#!/bin/sh

# PROVIDE: openconnect
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# openconnect_enable (bool):	Set to NO by default.
#				Set to yes to run openconnect.
# openconnect_pw (str):		File with openconnect password, make sure file
#				is not readable by anyone else.
# openconnect_host (str):	Should look like "https://your.host", host you
#				would try to connect to
# openconnect_flags (str):	Extra flags to openconnect.
# openconnect_authgroup (str):	Openconnect auth group.
# openconnect_authuser (str):	Openconnect auth user.
# openconnect_sscertok (bool):	Allow self signed certificates. Defaul is NO.

. /etc/rc.subr

name="openconnect"
rcvar=openconnect_enable

: ${openconnect_enable="NO"}
: ${openconnect_flags="--background --syslog --setuid nobody --passwd-on-stdin --script=/usr/local/sbin/vpnc-script"}
: ${openconnect_pw="/usr/local/etc/openconnect.pw"}
: ${openconnect_sscertok="NO"}

pidfile="/var/run/${name}.pid"
command=/usr/local/sbin/${name}

openconnect_start() {
	{
		umask 022
		touch "${pidfile}"
		chown nobody:nogroup "${pidfile}"
	}

	if [ -z "${openconnect_pw}" -o ! -r "${openconnect_pw}" ]; then
		echo "Can't open file ${openconnect_pw}"
		exit 1
	fi

	if [ -z "${openconnect_host}" ]; then
		echo "Please specify target host"
		exit 1
	fi

	flags="--pid-file=${pidfile}"

	if [ -z "${openconnect_authuser}" ]; then
		echo "Please specify user name to use"
		exit 1
	else
		flags="${flags} --user=${openconnect_authuser}"
	fi

	if [ -n "${openconnect_authgroup}" ]; then
		flags="${flags} --authgroup=${openconnect_authgroup}"
	fi

	if checkyesno openconnect_sscertok; then
		flags="${flags} --no-cert-check"
	fi

	cat "${openconnect_pw}" | ${command} ${openconnect_flags} ${flags} "${openconnect_host}"
}

start_cmd=openconnect_start

load_rc_config $name
run_rc_command "$1"