#!/bin/sh
###########################################################################
# Configures and installs the squid proxy server to be used as
# web access controller
# The scenario implemented has 3 lists: 
# 1)whitelist_users (free access to all sites)
# 2)banned_users (no access to any site)
# 3)banned_domains (users not in the whitelist can't access these domains
# 
# Copyright (C) 2010 Alexis Panagiotopoulos <apanagio@gmail.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# On Debian GNU/Linux systems, the complete text of the GNU General
# Public License can be found in `/usr/share/common-licenses/GPL'.
###########################################################################


#checks if the $1 package is installed and if not it installs it with apt-get

apt-get update

case  "`dpkg-query -f'${Status}' --show squid3 2>/dev/null`" in
*" installed" )
     echo "squid3 already installed. All existing configuration will \
     be lost. Continue? (Y/N)"
     
     if ! apt-get --yes purge squid3 ; then
         echo "ERROR while purging squid3"
         exit 1
     fi
     if ! apt-get --yes install squid3 ; then
         echo "ERROR while installing squid3"
         exit 1
     fi
;;
* )
    echo "installing squid3...)"
    if ! apt-get --yes install squid3 ; then
         echo "ERROR while installing squid3"
         exit 1
     fi 
;;
esac

case  "`dpkg-query -f'${Status}' --show ident2 2>/dev/null`" in
*" installed" )
     echo "ident2 already installed."
;;
* )
    echo "installing ident2..."
    if ! apt-get --yes install ident2 ; then
         echo "ERROR while installing ident2"
         exit 1
     fi
;;
esac

#get the ip of the interface that has the default gateway.
#taken from Alkis' Georgopoulos' code from sch-scripts
def_iface=$(route -n | sed -n '/^0.0.0.0/s/.* //p')
test -n "$def_iface" || return 1
my=$(ip -oneline -family inet addr show dev "$def_iface" | sed -n '/inet 127\./! {s,.* \(.*\)/.*,\1,p;q}') 

#insert the configuration to the squid conf file /etc/sqiud3/squid.conf
#holds a backup at squid.conf.sch-scripts.back
sed "s/sch-scripts-automation-subnet/$my/" access_rules > access_rules_ip
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.sch-scripts.back
sed -i '/INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS/r access_rules_ip' /etc/squid3/squid.conf 

if ! cp ERR_SCH-SCRIPTS_BANNED_DOMAINS /usr/share/squid3/errors/el; then
    echo "ERROR: ban messages couldn't be copied" >&2
    exit 1
fi

if ! cp ERR_SCH-SCRIPTS_BANNED_USERS /usr/share/squid3/errors/el; then
    echo "ERROR: ban messages couldn't be copied" >&2
    exit 1
fi

if ! cp banned_domains.acl /etc/squid3/; then
    echo "Error copying banned_domains list" >&2
    exit 1
fi


if ! cp banned_users.acl /etc/squid3/; then
    echo "Error copying banned_users list" >&2
    exit 1
fi

if ! cp whitelist_users.acl /etc/squid3/; then
    echo "Error copying whitelist_users list" >&2
    exit 1
fi


if ! service squid3 restart; then
    echo "ERROR while restarting squid\n Squid is probably misconfigured" >&2
    exit 1
fi
