#!/bin/bash

# ------------------------------------------------------------

# install the initial VM for 

#

# This has been originally a Windows only BAT file.

#

# ... but coding this makes your head hurt and

# supporting this "technology" any further by adding

# software to the world relying on CMD.exe is an act

# against humanity and should be punished by jail.

#

# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology

# 

# 

#     X-Net Services GmbH

#     Elisabethstrasse 1

#     4020 Linz

#     AUSTRIA

#     https://www.x-net.at

# 

#     AIT Austrian Institute of Technology

#     Donau City Strasse 1

#     1220 Wien

#     AUSTRIA

#     http://www.ait.ac.at

# 

# 

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

# 

#    http://www.apache.org/licenses/LICENSE-2.0

# 

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------------------------------------------------

# ------------------------------------------------------------

# code

# install the initial VM given by ${1}

# ------------------------------

# turns a windows path into a cygwin path

#

#   $1  ...     windows path

#   stdout      the value found

#

function sanitize_path() {

    test -z "${1}" && return

    echo $(cygpath -u "${1}") 

}

# ------------------------------

# main ...

#

# check if we do have elevated rights

# that is "Run as Administrator" invocation

echo 'checking privileges...'

id -G | grep 544 &> /dev/null

if [ "${?}" != 0 ]; then

    echo "Insufficient privileges. Is this script executed with 'Run As Administrator'?"

    echo "I'll try anyway..."

fi

# check OpenSecurity Initial VM Image

#

echo "looking for VM image: ${1}..."

OSECVM_IMAGE=$(cygpath -u "${1}")

echo "looking for VM image: ${1}"

if [ ! -f "${OSECVM_IMAGE}" ]; then

    echo "Warning: no OpenSecurity Initial Image found."

    echo "Please download using the OpenSecurity download tool."

    exit 1

fi

echo "initial VM image: ${1} found"

# look up VirtulBox installation

#

echo "looking up VirtualBox installation..."

VBOX_MANAGER="$(cat /proc/registry/HKEY_LOCAL_MACHINE/SOFTWARE/Oracle/VirtualBox/InstallDir)/VBoxManage.exe"

VBOX_MANAGER=$(sanitize_path "${VBOX_MANAGER}")

if [ ! -x "${VBOX_MANAGER}" ]; then

    echo "can't execute VBoxManage.exe - is VirtualBox installed?"

    echo "looked at: "$(cygpath -w ${VBOX_MANAGER})""

    exit 1

fi

echo "VirtualBox found at: ${VBOX_MANAGER}"

# enforce VirtualBox to "feel good" by calling a function

# (that is to "warm up" VirtualBox DCOM server ...)

#

echo "grabing VBox machine folder..."

MACHINE_FOLDER=$("${VBOX_MANAGER}" list systemproperties | grep '^Default machine folder:' | sed 's/^Default machine folder: *//')

MACHINE_FOLDER=$(cygpath -u "${MACHINE_FOLDER}")

echo "machine folder: ${MACHINE_FOLDER}"

# we have to stop the OpenSecurity service now

# the VMManger does lock the SecurityDVMs so we can't

# change them when he's on

echo "stopping OpenSecurity service..."

net stop "OpenSecurity Service"

echo "OpenSecurity service stopped."

echo "After stopping we'll wait some time to let VirtualBox calm itself"

sleep 1

# do all stuff relativ to the given machinefolder

mkdir -p "${MACHINE_FOLDER}" &> /dev/null

pushd "${MACHINE_FOLDER}" &> /dev/null

if [ "$?" != "0" ]; then

    echo "Failed to switch into machine folder."

    exit 1

fi    

# the Security VM disk image

VDISK_IMAGE="SecurityDVM/SecurityDVM.vmdk"

# import VM 

#

"${VBOX_MANAGER}" list vms | grep SecurityDVM &> /dev/null

if [ ! "${?}" = "0" ]; then

    echo "importing VM: ${OSECVM_IMAGE}"

    "${VBOX_MANAGER}" import "$(cygpath -w "${OSECVM_IMAGE}")" --vsys 0 --vmname SecurityDVM --unit 12 --disk "${VDISK_IMAGE}"

else

    echo "found SecurityDVM already present in VBox reusing it."

    echo "if you want a complete new import please remove the VM first."

    echo "starting OpenSecurity service..."

    net start "OpenSecurity Service"

    echo "OpenSecurity service started"

    exit 1

fi

# kick useless IDE controller

"${VBOX_MANAGER}" storagectl SecurityDVM --name IDE --remove

# grab VM storage controller and port 

#

VDISK_SETUP=$("${VBOX_MANAGER}" showvminfo SecurityDVM | grep SecurityDVM.vmdk | cut -d ':' -f 1 | tr '(),' '   ')

VDISK_CONTROLLER=$(echo ${VDISK_SETUP} | gawk '{print $1;}')

VDISK_PORT=$(echo ${VDISK_SETUP} | gawk '{print $2;}')

VDISK_DEVICE=$(echo ${VDISK_SETUP} | gawk '{print $3;}')

if [ -z "${VDISK_CONTROLLER}" ]; then

    echo "unable to grab virtual disk controller in VM."

    echo "this shouldn't happen. It's a bug."

    echo "starting OpenSecurity service..."

    net start "OpenSecurity Service"

    echo "OpenSecurity service started"

    exit 1

fi

# detach disk image

#

echo "detaching disk image ..."

"${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

# turn disk image into normal

#

VDISK_PORT=0

VDISK_DEVICE=0

echo "turning disk image into normal ..."

"${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype normal --medium "${VDISK_IMAGE}" 

# detach disk image

#

echo "detach disk image ..."

"${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

# immutablize disk

#

echo "reattach immutable disk image ..."

"${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype immutable --medium "${VDISK_IMAGE}"

echo "imported initial OsecVM.ova image"

"${VBOX_MANAGER}" list vms

echo "starting OpenSecurity service..."

net start "OpenSecurity Service"

echo "OpenSecurity service started"

# run 1st update on image

sleep 1

wget -q http://localhost:8080/update_template