#!/bin/sh
#----------------------------------------------------------------------------
# /var/install/bin/system-ssh-create-moduli - create SSH moduli file
#
# Creation:     2015-01-17  jed
# Last Update:  $Id$
#
# Copyright (c) 2015-@@YEAR@@ the eisfair team, team(at)eisfair(dot)org
#
# Usage: system-ssh-create-moduli [options]
#
#            --batch     - run script in bacht mode
#            --quiet     - suppress screen output
#            --help      - show this help
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------

# include eislib
. /var/install/include/eislib

#exec 2>/tmp/system-create-moduli-$$.log
#set -x

#----------------------------------------------------------------------------
# my own echo
#----------------------------------------------------------------------------
myecho()
{
    local _me_exit
    local _me_switch
    local _me_outstr

    if [ "${quiet}" != '--quiet' ]
    then
        _me_exit=0
        _me_switch=''
        _me_outstr=''
        while [ ${_me_exit} -eq 0 ]
        do
            case $1 in
                -n|*-std|*stdbr|*-info|*-warn|*-error|*-link|*-ok|*-fail|*-tty|*-html|*-file )
                    _me_switch="${_me_switch}$1 "
                    shift
                    ;;
                * )
                    _me_outstr="$*"
                    _me_exit=1
                    ;;
            esac
        done

        # be verbose
        mecho ${_me_switch} "${_me_outstr}"
    fi
}

#----------------------------------------------------------------------------
# show help
#----------------------------------------------------------------------------
show_help()
{
    mecho
    mecho "Usage: system-ssh-create-moduli [options]"
    mecho
    mecho "    --batch    - run script in batch mode"
    mecho "    --quiet    - suppress screen output"
    mecho "    --help     - show this help"
    mecho
}

#============================================================================
# main
#============================================================================

cmd_line="$*"                         # command line parameters

ssh_dir='/etc/ssh'
moduli_file="${ssh_dir}/moduli"

batch='no'
bits_list='2048 3072 4096 6144 8192'  # list of bits to generate
quiet=''
quiet_short=''

# read command line parameters
while [ $# -ne 0 ]
do
        case $1 in
        *-batch )
            batch='yes'
            shift
            ;;
        *-quiet )
            quiet='--quiet'
            quiet_short='-q'
            shift
            ;;
        * )
            show_help
            exit 1
            ;;
    esac
done

_ask_tmpfile=$(/bin/mktemp -t ask-ssh.XXXXXXXXX)
_tmpfile=$(/bin/mktemp -t moduli-ssh.XXXXXXXXX)

clrhome
myecho --info "Generate SSH moduli file"
myecho

if [ "${batch}" = "no" ]
then
    myecho -n "It will last appr. "; myecho -n --warn "6 days"; myecho " to generate a new '${moduli_file}' file!"
    /var/install/bin/ask "Do you really want to continue" 'n' > ${_ask_tmpfile}
    rc=${?}
    read answer < ${_ask_tmpfile}
    rm -f ${_ask_tmpfile}

    # if ask break, ask returned 255
    if [ ${rc} = 255 ]
    then
        answer='no'
    fi
else
    answer='yes'
fi

moduli_updated=0
if [ "${answer}" = "yes" ]
then
    if [ "${batch}" = "no" -a -f "${moduli_file}" ]
    then
        overwrite='no'
        /var/install/bin/ask "The file already exists, do you want to overwrite it" 'n' > ${_ask_tmpfile}
        rc=${?}
        read overwrite < ${_ask_tmpfile}
        rm -f ${_ask_tmpfile}

        # if ask break, ask returned 255
        if [ ${rc} = 255 ]
        then
            overwrite='no'
        fi
    else
        overwrite='yes'
    fi

    if [ "${overwrite}" = "yes" ]
    then
        myecho
        myecho "generation '${moduli_file}' file ..."
        /var/install/bin/backup-file --quiet ${moduli_file}

        rm -f ${_tmpfile}
        rm -f ${moduli_file}.new

        # generate new moduli file
        for BITS in ${bits_list}
        do
            # generate moduli candidates
            /usr/bin/ssh-keygen ${quiet_short} -q -b ${BITS} -G ${_tmpfile}.${BITS}

            cat ${_tmpfile}.${BITS} >> ${_tmpfile}
            rm -f ${_tmpfile}.${BITS}
        done

        # test moduli candidates
        /usr/bin/ssh-keygen ${quiet_short} -T ${moduli_file}.new -f ${_tmpfile}

        if [ $? -eq 0 ]
        then
            # overwrite existing moduli file
            {
                echo '#----------------------------------------------------------------------'
                echo "# ${moduli_file} file generated by '`readlink -f "$0"`'"
                echo '#'
                echo "# Creation date:  ${EISDATE}  root"
                echo '#'
                echo "# Do not edit this file directly!"
                echo '#'
                echo '# Re-run the 'system-ssh-create-moduli' script command to update it.'
                echo '#----------------------------------------------------------------------'

                cat ${moduli_file}.new
            } >${moduli_file}

            # set access rights
            chmod 0600 ${moduli_file}
            chown root ${moduli_file}
            chgrp root ${moduli_file}

            moduli_updated=1
        fi

        rm -f ${_tmpfile}
        rm -f ${moduli_file}.new

        myecho
    fi

    if [ ${moduli_updated} -eq 1 -a "${batch}" = "yes" ]
    then
        myecho --warn "Remember to restart the OpenSSH server to activate the new key(s)!"
        anykey
    fi
fi

#============================================================================
# end
#============================================================================
exit 0