#!/bin/sh
# @package      hubzero-mw2-exec-virtualssh
# @file         virtualsshd_start
# @author       Pascal Meunier <pmeunier@purdue.edu>
# @copyright    Copyright (c) 2016-2017 HUBzero Foundation, LLC.
# @license      http://opensource.org/licenses/MIT MIT
#
# Based on prior work by Richard L. Kennell
#
# Copyright (c) 2016-2017 HUBzero Foundation, LLC.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
# HUBzero is a registered trademark of HUBzero Foundation, LLC.
#

# Setup and start an SSH server inside a container running as the user
# - Create the ssh keys if necessary, and copy them to the container
# - Called by /usr/bin/virtualssh_client if the SSH server isn't running
# - input validation is expected to have been done in vssh_exec_proxy
# - run as root to be able to issue vzctl commands.
# - the same private key is reused to connect to all containers
# - only the public key is copied to containers, to the authorized_keys file

if [ $# -ne 2 ]
then
  echo "Improper arguments to $0: $*" >&2
  exit 1
fi
DEBUG=0

dispnum="$1"
username="$2"

VAR_PATH="/etc/mw-virtualssh/"

# is the user account setup in that container?
docker exec -it ${dispnum}.tool grep -q "$username:" /etc/passwd
if [ $? -ne 0 ]; then
  if [ $DEBUG -gt 0 ]; then
    echo account "$username" not setup in container yet, please wait
  fi
  exit 1
fi
  

create_guest_key() {
  mkdir -p ${VAR_PATH}ssh
  cd ${VAR_PATH}
  ssh-keygen -t rsa -b 2048 -N '' -C "virtualSSH-guest" -f ssh_guest_key > /dev/null
  mv ssh_guest_key.pub ssh
  cat ssh/ssh_guest_key.pub > ssh/authorized_keys
}

[ -f ${VAR_PATH}ssh_guest_key ] || {
  create_guest_key
}
[ -f ${VAR_PATH}ssh/ssh_guest_key.pub ] || {
  create_guest_key
}
[ -f ${VAR_PATH}ssh/authorized_keys ] || {
  create_guest_key
}

create_host_key() {
  mkdir -p ${VAR_PATH}ssh
  cd ${VAR_PATH}ssh
  ssh-keygen -t rsa -b 2048 -N '' -C "virtualSSH-host" -f ssh_host_key > /dev/null
}

[ -f ${VAR_PATH}ssh/ssh_host_key ] || {
  create_host_key
}
[ -f ${VAR_PATH}ssh/ssh_host_key.pub ] || {
  create_host_key
}

# setup directory is /ssh inside container
docker exec ${dispnum}.tool mkdir -p /ssh
docker cp /etc/mw-virtualssh/sshd_config ${dispnum}.tool:/ssh
docker cp -a /etc/mw-virtualssh/xauth ${dispnum}.tool:/ssh
docker cp -a ${VAR_PATH}ssh ${dispnum}.tool:/
docker exec ${dispnum}.tool mkdir -p /var/run/sshd
grep users /etc/group > /dev/null
if [ $? -eq 0 ]; then 
  ugroup=users
else
  ugroup=public
fi
docker exec ${dispnum}.tool chown -R ${username}:$ugroup /ssh
docker exec ${dispnum}.tool chmod -R go-rwx /ssh
[ $DEBUG -gt 0 ] && echo starting SSH server inside container
docker exec -d ${dispnum}.tool su ${username} -c "/usr/sbin/sshd -f /ssh/sshd_config"
ec=$?
if [ $DEBUG -gt 0 ]; then
  if [ $ec -eq 0 ]; then
    echo SSH server started
  else
    echo failed to start SSH server
  fi
fi
  
