#! /bin/sh
#
# lsh-utils	Start/stop secure shell server.
#		Written by Timshel Knoll <timshel@debian.org>
#

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/lshd
NAME=lshd
DESC="secure shell v2 server"
CONFIG=/etc/default/lsh-server

RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
HOST_KEY="/etc/lsh_host_key"

test -f $DAEMON || exit 0

set -e

if [ -r "$CONFIG" ]; then
   . "$CONFIG"
fi

if [ x"$LSHD_PORT" = x ]; then
   LSHD_PORT="2222"
fi

# Use ssh1 fallback if we have ssh1
SSH1="/usr/sbin/sshd"
if [ "$LSHD_PORT" -eq 22 -a -f "$SSH1" ]; then
  case "$SSH1_FALLBACK" in
    true|y*|Y*)
      SSH1_FLAG="--ssh1-fallback=$SSH1"
      ;;
    *)
      SSH1_FLAG=""
      ;;
  esac
fi

if [ "$1" != "stop" -a "$1" != "graceful-stop" ]; then
   if [ ! -f "$RANDOM_SEED" ]; then
      echo "The lshd SSH 2 server cannot be started as it is not properly set up"
      echo "with a random seed file. Please run \"lsh-make-seed --server\""
      echo "as root to generate the $RANDOM_SEED random seed file"
      echo
      echo "For security reasons, lsh-make-seed really needs to be run from the console"
      echo "of the system you are running it on. If you run lsh-make-seed using a remote"
      echo "shell, the timing information lsh-make-seed uses for its random seed creation"
      echo "is likely to be screwed. If need be, you can generate the random seed on a"
      echo "different system than that which it will eventually be on, by installing the"
      echo "lsh-utils package and running \"lsh-make-seed -o my-other-server-seed-file\"."
      echo "You may then transfer the seed to the destination system as using a secure"
      echo "connection with lsh (an older 1.2.x version will be required to work without"
      echo "a seed file) or ssh (store it as /var/spool/lsh/yarrow-seed-file)."

      exit 0
   fi

   if [ ! -f "$HOST_KEY" ]; then
      echo -n "Creating lsh host key (this only needs to be done once): $HOST_KEY"
      lsh-keygen --server | \
         lsh-writekey --server --output-file "$HOST_KEY"

      if [ ! -f "$HOST_KEY" ]; then
         echo " failed! not starting lshd"
         exit 0
      fi
      
      echo "."
   fi
fi

case "$1" in
  start)
	echo -n "Starting $DESC: $NAME"
	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
		--background --make-pidfile --exec $DAEMON -- \
		--port "$LSHD_PORT" $SSH1_FLAG
	echo "."
	;;
  stop)
	echo -n "Stopping $DESC: $NAME"
	start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
		--oknodo --exec $DAEMON
	echo "."
	;;
  graceful-stop)
	echo -n "Gracefully stopping $DESC: $NAME"
	# Signal 1 causes the "old" lsh to close up shop on its port, but
	# keeps running until all active connections have been closed
	start-stop-daemon --stop --signal 1 --quiet --pidfile \
		 /var/run/$NAME.pid --oknodo --exec $DAEMON
	# Remove the old pid file, the server will exit when ready
	rm -f /var/run/$NAME.pid
	echo "."
	;;
  #reload)
	# Signal 1 causes the "old" lsh to close up shop on its port, but
	# keeps running until all active connections have been closed
	#echo -n "Reloading $DESC configuration files."
	#start-stop-daemon --stop --signal 1 --quiet --pidfile \
	#	/var/run/$NAME.pid --exec $DAEMON
	#;;
  restart|force-reload)
	#
	#       If the "reload" option is implemented, move the "force-reload"
	#       option to the "reload" entry above. If not, "force-reload" is
	#       just the same as "restart".
	#
	echo -n "Restarting $DESC: $NAME"
	start-stop-daemon --stop --signal 1 --quiet --pidfile \
		/var/run/$NAME.pid --oknodo --exec $DAEMON
	# Remove the old pid file, the old server will exit when ready
	rm -f /var/run/$NAME.pid
	sleep 1
	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
		--background --make-pidfile --exec $DAEMON -- \
		--port "$LSHD_PORT" $SSH1_FLAG
	echo "."
	;;
  *)
	echo "Usage: /etc/init.d/lsh-utils {start|stop|restart|force-reload}" >&2
	exit 1
	;;
esac

exit 0
