#!/sbin/sh
##
## A simple postinstall script which:
##  o Calls catman against /usr/local/man
##  o Installs configuration files into place if so required
##  o Diffs existing configuration files against sample ones
##  o Creates the sshd user and group for UsePrivSeparation
##

prefix=/usr/local
etcdir=${prefix}/etc
bindir=${prefix}/bin
mandir=${prefix}/man
keygen=${bindir}/ssh-keygen
startup=${prefix}/startup

/usr/bin/echo "**\n** Re-building the manual page index in ${mandir}\n**"
/usr/bin/catman -w -M ${mandir}
/usr/bin/chmod 644 ${mandir}/windex

/usr/bin/echo "**\n** Looking at the config files\n**"
if [ -f ${etcdir}/ssh_config ]; then
  echo "${etcdir}/ssh_config already exists, leaving alone"
  echo "Differences are as follows. Note that < is the current file"
  diff ${etcdir}/ssh_config ${etcdir}/ssh_config.sample
  echo
else
  cp ${etcdir}/ssh_config.sample ${etcdir}/ssh_config
  chmod 644 ${etcdir}/ssh_config
  echo "Copied ssh_config.sample to ${etcdir}/ssh_config"
fi
if [ -f ${etcdir}/sshd_config ]; then
  echo "${etcdir}/sshd_config already exists, leaving alone"
  echo "Differences are as follows. Note that < is the current file"
  diff ${etcdir}/sshd_config ${etcdir}/sshd_config.sample
  echo
else
  cp ${etcdir}/sshd_config.sample ${etcdir}/sshd_config
  chmod 644 ${etcdir}/sshd_config
  echo "Copied sshd_config.sample to ${etcdir}/sshd_config"
fi

/usr/bin/echo "\n**\n** Building host keys\n**"

if [ -f ${etcdir}/ssh_host_key ] ; then
  echo "${etcdir}/ssh_host_key already exists, skipping"
else
  ${keygen} -t rsa1 -f ${etcdir}/ssh_host_key -N ""
fi

if [ -f ${etcdir}/ssh_host_dsa_key ] ; then
  echo "${etcdir}/ssh_host_dsa_key already exists, skipping"
else
  ${keygen} -t dsa -f ${etcdir}/ssh_host_dsa_key -N ""
fi

if [ -f ${etcdir}/ssh_host_rsa_key ] ; then
  echo "${etcdir}/ssh_host_rsa_key already exists, skipping"
else
  ${keygen} -t rsa -f ${etcdir}/ssh_host_rsa_key -N ""
fi

/usr/bin/echo "**\n** Doing work for UsePrivSeparation\n**"

grep sshd /etc/group > /dev/null
if [ $? -ne 0 ]; then
  echo "Adding the sshd group"
  groupadd  sshd
fi

grep sshd /etc/passwd > /dev/null
if [ $? -ne 0 ]; then
  echo "Adding the sshd user"
  useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
  echo "Locking account of sshd"
  passwd -l sshd
fi

/usr/bin/echo "**\n** Starting the ssh server\n**"
${startup}/openssh start

exit 0