#!/bin/bash
#
# Copyright (C) 2018 Nikos Mavrogiannopoulos
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

PIDFILE=ocserv-pid.$$.tmp
CLIPIDFILE=oc-pid.$$.tmp
PATH=${PATH}:/usr/sbin
RESOLVCONFBAK=resolv.conf.$$.bak
OUTFILE=traffic.$$.tmp
TUNDEV=oc-$$-tun0

. `dirname $0`/common.sh

eval "${GETPORT}"

if test "$TRACE_VPNC_SCRIPT" = 1;then
	echo "Enabling detailed tracing in vpnc-script (env; set -x)."
	sed -i.trace -e 's|^#TRACE#||' ${srcdir}/../vpnc-script || exit 1
fi

if test "$NO_IPROUTE2" = 1;then
	echo "Disabling iproute2 support in vpnc-script."
	sed -i.iproute2 -e 's|IPROUTE=....*|IPROUTE="" # disable|' ${srcdir}/../vpnc-script || exit 1
elif test -z "${IP}";then
	echo "no IP tool is present"
	exit 1
fi

if test "$(id -u)" != "0";then
	echo "This test must be run as root"
	exit 1
fi

if test "${RESOLVCONF}" = 1;then
  cp /etc/resolv.conf ${RESOLVCONFBAK}
fi

echo "Testing $0... "

function finish {
  set +e
  echo " * Cleaning up..."
  test -e "${CLIPIDFILE}" && kill $(cat ${CLIPIDFILE}) >/dev/null 2>&1
  test -e "${CLIPIDFILE}" && rm -f ${CLIPIDFILE} >/dev/null 2>&1
  test -e "${PIDFILE}" && kill $(cat ${PIDFILE}) >/dev/null 2>&1
  test -e "${PIDFILE}" && rm -f ${PIDFILE} >/dev/null 2>&1
  test -e "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
  if test "${RESOLVCONF}" = 1;then
    cp ${RESOLVCONFBAK} /etc/resolv.conf
  fi
  rm -f ${OUTFILE} ${RESOLVCONFBAK} 2>&1
  if test "${NO_IPROUTE2}" = 1;then
    mv -f ${srcdir}/../vpnc-script.iproute2 ${srcdir}/../vpnc-script 2>&1
  fi
  if test "${TRACE_VPNC_SCRIPT}" = 1;then
    mv -f ${srcdir}/../vpnc-script.trace ${srcdir}/../vpnc-script 2>&1
  fi
}
trap finish EXIT

# server address
ADDRESS=10.200.2.1
CLI_ADDRESS=10.200.1.1
DNS=192.168.1.1
VPNNET=192.168.1.0/24
ROUTE1=192.168.32.0/24
ROUTE2=fd91:6d87:7341:dcba::/96
VPNADDR=192.168.1.1
VPNNET6=fd91:6d87:7341:db6a::/112
VPNADDR6=fd91:6d87:7341:db6a::1
OCCTL_SOCKET=./occtl-vpn-$$.socket
USERNAME=test

. `dirname $0`/ns.sh

LISTEN_NS=${NSNAME2}

# Run server
update_config vpn-routes.config
if test "$VERBOSE" = 1;then
DEBUG="-d 3"
fi

echo " * Running server on ${ADDRESS}:${PORT}"

# run on NSNAME2
${CMDNS2} ${OCSERV} -p ${PIDFILE} -c ${CONFIG} ${DEBUG} -f &

sleep 4

# Run clients
echo " * Getting cookie from ${ADDRESS}:${PORT}..."
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly )
if test $? != 0;then
	echo "Could not get cookie from server"
	exit 1
fi

echo " * Connecting to ${ADDRESS}:${PORT}..."
export INTERNAL_IP6_NETMASK="fd91:6d87:7341:db6a::1/112" INTERNAL_IP6_ADDRESS="fd91:6d87:7341:db6a::1" # FIXME see #12 and !16#note_454710802
( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} --interface ${TUNDEV} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 -s ${srcdir}/../vpnc-script --pid-file=${CLIPIDFILE} --passwd-on-stdin -b )
if test $? != 0;then
	echo "Could not connect to server"
	exit 1
fi

echo " * wait for ${TUNDEV}"

TIMEOUT=10
while ! ${CMDNS1} ${IP} addr list dev ${TUNDEV} &>/dev/null; do
    TIMEOUT=$(($TIMEOUT - 1))
    if [ $TIMEOUT -eq 0 ]; then
	echo "Timed out waiting for ${TUNDEV}"
	exit 1
    fi
    sleep 1
done
sleep 3 # XX: CI needs additional delay here

if test "$NO_IPROUTE2" = 1;then
    # XX: 'route flush' doesn't work properly on Linux
    ${CMDNS1} ${IP} route flush cache 2>/dev/null
    ${CMDNS1} ${IP} -6 route flush cache 2>/dev/null
fi

set -e
echo " * ping remote address"

${CMDNS1} ping -c 2 ${VPNADDR}

#${CMDNS1} ping -6 -c 2 ${VPNADDR6}

set +e

echo " * showing connected user info"
${CMDNS2} ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME}
if test $? != 0;then
	echo "occtl didn't find connected user!"
	exit 1
fi

echo "* listing routes on ${TUNDEV}"
${CMDNS1} ${IP} route list dev ${TUNDEV} > ${OUTFILE}
${CMDNS1} ${IP} -6 route list dev ${TUNDEV} >> ${OUTFILE}

echo " * Checking whether server routes are present in client"

grep -e "${VPNNET}" ${OUTFILE} >/dev/null
if test $? != 0;then
	cat ${OUTFILE}
	echo "Did not find VPN route ${VPNNET}"
	exit 1
fi

grep -e "${ROUTE1}" ${OUTFILE} >/dev/null
if test $? != 0;then
	cat ${OUTFILE}
	echo "Did not find route: ${ROUTE1}"
	exit 1
fi

grep -e "${ROUTE2}" ${OUTFILE} >/dev/null
if test $? != 0;then
	cat ${OUTFILE}
	echo "Did not find route: ${ROUTE2}"
	exit 1
fi

if test "${RESOLVCONF}" = 1;then
	echo " * checking resolv.conf"
	grep ${DNS} /etc/resolv.conf >/dev/null
	if test $? != 0;then
		cat /etc/resolv.conf
		echo "Resolv.conf doesn't contain the VPN DNS server"
		exit 1
	fi
fi

echo " * Found all expected routes"
echo " * Terminating client"

# Kill the client and check whether resolvconf is as expected
if test -e "${CLIPIDFILE}"; then
    kill $(cat ${CLIPIDFILE}) >/dev/null 2>&1
    for ii in $(seq 10); do
        kill -0 $(cat ${CLIPIDFILE}) >/dev/null 2>&1 || break
        sleep 1
    done
    rm -f ${CLIPIDFILE} >/dev/null 2>&1
fi


sleep 4
if test "${RESOLVCONF}" = 1;then
	cmp ${RESOLVCONFBAK} /etc/resolv.conf
	if test $? != 0;then
		echo "Resolv.conf was not restored"
		cat /etc/resolv.conf
		exit 1
	fi
fi

echo " * Checking whether routes are removed"

${CMDNS1} ${IP} route list > ${OUTFILE}
${CMDNS1} ${IP} -6 route list >> ${OUTFILE}

grep -e "${VPNNET}" ${OUTFILE} >/dev/null
if test $? = 0;then
	cat ${OUTFILE}
	echo "Found VPN route ${VPNNET} after disconnect"
	exit 1
fi

grep -e "${ROUTE1}" ${OUTFILE} >/dev/null
if test $? = 0;then
	cat ${OUTFILE}
	echo "Found route: ${ROUTE1} after disconnect"
	exit 1
fi

grep -e "${ROUTE2}" ${OUTFILE} >/dev/null
if test $? = 0;then
	cat ${OUTFILE}
	echo "Found route: ${ROUTE2} after disconnect"
	exit 1
fi

exit 0
