#!/bin/bash

#Preupgrade Assistant performs system upgradability assessment
#and gathers information required for successful operating system upgrade.
#Copyright (C) 2013 Red Hat Inc.
#Petr Stodulka <pstodulk@redhat.com>
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program.  If not, see <http://www.gnu.org/licenses/>.
. /usr/share/preupgrade/common.sh
check_applies_to "openssh-server"
#END GENERATED SECTION

mkdir -p "$POSTUPGRADE_DIR/openssh" \
 && cp fix_sshkeys.sh "$POSTUPGRADE_DIR/openssh/" \
 || {
   log_error "Cannot copy the postupgrade script to the right directory."
   exit_error
}

echo "Private server's ssh keys in /etc/ssh have a different group and permissions
in Red Hat Enterprise Linux 7 but it is fixed by the postupgrade script." > solution.txt

line=$( grep  -nm 1 "^\s*Match" /etc/ssh/sshd_config | cut -d ":" -f 1 )

[[ $line == "" ]] && exit $RESULT_FIXED

lines=$[ $( wc -l /etc/ssh/sshd_config | cut -d " " -f 1 ) - $line ]
cat /etc/ssh/sshd_config | tail -n $lines | grep -q "^\s*AuthorizedKeysCommand"

[[ $? -ne 0 ]] && exit $RESULT_FIXED


log_medium_risk "The options AuthorizedKeysCommand or AuthorizedKeysCommandUser were detected in the Match section."

echo "The options AuthorizedKeysCommand or AuthorizedKeysCommandUser were
detected in the Match section. They probably will not be accepted inside
this section. Check it. The bug will be patched in the future." >> solution.txt

exit $RESULT_FAIL

