#!/bin/bash
PATH=/bin:/usr/bin:/sbin:/usr/sbin
SSHDIR=/ffs/run/etc/ssh
PIDFILE=/var/run/sshd.pid
case "$1"
in start)
	[ -d "$SSHDIR" ] || mkdir -p "$SSHDIR"
	[ -f "$SSHDIR/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f "$SSHDIR/ssh_host_rsa_key" -N ""
	for file in ssh_host_rsa_key
	do
		ln -sf "$SSHDIR/$file" /etc/ssh/$file
	done
	for file in ssh_config sshd_config
	do
		[ -f "$SSHDIR/$file" ] &&  ln -sf "$SSHDIR/$file" /etc/ssh/$file
	done
	if date | grep -q 'Jan  1 .*1970'
	then
		date 1970.01.02-00:00
		echo Warning: date changed to from 1/1/70 to 1/2/70
		logger rc.sshd: date changed from 1/1/70 to 1/2/70
	fi
	if [ ! -f /etc/shadow ] && [ -f /ffs/run/etc/shadow ]
	then
		ln -sf /ffs/run/etc/shadow /etc/shadow
		echo /etc/shadow linked to /ffs/run/etc/shadow
	fi
	SSHD_CONFIG=$SSHDIR/sshd_config
	[ -f $SSHD_CONFIG ] || SSHD_CONFIG=/etc/ssh/sshd_config
	grep -q '^PermitRootLogin yes' $SSHD_CONFIG || {
		if grep -q '^#PermitRootLogin' $SSHD_CONFIG
		then
			sed -e 's/^#PermitRootLogin.*/PermitRootLogin yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
		elif grep -q '^PermitRootLogin' $SSHD_CONFIG
		then
			sed -e 's/^PermitRootLogin.*/PermitRootLogin yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
		else
			cp $SSHD_CONFIG $SSHD_CONFIG.tmp
			echo PermitRootLogin yes >>$SSHD_CONFIG.tmp
		fi
		mv $SSHD_CONFIG.tmp $SSHD_CONFIG
	}
	grep -q '^UsePAM yes' $SSHD_CONFIG || {
		if grep -q '^#UsePAM' $SSHD_CONFIG
		then
			sed -e 's/^#UsePAM.*/UsePAM yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
		elif grep -q '^UsePAM' $SSHD_CONFIG
		then
			sed -e 's/^UsePAM.*/UsePAM yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
		else
			cp $SSHD_CONFIG $SSHD_CONFIG.tmp
			echo UsePAM yes >>$SSHD_CONFIG.tmp
		fi
		mv $SSHD_CONFIG.tmp $SSHD_CONFIG
	}
	if grep -q '^root::' /etc/shadow
	then
		grep -q '^PermitEmptyPasswords yes' $SSHD_CONFIG || {
			if grep -q '^#PermitEmptyPasswords' $SSHD_CONFIG
			then
				sed -e 's/^#PermitEmptyPasswords.*/PermitEmptyPasswords yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
			elif grep -q '^PermitEmptyPasswords' $SSHD_CONFIG
			then
				sed -e 's/^PermitEmptyPasswords.*/PermitEmptyPasswords yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
			else
				cp $SSHD_CONFIG $SSHD_CONFIG.tmp
				echo PermitEmptyPasswords yes >>$SSHD_CONFIG.tmp
			fi
			mv $SSHD_CONFIG.tmp $SSHD_CONFIG
		}
		grep -q '^PermitTunnel yes' $SSHD_CONFIG || {
			if grep -q '^#PermitTunnel' $SSHD_CONFIG
			then
				sed -e 's/^#PermitTunnel.*/PermitTunnel yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
			elif grep -q '^PermitTunnel' $SSHD_CONFIG
			then
				sed -e 's/^PermitTunnel.*/PermitTunnel yes/' $SSHD_CONFIG >$SSHD_CONFIG.tmp
			else
				cp $SSHD_CONFIG $SSHD_CONFIG.tmp
				echo PermitTunnel yes >>$SSHD_CONFIG.tmp
			fi
			mv $SSHD_CONFIG.tmp $SSHD_CONFIG
		}
		echo Warning: rc.sshd: allowed emtpy password for sshd
		logger rc.sshd: allowed empty passwords for sshd
	fi
	mkdir -p /var/empty
	chmod 755 /var/empty
	chown root:root /var/empty
	chmod 600 $SSHDIR/ssh_host_rsa_key 2>/dev/null || true
	chmod 600 /etc/ssh/{moduli,sshd_config} 2>/dev/null || true
	chmod 644 /etc/ssh/ssh_config 2>/dev/null || true
	echo starting sshd
	[ -f /proc/self/oom_score_adj ] && echo -1000 > /proc/self/oom_score_adj || echo -17 > /proc/self/oom_adj
	/usr/sbin/sshd -o PidFile=$PIDFILE
;; stop)
	kill $(cat $PIDFILE)
;; restart)
	$0 stop
	$0 start
esac
