#!/bin/bash
# Author: Steven Shiau <steven _at_ nchc org tw>, Ceasar Sun <ceasar _at_ nchc org tw>
# License: GPL
#
# To generate or clean NIS/YP securenets setting for DRBL clients to access

# Load DRBL setting and functions
DRBL_SCRIPT_PATH="${DRBL_SCRIPT_PATH:-/usr/share/drbl}"

. $DRBL_SCRIPT_PATH/sbin/drbl-conf-functions

#
check_if_root

# main
usage() {
  echo "To generate or clean NIS/YP securenets setting for DRBL clients to access"
  echo "Usage: $0 [Options] {generate|clean}"
  echo "Options:"
  echo "-a, --all-subnet:   Make all subnet can access to this NIS/YP server."
  echo "-n, --no-restart:   Not restart NIS/YP service"
  echo "-v, --verbose:      Verbose mode."
  echo "Example: To generate NIS/YP securenets for DRBL clients to access"
  echo "$0 generate"
}

# default setting
all_subnet="no"
restart_yp="yes"

while [ $# -gt 0 ]; do
  case "$1" in
    -a|--all-subnet)
		all_subnet="yes"
                shift;;
    -n|--no-restart)
		restart_yp="no"
                shift;;
    -v|--verbose)
		shift; verbose="on"
                ;;
    -*)		echo "${0}: ${1}: invalid option" >&2
		usage >& 2
		exit 2 ;;
    *)		break ;;
  esac
done
switch=$1

[ -z "$switch" ] && usage && exit 1

#
if [ -e /etc/debian_version ]; then
  # Debian
  securenets_file=/etc/ypserv.securenets
else
  # RH-like or SUSE
  securenets_file=/var/yp/securenets
fi
case "$switch" in
   "generate"|"on")
      echo "Now set the YP securenets..."
      echo "Backup the original $securenets_file as $securenets_file.drblsave"
      [ -f "$securenets_file" ] && mv -f $securenets_file ${securenets_file}.drblsave
      time_now="$(date "+%T %Y/%m/%d")"
      cat <<EOF > $securenets_file
# Generated by DRBL at $time_now
255.0.0.0	127.0.0.0
EOF

      # for DRBL server
      echo "# For DRBL server" >> $securenets_file
      private_ips="$(get-all-nic-ip --all-ip-address)"
      for ip in $private_ips; do
      cat <<EOF >> $securenets_file
255.255.255.255 $ip
EOF
      done
      echo >> $securenets_file
      echo "# For DRBL clients" >> $securenets_file

      if [ "$all_subnet" = "yes" ]; then
        # for DRBL clients
        # open the subnet to clients
	echo "Exporting whole subnet to clients..."
        subnet_list="$(get-client-ip-list | awk -F"." '{print $1"."$2"."$3}' | sort | uniq )"
        for subnet in $subnet_list; do
          cat <<EOF >> $securenets_file
255.255.255.0 ${subnet}.0
EOF
        done
      else
        # line by line set
        for ip in `get-client-ip-list`; do
          cat <<EOF >> $securenets_file
255.255.255.255 $ip
EOF
        done
      fi
      echo "The $securenets_file setting is done!"

      # restart yp if necessary
      if [ "$restart_yp" = "yes" ]; then
         echo "Restarting NIS service..."
	 echo "$msg_delimiter_star_line"
         /etc/init.d/$YP_SRV_NAME restart
	 echo "$msg_delimiter_star_line"
      fi
      ;;
    "clean"|"off")
      echo "Now disable the YP access for DRBL clients..."
      # stop yp if necessary
      if [ "$restart_yp" = "yes" ]; then
         echo "Stopping NIS service..."
	 echo "$msg_delimiter_star_line"
         [ -n "$(which systemctl 2>/dev/null)" -a -e "/lib/systemd/system/$YP_SRV_NAME.service" ] && systemctl stop $YP_SRV_NAME.service  # For systemd
         [ -x "/etc/init.d/$YP_SRV_NAME" ] && /etc/init.d/$YP_SRV_NAME stop  # For  SysV service
	 echo "$msg_delimiter_star_line"
      fi
      echo "done!"
      if [ -f $securenets_file ]; then 
        echo "Remove the $securenets_file..."
        [ -f "$securenets_file" ] && mv -f $securenets_file ${securenets_file}.drblsave
      fi
      ;;
     *)
      usage
      exit 1
      ;;
esac
