#! /bin/sh
set -e

. /usr/share/debconf/confmodule
db_version 2.0

get_config_option() {
	option="$1"

	[ -f /etc/ssh/sshd_config ] || return

	# TODO: actually only one '=' allowed after option
	perl -lne '
		s/[[:space:]]+/ /g; s/[[:space:]]+$//;
		print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
	   /etc/ssh/sshd_config 2>/dev/null
}

permit_root_login="$(get_config_option PermitRootLogin)" || true
password_authentication="$(get_config_option PasswordAuthentication)" || true
if [ -f /etc/ssh/sshd_config ]; then
	# Make sure the debconf database is in sync with the current state
	# of the system.
	if [ "$permit_root_login" = yes ]; then
		db_set openssh-server/permit-root-login false
	else
		db_set openssh-server/permit-root-login true
	fi
	if [ "$password_authentication" = no ]; then
		db_set openssh-server/password-authentication false
	else
		db_set openssh-server/password-authentication true
	fi
fi

if dpkg --compare-versions "$2" lt-nl 1:6.6p1-1 && \
   [ "$permit_root_login" = yes ]; then
	if [ "$(getent shadow root | cut -d: -f2)" = "!" ]; then
		db_set openssh-server/permit-root-login true
	else
		db_input high openssh-server/permit-root-login || true
		db_go
	fi
fi

exit 0