# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

EAPI="5"
PYTHON_COMPAT=( python2_7 )
DISTUTILS_SINGLE_IMPL=1

inherit distutils-r1 eutils user

DESCRIPTION="sshproxy is an ssh gateway to apply ACLs on ssh connections"
HOMEPAGE="http://sshproxy-project.org/"
SRC_URI="http://sshproxy-project.org/download/${P}.tar.gz"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"

IUSE="client-only mysql minimal"
# mysql: install the mysql_db backend driver
# minimal: do not install extra plugins
# client-only: install only the client wrappers

DEPEND="!client-only? (
		>=dev-python/paramiko-1.6.3[${PYTHON_USEDEP}]
		mysql? ( >=dev-python/mysql-python-1.2.0[${PYTHON_USEDEP}] )
	)"
RDEPEND="${DEPEND}
		net-misc/openssh"

pkg_setup() {
	python-single-r1_pkg_setup
	enewgroup sshproxy
	enewuser sshproxy -1 -1 /var/lib/sshproxy sshproxy
}

src_prepare() {
	# avoid conflicts with net-misc/putty and net-misc/pssh
	# by renaming pscp and pssh scripts (#248193 and #278794)
	epatch "${FILESDIR}"/${P}-rename-wrappers.patch
	sed -i -e 's/pscp/spscp/g;s/pssh/spssh/g' doc/* && \
		mv bin/pssh bin/spssh && \
		mv bin/pscp bin/spscp && \
		mv doc/pscp.1 doc/spscp.1 && \
		mv doc/pssh.1 doc/spssh.1 || die "failed to rename pscp or pssh files"
	ewarn "For avoiding conflicts with net-misc/putty and net-misc/pssh,"
	ewarn "pscp and pssh scripts have been renamed as spscp respectively spssh."

	sed -i -e 's/if paramiko.__version_info__ < (1, 6, 3):/if False:/g' "${S}"/sshproxy/__init__.py || die 'Sed failed.'
}

src_install () {
	dobin bin/spscp
	dobin bin/spssh

	if ! use client-only; then
		distutils-r1_src_install

		diropts -o sshproxy -g sshproxy -m0750
		keepdir /var/lib/sshproxy
		keepdir /var/log/sshproxy

		# Create a default sshproxy.ini
		dodir /etc/sshproxy
		insopts -o root -g sshproxy -m0600
		insinto /etc/sshproxy
		doins "${FILESDIR}/sshproxy.ini"
		local BLOWFISH_SECRET=$(printf "%04hX%04hX%04hX%04hX\n" ${RANDOM} ${RANDOM} ${RANDOM} ${RANDOM})
		sed -i -e "s/%BLOWFISH_SECRET%/${BLOWFISH_SECRET}/" \
			-e "s/%HOSTNAME%/${HOSTNAME}/" \
			"${D}/etc/sshproxy/sshproxy.ini"

		insopts -o sshproxy -g sshproxy -m0600
		rm -rf "${D}/usr/lib/sshproxy/spexpect"
		if use minimal; then
			local p
			for p in acl_funcs console_extra logusers; do
				rm -rf "${D}/usr/lib/sshproxy/${p}"
			done
		else
			keepdir /var/log/sshproxy/logusers
			{   # initialize a reasonable value for the logusers plugin
				echo
				echo "[logusers]"
				echo "logdir = /var/log/sshproxy/logusers"
				echo
			} >> "${D}/etc/sshproxy/sshproxy.ini"
		fi

		# init/conf files for sshproxy daemon
		newinitd "${FILESDIR}/sshproxyd.initd" sshproxyd
		newconfd "${FILESDIR}/sshproxyd.confd" sshproxyd

		# install manpages
		doman doc/spscp.1
		doman doc/spssh.1
		if ! use client-only; then
			doman doc/sshproxy.ini.5
			doman doc/sshproxy-setup.8
			doman doc/sshproxyd.8
		fi

		if use mysql; then
			insinto /usr/share/sshproxy/mysql_db
			doins misc/mysql_db.sql
			doins misc/sshproxy-mysql-user.sql
		else
			rm -rf "${D}/usr/lib/sshproxy/mysql_db"
			sed -i -e 's/[ \t]\+mysql//' \
				"${D}/etc/init.d/sshproxyd" || die 'Sed failed.'
		fi
	fi
}

pkg_postinst () {
	echo
	einfo "Don't forget to set the following environment variables"
	einfo "   SSHPROXY_HOST (default to localhost)"
	einfo "   SSHPROXY_PORT (default to 2242)"
	einfo "   SSHPROXY_USER (default to \$USER)"
	einfo "for each sshproxy user."
	if ! use client-only; then
		distutils_pkg_postinst

		echo
		einfo "If this is your first installation, run"
		einfo "   emerge --config =${CATEGORY}/${PF}"
		einfo "to initialize the backend and configure sshproxy."
		echo
		einfo "There is no need to install sshproxy on a client machine."
		einfo "You can connect to a SSH server using this proxy by running"
		einfo "   ssh -tp PROXY_PORT PROXY_USER@PROXY_HOST -- REMOTE_USER@REMOTE_HOST"
	fi
}

pkg_config() {
	if [[ -d "${ROOT}/usr/lib/sshproxy/mysql_db" ]]; then
		local PASSWD=$(printf "%04hX%04hX%04hX%04hX\n" ${RANDOM} ${RANDOM} ${RANDOM} ${RANDOM})
		local SHARE="${ROOT}/usr/share/sshproxy/mysql_db"
		local DB_HOST DB_PORT
		read -p "Enter the MySQL host (default localhost): " DB_HOST
		[[ -n "${DB_HOST}" ]] || DB_HOST=localhost
		read -p "Enter the MySQL port (default 3306): " DB_PORT
		[[ -n "${DB_PORT}" ]] || DB_PORT=3306

		ewarn "When prompted for a password, enter your MySQL root password"
		ewarn

		if mysql -h ${DB_HOST} -P ${DB_PORT} -u root -p <<EOF ; then
CREATE DATABASE sshproxy;
USE sshproxy;
$(sed -e "s/sshproxypw/${PASSWD}/g" "${SHARE}/sshproxy-mysql-user.sql")
$(<"${SHARE}/mysql_db.sql")
EOF

			{
				echo
				echo "[client_db.mysql]"
				echo "host = ${DB_HOST}"
				echo "password = ${PASSWD}"
				echo "db = sshproxy"
				echo "user = sshproxy"
				echo "port = ${DB_PORT}"
				echo
				echo "[acl_db.mysql]"
				echo "host = ${DB_HOST}"
				echo "password = ${PASSWD}"
				echo "db = sshproxy"
				echo "user = sshproxy"
				echo "port = ${DB_PORT}"
				echo
				echo "[site_db.mysql]"
				echo "host = ${DB_HOST}"
				echo "password = ${PASSWD}"
				echo "db = sshproxy"
				echo "user = sshproxy"
				echo "port = ${DB_PORT}"
			} >> "${ROOT}/etc/sshproxy/sshproxy.ini"

			sed -i -e 's/^\(\(acl\|client\|site\)_db = \)ini_db/\1mysql_db/g' \
				"${ROOT}/etc/sshproxy/sshproxy.ini"
			grep -q "^plugin_list .* mysql_db" \
				"${ROOT}/etc/sshproxy/sshproxy.ini" || \
					sed -i -e 's/^\(plugin_list = .*\)$/\1 mysql_db/g' \
						"${ROOT}/etc/sshproxy/sshproxy.ini"
		else
			ewarn "Failed to create MySQL database!"
			ewarn "If the database already existed and you want to replace it,"
			ewarn "hit Ctrl-C now and drop the old database by running the command:"
			ewarn "    /usr/bin/mysqladmin -h ${DB_HOST} -P ${DB_PORT} -u root -p drop sshproxy"
			read -p "Hit Ctrl-C to stop the procedure or Enter to continue " key
		fi
	fi

	INITD_STARTUP="/etc/init.d/sshproxyd start" chroot "${ROOT}" \
		sshproxy-setup -u sshproxy -c /etc/sshproxy
}