#!/bin/bash

# argv 0 local user name
# argv 1 remote user name
# argv 2 remote hostname
# argv 3 remote login password
# argv 4 overwrite flag
# argv 5 auth key type
# argc 6 clean remote host key (true or false)

# return code 0: normal exit
# return code 1: command syntex error
# return code 2: key already working, no need to send the key again
# return code 3: wrong password was provided.
# return code 4: RSA host key has been changed.
# return code 5: ssh has not been enabled on the remote server.
# return code 255: target host not found.

#
# Notes: this script shall only be executed by the root.
#

isretrievekey="false"
if [ $# = 1 ]
then
    isretrievekey="true"
elif [ $# -lt 6 ]
then
    echo "Usage: makesshkey <localusername> <remoteusername> <remotehostname> <remotepasswd> <overwrite> <keytype> <cleanhostkey>"
    exit 1
fi

localusername=$1
localhostname=$(hostname)
remoteusername=$2
remotehostname=$3
remotepasswd=$4
overwrite=$5
authkeytype=$6
cleanhostkey=$7


#
# If cleanhostkey value is true, then clean the remote host key for the root and ccfw
#
if [ "$cleanhostkey" = "true" ]
then
    roothostkeyfile="/root/.ssh/known_hosts"
    roothostkeyfiletmp="/root/.ssh/known_hosts_tmp"
    sed '/'$remotehostname'/ d' $roothostkeyfile > $roothostkeyfiletmp; mv $roothostkeyfiletmp $roothostkeyfile
    ccfwhostkeyfile="/opt/ccfw/.ssh/known_hosts"
    ccfwhostkeyfiletmp="/opt/ccfw/.ssh/known_hosts_tmp"
    sed '/'$remotehostname'/ d' $ccfwhostkeyfile > $ccfwhostkeyfiletmp; mv $ccfwhostkeyfiletmp $ccfwhostkeyfile
    chown ccfw $ccfwhostkeyfile
fi

#
# To check whether the SSH key files is already generated or not.
#

# Create the .ssh directory if it does not exist yet.
mysshdir="/home/"$localusername"/.ssh"
if [ ! -d $mysshdir ]
then
    mkdir -p $mysshdir
    chown $localusername $mysshdir
    chgrp hmc $mysshdir
fi

# Create the ccfw directory under .ssh if it does not exist yet.
mykeydir=$mysshdir"/ccfw"
if [ ! -d $mykeydir ]
then
    mkdir -p $mykeydir
    chown ccfw $mykeydir
    chgrp hmc  $mykeydir
fi

if [ "$authkeytype" = "rsa" ]
then
    privkeyfile=$mykeydir"/id_rsa"
    pubkeyfile=$mykeydir"/id_rsa.pub"
    privkeyfileother=$mykeydir"/id_dsa"
    pubkeyfileother=$mykeydir"/id_dsa.pub"
else
    privkeyfile=$mykeydir"/id_dsa"
    pubkeyfile=$mykeydir"/id_dsa.pub"
    privkeyfileother=$mykeydir"/id_rsa"
    pubkeyfileother=$mykeydir"/id_rsa.pub"
fi

# For the case of retrieving key, if key already existing
# just return the key.
if [ "$isretrievekey" = "true" ]
then
    if [ -f $privkeyfile -a -f $pubkeyfile ]
    then
        cat $pubkeyfile
        exit 0
    elif [ -f $privkeyfileother -a -f $pubkeyfileother ]
    then
        cat $pubkeyfileother
        exit 0
    fi
fi

if [ -f $privkeyfileother -a -f $pubkeyfileother ]
then
    rm -f $privkeyfileother $pubkeyfileother
fi

genkey=true
if [ -f $privkeyfile -a -f $pubkeyfile ]
then
    if [ ! "$overwrite" = "true" ]
    then
        genkey=false
    fi
fi


# For the case of retrieving key, set some variables to the default values
if [ "$isretrievekey" = "true" ]
then
    authkeytype="rsa"
    privkeyfile=$mykeydir"/id_rsa"
    pubkeyfile=$mykeydir"/id_rsa.pub"
fi

# To generate the key if it is not there or need overwrite
if [ "$genkey" = "true" ]
then
    rm -f $privkeyfile $pubkeyfile
    ssh-keygen -t $authkeytype -C "ccfw@"$localhostname -N "" -f $privkeyfile > /dev/null 2>&1
    chown ccfw $privkeyfile $pubkeyfile
    chgrp hmc $privkeyfile $pubkeyfile 
fi

# For the case of retrieving key, just return the key new.
if [ "$isretrievekey" = "true" ]
then
    cat $pubkeyfile
    exit 0
fi

sendkey="true"        
# If no new keys were generated, run a test to see if the existing key
# still works.
if [ ! "$genkey" = "true" ]
then
    mksshkeyexp $localusername $remoteusername $remotehostname $remotepasswd true $authkeytype
    rc=$?
    
    if [ $rc = 1 ]
    then
        sendkey="false"
    else
        if [ $rc = 4 ]
        then
            exit 4
        fi

        if [ $rc = 5 ]
        then
            exit 5
        fi

        if [ $rc = 255 ]
        then 
            exit 255
        fi
    fi
fi

if [ "$sendkey" = "true" ] 
then
    pubkey=$(cat $pubkeyfile)
    mksshkeyexp $localusername $remoteusername $remotehostname $remotepasswd false $authkeytype "$pubkey"
    rc=$?
    if [ $rc = 0 ]
    then
#       To test the key again. if failed this time, it must be the wrong password
        mksshkeyexp $localusername $remoteusername $remotehostname $remotepasswd true $authkeytype
        rc=$?
        if [ $rc = 2 ]
        then
           exit 3
        fi
    else
        exit $rc
    fi
else
    exit 2
fi
exit 0
