#!/bin/sh

TIMESTAMP=`date "+%b-%d-%Y-%T"`

# Sudoers
#--------

/usr/sbin/addsudo /usr/sbin/app-web-proxy-clear-cache app-web-proxy-core

# PAM check
#--------------------------------------------------------------------------

CHECK=`grep clearos/web_proxy.d /etc/pam.d/squid`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-web-proxy-core - applying PAM configuration"
    [ -e /etc/pam.d/squid ] && cp /etc/pam.d/squid /var/clearos/web_proxy/backup/squid.pam.$TIMESTAMP
    cp /usr/clearos/apps/web_proxy/deploy/squid.pam /etc/pam.d/squid
fi

# There are /usr/libX references in the configuration files.  
#--------------------------------------------------------------------------

SYS_ARCH=`uname -m`

if [ "$SYS_ARCH" == "x86_64" ]; then
    WRONG_LIB="lib"
    CORRECT_LIB="lib64"
    LOG_LIB="64-bit"
else
    WRONG_LIB="lib64"
    CORRECT_LIB="lib"
    LOG_LIB="32-bit"
fi

CHECK=`grep "/usr/$WRONG_LIB/" /etc/squid/squid_auth.conf 2>/dev/null`

if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-web-proxy-core - updating architecture to $LOG_LIB"
    sed -i -e "s/\/usr\/$WRONG_LIB/\/usr\/$CORRECT_LIB/" /etc/squid/squid_auth.conf
fi

# Configuration changes in ClearOS 7
#-----------------------------------

if [ -e /usr/lib/systemd/system/squid.service ]; then
    CHECK=`grep "^acl manager proto cache_object" /etc/squid/squid.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - removing deprecated acl manager"
        sed -i -e '/^acl manager proto cache_object/d' /etc/squid/squid.conf
    fi

    CHECK=`grep "^acl localhost src" /etc/squid/squid.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - removing deprecated acl localhost"
        sed -i -e '/^acl localhost src/d' /etc/squid/squid.conf
    fi

    CHECK=`grep "^acl to_localhost dst" /etc/squid/squid.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - removing deprecated acl to_localhost"
        sed -i -e '/^acl to_localhost dst/d' /etc/squid/squid.conf
    fi

    CHECK=`grep '/squid_unix_group' /etc/squid/squid_auth.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - changing squid_unix_group to ext_unix_group_acl"
        sed -i -e "s/\/squid_unix_group/\/ext_unix_group_acl/" /etc/squid/squid_auth.conf
    fi

    CHECK=`grep '/pam_auth' /etc/squid/squid_auth.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - changing pam_auth to basic_pam_auth"
        sed -i -e "s/\/pam_auth/\/basic_pam_auth/" /etc/squid/squid_auth.conf
    fi

    CHECK=`grep '^access_log[[:space:]]*/var/log/squid/access.log[[:space:]]*squid' /etc/squid/squid.conf 2>/dev/null`

    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-web-proxy-core - updating access_log parameter"
        sed -i -e "s/access_log[[:space:]]*\/var\/log\/squid\/access.log/access_log stdio:\/var\/log\/squid\/access.log/" /etc/squid/squid.conf
    fi
fi

# Make sure Squid has permissions to Winbind pipe
#------------------------------------------------

if ! /usr/bin/id -n -G squid | grep -q "\<wbpriv\>"; then
    /usr/sbin/usermod -G $(id -Gn squid | tr ' ' ','),wbpriv squid 2>/dev/null
fi

# Add user-defined whitelists
#----------------------------

CHECK=`grep "^include /etc/squid/squid_whitelists.conf$" /etc/squid/squid.conf 2>/dev/null`
if ( [ -e /etc/squid/squid.conf ] && [ -z "$CHECK" ] ); then
    logger -p local6.notice -t installer "app-web-proxy-core - adding whitelist support"
    sed -i -e "s/^http_access deny manager/http_access deny manager\n\n# User-defined whitelists\ninclude \/etc\/squid\/squid_whitelists.conf/" /etc/squid/squid.conf
fi

# Change access control ordering (tracker #1711)
#-----------------------------------------------

CHECK=`grep -A1 "include /etc/squid/squid_http_access.conf" /etc/squid/squid.conf 2>/dev/null | grep "http_access allow webconfig_to_lan"`
if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-web-proxy-core - updating access control ordering"
    sed -i -e ':begin;$!N;s/include \/etc\/squid\/squid_http_access.conf\nhttp_access allow webconfig_to_lan/http_access allow webconfig_to_lan\ninclude \/etc\/squid\/squid_http_access.conf/;tbegin;P;D' /etc/squid/squid.conf
fi

# Add eCAP configuration
#-----------------------

CHECK=`grep "^include.*ecap.conf$" /etc/squid/squid.conf`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-web-proxy-core - adding eCAP support"
    echo "" >> /etc/squid/squid.conf
    echo "# eCAP configuration include" >> /etc/squid/squid.conf
    echo "include /etc/squid/squid_ecap.conf" >> /etc/squid/squid.conf
fi

# Add YouTube
#------------

CHECK=`grep "acl youtube dstdomain .youtube.com" /etc/squid/squid_acls.conf`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-web-proxy-core - adding YouTube definition"
    echo "acl youtube dstdomain .youtube.com" >> /etc/squid/squid_acls.conf
fi

# Run network configuration event on install/upgrade
#---------------------------------------------------

/var/clearos/events/network_configuration/web_proxy
