#! /bin/sh
##########################################################################
#           Copyright (c) 2001, Cisco Systems, All Rights Reserved
###########################################################################
#
#  File:    vpn_install
#  Date:    06/15/2001
#
###########################################################################
#
# linux VPN client installation script.
#
###########################################################################
if [ -x /usr/bin/id ]; then
    ID="/usr/bin/id"
elif [ -x /bin/id ]; then
    ID="/bin/id"
else
    echo "Unable to determine access level"
    exit 1
fi


WHOAMI=`$ID|sed -e 's/(.*//'`
if [ "$WHOAMI" != "uid=0" ] ; then
	echo "Sorry, you need super user access to run this script."
	exit 1
fi
VPNDIR="/etc/CiscoSystemsVPNClient"
echo "Cisco Systems VPN Client Version 4.0 (Rel) Linux Installer"
echo "Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved."
echo ""
echo "By installing this product you agree that you have read the"
echo "license.txt file (The VPN Client license) and will comply with" 
echo "its terms. "
echo ""
#
# Assign a default value if we don't have it
#
if [ -z "$VPNBINDIR" ]; then
	VPNBINDIR=/usr/local/bin 
fi

#
# Check for existence and validity of chkconfig
#
CHKCONFIG=""
if [ -x /sbin/chkconfig ]; then
    CHKCONFIG=/sbin/chkconfig
elif [ -x /usr/sbin/chkconfig ]; then
    CHKCONFIG=/usr/sbin/chkconfig
elif [ -x /usr/local/sbin/chkconfig ]; then
    CHKCONFIG=/usr/local/sbin/chkconfig
fi

WC=""
if [ -x /bin/wc ]; then
    WC=/bin/wc
elif [ -x /usr/bin/wc ]; then
    WC=/usr/bin/wc
elif [ -x /usr/local/bin/wc ]; then
    WC=/usr/local/bin/wc
fi

if [ -z "$WC" ]; then
    CHKCONFIG=""
fi

if [ -n "$CHKCONIG" ]; then
    if [ "0" = `"$CHKCONFIG" --list | "$WC" -l` ]; then
	CHKCONFIG=""
    fi
fi

#
#  Print abort message on interupt.
#
trap 'echo; echo "Oh no! Installation Aborted!"; exit 1' 1 2 3 15

#
# Set up to do reads with possible shell escape and default assignment
#
myread() {
	case "$fastread" in
		yes) ans=''; echo " " ;;
		*) ans='!';;
	esac

	while expr "X$ans" : "X!" >/dev/null; do
		read ans
		case "$ans" in
			!)
				sh
				echo " "
				echo $n "$rp $c"
				;;
			!*)
				set `expr "X$ans" : "X!\(.*\)$"`
				sh -c "$*"
				echo " "
				echo $n "$rp $c"
				;;
			esac
	done

	rp='Your answer:'

	case "$ans" in
		'') ans="$dflt";;
	esac
}

if [ -d /lib/modules/preferred ]; then
	MODULEDIR=/lib/modules/preferred/CiscoVPN
else
	MODULEDIR=/lib/modules/`uname -r`/CiscoVPN
fi

if [ -d /lib/modules/`uname -r`/build ]; then
    KERNELSRCDIR="/lib/modules/`uname -r`/build"
elif [ -d /usr/src/linux-2.4 ]; then
    #redhat 7.
	KERNELSRCDIR="/usr/src/linux-2.4"
elif [ -d /usr/src/linux ]; then
    #redhat 6.2
	KERNELSRCDIR="/usr/src/linux"
else
	KERNELSRCDIR=""
fi

if [ -d /etc/init.d ]; then
    INIT_D="/etc/init.d"
elif [ -d /etc/rc.d/init.d ]; then
    INIT_D="/etc/rc.d/init.d"
elif [ -d /etc/rc.d ]; then
    INIT_D="/etc/rc.d"
else
    INIT_D=""
fi


if [ -d /etc/rc3.d ]; then
    RC_D="/etc"
elif [ -d /etc/rc.d/rc3.d ]; then
    RC_D="/etc/rc.d"
elif [ -f "/etc/rc.d/rc.sysvinit" ]; then
    #slackware can do runlevel scripts, but the directories aren't
    #created by default
    RC_D="/etc/rc.d"
    CREATE_RC_DIRS=1
else
    RC_D=""
fi

#
# Do this until we die or get a good answer
#
proceed=false

while [ "$proceed" = "false" ];
do
	got_dir=false

	while [ "$got_dir" = "false" ];
	do
		dflt=$VPNBINDIR
		rp="Directory where binaries will be installed [$dflt]"
		printf "\n%s" "$rp "
		myread
		the_dir=$ans

		create_dir=

		if [ ! -d $the_dir ]; then
			dflt=y
			rp="Directory \"$the_dir\" doesn't exist. Create ? [$dflt]"
			printf "\n%s" "$rp "
			myread

			create_dir=$ans

			case "$create_dir" in
			y* | Y*)
				got_dir=true
				;;
			*)
				;;
			esac
		else
			got_dir=true
		fi
	done

	got_autostart=false

	while [ "$got_autostart" = "false" ];
	do
		dflt=yes
		rp="Automatically start the VPN service at boot time [$dflt]"
		printf "\n%s" "$rp "
		myread

		the_autostart=$ans

		case "$the_autostart" in
		y* | Y*)
			got_autostart=true
			the_autostart=yes
			;;
		n* | N* )
			got_autostart=true
			the_autostart=no
			;;
		*)
			;;
		esac
	done

	the_autostart=$ans
	echo
	echo "In order to build the VPN kernel module, you must have the"
	echo "kernel headers for the version of the kernel you are running."
	echo
	echo "For RedHat 6.x users these files are installed in /usr/src/linux by default"
	echo "For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default"
        echo "For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default"
	got_srcdir=false
	while [ "$got_srcdir" = "false" ];
	do
		dflt=$KERNELSRCDIR
		rp="Directory containing linux kernel source code [$dflt]"
		printf "\n%s" "$rp "
		myread
		the_srcdir=$ans
		if [ ! -d $the_srcdir ]; then
			echo "Directory \"$the_srcdir\" doesn't exist"
		else
			got_srcdir=true
		fi
	done

    if [ -z "$INIT_D" ]; then
        got_dir=false
        while [ $got_dir = false ];
        do
		    dflt=""
		    rp="Directory containing init scripts:"
		    printf "\n%s" "$rp "
		    myread
		    the_initdir=$ans
		    if [ ! -d "$the_initdir" ]; then
			    echo "Directory \"$the_initdir\" doesn't exist"
		    else
			    got_dir=true
		    fi
        done
    fi
    if [ -z "$CHKCONFIG"  -a -z "$RC_D" -a "$the_autostart" = "yes" ]; then
	    got_dir=false
	    while [ $got_dir = false ];
	    do
		dflt=$RC_D
		rp="Directory containing runlevel directories (rcX.d):"
		printf "\n%s" "$rp "
		myread
		the_rcdir=$ans
		if [ ! -d "$the_rcdir" ]; then
		    echo "Directory \"$the_rcdir\" doesn't exist"
		else
		    got_dir=true
		fi
	    done
    fi

	echo ""
	echo "* Binaries will be installed in \"$the_dir\"."
	echo "* Modules will be installed in \"$MODULEDIR\"."
	case "$the_autostart" in
	y* | Y*)
		echo "* The VPN service will be started AUTOMATICALLY at boot time."
		;;
	*)
		echo "* The VPN service will *NOT* be started automatically at boot time."
		;;
	esac
	echo "* Kernel source from \"$the_srcdir\" will be used to build the module."
    if [ -z "$INIT_D" ]; then
        echo "* Init script will be installed in \"$the_initdir\"."
    fi

    if [ -z "$CHKCONFIG" -a -n "$the_rcdir" -a "$the_autostart" = "yes" ]; then
	    echo "* Runlevels will be set in \"$the_rcdir\"."
    fi

	dflt=y
	rp="Is the above correct [$dflt]"
	printf "\n%s" "$rp "
	myread
	
	case "$ans" in
	y*)
		proceed=true
		;;
	*)
		;;
	esac
done

printf "\n"

VPNBINDIR=$the_dir
VPNCREATEDIR=$create_dir
VPNAUTOSTART=$the_autostart
KERNELSRCDIR=$the_srcdir

if [ -z "$INIT_D" ]; then
  INIT_D=$the_initdir
fi

if [ -z "$CHKCONFIG" -a -z "$RC_D" ]; then
	RC_D=$the_rcdir
fi

if [ -f "$INIT_D/vpnclient_init" ]; then
	sh $INIT_D/vpnclient_init stop
	echo "Stopped: $INIT_D/vpnclient_init (VPN init script)"
fi

if [ -n "$VPNCREATEDIR" ]; then
	if [ ! -d $VPNBINDIR ]; then
		echo "Create directory \"$VPNBINDIR\"."
		mkdir -p  $VPNBINDIR
	fi

	if [ -n "$status" ]; then
		echo "FAILED to create directory \"$VPNBINDIR\"."
		exit 1
	fi
fi

# Copy version.h into the kernel src directory (Suse)
if [ -r /boot/vmlinuz.version.h ]; then
    if [ ! -r $KERNELSRCDIR/include/linux/version.h ]; then
        if [ -d $KERNELSRCDIR/include/linux ]; then
            echo "* Copying /boot/vmlinuz.version.h into the kernel source directory"
            cp /boot/vmlinuz.version.h $KERNELSRCDIR/include/linux/version.h
            if [ $? != 0 ]; then
                echo "Unable to copy version.h into the kernel source directory!"
                exit 1
            fi
        else
            echo "Could not find the correct kernel header directory!"
            echo "$KERNELSRCDIR/include/linux must exist!"
            exit 1
        fi
    fi    
fi
#
# Make module
#
echo "Making module"
sh ./driver_build.sh $KERNELSRCDIR
if [ ! -f ./cisco_ipsec ]; then
	echo "Failed to make module \"cisco_ipsec\"."
  	exit 1
fi


#
# Copy module to right location
#
if [ ! -d $MODULEDIR ]; then
	echo "Create module directory \"$MODULEDIR\"."
	mkdir -p  $MODULEDIR
fi

echo "Copying module to directory \"$MODULEDIR\"."
cp cisco_ipsec $MODULEDIR

#
# Create start/stop script at right location
#

echo "Creating start/stop script \"$INIT_D/vpnclient_init\"."

# VPN 5000 client

if [ -f $INIT_D/vpn ]; then
	mv $INIT_D/vpn $INIT_D/vpn.old
fi

# Unified Framework client

if [ -f $INIT_D/vpnclient_init ]; then
	mv $INIT_D/vpnclient_init $INIT_D/vpnclient_init.old
fi
sed "s#@VPNBINDIR@#${VPNBINDIR}#" < ./vpnclient_init > $INIT_D/vpnclient_init

#
# Enable start/stop script for some run levels
#
#

# VPN 5000 client

if [ -n "$RC_D" ]; then
    if [ -f $RC_D/rc3.d/S85vpn ]; then
	rm $RC_D/rc3.d/S85vpn
    fi

    if [ -f $RC_D/rc4.d/S85vpn ]; then
	rm $RC_D/rc4.d/S85vpn
    fi
	
    if [ -f $RC_D/rc5.d/S85vpn ]; then
	rm $RC_D/rc5.d/S85vpn
    fi
fi

# Unified Framework client
if [ -n "$CHKCONFIG" ]; then
    $CHKCONFIG --del vpnclient_init
else
    if [ -f $RC_D/rc3.d/S85vpnclient_init ]; then
	rm $RC_D/rc3.d/S85vpnclient_init
    fi
    if [ -f $RC_D/rc4.d/S85vpnclient_init ]; then
	rm $RC_D/rc4.d/S85vpnclient_init
    fi
    if [ -f $RC_D/rc5.d/S85vpnclient ]; then
	rm $RC_D/rc5.d/S85vpnclient_init
    fi    
fi

# old unity client
if [ -n "$RC_D" ]; then
    if [ -f $RC_D/rc3.d/S85vpnclient ]; then
	rm $RC_D/rc3.d/S85vpnclient
    fi
    if [ -f $RC_D/rc4.d/S85vpnclient ]; then
	rm $RC_D/rc4.d/S85vpnclient
    fi
    if [ -f $RC_D/rc5.d/S85vpnclient ]; then
	rm $RC_D/rc5.d/S85vpnclient
    fi
fi

case "$VPNAUTOSTART" in
y* | Y*)
	echo "Enabling start/stop script for run level 3,4 and 5."
	if [ -n "$CHKCONFIG" ]; then
	    $CHKCONFIG --add vpnclient_init
	    $CHKCONFIG vpnclient_init on
	else
        if [ -n "$CREATE_RC_DIRS" ]; then
            for runlevel in 3 4 5 ; do
                dir="${RC_D}/rc${runlevel}.d"
                if [ ! -d "$dir" ]; then
                    mkdir "$dir"
                    chmod 0755 "$dir"
                fi
            done
        fi
     
	    ln -s $INIT_D/vpnclient_init $RC_D/rc3.d/S85vpnclient_init
	    ln -s $INIT_D/vpnclient_init $RC_D/rc4.d/S85vpnclient_init
	    ln -s $INIT_D/vpnclient_init $RC_D/rc5.d/S85vpnclient_init
	fi
	;;

*)
	if [ -n "$CHKCONFIG" ]; then
	    $CHKCONFIG --add vpnclient_init
	    $CHKCONFIG vpnclient_init off
	fi
	;;
esac

mkdir -p "$VPNDIR/Certificates"
mkdir -p "$VPNDIR/Profiles"

if [ ! -f $VPNDIR/vpnclient.ini ]; then
    echo "Creating VPN configuration file \"$VPNDIR/vpnclient.ini\"."
    sed "s#@VPNBINDIR@#${VPNBINDIR}#" < ./vpnclient.ini.in > $VPNDIR/vpnclient.ini

else
    echo "Updating VPN configuration file \"$VPNDIR/vpnclient.ini\"."
    mv ${VPNDIR}/vpnclient.ini ${VPNDIR}/vpnclient.ini.old
    sed -e "s#[Bb][Ii][Nn][Dd][Ii][Rr][Pp][Aa][Tt][Hh]=.*#BinDirPath=${VPNBINDIR}#" ${VPNDIR}/vpnclient.ini.old > ${VPNDIR}/vpnclient.ini
fi

echo ""
echo "Installing license.txt (VPN Client license) in \"$VPNDIR/\":"
cp -f license.txt $VPNDIR

newprofiles=""
replacedprofiles=""
echo ""
echo "Installing bundled user profiles in \"$VPNDIR/Profiles/\":"
for file in `ls *.pcf`; do
        dst_file="${VPNDIR}/Profiles/${file}"
	if [ -f "${dst_file}" ]; then
		replacedprofiles=$replacedprofiles$file
		mv "${dst_file}" "${dst_file}.old"
		else
				newprofiles=$newprofiles$file
	fi
	cp "${file}" "${dst_file}"
done

#
# Replace .pcf with spaces for desired output format
#

newprofiles=`echo ${newprofiles}|sed "s#.pcf# #g"`
replacedprofiles=`echo ${replacedprofiles}|sed "s#.pcf# #g"`

if [ -n "$newprofiles" ]; then
		echo "* New Profiles     : $newprofiles"
fi

if [ -n "$replacedprofiles" ]; then
		echo "* Replaced Profiles: $replacedprofiles"
fi

#
# Copy binaries to right location
#

echo ""
echo "Copying binaries to directory \"$VPNBINDIR\"."
cp -f vpnclient $VPNBINDIR
cp -f cvpnd     $VPNBINDIR
cp -f ipseclog  $VPNBINDIR
cp -f cisco_cert_mgr $VPNBINDIR


#
# Make sure we have the right permissions
#

echo ""
echo "Setting permissions."
echo "${VPNBINDIR}/cvpnd (setuid root)"
echo "${VPNDIR} (world writeable)"
echo "${VPNDIR}/Profiles (world writeable)"
echo "${VPNDIR}/Certificates (world writeable)"
echo "* You may wish to change these permissions to restrict access to root."

chown root $VPNBINDIR/vpnclient
chmod 0711 $VPNBINDIR/vpnclient
chown root $VPNBINDIR/cvpnd
chmod 4711 $VPNBINDIR/cvpnd
chown root $VPNBINDIR/ipseclog
chmod 0755 $VPNBINDIR/ipseclog
chown root $VPNBINDIR/cisco_cert_mgr
chmod 0755 $VPNBINDIR/cisco_cert_mgr
chown root $INIT_D/vpnclient_init
chmod 0744 $INIT_D/vpnclient_init
chmod 0777 "$VPNDIR"
chmod 0666 "$VPNDIR/vpnclient.ini"
chmod 0777 "$VPNDIR/Certificates"
chmod 0777 "$VPNDIR/Profiles"
chmod 0666 $VPNDIR/Profiles/*.pcf
echo ""

echo "* You must run \"$INIT_D/vpnclient_init start\" before using the client."
case "$VPNAUTOSTART" in
y* | Y*)
	echo "* This script will be run AUTOMATICALLY every time you reboot your computer."
	;;
n* | N*)
	echo "* You will need to run this script every time you reboot your computer."
	;;
*)
	;;
esac
#
# All is well
#
exit 0
