#!/bin/bash
DEFAULTDRIVER="wext"
DIALOG="dialog"
if [ ! -z "$DISPLAY" ]; then
	[ ! -z "`which Xdialog`" ] && DIALOG="Xdialog"
	[ ! -z "$KDE_FULL_SESSION" ] && [ ! -z "`which kdialog`" ] && DIALOG="kdialog"
	[ ! -z "$GNOME_DESKTOP_SESSION_ID" ] && [ ! -z "`which gdialog`" ] && DIALOG="gdialog"
fi
OUTFILE="/tmp/eduroam.err"
DESKTOP="$HOME/Desktop"

die () {
	echo "$@" 1>&2
	exit -1
}

input () {
	exec 3>&1
	RESULT=`$DIALOG "$@" 2>&1 1>&3`
	RETVAL=$?
	exec 3>&-
}

yesno () {
	input --yesno "$@" 0 0
	return $RETVAL
}

info () {
	input --infobox "$@"
}

error () {
	input --title "Fatal Error" --tailbox "$OUTFILE" 0 0
	exit -1
}

errormsg () {
	input --title "Fatal Error" --msgbox "$@" 0 0
	exit -1
}

[ -z "`which $DIALOG`" ] && die "$DIALOG nicht gefunden"
[ "`whoami`" == "root" ] || errormsg "Benutzer muss ROOT sein!\n# sudo $0"
[ -z "`iwconfig 2>&1 | fgrep 'IEEE 802.11'`" ] && errormsg "Kein WLAN-Fähiges device vorhanden." 
[ -d /etc/apt/sources.list.d ] && [ -f /etc/ca-certificates.conf ] && [ -f /etc/network/interfaces ] || errormsg "komische Version"

if [ ! -f /etc/apt/sources.list.d/etch-unikl.list ] && yesno "RHRK-Sourcen eintragen?"; then
	echo "RHRK-Einträge in die sources.list ..."
	cat >/etc/apt/sources.list.d/etch-unikl.list <<-END
	#
	# local etch uni-kl archive
	#
	deb	http://ftp.uni-kl.de/debian-local etch-unikl main
	deb-src	http://ftp.uni-kl.de/debian-local etch-unikl main
	END
	apt-get update >$OUTFILE 2>&1 || error
	apt-get install unikl-debian-archive-keyring 2>$OUTFILE || error
	apt-get update >$OUTFILE 2>&1 || error
fi

if yesno "Pakete installieren?\n - wpasupplicant\n - rhrk-certificates"; then
	apt-get install wpasupplicant rhrk-certificates 2>$OUTFILE || error
	cp /etc/ca-certificates.conf /etc/ca-certificates.conf.bckup
	fgrep -v "rhrk.uni-kl.de/" < /etc/ca-certificates.conf.bckup | fgrep -v "cacert.org/" > /etc/ca-certificates.conf
	cat >/etc/ca-certificates.conf <<-END
	rhrk.uni-kl.de/deutsche-telekom-root-ca-2.crt
	rhrk.uni-kl.de/dfn.de_pca_classic_g01.crt
	rhrk.uni-kl.de/dfn.de_pca_global_g01.crt
	rhrk.uni-kl.de/rhrk.uni-kl.de_ca_classic_g01.crt
	rhrk.uni-kl.de/rhrk.uni-kl.de_ca_global_g02.crt
	cacert.org/class3.crt
	cacert.org/root.crt
	END
fi

if [ "`fgrep 'iface wlan-eduroam' /etc/network/interfaces`" = "" ] && yesno "Neues Interface eintragen?"; then
	DRIVER=$DEFAULTDRIVER
	input --inputbox "Treiber-Name:" 0 0 $DRIVER
	if [ $RETVAL -ne 0 ]; then die "aborted"; fi
	DRIVER="$RESULT"

	input --inputbox "AIX-Username:" 0 0 "@rhrk.uni-kl.de"
	if [ $RETVAL -ne 0 ]; then die "aborted"; fi
	USERNAME="$RESULT"

	input --insecure --passwordbox "AIX-Password (wird im Klartext gespeichert):" 0 0
	if [ $RETVAL -ne 0 ]; then die "aborted"; fi
	PASSWORD="$RESULT"

	cat >>/etc/network/interfaces <<END
iface wlan-eduroam inet dhcp
	wpa-driver	$DRIVER
	wpa-proto	WPA2 WPA
	wpa-ssid	eduroam
	wpa-group	CCMP TKIP
	wpa-pairwise	CCMP TKIP
	wpa-key-mgmt	WPA-EAP
	wpa-eap		TTLS
	wpa-ca-cert	/etc/ssl/certs/ca-certificates.crt
	wpa-anonymous-identity	anonymous@uni-kl.de
	wpa-phase2	"auth=PAP"
	wpa-identity	$USERNAME
	wpa-password	$PASSWORD
END
fi

if yesno "Start/Stop-Skripte anlegen?"; then
	input --inputbox "Network Device:" 0 0 "eth1"
	if [ $RETVAL -ne 0 ]; then die "aborted"; fi
	DEVICE="$RESULT"

	mkdir -p /usr/local/sbin
	cat >/usr/local/sbin/start-eduroam <<-END
	#!/bin/bash
	if [ -f /etc/init.d/avahi-deamon ]; then
		/etc/init.d/avahi-deamon stop
	fi
	modprobe ieee80211_crypt
	modprobe ieee80211_crypt_ccmp
	modprobe ieee80211_crypt_tkip
	modprobe ieee80211_crypt_wep
	ifup $DEVICE=wlan-eduroam
	END
	cat >/usr/local/sbin/stop-eduroam <<-END
	#!/bin/bash
	ifdown wlan-eduroam
	if [ -f /etc/init.d/avahi-deamon ]; then
		/etc/init.d/avahi-deamon start
	fi
	END
	chmod +x /usr/local/sbin/{start,stop}-eduroam

	if yesno "Skripte auf dem Desktop anlegen?"; then
		input --menu "Sudo-Variante" 0 0 0 kdesu "KDE Sudo" gksu "Gnome Sudo"
		if [ $RETVAL -ne 0 ]; then die "aborted"; fi
		SUDO=$RESULT
		cat >$DESKTOP/Start-Eduroam.sh <<-END
		#!/bin/bash
		$SUDO /usr/local/sbin/start-eduroam"
		END
		cat >$DESKTOP/Stop-Eduroam.sh <<-END
		#!/bin/bash
		$SUDO /usr/local/sbin/stop-eduroam"
		END
		chmod +x $DESKTOP/{Start,Stop}-Eduroam.sh
	fi
fi