#!/bin/sh -x

. /etc/functions.sh

[ $# = 0 ] && { echo "  $0 <group>"; exit; }

include /lib/network
scan_interfaces

config="$1"
export OPENWRT_INTERFACE="$config"

config_get proto "$config" proto

if [ "$proto" != "openconnect" ]; then
    echo "Interface $config is $proto not openconnect" >&2
    exit 1
fi

config_get device "$config" device

local server
config_get server "$config" server

local port
config_get port "$config" port
if [ -n "$port" ]; then
    args="$server:$port"
else
    args="$server"
fi

local cookie
config_get cookie "$config" cookie
[ -n "$cookie" ] && args="$args -C $cookie"

local username
config_get username "$config" username
[ -n "$username" ] && args="$args -u $username"

local password
config_get password "$password" password

/sbin/insmod tun

local lock="/var/lock/openconnect-$config"

# creating the tunnel below will trigger a net subsystem event
# prevent it from touching or iface by disabling .auto here
uci_set_state network "$config" ifname $link
uci_set_state network "$config" auto 0

local gw="$(find_gw)"
[ -n "$gw" ] && {
    local serv_addrs=""
    for ip in $(resolveip -4 -t 3 "$server"); do
	append serv_addrs "$ip"
	route delete -host "$ip" 2>/dev/null
	route add -host "$ip" gw "$gw"
    done
    uci_toggle_state network "$config" serv_addrs "$serv_addrs"
}

RECON=$(date +%s)

trap "[ -r /var/run/openconnect-$config-oc.pid ] && kill -HUP \$(cat /var/run/openconnect-$config-oc.pid)" SIGHUP
while [ "$(uci_get_state network ${config} up)" = "1" ]; do
    NOW=$(date +%s)
    if [ $RECON -gt $NOW ]; then
	DELAY=$(expr $RECON - $NOW)
	logger -t openconnect "Waiting for $DELAY seconds before reconnecting"
	sleep $(expr $DELAY)
    fi

    # The lock prevents a race condition where /lib/network/openconnect.sh could
    # send us SIGHUP after we spawn openconnect, but before we store its pid.
    # Thus leaving it running after we should have killed it.
    lock $lock
    echo "$passwd" | /usr/sbin/openconnect $args -i "vpn-$config" \
	--no-cert-check --non-inter --passwd-on-stdin --syslog --script /etc/vpnc/vpnc-script &
    echo $! > /var/run/openconnect-$config-oc.pid
    lock -u $lock
    wait $!
    rm /var/run/openconnect-$config-oc.pid
    RECON=$(expr $NOW + 60)
done