#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
#
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

PATH="$PATH:/usr/local/sbin:/usr/sbin:/sbin"
command -v resolvconf || exit 0
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0

resolvconf_iface_prefix() {
    [[ -f /etc/resolvconf/interface-order ]] || return 0
    local iface
    while read -r iface; do
        [[ $iface =~ ^([A-Za-z0-9-]+)\*$ ]] || continue
        echo "${BASH_REMATCH[1]}." && return 0
    done < /etc/resolvconf/interface-order
}

split_into_parts()
{
    part1="$1"
    part2="$2"
    part3="$3"
}


SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
DNS_LEAK_SCRIPT=$SCRIPT_DIR/dns-leak-protect

case "$script_type" in
  up)
    NMSRVRS=""
    SRCHS=""
    for optionvarname in ${!foreign_option_*} ; do
        option="${!optionvarname}"
        echo "$option"
        split_into_parts $option
        if [ "$part1" = "dhcp-option" ] ; then
            if [ "$part2" = "DNS" ] ; then
                NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
            elif [ "$part2" = "DOMAIN" ] ; then
                SRCHS="${SRCHS:+$SRCHS }$part3"
            fi
        fi
    done
    R=""
    servers=()
    [ "$SRCHS" ] && R="search $SRCHS
"
    for NS in $NMSRVRS ; do
            R="${R}nameserver $NS
"
        servers+=(${NS})
    done

    if [[ -z "${is_wireguard}" ]]; then
        echo -n "$R" | resolvconf -a "${dev}.openvpn"
    else
        echo -n "$R" | resolvconf -a "$(resolvconf_iface_prefix)${dev}" -m 0 -x
    fi

    "$DNS_LEAK_SCRIPT" "up" ${servers[@]}

    ;;
  down)
    if [[ -z "${is_wireguard}" ]]; then
        resolvconf -d "${dev}.openvpn"
    else
        resolvconf -d "$(resolvconf_iface_prefix)${dev}" -f
    fi

    "$DNS_LEAK_SCRIPT" "down"

    ;;
esac


