#!/bin/sh
# vim:set sw=4 ts=4:
#
# $Id: make_ssh,v 1.5 2005/04/11 14:14:39 fabian Exp $
#
#############################################################################
#
# ALICE
# Automatic Linux Installation and Configuration Environment
#
# Copyright (c) 2000-2002 SuSE Linux Solutions AG, Eschborn, Germany
#               2002-2004 SuSE Linux AG, Eschborn, Germany
#               2005           SUSE GmbH, Nuernberg, Germany
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#############################################################################
#
# Author: Fabian Herschel
#
#############################################################################
#
# make_ssh
# configures the sshd
#
# Sections: ssh_keys (change that to ssh?)
# Tags:     AUTHORIZED_KEYS_<user>, CONFIG_MODE
#
############################################################################
#
# Notes:
# - Used tags
#   the tag <AUTHORIZED_KEYS_$user> contains the keys, which should
#   be copied to the ~$user/.ssh/authorized_keys
#   the tag <CONFIG_MODE> could contain the values ADD_KEYS or REPLACE_KEYS.
#   ADD_KEYS will be used to add keys to authorized keys (already stored keys
#   will not be deleted). REPLACE_KEYS will be used to replace the keys by
#   the "new" ones.
# - Configuration file
#   ssh_keys.tcf
# - Defaults
#   The default of <AUTHORIZED_KEYS_$user> is empty (no keys)
#   The default of <CONFIG_MODE> is ADD_KEYS 
# - Known restrictions:
#   TODO: At this moment only local (/etc/passwd) configured users can be configured
#
############################################################################
#
test -n "$alice_dir" || alice_dir="/usr/lib/alice2/"
export alice_dir

while [ $# -gt 0 ]
do
   case $1 in
       -h | --help | -? ) usage
                          exit 1
                          ;;
       -fqhn ) export fqhn=$2; shift
            ;;

   esac
   shift
done   

. $alice_dir/lib/alicerc

WELCOME
ALL_USERS=$( awk -F: '{ print $1 }' /etc/passwd )
# TODO: How to get a complete user list in non-local-user environments like nis, ldap
#       An other way could be to give an optional tag like 
#	<SSH_USERS>hugo willi biene</SSH_USERS>
#
############################################################################
#
GET_CONFIGURATION ssh_keys $CFG_DEBUG
for user in $ALL_USERS
do

   case "$user" in
       +* )   # do nothing for NIS/YP users
              break;
              ;;
        * )
   THE_USERS_HOME_DIR=$( awk -F: '$1 == user { print $6 }' user=$user /etc/passwd )
#
# mkdir $THE_USERS_HOME_DIR/.ssh
# file  $THE_USERS_HOME_DIR/.ssh/authorized_keys
#
# <CONFIG_MODE>ADD_KEYS|REPLACE_KEYS
# <AUTHORIZED_KEYS_root>
#
   SSH_AUTH_KEYS=""
   eval SSH_AUTH_KEYS=\$AUTHORIZED_KEYS_$user
   if [ -n "$SSH_AUTH_KEYS" ]
   then
      #
      # there are authorized keys for this login
      #
      if [ ! -d ${THE_USERS_HOME_DIR}/.ssh ]
      then
          mkdir ${THE_USERS_HOME_DIR}/.ssh 
      fi
      if [ -f $THE_USERS_HOME_DIR/.ssh/authorized_keys ]
      then
          BACKUP --error $THE_USERS_HOME_DIR/.ssh/authorized_keys 
      fi
      case "$CONFIG_MODE" in
           ADD_KEYS | add_keys ) 
                        echo "$SSH_AUTH_KEYS" >> $THE_USERS_HOME_DIR/.ssh/authorized_keys
                        ;;
           REPLACE_KEYS | replace_keys )
                        echo "$SSH_AUTH_KEYS"  > $THE_USERS_HOME_DIR/.ssh/authorized_keys
                        ;;
      esac
   fi
       ;;
  esac
done
#
############################################################################
# Thats all
GOOD_BYE 
