#!/bin/bash
# up
tr -dc '[[:print:]]' <<< "$username"
# then do more input validation on the supplied token...
if grep -P '^[\-a-zA-Z0-9]+$' <<<$username; then
 # token contains only allowed chars, good
 if [[ "${#username}" == 128 ]]; then
  # token is the length of a sha512 hash, good
  hash=$username
 fi
 if [[ "${#username}" == 127 ]]; then
  # fix needed for routers that chop off the last char
  hash=$username
 fi
 if [[ "${#username}" == 126 ]]; then
  # same thing as above
  hash=$username
 fi
 if [[ "${#username}" == 23 ]]; then
  # token is 23 chars long, someone forgot to hash their token,
  # so do it for them, then continue
  hash=`echo -n $username|openssl sha512|awk '{print $NF}'`
 fi
 if [ "$hash" == "" ]; then
  # $hash is empty, which means whatever was provided contained valid chars,
  # but wasn't the length of a token or a hash, so don't let them in
  exit 1
 fi
else
 # token contains invalid chars, possible screwup,
 # possible attempt to inject shell/db commands, so reject
 exit 1
fi
# check if the token is valid and not expired and only allow a new session if max sessions isn't reached
result=`timeout 8 wget -T8 -qO- https://[redacted]/?token=$hash`
if [ $? != 0 ] || [ "$result" == "gud" ]; then
        # increase session counter for token
        result=`timeout 8 wget -T8 -qO- "https://[redacted]?token=${hash}&action=up"`

        # figure out the instance name from $config, which contains the full path to the openvpn .conf,
        # then use the dir /tmp/[instance name]/pool/ as the dir to hold the files that respresent the
        # of IPs in the pool that are in use
        instance=`echo $config|awk -F/ '{print $2}'|sed -e's/.conf//'`
        instance_pool_dir=/tmp/$instance/pool
        POOL=`grep ^server $config|awk '{print $2}'|awk -F. '{print $1"."$2"."$3}'`

        # create /tmp/[instance name]/pool/ if it's not already there
        if [ ! -d $instance_pool_dir ]; then
         mkdir -p $instance_pool_dir
        fi

        # randomly grab an unused IP from the 10.whatever subnet specific to that instance.
        found_one=0
        while [ "$found_one" -eq "0" ]; do
         # randomly generate the last octet, in the range of 3-254 for each. only last octet cause doin c-class on this box
         RANDIP=$POOL.`echo $[ 3 + $[ RANDOM % 251 ]]`
         # not taken yet?
         if [ ! -r $instance_pool_dir/$RANDIP ]; then
          # take it
          touch $instance_pool_dir/$RANDIP
          # write out the ifconfig line to $1 which is picked up by openvpn
          echo "ifconfig-push $RANDIP 255.255.255.0" > $1
          found_one=1
         fi
        done

        if [[ $IV_PLAT == "win" ]]; then
                echo 'push "redirect-gateway bypass-dhcp"' >> $1
                echo 'push "register-dns"' >> $1
                if [[ $IV_VER =~ ^2\.3.* ]]; then
                        test_ver=`echo $IV_VER|awk -F. '{print $NF}'`
                        if [ $test_ver -gt 8 ]; then
                                echo 'push "block-outside-dns"' >> $1
                        fi
                else
                        echo 'push "block-outside-dns"' >> $1
                fi
        fi

        # found a random IP and pushed it to the client, so exit happily!
        # (or something went horribly wrong, still exit 0 so the client can get in anyways)
        exit 0
else
 exit 1
fi