#! /bin/sh

##########################################################################
#           Copyright (c) 2001, Cisco Systems, All Rights Reserved
##########################################################################
#
#  File:    vpn_install
#  Date:    09/17/2001
#
# ------------------------------------------------------------------------
#
# Darwin/OSX VPN client installation script.
#
###########################################################################

ID="/usr/bin/id"
WHOAMI=`$ID|sed -e 's/(.*//'`

KEXT_NAME="CiscoVPN"
KEXT_STARTUP_DIR="/System/Library/StartupItems/$KEXT_NAME"
KEXT_INSTALL_DIR="/System/Library/Extensions/$KEXT_NAME.kext"

VPNDIR="/etc/CiscoSystemsVPNClient"
SYSTEM=`uname -sr`


if [ "$WHOAMI" != "uid=0" ] ; then
	echo "Sorry, you need super user access to run this script."
	exit 1
fi

echo ""
echo "----------------------------------------------------------------------"
echo "Cisco Systems VPN Client Version 3.7.2 (Rel) for $SYSTEM"
echo "Copyright (c) 1998-2001 Cisco Systems, Inc. All Rights Reserved."
echo ""
echo "By installing this product you agree that you have read the"
echo "license.txt file (The VPN Client license) and will comply with" 
echo "its terms. "
echo ""
echo "----------------------------------------------------------------------"


# -------------------------------------------------------------------------
# Assign a default value if we don't have it
# -------------------------------------------------------------------------

if [ -z "$VPNBINDIR" ]
then
	VPNBINDIR=/usr/local/bin
fi

# -------------------------------------------------------------------------
#  Print abort message on interupt.
# -------------------------------------------------------------------------

trap 'echo; echo " ! installation aborted by user! "; exit 1' 1 2 3 15


# -------------------------------------------------------------------------
# if this is an older system ( 10.0.x ) warn about lack of support.
# -------------------------------------------------------------------------

case "$SYSTEM" in

    *1.3*)
    
    echo "----------------------------------------------------------------------"
    echo " WARNING:   OSX 10.0.x and darwin kernel versions before 1.4.0 are    "
    echo "            not supported.  This software is not gauranteed to work   "
    echo "            correctly on these older systems.                         "
    echo "----------------------------------------------------------------------"


    # -------------------------------------------------------------------------
    # confirm the user actually wishes to install despite the warning.
    # -------------------------------------------------------------------------

    got_confirm=false

    while [ "$got_confirm" = "false" ]; do
            dflt=no
            rp="Are you certain that you wish to install the Cisco VPN client?  [$dflt]"
            printf "%s" "$rp "
            myread

            the_installconfirm=$ans

            case "$the_installconfirm" in
            y* | Y*)
                    got_confirm=true
                    ;;
            n* | N* )
                    echo "Installation of Cisco Systems VPN client Aborted."
                    exit 1
                    ;;
            *)
                    ;;
            esac
    done
    ;;

    *)
esac

# -------------------------------------------------------------------------
# Set up to do reads with possible shell escape and default assignment
# -------------------------------------------------------------------------

myread() 
{
	case "$fastread" in
		yes) ans=''; echo " " ;;
		*) ans='!';;
	esac

	while expr "X$ans" : "X!" >/dev/null; do
		read ans
		case "$ans" in
			!)
				sh
				echo " "
				echo $n "$rp $c"
				;;
			!*)
				set `expr "X$ans" : "X!\(.*\)$"`
				sh -c "$*"
				echo " "
				echo $n "$rp $c"
				;;
			esac
	done

	rp='Your answer:'

	case "$ans" in
		'') ans="$dflt";;
	esac
}


# -------------------------------------------------------------------------
# Do this until we die or get good answers.
# -------------------------------------------------------------------------

proceed=false

while [ "$proceed" = "false" ];
do
	got_dir=false

	while [ "$got_dir" = "false" ];
	do
		dflt=$VPNBINDIR
		rp="Directory where vpn binaries will be installed [$dflt]"
		printf "\n%s" "$rp "
		myread
		the_dir=$ans

		create_dir=

		if [ ! -d $the_dir ]; then
			dflt=y
			rp="Directory \"$the_dir\" doesn't exist. Create ? [$dflt]"
			printf "\n%s" "$rp "
			myread

			create_dir=$ans

			case "$create_dir" in
			y* | Y*)
				got_dir=true
				;;
			*)
				;;
			esac
		else
			got_dir=true
		fi
	done

	got_autostart=false

	while [ "$got_autostart" = "false" ];
	do
		dflt=yes
		rp="Automatically load the VPN NKE at boot time [$dflt]"
		printf "\n%s" "$rp "
		myread

		the_autostart=$ans

		case "$the_autostart" in
		y* | Y*)
			got_autostart=true
			the_autostart=yes
			;;
		n* | N* )
			got_autostart=true
			the_autostart=no
			;;
		*)
			;;
		esac
	done

	the_autostart=$ans
	
    echo ""
    echo "----------------------------------------------------------------------"
    echo "  - Cisco Systems VPN installation -"
    echo ""
    echo "  | the installation is configured to install the following"
    echo "  | files onto this system:"
	echo ""
	echo "        vpn resource files : \"$VPNDIR\""
	echo "                 IPSec NKE : \"$KEXT_INSTALL_DIR\"."
	echo "          vpn applications : \"$the_dir\"."
	case "$the_autostart" in
	y* | Y*)
	    echo "      NKE autostart bundle : \"$KEXT_STARTUP_DIR\"."
		;;
	esac
	
    echo "----------------------------------------------------------------------"

	dflt=y
	rp="Is the above correct [$dflt]"
	printf "\n%s" "$rp "
	myread
	
	case "$ans" in
	y*)
		proceed=true
		;;
	*)
		;;
	esac
done

printf "\n"

VPNBINDIR=$the_dir
VPNCREATEDIR=$create_dir
VPNAUTOSTART=$the_autostart

if [ "$VPNCREATEDIR" != "" ]; then
	if [ ! -d $VPNBINDIR ]; then
		echo " ==> creating directory for vpn applications: \"$VPNBINDIR\"."
		mkdir -p  $VPNBINDIR
	fi

	if [ "$status" != "" ]; then
		echo "error: unable to create directory: \"$VPNBINDIR\"."
		exit 1
	fi
fi


# -------------------------------------------------------------------------
# install the kext, if already there, overwrite it.
# -------------------------------------------------------------------------

if [ ! -d $MODULEDIR ]; then
	echo "error: unable to install the vpn kext in \"$KEXT_INSTALL_DIR\", the system directory doesn't exist!"
	exit 1
fi

echo " ==> copying NKE to default system location: \"$KEXT_INSTALL_DIR\"."

if [ ! -d $KEXT_INSTALL_DIR ]; then
    cp -r $KEXT_NAME.kext $KEXT_INSTALL_DIR
else
    echo "   ++ NKE is already installed, overwriting the current installation."
    rm -rf $KEXT_INSTALL_DIR
    cp -r $KEXT_NAME.kext $KEXT_INSTALL_DIR
fi

# -------------------------------------------------------------------------
# intall the autostart folder, if already there, clobber it.
# -------------------------------------------------------------------------

case "$VPNAUTOSTART" in
y* | Y*)

echo " ==> creating startup bundle for NKE in default location: \"$KEXT_STARTUP_DIR\"."

    if [ ! -d $KEXT_STARTUP_DIR ]; then
        cp -r $KEXT_NAME $KEXT_STARTUP_DIR
    else
        echo "   ++ startup bundle for NKE already installed, overwriting the current installation."
        rm -rf $KEXT_STARTUP_DIR
        cp -r $KEXT_NAME $KEXT_STARTUP_DIR
    fi
	
	;;
*)
	;;
esac

# -------------------------------------------------------------------------
# creating cisco vpn directory tree.
# -------------------------------------------------------------------------

echo " ==> creating directory tree for VPN resource files in \"$VPNDIR\"."

mkdir -p "$VPNDIR/Certificates"
mkdir -p "$VPNDIR/Profiles"


# -------------------------------------------------------------------------
# install the default initialization file.
# -------------------------------------------------------------------------

if [ ! -f $VPNDIR/vpnclient.ini ]; then
    echo " ==> creating default vpn initialization file \"$VPNDIR/vpnclient.ini\"."
    sed "s#@VPNBINDIR@#${VPNBINDIR}#" < ./vpnclient.ini.in > $VPNDIR/vpnclient.ini

else
    echo " ==> updating path in vpn initialization file \"$VPNDIR/vpnclient.ini\" to \"$VPNBINDIR\"."
    mv ${VPNDIR}/vpnclient.ini ${VPNDIR}/vpnclient.ini.old
    sed -e "s#[Bb][Ii][Nn][Dd][Ii][Rr][Pp][Aa][Tt][Hh]=.*#BinDirPath=${VPNBINDIR}#" ${VPNDIR}/vpnclient.ini.old > ${VPNDIR}/vpnclient.ini
fi

newprofiles=""
replacedprofiles=""

# ------------------------------------------------------------------------
# install license.txt
# ------------------------------------------------------------------------
echo " ==> installing license.txt (VPN Client license) into"
echo "      $VPNDIR/"
cp -f license.txt $VPNDIR

# -------------------------------------------------------------------------
# install any config files.
# -------------------------------------------------------------------------

echo " ==> installing profiles into \"$VPNDIR/Profiles/\":"

for file in `ls *.pcf`; do
        dst_file="${VPNDIR}/Profiles/${file}"
	if [ -f "${dst_file}" ]; then
		replacedprofiles=$replacedprofiles$file
		mv "${dst_file}" "${dst_file}.old"
	else
		newprofiles=$newprofiles$file
	fi
	cp "${file}" "${dst_file}"
done

# -------------------------------------------------------------------------
# replace .pcf with spaces for desired output format
# -------------------------------------------------------------------------

newprofiles=`echo ${newprofiles}|sed "s#.pcf# #g"`
replacedprofiles=`echo ${replacedprofiles}|sed "s#.pcf# #g"`

if [ "$newprofiles" != "" ]; then
		echo " ==> added the following profiles: $newprofiles"
fi

if [ "$replacedprofiles" != "" ]; then
		echo " ==> replaced the following profiles: $replacedprofiles"
fi

# -------------------------------------------------------------------------
# copy binaries to right location
# -------------------------------------------------------------------------

echo " ==> copying vpn applications into \"$VPNBINDIR\"."

cp -f vpnclient $VPNBINDIR
cp -f cvpnd     $VPNBINDIR
cp -f ipseclog  $VPNBINDIR
cp -f cisco_cert_mgr $VPNBINDIR


# -------------------------------------------------------------------------
# Make sure we have the right permissions
# -------------------------------------------------------------------------

echo " ==> setting permissions on applications and resource files"
echo ""

echo "       ${VPNBINDIR}/cvpnd (setuid root)"
echo "       ${VPNDIR} (world writeable)"
echo "       ${VPNDIR}/Profiles (world writeable)"
echo "       ${VPNDIR}/Certificates (world writeable)"

echo ""
echo " ==> touching kernel extensions directory to update cache."
touch /System/Library/Extensions

echo ""
echo " NOTE: You may wish to change these permissions to restrict access to root."

chown root $VPNBINDIR/vpnclient
chmod 0711 $VPNBINDIR/vpnclient
chown root $VPNBINDIR/cvpnd
chmod 4711 $VPNBINDIR/cvpnd
chown root $VPNBINDIR/ipseclog
chmod 0755 $VPNBINDIR/ipseclog
chown root $VPNBINDIR/cisco_cert_mgr
chmod 0755 $VPNBINDIR/cisco_cert_mgr

chmod 0777 "$VPNDIR"
chmod 0666 "$VPNDIR/vpnclient.ini"
chmod 0777 "$VPNDIR/Certificates"
chmod 0777 "$VPNDIR/Profiles"
chmod 0666 $VPNDIR/Profiles/*.pcf

echo ""

case "$VPNAUTOSTART" in
y* | Y*)
	echo " ==> The Cisco Systems IPSec NKE will load automatically when you boot this system."
        echo ""
        echo "     to load:    $KEXT_STARTUP_DIR/$KEXT_NAME start"
        echo "     to unload:  $KEXT_STARTUP_DIR/$KEXT_NAME stop"
        echo "     to restart: $KEXT_STARTUP_DIR/$KEXT_NAME restart"
	;;
*)
	echo " ==> The Cisco Systems IPSec NKE will not load automatically when you boot this system."
        echo ""
        echo "     to load:    kextload $KEXT_INSTALL_DIR"
        echo "     to unload:  kextunload $KEXT_INSTALL_DIR"
	;;
esac

echo ""
echo "----------------------------------------------------------------------"
echo "  Cisco Systems VPN client installation completed successfully."
echo "----------------------------------------------------------------------"
echo ""



# -------------------------------------------------------------------------
# exit successfully.
# -------------------------------------------------------------------------

exit 0
