<?php

function tinc_save() {
	global $config;
	conf_mount_rw();
	config_lock();
	exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old");
	safe_mkdir("/usr/local/etc/tinc");
	safe_mkdir("/usr/local/etc/tinc/hosts");
	exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI");
	$tincconf = &$config['installedpackages']['tinc']['config'][0];
	$fout = fopen("/usr/local/etc/tinc/tinc.conf","w");

	// No proper config, bail out.
	if (!isset($tincconf['name']) || empty($tincconf['name']))
		return;

	fwrite($fout, "name=".$tincconf['name']."\n");
	fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n");
	if(!is_array($config['installedpackages']['tinchosts']['config'])) { $config['installedpackages']['tinchosts']['config']=Array(); }
	foreach($config['installedpackages']['tinchosts']['config'] as $host) {
		if($host['connect'])
		{
			fwrite($fout, "ConnectTo=" . $host['name'] . "\n");
		}
		
		$_output = "Address=".$host['address']."\n";
		$_output .= "Subnet=".$host['subnet']."\n";
		$_output .= base64_decode($host['extra'])."\n";
		$_output .= base64_decode($host['cert_pub'])."\n";
		file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output);
		if($host['host_up'])
		{
			file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',str_replace("\r", "", base64_decode($host['host_up']))."\n");
			chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744);
		}
		if($host['host_down'])
		{
			file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',str_replace("\r", "", base64_decode($host['host_down']))."\n");
			chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744);
		}
	}
	fwrite($fout, base64_decode($tincconf['extra'])."\n");
	fclose($fout);

	// Check if we need to generate a new RSA key pair.
	if ($tincconf['gen_rsa'])
	{
		safe_mkdir("/usr/local/etc/tinc/tmp");
		exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K");
		$tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub'));
		$tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv'));
		$tincconf['gen_rsa'] = false;
		$config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub'];
		$config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key'];
		$config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa'];
		rmdir_recursive("/usr/local/etc/tinc/tmp");
		write_config();
	}

	$_output = "Subnet=" . $tincconf['localsubnet'] . "\n";
	$_output .= base64_decode($tincconf['host_extra']) . "\n";
	$_output .= base64_decode($tincconf['cert_pub']) . "\n";
	file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output);
	file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n");
	chmod("/usr/local/etc/tinc/rsa_key.priv", 0600);
	if($tincconf['tinc_up'])
	{
		$_output = base64_decode($tincconf['tinc_up']) . "\n";
	}
	else
	{
		$_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n";
		$_output .= "ifconfig \$INTERFACE group tinc\n";
	}
	file_put_contents('/usr/local/etc/tinc/tinc-up',$_output);
	chmod("/usr/local/etc/tinc/tinc-up", 0744);
	if($tincconf['tinc_down'])
	{
		file_put_contents('/usr/local/etc/tinc/tinc-down',str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n");
		chmod("/usr/local/etc/tinc/tinc-down", 0744);
	}
	if($tincconf['host_up'])
	{
		file_put_contents('/usr/local/etc/tinc/host-up',str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n");
		chmod("/usr/local/etc/tinc/host-up", 0744);
	}
	if($tincconf['host_down'])
	{
		file_put_contents('/usr/local/etc/tinc/host-down',str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n");
		chmod("/usr/local/etc/tinc/host-down", 0744);
	}
	if($tincconf['subnet_up'])
	{
		file_put_contents('/usr/local/etc/tinc/subnet-up',str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n");
		chmod("/usr/local/etc/tinc/subnet-up", 0744);
	}
	if($tincconf['subnet_down'])
	{
		file_put_contents('/usr/local/etc/tinc/subnet-down',str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n");
		chmod("/usr/local/etc/tinc/subnet-down", 0744);
	}
	system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null");
	rmdir_recursive("/usr/local/etc/tinc.old");

	conf_mount_ro();
	config_unlock();
}

function tinc_install() {
	global $config;
	safe_mkdir("/usr/local/etc/tinc");
	safe_mkdir("/usr/local/etc/tinc/hosts");
	$_rcfile['file']='tinc.sh';
	$_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t";
	$_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t";
	write_rcfile($_rcfile);
	unlink_if_exists("/usr/local/etc/rc.d/tincd");
	clear_log_file("/var/log/tinc.log");
	
	conf_mount_rw();
	config_lock();

        /* Create Interface Group */
        if (!is_array($config['ifgroups']['ifgroupentry']))
        $config['ifgroups']['ifgroupentry'] = array();

        $a_ifgroups = &$config['ifgroups']['ifgroupentry'];
        $ifgroupentry = array();
        $ifgroupentry['members'] = '';
        $ifgroupentry['descr'] = 'tinc mesh VPN interface group';
        $ifgroupentry['ifname'] = 'tinc';
        $a_ifgroups[] = $ifgroupentry;

        /* XXX: Do not remove this. */
        mwexec("/bin/rm -f /tmp/config.cache");

        write_config();

	conf_mount_ro();
	config_unlock();
}

function tinc_deinstall() {
	global $config;
        /* Remove Interface Group */
        conf_mount_rw();
        config_lock();
        if (!is_array($config['ifgroups']['ifgroupentry']))
        $config['ifgroups']['ifgroupentry'] = array();

        $a_ifgroups = &$config['ifgroups']['ifgroupentry'];

        $myid=-1;
        $i = 0;
        foreach ($a_ifgroups as $ifgroupentry)
        {
                if($ifgroupentry['ifname']=='tinc')
                {
                        $myid=$i;
                        break;
                }
                $i++;
        }

        if ($myid >= 0 && $a_ifgroups[$myid])
        {
                $members = explode(" ", $a_ifgroups[$_GET['id']]['members']);
                foreach ($members as $ifs)
                {
                        $realif = get_real_interface($ifs);
                        if ($realif)
                                mwexec("/sbin/ifconfig  {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname']));
                }
                unset($a_ifgroups[$myid]);
        	mwexec("/bin/rm -f /tmp/config.cache");
        	write_config();
        }
	conf_mount_ro();
	config_unlock();

	rmdir_recursive("/var/tmp/tinc");
	rmdir_recursive("/usr/local/etc/tinc*");
	unlink_if_exists("/usr/local/etc/rc.d/tinc.sh");
}

?>