#!/bin/bash

################
## freeradius ##
################

if [ "$(CreoleGet activer_freeradius)" = "oui" ]
then
    . /usr/lib/eole/utils.sh

    # Install ssl files
    user="freerad"
    group="freerad"
    freeradius_conf_dir="/etc/freeradius/3.0"
    if [ "$(CreoleGet freerad_eap_mode)" = "tls" ]; then
        CERT_DIR=${freeradius_conf_dir}/certs
        if [ ! -f "${CERT_DIR}/server.pem" ]; then
            cd $CERT_DIR
            make destroycerts
            make index.txt
            make serial
            make ca.pem
            make server.pem
            chmod 640 ca.pem
            chmod 640 server.pem
            chmod 640 server.key
            chgrp ${group} ca.pem
            chgrp ${group} server.pem
            chgrp ${group} server.key
        fi
        if [ ! -d '/var/cache/radiusd' ]; then
            mkdir /var/cache/radiusd
            chown $user:$group /var/cache/radiusd
            chmod 700 /var/cache/radiusd
        fi
        dh_file=${freeradius_conf_dir}/certs/dh
    else
        InstallSSLFiles freeradius $user $group ${freeradius_conf_dir}/ssl root
        dh_file=${freeradius_conf_dir}/ssl/certs/dh
    fi
    if [ ! -f ${dh_file} ]
    then
        openssl dhparam -out ${dh_file} 2048
    fi

    # modules
    ldap_mod_name="ldap"
    if [ "$(CreoleGet freerad_ldap_authentification)" = "oui" ]; then
        if [ ! -L ${freeradius_conf_dir}/mods-enabled/${ldap_mod_name} ]
        then
            ln -s ../mods-available/${ldap_mod_name} ${freeradius_conf_dir}/mods-enabled/${ldap_mod_name}
        fi
        if [ ! -L ${freeradius_conf_dir}/sites-enabled/inner-tunnel ]
        then
            ln -s ../sites-available/inner-tunnel ${freeradius_conf_dir}/sites-enabled/inner-tunnel
        fi
    else
        if [ -L ${freeradius_conf_dir}/mods-enabled/${ldap_mod_name} ]
        then
            rm -f ${freeradius_conf_dir}/mods-enabled/${ldap_mod_name}
        fi
        if [ -L ${freeradius_conf_dir}/sites-enabled/inner-tunnel ]
        then
            rm -f ${freeradius_conf_dir}/sites-enabled/inner-tunnel
        fi
    fi
fi

exit 0
