#!/bin/bash

pickup_defaults
pickup_options

[ -x "${OCONN:=$DEFAULT_OCONN}" ] || {
	print_error "$OCONN does not exist or is not executable. Try installing openconnect RPM."
	exit 1
}

$IP tuntap add "$NAME" mode tun

OCONN_CONFIG="${OCONN_CONFIG:-$DEFAULT_OCONNCONFFILE}"
OCONN_USER="${OCONN_USER:-$DEFAULT_OCONNUSER}"

# At the moment of writing this code
# the openconnect package does not
# ship _openconnect user
[ -z "$OCONN_USER" ] || id -u "$OCONN_USER" >/dev/null 2>&1 || {
	print_warning "$OCONN_USER user does not exist, do not drop openconnect privileges to it"
	OCONN_USER=
}

ARGS=

! profiled_filename PROF_CERTFILE "$MYIFACEDIR/${OCONNCERTFILE:-$DEFAULT_OCONNCERTFILE}" ||
	ARGS="$ARGS --certificate $PROF_CERTFILE"

! profiled_filename PROF_MCACERTFILE "$MYIFACEDIR/${OCONNMCACERTFILE:-$DEFAULT_OCONNMCACERTFILE}" ||
	ARGS="$ARGS --mca-certificate $PROF_MCACERTFILE"

! profiled_filename PROF_SSLKEYFILE "$MYIFACEDIR/${OCONNSSLKEYFILE:-$DEFAULT_OCONNSSLKEYFILE}" ||
	ARGS="$ARGS --sslkey $PROF_SSLKEYFILE"

! profiled_filename PROF_MCAKEYFILE "$MYIFACEDIR/${OCONNMCAKEYFILE:-$DEFAULT_OCONNMCAKEYFILE}" ||
	ARGS="$ARGS --mca-key $PROF_MCAKEYFILE"

! profiled_filename PROF_COOKIE "$MYIFACEDIR/${OCONNCOOKIEFILE:-$DEFAULT_OCONNCOOKIEFILE}" ||
	ARGS="$ARGS --cookie $PROF_COOKIE"

! profiled_filename PROF_CSD "$MYIFACEDIR/${OCONNCSD:-$DEFAULT_OCONNCSD}" ||
	ARGS="$ARGS --csd-wrapper $PROF_CSD"

! profiled_filename PROF_SCRIPT "$MYIFACEDIR/${OCONNSCRIPT:-$DEFAULT_OCONNSCRIPT}" ||
	ARGS="$ARGS --script $PROF_SCRIPT"

! profiled_filename PROF_CAFILE "$MYIFACEDIR/${OCONNCAFILE:-$DEFAULT_OCONNCAFILE}" ||
	ARGS="$ARGS --cafile $PROF_CAFILE"

$OCONN \
	--config "$MYIFACEDIR/$OCONN_CONFIG" $ARGS \
	--background \
	--pid-file "$OCONNRUNDIR/oconn-iface-$NAME.pid" \
	--interface "$NAME" \
	--quiet \
	${OCONN_USER:+--setuid $OCONN_USER} \
	#
