#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2013  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

# Define protocols which are supported by aiccu.
AICCU_SUPPORTED_PROTOCOLS="tic tsp l2tp"

aiccu_start() {
	local device=${1}
	assert isset device

	# Tell systemd to start aiccu on this device.
	service_start "aiccu@${device}.service"
	local ret=$?

	if [ ${ret} -eq ${EXIT_OK} ]; then
		log DEBUG "aiccu was successfully started on '${device}'."
	else
		log ERROR "Could not start aiccu properly on '${device}': ${ret}"
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

aiccu_stop() {
	local device=${1}
	assert isset device

	# Tell sysemd to stop aiccu on this device.
	service_stop "aiccu@${device}.service"
}

aiccu_write_config() {
	local device=${1}
	local file=${2}
	shift 2

	assert isset device
	assert isset file

	local username
	local password
	local server
	local protocol="tic"
	local tunnel_id
	local require_tls

	while [ $# -gt  0 ]; do
		case "${1}" in
			--username=*)
				username="$(cli_get_val ${1})"
				;;
			--password=*)
				password="$(cli_get_val ${1})"
				;;
			--server=*)
				server="$(cli_get_val ${1})"
				;;
			--protocol=*)
				protocol="$(cli_get_val ${1})"
				;;
			--tunnel-id=*)
				tunnel_id="$(cli_get_val ${1})"
				;;
			--require-tls=*)
				require_tls="$(cli_get_val ${1})"

				if enabled val; then
					require_tls="true"
				else
					require_tls="false"
				fi
				;;
		esac
		shift
	done

	assert isset username
	assert isset password
	assert isset server
	assert isset protocol
	assert isset require_tls
	assert isoneof protocol ${AICCU_SUPPORTED_PROTOCOLS}

	# Write configuration file header.
	config_header "aiccu configuration file for ${zone}" > ${file}

	(
		print "# Server info"
		print "server ${server}"
		print "protocol ${protocol}"
		print

		if isset tunnel_id; then
			print "# Tunnel ID"
			print "tunnel_id ${tunnel_id}"
			print
		fi

		print "# Credentials"
		print "username ${username}"
		print "password ${password}"
		print

		print "ipv6_interface ${device}"
		print

		print "# Security"
		print "requiretls ${require_tls}"
		print

		# Misc.
		print "verbose true"
		print "daemonize false"
		print "automatic true"
	) >> ${file}

	return ${EXIT_OK}
}