#!/bin/sh

###
# Configuration
#
WRKDIR="${HOME}/.localapps"


###
# Global variables
#
SSHCONFIG="${WRKDIR}/ssh_config"


###
# Functions

#
# get_xhost
#
# Prints host where the xserver is running
#
function get_xhost {
	echo $DISPLAY | awk -F: '{print $1;}'
}

#
# prepare_ssh
#
# Makes sure that ssh can be run without any prompts, sets up public
# key authentication.
# Prints ssh configuration file to stdout (for use with ssh's -F)
#
function prepare_ssh {
	# First find out if we need to re-generate the configuration
	# That is the case when the configuration hasn't been updated
	# since logging in.
	

	# Ok, we need to rebuild the configuration
	if [ ! -d "${WRKDIR}" ]; then
		mkdir -p "${WRKDIR}"
	fi
	chmod 0700 "${WRKDIR}"

	KNOWNHOSTS="${WRKDIR}/ssh_known_hosts"
	SSHID="${WRKDIR}/ssh_id_dsa"
	# Make sure they'll really be new
	rm -f "${SSHCONFIG}" "${KNOWNHOSTS}" "${SSHID}" "${SSHID}.pub"

	# Ssh configuration
	(
		echo "# Auto-generated ssh configuration -- do not edit"
		echo "# This file is used for thin-client-local execution"
		echo "Protocol 2"
		echo "PubkeyAuthentication yes"
		echo "CheckHostIP no"
		echo "ForwardX11 no"
		echo "UserKnownHostsFile ${KNOWNHOSTS}"
		echo "IdentityFile ${SSHID}"
	) >"${SSHCONFIG}"

	# Generate new key pair
	ssh-keygen -q -t dsa -f "${SSHID}" -N '' \
	           -C 'Thin-client-local execution key'

	# Add/replace key for the host in the user's authorized-keys file
	mkdir -p "${HOME}/.ssh" && chmod 0700 "${HOME}/.ssh"
	AUTHKEYS="${HOME}/.ssh/authorized_keys"
	if [ ! -f "${AUTHKEYS}" ]; then
		touch "${AUTHKEYS}"
	fi
	cat "${AUTHKEYS}" | perl -ne '
		my $silent=0;
		while (<>) {
			/^# Thin-client-local execution key begin/ and $silent=1;
			print if not $silent;
			/^# Thin-client-local execution key end/ and $silent=0;
		}' >"${AUTHKEYS}" && (
			echo "# Thin-client-local execution key begin -- DO NOT REMOVE"
			cat "${SSHID}.pub"
			echo "# Thin-client-local execution key end -- DO NOT REMOVE"
		) >>"${AUTHKEYS}"
	rm -f "${SSHID}.pub"

	# Known host from ltsp server-config
	(
		. /etc/ltsp.conf
		RSAKEY=`cat "${LTSP_DIR}/i386/etc/ssh/ssh_host_rsa_key.pub"`
		HOST="`get_xhost`"
		echo "${HOST} ${RSAKEY}" >"${KNOWNHOSTS}"
	)
}


###
# Main program
#

if [ "$1" == "-prepare" ]; then
	# command line argument
	prepare_ssh
else
	if [ ! -d "${WRKDIR}" ]; then
		# on-the-fly: we need .localapps!
		prepare_ssh
	fi
  xhost +localhost >/dev/null
  ssh -F "${SSHCONFIG}" "`get_xhost`" /bin/sh -c \"DISPLAY=:0 $@\"
fi

# vim:ts=2:sw=2:noexpandtab:autoindent: