#!/bin/sh -e

action="$1"
oldversion="$2"

. /usr/share/debconf/confmodule
db_version 2.0

umask 022

if [ "$action" != configure ]
  then
  exit 0
fi


fix_rsh_diversion() {
# get rid of mistaken rsh diversion (circa 1.2.27-1)

	if [ -L /usr/bin/rsh ] &&
		dpkg-divert --list '/usr/bin/rsh.real/rsh' | grep -q ' ssh$' ; then
		for cmd in rlogin  rsh rcp ; do
			[ -L /usr/bin/$cmd ] && rm /usr/bin/$cmd
			dpkg-divert --package ssh --remove --rename \
				--divert /usr/bin/rsh.real/$cmd /usr/bin/$cmd

			[ -L /usr/man/man1/$cmd.1.gz ] && rm /usr/man/man1/$$cmd.1.gz
			dpkg-divert --package ssh --remove --rename \
				--divert /usr/man/man1/$cmd.real.1.gz /usr/man/man1/$cmd.1.gz
		done

		rmdir /usr/bin/rsh.real
	fi
}

create_alternatives() {
# Create alternatives for the various r* tools.
# Make sure we don't change existing alternatives that a user might have
# changed, but clean up after some old alternatives that mistakenly pointed
# rlogin and rcp to ssh.
	update-alternatives --quiet --remove rlogin /usr/bin/ssh
	update-alternatives --quiet --remove rcp /usr/bin/ssh
	for cmd in rsh rlogin rcp; do
		scmd="s${cmd#r}"
		if ! update-alternatives --display "$cmd" 2>/dev/null | \
				grep -q "$scmd"; then
			update-alternatives --quiet --install "/usr/bin/$cmd" "$cmd" "/usr/bin/$scmd" 20 \
				--slave "/usr/share/man/man1/$cmd.1.gz" "$cmd.1.gz" "/usr/share/man/man1/$scmd.1.gz"
		fi
	done
}

set_ssh_permissions() {
	if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then
	    if [ -x /usr/sbin/dpkg-statoverride ] ; then
		if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then
		    dpkg-statoverride --remove /usr/bin/ssh >/dev/null
		fi 
	    fi
	fi

	# libexecdir changed, so migrate old statoverrides.
	if [ -x /usr/sbin/dpkg-statoverride ] &&
	    override="$(dpkg-statoverride --list /usr/lib/ssh-keysign)"; then
		override_user="${override%% *}"
		override="${override#* }"
		override_group="${override%% *}"
		override="${override#* }"
		override_mode="${override%% *}"
		if dpkg-statoverride --update --add \
		    "$override_user" "$override_group" "$override_mode" \
		    /usr/lib/openssh/ssh-keysign; then
			dpkg-statoverride --remove /usr/lib/ssh-keysign || true
		fi
	fi
}

fix_ssh_group() {
	# Try to remove non-system group mistakenly created by 1:3.5p1-1.
	# set_ssh_agent_permissions() below will re-create it properly.
	if getent group ssh >/dev/null; then
		delgroup --quiet ssh || true
	fi
}

set_ssh_agent_permissions() {
	if ! getent group ssh >/dev/null; then
		addgroup --system --quiet ssh
	fi
	if ! [ -x /usr/sbin/dpkg-statoverride ] || \
	    ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null ; then
		chgrp ssh /usr/bin/ssh-agent
		chmod 2755 /usr/bin/ssh-agent
	fi
}

commit_transfer_conffile () {
	CONFFILE="$1"
	if [ -e "$CONFFILE.moved-by-preinst" ]; then
		rm -f "$CONFFILE.moved-by-preinst"
	fi
}


fix_rsh_diversion
create_alternatives
set_ssh_permissions
if [ "$2" = "1:3.5p1-1" ]; then
    fix_ssh_group
fi
set_ssh_agent_permissions
commit_transfer_conffile /etc/ssh/moduli
commit_transfer_conffile /etc/ssh/ssh_config

exit 0