#!/bin/bash
#
# /usr/NX/bin/nxkeygen
#		Create a new client/server key pair
#
#		Originally written for Gentoo Linux
#
# Author	Stuart Herbert
#		(stuart@gentoo.org)
#
# Copyright	(c) 2004 Gentoo Foundation
#		Released under v2 of the GNU GPL
#
# SVN: $Id: nxkeygen 512 2008-03-10 23:01:03Z fabianx $
#
# ========================================================================

# Read the config file
SHARED_CONFS="/usr/share/freenx-server"
. $SHARED_CONFS/nxfuncs
open_dbe $$
attach_db "$sq_settings_fn" ro || {
	echo "Unable to attach db file $sq_settings_fn"; exit 1;
}
set_vars_from_db

[ -z "$NX_KEY_DIR" ] && NX_KEY_DIR="$NX_HOME_DIR/.ssh"
DATE="`date '+%Y%m%d-%H%M%S'`"
NX_CLIENT_KEY="${NX_KEY_DIR}/client.id_dsa.key"
NX_SERVER_KEY="${NX_KEY_DIR}/server.id_dsa.pub.key"

main () {
	# create a new key
	umask 177
	$COMMAND_SSH_KEYGEN -q -t dsa -N '' -f ${NX_KEY_DIR}/local.id_dsa

	# backup the existing keys

	if [ -f "${NX_SERVER_KEY}" ]; then
		echo "Backing up existing server key to ${NX_SERVER_KEY}.${DATE}"
		mv -f "${NX_SERVER_KEY}" "${NX_SERVER_KEY}.${DATE}"
	fi

	if [ -f "${NX_CLIENT_KEY}" ]; then
		echo "Backing up existing client key to ${NX_CLIENT_KEY}.${DATE}"
		mv -f "${NX_CLIENT_KEY}" "${NX_CLIENT_KEY}.${DATE}"
	fi

	# put the new keys in place

	mv -f "${NX_KEY_DIR}/local.id_dsa" "${NX_CLIENT_KEY}"
	mv -f "${NX_KEY_DIR}/local.id_dsa.pub" "${NX_SERVER_KEY}"

	for x in ${NX_CLIENT_KEY} ${NX_SERVER_KEY} ; do
		chmod 600 $x
		chown nx:root $x
	done

	# copy the key to the authorized_keys2 file
	rm -f $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
	echo -n "no-port-forwarding,no-agent-forwarding,command=\"$PATH_BIN/nxserver\" " >$NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
	cat ${NX_SERVER_KEY} >> $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS

	# Fix ownership of $SSH_AUTHORIZED_KEYS, just in case nxkeygen is run without nxsetup.

	chown nx:root $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS

	# now tell the user what to do

	echo "Unique key generated; your users must install"
	echo
	echo "    ${NX_CLIENT_KEY}"
	echo
	echo "on their computers."
}

if [ -f "${NX_SERVER_KEY}" -a -f "${NX_CLIENT_KEY}" -a \
		! -z "$NX_DONT_OVERRIDE" ]; then
	echo "Not overriding the existing key"
	exit
fi

main "$@"

close_dbe $$
