#!/bin/sh /etc/rc.common
START=20
####### Error code table
#101: ERROR: User profile is refered by other functions, deletion is not permitted
#102: ERROR: User profile:[$t] is a reserved name, please use other names

#Caution: Do not use config_load after trunk r2672.
#r2672 support special characters(. - @) for user name, 
#it may cause config_load error if initial of user name is character '@'

UCI_CONFIG="appuser"

FTP_SETACTION="ls"
SMB_SETACTION="smbpasswd"

FTP_DELACTION="ls"

PAP_SECRET="/etc/ppp/pap-secrets"
CHAP_SECRET="/etc/ppp/chap-secrets"
PAP_SECRET_L2TP="/etc/ppp/pap-secrets-l2tp"
CHAP_SECRET_L2TP="/etc/ppp/chap-secrets-l2tp"
PAP_SECRET_PPPOE="/etc/ppp/pap-secrets-pppoe"
CHAP_SECRET_PPPOE="/etc/ppp/chap-secrets-pppoe"

PPPOE_PAPCONFIG=$PAP_SECRET_PPPOE
L2TP_PAPCONFIG=$PAP_SECRET_L2TP
PPTP_PAPCONFIG=$PAP_SECRET

PPPOE_CHAPCONFIG=$CHAP_SECRET_PPPOE
L2TP_CHAPCONFIG=$CHAP_SECRET_L2TP
PPTP_CHAPCONFIG=$CHAP_SECRET

OPENVPN_CONFIG="/etc/openvpn/psw-file"

SMB_DELACTION="smbpasswd -del"

SCRIPT_LOCK="/tmp/web_apply_lock/appuser"
CGI_ERROR_MSG="/tmp/cgi_error_msg"
RESERVED_NAME="root nobody admin operator quagga"

useradd() {
	#20120504 Modified, Boham
	# $1=username $2=password $3=group
	adduser -h /tmp -G $3 -D $1 -s /usr/bin/clish
	(echo $2;sleep 1;echo $2; sleep 1)|(passwd $1 >/dev/null 2>&1)	
}

usermod() {
userdelete $1 
useradd $1 $2 $3 	
}	

userdelete() {
	deluser $1
}

boot() {
	start
}

start() {	
	
	echo >/tmp/all_local_user_name
	appuser_booting_program $UCI_CONFIG
}





apply() {

#echo -n "appuser apply start "  >>/tmp/apply_dur.log 2>&1
#cat /proc/uptime >> /tmp/apply_dur.log 2>&1

#config_load $UCI_CONFIG

##### CREATE A NEW USER ###################################################################################################
    new=`uci fchanges new $UCI_CONFIG`
	for t in $new; do
		##prevent to create reserved names:
		for name in $RESERVED_NAME ;do
			if [ "$t" = "$name" ] ;then
				echo -n "ERROR: User profile:[$t] is a reserved name, please use other names." >$CGI_ERROR_MSG
				uci revert $UCI_CONFIG.$t
				exit 102
			fi
		done
		
		ipset -N usr_$t iphash
		ipset -A all_users usr_$t 
		echo "$t" >>/tmp/all_local_user_name
		
		pass=`uci get $UCI_CONFIG.$t.pass`
		l2tp=`uci get $UCI_CONFIG.$t.l2tp`
		pptp=`uci get $UCI_CONFIG.$t.pptp`
		pppoe=`uci get $UCI_CONFIG.$t.pppoe`
		openvpn=`uci get $UCI_CONFIG.$t.openvpn`
        pptpif=`uci get $UCI_CONFIG.$t.pptpif`
		fixip=`uci get $UCI_CONFIG.$t.fixip`
		smb=`uci get $UCI_CONFIG.$t.smb`
		ftp=`uci get $UCI_CONFIG.$t.ftp`
		sysuser=`uci get $UCI_CONFIG.$t.sysuser`
		usemotp=`uci get $UCI_CONFIG.$t.usemotp`
		motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
		motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
		quota_time=`uci get $UCI_CONFIG.$t.quota_time`
		time_used=`uci get $UCI_CONFIG.$t.time_used`
		quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
		traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`

		uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
		uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic

		state=`uci get $UCI_CONFIG.$t.state`
		[ "$state" = "disable" ] && continue

		if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] || [ "$openvpn" = "enable" ] ;then
			if [ "$usemotp" = "enable" ] ;then
				json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$t * $motp_secret *" >> $PPTP_CHAPCONFIG
						echo "$t * $motp_secret *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$t * $motp_secret *" >> $L2TP_CHAPCONFIG
						echo "$t * $motp_secret *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$t * $motp_secret *" >> $PPPOE_CHAPCONFIG
						echo "$t * $motp_secret *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$t $pass" >> $OPENVPN_CONFIG
					fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$t * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
						echo "$t * $motp_secret $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$t * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
						echo "$t * $motp_secret $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$t * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
						echo "$t * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$t $pass" >> $OPENVPN_CONFIG
					fi
				fi
			else
				json set appuser.$t usemotp=0 motp_pin= motp_secret=
				if [ "$fixip" = "" ]; then
					if [ "$pptp" = "enable" ]; then
						echo "$t * $pass *" >> $PPTP_CHAPCONFIG
						echo "$t * $pass *" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$t * $pass *" >> $L2TP_CHAPCONFIG
						echo "$t * $pass *" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$t * $pass *" >> $PPPOE_CHAPCONFIG
						echo "$t * $pass *" >> $PPPOE_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$t $pass" >> $OPENVPN_CONFIG
					fi
				else
					if [ "$pptp" = "enable" ]; then
						echo "$t * $pass $fixip" >> $PPTP_CHAPCONFIG
						echo "$t * $pass $fixip" >> $PPTP_PAPCONFIG
					fi
					if [ "$l2tp" = "enable" ]; then
						echo "$t * $pass $fixip" >> $L2TP_CHAPCONFIG
						echo "$t * $pass $fixip" >> $L2TP_PAPCONFIG
					fi
					if [ "$pppoe" = "enable" ]; then
						echo "$t * $pass $fixip" >> $PPPOE_CHAPCONFIG
						echo "$t * $pass $fixip" >> $PPPOE_PAPCONFIG
					fi
					if [ "$openvpn" = "enable" ]; then
						echo "$t $pass" >> $OPENVPN_CONFIG
					fi
				fi
			fi
			json set pptp.$t ifname=$pptpif
		else
			json set appuser.$t usemotp=0 motp_pin= motp_secret=
		fi
	
		[ "$sysuser" = "true" ] && {
			group=`uci get $UCI_CONFIG.$t.group`
			useradd $t $pass $group
			[ "$ftp" = "enable" ]  && {
				$FTP_SETACTION $t $pass
			}
			[ "$smb" = "enable" ]  && {
				$SMB_SETACTION $t $pass
			}
		}
	done
	
##### DELETE AN USER ###################################################################################################
	delete=`uci fchanges delete $UCI_CONFIG`
	for t in $delete; do
		#must remove user from ipset all_users first for deletion
		ipset -D all_users usr_$t
		ipset -X usr_$t 2>/dev/null
		[ "$?" = 0 ] || {
			echo -n "ERROR: User profile:[$t] is refered by other places, deletion is not permitted. Please remove the references before deletion" >$CGI_ERROR_MSG
			uci revert $UCI_CONFIG.$t
			#re-add to all_users because of deteltion failure
			ipset -A all_users usr_$t
			exit 101
		}
		usemotp=`uci oget $UCI_CONFIG.$t.usemotp`
		if [ "$usemotp" = "enable" ] ;then
			motp_secret=`uci oget $UCI_CONFIG.$t.motp_secret`
			sed -i "/^$t \* $motp_secret/d" $PPTP_PAPCONFIG
			sed -i "/^$t \* $motp_secret/d" $PPTP_CHAPCONFIG
			sed -i "/^$t \* $motp_secret/d" $L2TP_PAPCONFIG
			sed -i "/^$t \* $motp_secret/d" $L2TP_CHAPCONFIG
			sed -i "/^$t \* $motp_secret/d" $PPPOE_PAPCONFIG
			sed -i "/^$t \* $motp_secret/d" $PPPOE_CHAPCONFIG
		else
			pass=`uci oget $UCI_CONFIG.$t.pass`
			sed -i "/^$t \* $pass/d" $PPTP_PAPCONFIG
			sed -i "/^$t \* $pass/d" $PPTP_CHAPCONFIG
			sed -i "/^$t \* $pass/d" $L2TP_PAPCONFIG
			sed -i "/^$t \* $pass/d" $L2TP_CHAPCONFIG
			sed -i "/^$t \* $pass/d" $PPPOE_PAPCONFIG
			sed -i "/^$t \* $pass/d" $PPPOE_CHAPCONFIG
			sed -i "/^$t $pass/d" $OPENVPN_CONFIG
		fi
		
		json delete appuser.$t
		json delete pptp.$t.ifname
		
		userdelete $t
		$FTP_DELACTION $t
		$SMB_DELACTION $t  
		
		sed -i '/'"$t"'/d' /tmp/all_local_user_name
		
		#If user profile is deleted, reset all of user's logined IPs
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			ipset -D logined_user_ip $ip
		done
		sed -i '/'"$t"'/d' /var/ubf_record
		
		#delete it from related user group
		usrgrp_temp=`uci filter appuser_group member $t`
		[ -n "$usrgrp_temp" ] && {
			for item in $usrgrp_temp; do
				#echo "appuser: delete user:$t from group:$item" >/dev/console
				ipset -D usr_grp_$item usr_$t
				uci delete appuser_group.$item.member=$t
			done
			uci commit appuser_group
		}
	done
	
##### MODIFY AN USER ###################################################################################################
	modify=`uci fchanges modify $UCI_CONFIG`
	for t in $modify; do
		user=$t
		state=`uci get $UCI_CONFIG.$t.state`
		pass_old=`uci oget $UCI_CONFIG.$t.pass`
		pass_new=`uci get $UCI_CONFIG.$t.pass`
		l2tp=`uci get $UCI_CONFIG.$t.l2tp`
		pptp=`uci get $UCI_CONFIG.$t.pptp`
		pppoe=`uci get $UCI_CONFIG.$t.pppoe`
		openvpn=`uci get $UCI_CONFIG.$t.openvpn`
        pptpif=`uci get $UCI_CONFIG.$t.pptpif`
		fixip=`uci get $UCI_CONFIG.$t.fixip`
		ftp=`uci get $UCI_CONFIG.$t.ftp`
		smb=`uci get $UCI_CONFIG.$t.smb`
		sysuser=`uci get $UCI_CONFIG.$t.sysuser`
		usemotp=`uci get $UCI_CONFIG.$t.usemotp`
		motp_pin=`uci get $UCI_CONFIG.$t.motp_pin`
		motp_secret=`uci get $UCI_CONFIG.$t.motp_secret`
		usemotp_old=`uci oget $UCI_CONFIG.$t.usemotp`
		quota_time=`uci get $UCI_CONFIG.$t.quota_time`
		time_used=`uci get $UCI_CONFIG.$t.time_used`
		quota_traffic=`uci get $UCI_CONFIG.$t.quota_traffic`
		traffic_used=`uci get $UCI_CONFIG.$t.traffic_used`

		uci set $UCI_CONFIG.$t.time_proportion=$time_used/$quota_time
		uci set $UCI_CONFIG.$t.traffic_proportion=$traffic_used/$quota_traffic

		[ "$sysuser" = "true" -a "$state" = "enable" ] && {
			group=`uci get $UCI_CONFIG.$t.group`
			usermod $user $pass_new $group
			[ "$ftp" = "enable" ]  && {
			$FTP_SETACTION $user $pass_new
			}
			[ "$ftp" = "disable" ]  && {
			$FTP_DELACTION $user
			}
			[ "$smb" = "enable" ]  && {
			$SMB_SETACTION $user $pass_new
			}
			[ "$smb" = "disable" ]  && {
			$SMB_DELACTION $user
			}
		}
		
		[ "$sysuser" = "false" -o "$state" = "disable" ] && {
			userdelete $user
			$FTP_DELACTION $user
			$SMB_DELACTION $user 
		}

		##### DELETE PART ##############################################################################################
		if [ "$usemotp_old" = "enable" ] ;then
			motp_secret_old=`uci oget $UCI_CONFIG.$t.motp_secret`
			sed -i"/^$user \* $motp_secret_old/d" $PPTP_PAPCONFIG
			sed -i "/^$user \* $motp_secret_old/d" $PPTP_CHAPCONFIG
			sed -i "/^$user \* $motp_secret_old/d" $L2TP_PAPCONFIG
			sed -i "/^$user \* $motp_secret_old/d" $L2TP_CHAPCONFIG
			sed -i "/^$user \* $motp_secret_old/d" $PPPOE_PAPCONFIG
			sed -i "/^$user \* $motp_secret_old/d" $PPPOE_CHAPCONFIG
		else
			sed -i"/^$user \* $pass_old/d" $PPTP_PAPCONFIG
			sed -i "/^$user \* $pass_old/d" $PPTP_CHAPCONFIG
			sed -i "/^$user \* $pass_old/d" $L2TP_PAPCONFIG
			sed -i "/^$user \* $pass_old/d" $L2TP_CHAPCONFIG
			sed -i "/^$user \* $pass_old/d" $PPPOE_PAPCONFIG
			sed -i "/^$user \* $pass_old/d" $PPPOE_CHAPCONFIG
			sed -i "/^$user $pass_old/d" $OPENVPN_CONFIG
		fi
		
		##### ADD PART #################################################################################################
		if [ "$state" = "enable" ]; then
			if [ "$pptp" = "enable" ] || [ "$l2tp" = "enable" ] || [ "$pppoe" = "enable" ] ;then
				if [ "$usemotp" = "enable" ] ;then
					json set appuser.$t usemotp=1 motp_pin=$motp_pin motp_secret=$motp_secret
					if [ "$fixip" = "" ]; then
						if [ "$pptp" = "enable" ]; then
							echo "$t * $motp_secret *" >> $PPTP_CHAPCONFIG
							echo "$t * $motp_secret *" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$t * $motp_secret *" >> $L2TP_CHAPCONFIG
							echo "$t * $motp_secret *" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$t * $motp_secret *" >> $PPPOE_CHAPCONFIG
							echo "$t * $motp_secret *" >> $PPPOE_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$t $pass_new" >> $OPENVPN_CONFIG
						fi
					else
						if [ "$pptp" = "enable" ]; then
							echo "$t * $motp_secret $fixip" >> $PPTP_CHAPCONFIG
							echo "$t * $motp_secret $fixip" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$t * $motp_secret $fixip" >> $L2TP_CHAPCONFIG
							echo "$t * $motp_secret $fixip" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$t * $motp_secret $fixip" >> $PPPOE_CHAPCONFIG
							echo "$t * $motp_secret $fixip" >> $PPPOE_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$t $pass_new" >> $OPENVPN_CONFIG
						fi
					fi
				else
					json set appuser.$t usemotp=0 motp_pin= motp_secret=
					if [ "$fixip" = "" ]; then
						if [ "$pptp" = "enable" ]; then
							echo "$t * $pass_new *" >> $PPTP_CHAPCONFIG
							echo "$t * $pass_new *" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$t * $pass_new *" >> $L2TP_CHAPCONFIG
							echo "$t * $pass_new *" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$t * $pass_new *" >> $PPPOE_CHAPCONFIG
							echo "$t * $pass_new *" >> $PPPOE_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$t $pass_new" >> $OPENVPN_CONFIG
						fi
					else
						if [ "$pptp" = "enable" ]; then
							echo "$t * $pass_new $fixip" >> $PPTP_CHAPCONFIG
							echo "$t * $pass_new $fixip" >> $PPTP_PAPCONFIG
						fi
						if [ "$l2tp" = "enable" ]; then
							echo "$t * $pass_new $fixip" >> $L2TP_CHAPCONFIG
							echo "$t * $pass_new $fixip" >> $L2TP_PAPCONFIG
						fi
						if [ "$pppoe" = "enable" ]; then
							echo "$t * $pass_new $fixip" >> $PPPOE_CHAPCONFIG
							echo "$t * $pass_new $fixip" >> $PPPOE_PAPCONFIG
						fi
						if [ "$openvpn" = "enable" ]; then
							echo "$t $pass_new" >> $OPENVPN_CONFIG
						fi
					fi
				fi
				json set pptp.$t ifname=$pptpif
			else
				json set appuser.$t usemotp=0 motp_pin= motp_secret=
			fi
			#maintain related ipset(prevent duplicated add)
			ipset -T all_users usr_$t >/dev/null 2>/dev/null
			[ "$?" = "0" ] || ipset -A all_users usr_$t
		else
			ipset -D all_users usr_$t
		fi
		
		#reset user login usage time record
		user_reconrd=$(cat /var/ubf_record | grep "^$user " | cut -d' ' -f 1-2 | tr ' ' ',')
		for ur_t in $user_reconrd; do
			user_ip=$(echo $ur_t | tr ',' ' ')
			sed -i '/'"$user_ip"'/d' /var/ubf_record
		done
		
		#reset related record of the user profile, even the user is logined
		user_logined_ip=`ipset -L usr_$t |sed '1,5d'`
		for ip in $user_logined_ip ;do
			ipset -D logined_user_ip $ip
		done
		
		ipset -F usr_$t
		
		#G40542: remove login quota record when user profile is modified
		json delete appuser.$t.login_count
	done

##### COMMIT CONFIG ###################################################################################################
	uci commit $UCI_CONFIG
	cp /etc/passwd /etc/persistence/data/passwd
	cp /etc/persistence/data/group /etc/persistence/data/group_backup
	cp /etc/persistence/data/passwd /etc/persistence/data/passwd_backup

	#echo -n "appuser apply end "  >>/tmp/apply_dur.log 2>&1
	#cat /proc/uptime >> /tmp/apply_dur.log 2>&1
}
