INDEXDB_PATH}/appindexdb
	${DSM_INDEX_DEL} ${PKG_APP_PATH}/helptoc.conf ${PKG_INDEXDB_PATH}/helpindexdb

	# stop vpn services
	${PRIVATE_LOCATION}/scripts/accel-pppd.sh stop
	${PRIVATE_LOCATION}/scripts/l2tpd.sh stop
	${PRIVATE_LOCATION}/scripts/openvpn.sh stop
}

check_version_older() # $1 base version $2 target version
{
	BASE_VER=$1
	TARGET_VER=$2

	# if no base ver, always reture false
	if [ -z "${BASE_VER}" ]; then
		return 0;
	fi

	# getting major, minor, build
	base_major=`echo ${BASE_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\1/'`
	base_minor=`echo ${BASE_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\2/'`
	base_build=`echo ${BASE_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\3/'`
	target_major=`echo ${TARGET_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\1/'`
	target_minor=`echo ${TARGET_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\2/'`
	target_build=`echo ${TARGET_VER} | sed 's/^\([0-9]*\)[.-]\([0-9]*\)[.-]\([0-9]*\).*/\3/'`

	# compare major, version must equal or above limitation
	compare $target_major $base_major
	if [ "$?" != "0" ]; then
		return $?;
	fi
	# compare minor
	compare $target_minor $base_minor
	if [ "$?" != "0" ]; then
		return $?;
	fi
	# compare build
	compare $target_build $base_build
	if [ "$?" != "0" ]; then
		return $?;
	fi
}

case $1 in
	start)
		# check enabled
		if [ ! -f $PACKAGE_ENABLED ]; then
			exit 0;
		fi

		# start routine
		start
		exit 0
	;;
	stop)
		stop
		exit 0
	;;
	status)
		if [ -e ${APP_PATH} ]; then
			exit 0
		else
			exit 1
		fi
	;;
	killall)
        ;;
	log)
		exit 0
	;;
esac

