#!/bin/sh
# adaway script v1.6 (C) <farmatito@tiscali.it>
#set -x
DEBUG=1
# Config
ADAWAY_DIR="/etc/adaway"
ADAWAY_URL="https://adaway.org/hosts.txt"
BLACKLIST="$ADAWAY_DIR/adaway.blacklist"
WHITELIST="$ADAWAY_DIR/adaway.whitelist"
SERVERLIST="$ADAWAY_DIR/adaway.serverlist"
UNBOUND_DATA="/var/lib/unbound/local-blocking-data.conf"
HOSTSFILE="/etc/hosts"

PRG=`basename $0`

if [ $DEBUG -eq 0 ] ; then
        STDERR=""
else
        STDERR="--stderr"
fi

RET=$(dpkg -s curl 2>/dev/null | grep -c  "install ok installed")
if [ "x$RET" = "x0" ] ; then
        apt-get install curl
fi

RET=$(dpkg -s dos2unix 2>/dev/null | grep -c  "install ok installed")
if [ "x$RET" = "x0" ] ; then
        logger "$STDERR" -p local0.warning "$PRG: 'dos2unix' not found, trying to install..."
        apt-get install dos2unix
fi

if [ ! -d "$ADAWAY_DIR" ] ; then
        mkdir -p "$ADAWAY_DIR"
        touch "$BLACKLIST"
        touch "$WHITELIST"
        touch "$SERVERLIST"
        echo  "$ADAWAY_URL" >> "$SERVERLIST"
fi

create_secure_tmp_file () {
        local FILE=$(/bin/mktemp)
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot create secure temporary file"
                        rm "$FILE"
                        exit 1
        fi
        echo "$FILE"
}

logger "$STDERR" -p local0.info "$PRG: starting to update '$HOSTSFILE'"

NEWFILE=`create_secure_tmp_file`

for SRV in `cat "$SERVERLIST" | grep -v '^#' | sed 's/ *[#].*$//g'`
do
        CURLTMP=`create_secure_tmp_file`

        curl --silent -L "$SRV" --output "$CURLTMP"
        if [ $? -ne 0 ] ; then
                        logger  "$STDERR" -p local0.warning "$PRG: cannot download update for '$HOSTSFILE' file from: $SRV"
                        rm "$CURLTMP"
                        rm "$NEWFILE"
                        exit 1
        fi

        cat "$CURLTMP" | dos2unix             | \
                        # leading/trailing  comments
                        grep -v "^#"                  | \
                        sed 's/ *[#].*$//g'           | \
                        # empty lines
						grep -v "^[[:space:]]*$"     | \
                        # tabs to spaces
                        tr '\t' ' '                   | \
                        # squeeze spaces
                        tr -s ' '                     | \
                        grep -v '^::1'                | \
                        grep -v '^fe0'                | \
                        grep -v '^ff0'                | \
                        grep -v "255.255.255.255"     | \
                        grep -v "127.0.0.1 localhost" | \
                        sed 's/0.0.0.0/127.0.0.1/g'   |\
                        grep -v "^127.0.0.1$" >> "$NEWFILE"
                        rm "$CURLTMP"
done

# Add local blacklisted sites
cat  "$BLACKLIST" | grep -v '^#' | sed 's/ *[#].*$//g' >> "$NEWFILE"

NEWFILE2=`create_secure_tmp_file`

# Remove local whitelisted sites
for  line in `cat "$WHITELIST" | grep -v "^#" | sed 's/ *[#].*$//g'`
do
        grep -v "$line" "$NEWFILE" > "$NEWFILE2"
        cat "$NEWFILE2" > "$NEWFILE"
done

# Remove Duplicate Entries
NUM1=$(cat "$NEWFILE" | wc -l)
cat "$NEWFILE" | sort| uniq > "$NEWFILE2"
NUM2=$(cat "$NEWFILE2" | wc -l)
NUM3=$(expr $NUM1 - $NUM2)

logger "$STDERR" -p local0.info "$PRG: removed '$NUM3' duplicate entries in '$HOSTSFILE' file"

if [ -d $(dirname "$UNBOUND_DATA") ] ; then
        # Save old file
        mv -f "$UNBOUND_DATA" "$UNBOUND_DATA".bak
        # Create file for unbound DNS
        cat "$NEWFILE2" | grep -v "^[[:space:]]*$" | awk '{print "local-data: \"" $2 " A 127.0.0.1\""}' > "$UNBOUND_DATA"
        chmod 644 "$UNBOUND_DATA"
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot chmod '$UNBOUND_DATA' file"
        fi
        chown unbound.unbound "$UNBOUND_DATA"

        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot chown '$UNBOUND_DATA' file"
        fi
        service unbound restart
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound restoring old $UNBOUND_DATA"
                        mv -f "$UNBOUND_DATA".bak "$UNBOUND_DATA"
                        service unbound restart
                        if [ $? -ne 0 ] ; then
                                        logger "$STDERR" -p local0.warning "$PRG: cannot restart unbound, abort"
                                        # Something is wrong with the downloaded files, don't update /etc/hosts
                                        exit 1
                        fi
        fi
fi
if [ ! -f "$HOSTSFILE.orig" ] ; then
        # First time backup hosts file
        mv "$HOSTSFILE" "$HOSTSFILE.orig"
        if [ $? -ne 0 ] ; then
                        logger "$STDERR" -p local0.warning "$PRG: cannot move '$HOSTSFILE' to '$HOSTSFILE.orig'"
        fi
fi
# Add header and original hosts file content
echo "# Hosts file managed by adaway.sh script."           > "$NEWFILE"
echo "# Don't edit, as your edits will be overwritten."   >> "$NEWFILE"
echo "# Edit $HOSTSFILE.orig instead."                    >> "$NEWFILE"
cat "$HOSTSFILE.orig" >> "$NEWFILE"

cat "$NEWFILE2" >> "$NEWFILE"
rm "$NEWFILE2"

mv "$NEWFILE" "$HOSTSFILE"

if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot move '$NEWFILE' to '$HOSTSFILE'"
fi
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot create write new '$HOSTSFILE' file"
        rm "$NEWFILE"
        exit 1
fi
chmod 644 "$HOSTSFILE"
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot set permissions on new '$HOSTSFILE' file"
fi
chown root.root "$HOSTSFILE"
if [ $? -ne 0 ] ; then
        logger "$STDERR" -p local0.warning "$PRG: cannot set ownership on new '$HOSTSFILE' file"
fi
logger "$STDERR" -p local0.info "$PRG: $(wc -l $HOSTSFILE) lines  updated successfully"
# restart postfix so it can update its private copy of the hosts file
service postfix restart
exit 0