#!/bin/bash
#
# chkconfig: 2345 30 50
# description: Exclusive ssh service for internal mgmt i/f
#
# processname: isshd
# config: /etc/sysconfig/isshd

# Setting this env variable to skip systemctl
SYSTEMCTL_SKIP_REDIRECT=1

# source function library
. /etc/rc.d/init.d/functions

# pull in sysconfig settings
[ -f /etc/sysconfig/isshd ] && . /etc/sysconfig/isshd

RETVAL=0
prog="isshd"

# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
ISSHD=/usr/bin/isshd
RSA_KEY=/persist/local/issh_host_rsa_key
DSA_KEY=/persist/local/issh_host_dsa_key
PID_FILE=/var/run/isshd.pid

runlevel=$(set -- $(runlevel); eval "echo \$$#" )

do_rsa_keygen() {
	if [ ! -s $RSA_KEY ]; then
		echo -n $"Generating SSH2 RSA host key: "
		rm -f $RSA_KEY
		if test ! -f $RSA_KEY && $KEYGEN -q -b 2048 -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
			chmod 600 $RSA_KEY
			chmod 644 $RSA_KEY.pub
			if [ -x /sbin/restorecon ]; then
				/sbin/restorecon $RSA_KEY.pub
			fi
			success $"RSA key generation"
			echo
		else
			failure $"RSA key generation"
			echo
			exit 1
		fi
	fi
}

do_dsa_keygen() {
	if [ ! -s $DSA_KEY ]; then
		echo -n $"Generating SSH2 DSA host key: "
		rm -f $DSA_KEY
		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
			chmod 600 $DSA_KEY
			chmod 644 $DSA_KEY.pub
			if [ -x /sbin/restorecon ]; then
				/sbin/restorecon $DSA_KEY.pub
			fi
			success $"DSA key generation"
			echo
		else
			failure $"DSA key generation"
			echo
			exit 1
		fi
	fi
}

do_restart_sanity_check()
{
	$ISSHD -t
	RETVAL=$?
	if [ ! "$RETVAL" = 0 ]; then
		failure $"Configuration file or keys are invalid"
		echo
	fi
}

start()
{
        # Do nothing if not a modular switch
        # If we are in in a RedSup Namespace dut, don't look at /etc/slotid. We use
        # /tmp/RedSup/slotid in that case. We know that we are in a RedSup Namespace
        # dut by checking if the optional function argument NSNAME contains "ssortr"
        # substring.
        NSNAME="${1:-}"
        SUB='ssortr'
        SLOTIDPATH='/etc/slotid'
        if [[ "$NSNAME" == *"$SUB"* ]]; then
           SLOTIDPATH='/tmp/etc/slotid'
        fi
        slotId=`cat $SLOTIDPATH`
        ifconfig internal${slotId}_1 >/dev/null 2>&1
        if [ $? -ne 0 ]; then
                return
        fi

	# Create keys if necessary
        if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
		do_rsa_keygen
		if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
			do_dsa_keygen
		fi
	fi

	cp -af /etc/localtime /var/empty/sshd/etc

	echo -n $"Starting $prog: "
	$ISSHD $OPTIONS && success || failure
	RETVAL=$?
	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/isshd
	echo
}

stop()
{
	if [ -z "`pidfileofproc $ISSHD`" ] ; then
            # isshd is not running
            return 0
	fi
        
        echo -n $"Stopping $prog: "
        killproc $ISSHD
	RETVAL=$?

	# if we are in halt or reboot runlevel kill all running sessions
	# so the TCP connections are closed cleanly
	#if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
	#    killall $prog 2>/dev/null
	#fi
        # Don't use killall; it can't distinguish sshd from isshd -holbrook 2008-03-11
	[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/isshd
	echo
}

reload()
{
	echo -n $"Reloading $prog: "
	if [ -n "`pidfileofproc $ISSHD`" ] ; then
	    killproc $ISSHD -HUP
	else
	    failure $"Reloading $prog"
	fi
	RETVAL=$?
	echo
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		# $2 corresponds to optional NSNAME argument that will be passed to start
		start $2
		;;
	reload)
		reload
		;;
	condrestart)
		if [ -f /var/lock/subsys/isshd ] ; then
			do_restart_sanity_check
			if [ "$RETVAL" = 0 ] ; then
				stop
				# avoid race
				sleep 3
				start
			fi
		fi
		;;
	status)
		status $ISSHD
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
		RETVAL=1
esac
exit $RETVAL
