#!/bin/sh

# Init file for OpenSSH server daemon
#
# chkconfig: 2345 54 26
# description: OpenSSH server daemon
#
# processname: sshd
# config: /etc/openssh/sshd_config
# pidfile: /var/run/sshd.pid

WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Source networking configuration.
SourceIfNotEmpty /etc/sysconfig/network

EXTRAOPTIONS=
SSH1_RSA_KEY=/etc/openssh/ssh_host_key
SSH2_RSA_KEY=/etc/openssh/ssh_host_rsa_key
SSH2_DSA_KEY=/etc/openssh/ssh_host_dsa_key
KEYGEN=/usr/bin/ssh-keygen
PROCESSNAME=sshd
PIDFILE=/var/run/$PROCESSNAME.pid
LOCKFILE=/var/lock/subsys/$PROCESSNAME

# Source config.
SourceIfNotEmpty /etc/sysconfig/$PROCESSNAME

RETVAL=0

do_keygen()
{
	local kfile ktype kname
	kfile="$1"
	shift
	ktype="$1"
	shift
	kname="$1"
	shift

	[ -s "$kfile" ] && return 0

	printf $"Generating %s host key: " "$kname"
	if $KEYGEN -q -t "$ktype" -f "$kfile" -C '' -N '' >/dev/null 2>&1; then
		success "$kname key generation"
		echo
	else
		failure "$kname key generation"
		echo
		exit 1
	fi
}

start()
{
	is_yes "$NETWORKING" || return 0

	# Create keys if necessary
	do_keygen "$SSH2_RSA_KEY" rsa  "SSH2 RSA"
	do_keygen "$SSH2_DSA_KEY" dsa  "SSH2 DSA"
	do_keygen "$SSH1_RSA_KEY" rsa1 "SSH1 RSA"

	start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root -- $PROCESSNAME $EXTRAOPTIONS
	RETVAL=$?
	return $RETVAL
}

stop()
{
	stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root -- $PROCESSNAME
	RETVAL=$?
	return $RETVAL
}

do_config_sanity_check()
{
        action $"Checking sshd configuration:" $PROCESSNAME $EXTRAOPTIONS -t || exit
}

reload()
{
	do_config_sanity_check
	msg_reloading $PROCESSNAME
	stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- $PROCESSNAME
	RETVAL=$?
	return $RETVAL
}

restart()
{
	do_config_sanity_check
	stop
	start
}

# See how we were called.
case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	reload)
		reload
		;;
	restart)
		restart
		;;
	condstop)
		if [ -e "$LOCKFILE" ]; then
			stop
		fi
		;;
	condrestart)
		if [ -e "$LOCKFILE" ]; then
			restart
		fi
		;;
	condreload)
		if [ -e "$LOCKFILE" ]; then
			reload
		fi
		;;
	check)
		do_config_sanity_check
		;;
	status)
		status --pidfile "$PIDFILE" --expect-user root -- $PROCESSNAME
		RETVAL=$?
		;;
	*)
		msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|check|status}"
		RETVAL=1
esac

exit $RETVAL
