#!/bin/bash

 # ------------------------------------------------------------

 # install the initial VM for 

 #

 #       OpenSecurity V0.2.8

 #

 # This has been originally a Windows only BAT file.

 #

 # ... but coding this makes your head hurt and

 # supporting this "technology" any further by adding

 # software to the world relying on CMD.exe is an act

 # against humanity and should be punished by jail.

 #

 # (C)opyright 2014, AIT Austrian Instiitute of Technology

 # ------------------------------------------------------------

 # ------------------------------------------------------------

 # code

 # install the initial VM given by ${1}

 # ------------------------------

 # turns a windows path into a cygwin path

 #

 #   $1  ...     windows path

 #   stdout      the value found

 #

 function sanitize_path() {

     test -z "${1}" && return

     echo $(cygpath -u "${1}") 

 }

 # ------------------------------

 # main ...

 #

 # check if we do have elevated rights

 # that is "Run as Administrator" invocation

 echo 'checking privileges...'

 id -G | grep 544 &> /dev/null

 if [ "${?}" != 0 ]; then

     echo "Insufficient privileges. Is this script executed with 'Run As Administrator'?"

     echo "I'll try anyway..."

 fi

 # check OpenSecurity Initial VM Image

 #

 echo "looking for VM image: ${1}..."

 OSECVM_IMAGE=$(cygpath -u "${1}")

 echo "looking for VM image: ${1}"

 if [ ! -f "${OSECVM_IMAGE}" ]; then

     echo "Warning: no OpenSecurity Initial Image found."

     echo "Please download using the OpenSecurity download tool."

     exit 1

 fi

 echo "initial VM image: ${1} found"

 # look up VirtulBox installation

 #

 echo "looking up VirtualBox installation..."

 VBOX_MANAGER="$(cat /proc/registry/HKEY_LOCAL_MACHINE/SOFTWARE/Oracle/VirtualBox/InstallDir)/VBoxManage.exe"

 VBOX_MANAGER=$(sanitize_path "${VBOX_MANAGER}")

 if [ ! -x "${VBOX_MANAGER}" ]; then

     echo "can't execute VBoxManage.exe - is VirtualBox installed?"

     echo "looked at: "$(cygpath -w ${VBOX_MANAGER})""

     exit 1

 fi

 echo "VirtualBox found at: ${VBOX_MANAGER}"

 # enforce VirtualBox to "feel good" by calling a function

 # (that is to "warm up" VirtualBox DCOM server ...)

 #

 echo "grabing VBox machine folder..."

 MACHINE_FOLDER=$("${VBOX_MANAGER}" list systemproperties | grep '^Default machine folder:' | sed 's/^Default machine folder: *//')

 MACHINE_FOLDER=$(cygpath -u "${MACHINE_FOLDER}")

 echo "machine folder: ${MACHINE_FOLDER}"

 # we have to stop the OpenSecurity service now

 # the VMManger does lock the SecurityDVMs so we can't

 # change them when he's on

 echo "stopping OpenSecurity service..."

 net stop "OpenSecurity Service"

 echo "OpenSecurity service stopped."

 echo "After stopping we'll wait some time to let VirtualBox calm itself"

 sleep 1

 # do all stuff relativ to the given machinefolder

 mkdir -p "${MACHINE_FOLDER}" &> /dev/null

 pushd "${MACHINE_FOLDER}" &> /dev/null

 if [ "$?" != "0" ]; then

     echo "Failed to switch into machine folder."

     exit 1

 fi    

 # the Security VM disk image

 VDISK_IMAGE="SecurityDVM/SecurityDVM.vmdk"

 # import VM 

 #

 "${VBOX_MANAGER}" list vms | grep SecurityDVM &> /dev/null

 if [ ! "${?}" = "0" ]; then

     echo "importing VM: ${OSECVM_IMAGE}"

     "${VBOX_MANAGER}" import "$(cygpath -w "${OSECVM_IMAGE}")" --vsys 0 --vmname SecurityDVM --unit 12 --disk "${VDISK_IMAGE}"

 else

     echo "found SecurityDVM already present in VBox reusing it."

     echo "if you want a complete new import please remove the VM first."

     echo "starting OpenSecurity service..."

     net start "OpenSecurity Service"

     echo "OpenSecurity service started"

     exit 1

 fi

 # kick useless IDE controller

 "${VBOX_MANAGER}" storagectl SecurityDVM --name IDE --remove

 # grab VM storage controller and port 

 #

 VDISK_SETUP=$("${VBOX_MANAGER}" showvminfo SecurityDVM | grep SecurityDVM.vmdk | cut -d ':' -f 1 | tr '(),' '   ')

 VDISK_CONTROLLER=$(echo ${VDISK_SETUP} | gawk '{print $1;}')

 VDISK_PORT=$(echo ${VDISK_SETUP} | gawk '{print $2;}')

 VDISK_DEVICE=$(echo ${VDISK_SETUP} | gawk '{print $3;}')

 if [ -z "${VDISK_CONTROLLER}" ]; then

     echo "unable to grab virtual disk controller in VM."

     echo "this shouldn't happen. It's a bug."

     echo "starting OpenSecurity service..."

     net start "OpenSecurity Service"

     echo "OpenSecurity service started"

     exit 1

 fi

 # detach disk image

 #

 echo "detaching disk image ..."

 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

 # turn disk image into normal

 #

 VDISK_PORT=0

 VDISK_DEVICE=0

 echo "turning disk image into normal ..."

 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype normal --medium "${VDISK_IMAGE}" 

 # detach disk image

 #

 echo "detach disk image ..."

 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

 # immutablize disk

 #

 echo "reattach immutable disk image ..."

 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype immutable --medium "${VDISK_IMAGE}"

 echo "imported initial OsecVM.ova image"

 "${VBOX_MANAGER}" list vms

 echo "starting OpenSecurity service..."

 net start "OpenSecurity Service"

 echo "OpenSecurity service started"

 # run 1st update on image

 sleep 1

 wget -q http://localhost:8080/update_template