#!/bin/bash
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc.
# All Rights Reserved.
#
# Author:	Tom Grennan <tgrennan@vyatta.com>
# Description:	Vyatta Router system setup
#		this is an indirect init sub-script executed by ofr.init
#
# **** End License ****

progname=${0##*/}
ACTION=$1

source /etc/default/vyatta

: ${vyatta_prefix:=/opt/vyatta}
: ${vyatta_bindir:=${vyatta_prefix}/bin}
: ${vyatta_sbindir:=${vyatta_prefix}/sbin}
: ${vyatta_sysconfdir:=${vyatta_prefix}/etc}
: ${hostname:=`hostname -s`}

[[ $PATH == *${vyatta_bindir}* ]] || PATH+=:${vyatta_bindir}
[[ $PATH == *${vyatta_sbindir}* ]] || PATH+=:${vyatta_sbindir}

export PATH
export DEBIAN_FRONTEND=noninteractive

. /lib/lsb/init-functions

## BOOTFILE is provided by ofr.init
: ${BOOTFILE:=$prefix/etc/config/config.boot}

if [ -z "$LOGFILE" ] ; then
    if touch /var/log/messages &> /dev/null ; then
	LOGFILE=/var/log/messages
    else
	LOGFILE=/dev/null
    fi
fi

syslog ()
{
    logger -p user.warning -t "$progname" "$*"
}

# easy way to make empty file without any command
empty()
{
    >$1
}

shopt -s extglob nullglob

search_config_if_wan () {
    grep -q "\<serial\>.*\<$1\>" $BOOTFILE
}

add_new_serial_if () {
    __config_additions=/tmp/__config_additions
    rm -f $__config_additions
    ip link show |
    sed -n '/^[0-9]*: wan[0-9]*:/ s/.* \([^:]*\):.*$/\1/p' |
    while read wan ; do
	if ! search_config_if_wan $wan ; then
	    echo "    serial $wan" >> $__config_additions
	fi
    done
    if [ -e $__config_additions ]; then
	rm -f /tmp/__bootfile
	sed '/^interfaces {$/ r '$__config_additions \
	    $BOOTFILE > /tmp/__bootfile
	mv /tmp/__bootfile $BOOTFILE
	rm -f $__config_additions
    fi
}

## Update the version information
update_version_info () {
    if [ -f ${vyatta_sysconfdir}/version.master ]; then
	cp -u ${vyatta_sysconfdir}/version.master ${vyatta_sysconfdir}/version
    fi
}

clear_or_override_config_files ()
{
    for conf in snmp/snmpd.conf snmp/snmptrapd.conf snmp/snmp.conf \
        keepalived/keepalived.conf \
        ipvsadm.rules default/ipvsadm resolv.conf
    do
	if [ -s /etc/$conf ] ; then
	    empty /etc/$conf
	fi
    done
}

udev_rescan ()
{
    rm -f /tmp/vyatta_net_name_*
    udevadm trigger --subsystem-match=net && udevsettle
    for ff in /tmp/vyatta_net_name_* ; do
	f=${ff##*/}
	cmd_name_hwid=${f/vyatta_net_name_/}
	cmd=${cmd_name_hwid%%_*}
	name_hwid=${cmd_name_hwid#*_}
	name=${name_hwid%_*}
	hwid=${name_hwid#*_}
	syslog $cmd $name $hwid
	$vyatta_sbindir/${cmd}_bootfile_eth_hwid $BOOTFILE $name $hwid
    done
}

create_ssh_host_keys () {
    if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
        syslog "Creating ssh v2 rsa host key."
        ssh-keygen -q -N '' -t rsa -f /etc/ssh/ssh_host_rsa_key
    fi;
    if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
	syslog "Creating ssh v2 dsa host key."
        ssh-keygen -q -N '' -t dsa -f /etc/ssh/ssh_host_dsa_key
    fi;
    if [ ! -f "/etc/ssh/ssh_host_key" ]; then
	syslog "Creating ssh v1 host key."
        ssh-keygen -q -N '' -t rsa1 -f /etc/ssh/ssh_host_key
    fi;
}

set_ipv6_params ()
{
    # diffcult to set new default values for IPV6 earlier
    if [ ! -d /proc/sys/net/ipv6 ]; then
	# Skip it if IPv6 is not loaded
	return
    fi

    # Enable forwarding
    echo 1 >/proc/sys/net/ipv6/conf/all/forwarding

    # These values all should be disabled
    for p in accept_source_route accept_redirects
    do
	for d in /proc/sys/net/ipv6/conf/*
	do
	    echo 0 > $d/$p
	done
    done
}

setup_ntp_config_file () {
    template_ntp_conf=/opt/vyatta/etc/ntp.conf
    if [ -e $template_ntp_conf ]; then
	cp -f $template_ntp_conf /etc/ntp.conf
    else
	log_failure_msg "NTP template config file doesn\'t exist"
    fi
}


# These are all the default security setting which are later
# overridden when configuration is read. These are the values the
# system defaults.
security_reset () {
   # restore PAM back to virgin state (no radius other services)
   if grep -q radius /etc/pam.d/common-auth
   then pam-auth-update --remove radius
   fi

   # Disable root login with ssh
   sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config

   # Disable root login over telnet
   sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty
}

start () {
    udev_rescan
    create_ssh_host_keys || \
	log_failure_msg "can't initialize ssh host keys"
    clear_or_override_config_files || \
	log_failure_msg "can\'t reset config files"
    setup_ntp_config_file
    add_new_serial_if || \
	log_failure_msg "can\'t add serial interfaces"

    set_ipv6_params
    security_reset

    update_version_info

    ## Clear out apt config file--it will be filled in by rtrmgr
    empty /etc/apt/sources.list
}

case "$ACTION" in
    start) start ;;
    stop|restart|force-reload) true ;; # nothing to stop/restart
    *)	log_failure_msg "action unknown: $ACTION" ;
	false ;;
esac

exit $?

# Local Variables:
# mode: shell-script
# sh-indentation: 4
# End: