#!/bin/sh
export CHESHIRE=/usr/local/cheshire

##
# Grin
#
# To be called from inetd, or as a standalone daemon using faucet.  It acts
# like an http server, handing back a redirect or splash page, and calling
# firewall rules if the user POSTs any data (e.g. they accepted an AUP).
#
# Be sure to set CHESHIRE above to wherever you installed the package.
##
 
export PATH=$CHESHIRE/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin

##
# Call with -R to reset the firewall and exit
##
if [ "$1" == "-R" ]; then
  echo "Resetting firewall..."

  # We need the config for $RouteOnly (and who knows what else in future)
  eval `grep '^[A-Z]' $CHESHIRE/cheshire.conf|tr -s ' 	'|sed -e 's/[ 	]/="/1' -e 's/$/"/' -e 's/^/export /'`

  $CHESHIRE/libexec/initialize.fw  
  exit
fi
  
##
# For all eternity...
#
while : ; do 
  read a b c;	  # Read a line in at a time, saving the first 3 fields

  #
  # Is it a GET or POST?
  #
  if [ "$a" == "GET" -o "$a" == "POST" ]; then
    export METHOD=$a
    export URL=`echo $b | tr -d '\r'`	# Save the URL, stripping CR
  #
  # Is it the Host: line?
  #
  elif [ "$a" == "Host:" ]; then
    export HOST=`echo $b | tr -d '\r'`	# Save the HOST, stripping CR
  fi

  if [ "$URL" -a "$HOST" ]; then	# Do we have both?
    break				# Then we're done.
  fi

  if [ -z "$a" -o "$a" == "\r" ]; then	# Hit a blank line?
    break				# Then bail.
  fi
done

##
# If the HOST matches our hostname, then stop redirecting, and hand them
# the template or let them through.
##
if [ "$HOST" == "$HostName" ]; then

  ##
  # If this is a GET, then they need the login template.
  ##
  if [ "$METHOD" == "GET" ]; then
    
    # From here on out, we'll need the full config.
    # This eval imports the whole config into the environment

    eval `grep '^[A-Z]' $CHESHIRE/cheshire.conf|tr -s ' 	'|sed -e 's/[ 	]/="/1' -e 's/$/"/' -e 's/^/export /'`

    TEMP="$TempDir/tmp.$$"

    ##
    # We need to do variable interpolation on splash.html.  So, treat
    # it as a "Here" document and execute it.
    ##
    echo 'cat <<EOF' > $TEMP 
    echo 'HTTP/1.1 200 OK' >> $TEMP
    echo '' >> $TEMP
    echo '' >> $TEMP
    cat $DocumentRoot/splash.html >> $TEMP 
    echo 'EOF' >> $TEMP
    sh $TEMP
    rm -f $TEMP

    exit;

  ##
  # If this is a POST, then they've hit 'Login'
  ##
  elif [ "$METHOD" == "POST" ]; then

    # Get the IP using getpeername, from netpipes
    IP=`getpeername | tail -1`

    # ...and the MAC from the arp cache
    MAC=`arp -an|grep $IP |sed -n -e 's/.*\(..:..:..:..:..:..\).*/\1/p'`
    #
    # Sanity check here:  what to do if no MAC?  IP only policy?
    #

    # strip the redirect line from the URL
    URL=`echo $URL |sed -e 's/.*redirect=\(.*\)/\1/'`
    if [ -z "$URL" ]; then
      URL=$HomePage
    fi

    # finally, let them in
    $CHESHIRE/libexec/access.fw permit $MAC $IP Member

    # ...and hand them back to where they wanted to go.    
    cat <<EOF
HTTP/1.1 302 Moved
Location: http://$URL


<html>
<body bgcolor="white" text="black">
You should be redirected now.  
If not, click <a href="http://$URL">here.</a>
</body>
</html>
EOF

    exit;
  fi
fi

##
# Otherwise, redirect them to $HostName.
##
cat <<EOF
HTTP/1.1 302 Moved
Location: http://$HostName/?redirect=$HOST$URL


<html>
<body bgcolor="white" text="black">
You should be redirected now.  
If not, click <a href="http://$HostName/?redirect=$HOST$URL">here.</a>
</body>
</html>
EOF

exit
