#!/bin/sh
# DHCP Client Exit Hooks
#
# Douglas Thrift
#
# $Id$

tunnelbroker()
{
	local pass=`python -c "import getpass, hashlib; print hashlib.md5(getpass.getpass('tunnelbroker pass: ')).hexdigest()"`
	read -p 'tunnelbroker user_id: ' -r user_id
	read -p 'tunnelbroker tunnel_id: ' -r tunnel_id
	export CURL_CA_BUNDLE=`mktemp -t dhclient`
	cat >$CURL_CA_BUNDLE <<-EOF
	-----BEGIN CERTIFICATE-----
	MIID8DCCAtigAwIBAgIJAPF6IlDmmdRhMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
	VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHRnJlbW9udDEg
	MB4GA1UEChMXSHVycmljYW5lIEVsZWN0cmljLCBMTEMxDTALBgNVBAsTBElQdjYx
	GTAXBgNVBAMTEHR1bm5lbGJyb2tlci5uZXQxGjAYBgkqhkiG9w0BCQEWC2lwdjZA
	aGUubmV0MB4XDTExMDQyMjE3NDIyMFoXDTIxMDQxOTE3NDIyMFowgZwxCzAJBgNV
	BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdGcmVtb250MSAw
	HgYDVQQKExdIdXJyaWNhbmUgRWxlY3RyaWMsIExMQzENMAsGA1UECxMESVB2NjEZ
	MBcGA1UEAxMQdHVubmVsYnJva2VyLm5ldDEaMBgGCSqGSIb3DQEJARYLaXB2NkBo
	ZS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe5nza8zQ/AiT+
	ySc4mZYmLMcIrcU3q6ZEwIY5vHg2chzCJGCPQIwtBiexSZ7CWL8/GjdPWs6DoCut
	DS6VlGGaRhJd0ppUOB3uZLcqnfY0/d40WpRFm49yAV3fmhQg744BKUz2+V23E3tP
	n4UXq507dQ3RmNiZoS/T+DUbt1URXFZDIJmc4vjnYfGQhUzhbWZbC7J5fMFnTFSL
	NWNou4drWwcApm4FjPfVr+tdanjGEs8bMGSbXo6BjtStiEy1yJ3QGyZLwuURcMMv
	DV06/hc2Nv9MZPUaIPvXmNcSuVvY3MJiD1CiCWVmfiO3h7b5EmIWC+ZpO9L3Mk6/
	j/MgWR6jAgMBAAGjMzAxMC8GA1UdEQQoMCaCEHR1bm5lbGJyb2tlci5uZXSCEiou
	dHVubmVsYnJva2VyLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAXMG5ZOeyRCzIEPYP
	tZKbr1N0CkiBHf+7bVqUqfifEte6S/edpUdzIzB9Wtt484Dt88cAeg4BH2z+Kx2C
	lE9PxtTSMCInZIniuoLhaBP0BiRXEurTYdreFmen/S5cCkffVr+eJGk92lQQAdMr
	kyz2kD1NCwCaEp1w9DYltDbfC2v8BSIiEKVvD72VW6E2r7AvW73s3+E3WcWbt6pV
	qrKfFH4mKH0BR7nLzm5zduojCvIdH3GjelyLd7lUVR3N8Dz626tOzni/bzHpbH3T
	dMlBIl3f7c41wcoFG5zSZf1mvgyOnSlOnNmlxMbnfnrIyIyfYz1L8UWqWZGbxJYH
	EXcOrA==
	-----END CERTIFICATE-----
	EOF
	curl -4 "https://tunnelbroker.net/ipv4_end.php?ipv4b=AUTO&pass=$pass&user_id=$user_id&tunnel_id=$tunnel_id"
	echo
	rm $CURL_CA_BUNDLE
	unset CURL_CA_BUNDLE
	if ! grep -q "^gifconfig_${tunnelbroker_gif:=gif0}=\"$new_ip_address $tunnelbroker_server\"$" /etc/rc.conf; then
		sed -Ee "s/^(gifconfig_$tunnelbroker_gif=\").*( $tunnelbroker_server\")$/\1$new_ip_address\2/" -i '' /etc/rc.conf
		ifconfig $tunnelbroker_gif tunnel $new_ip_address $tunnelbroker_server
	fi
}

dns()
{
	read -p 'dns key: ' -r key
	read -p 'dns secret: ' -r secret
	nsupdate -d <<-EOF
	key $key $secret
	update delete $hostname A
	update add $hostname 300 A $new_ip_address
	send
	EOF
}

case ${reason:=RENEW} in
BOUND|RENEW|REBIND|REBOOT)
	case `hostname -s` in
	justonenight)
		hostname='laguna.douglasthrift.net'
		tunnelbroker_server='64.62.134.130'
		;;
	backhome)
		hostname='mustang.douglasthrift.net'
		tunnelbroker_server='66.220.18.42'
		;;
	esac

	: ${new_ip_address:=`host -t a $hostname | cut -d ' ' -f 4`}

	[ -n "$tunnelbroker_server" ] && tunnelbroker

	dns
	;;
esac