#!/bin/bash

# Coypright (c) 2004-2005 by Fabian Franz <freenx@fabian-franz.de>.
#                    2005 by Jon Severinsson <jonno@users.berlios.de>.
#
# License: GNU GPL, version 2
#
# SVN: $Id: nxsetup 512 2008-03-10 23:01:03Z fabianx $ 
#

HELP="no"
INSTALL="no"
SETUP_NOMACHINE_KEY="no"
SETUP_UID=""
SETUP_GID=""
LOCAL_USER_OPTION=""
# luseradd / luserdel are only available on RedHat
[ -f /etc/redhat-release ] && LOCAL_USER_OPTION="yes"
SETUP_LOCAL_USER="no"
CLEAN="no"
UNINSTALL="no"
PURGE="no"
SETUP_SSH2_KEY="no"
BUILD_KNOWN_HOSTS="yes"
AUTOMATIC="no"
IGNORE_ERRORS="no"

if [ $UID -ne 0 ]
then
	echo "You need to be root to use this program." 
	exit 1
fi

parse_cmdline()
{
	while [ "$1" ]
	do
		case "$1" in
			--help) HELP="yes"; shift ;;
			--install) INSTALL="yes"; shift ;;
			--ignore-errors) IGNORE_ERRORS="yes"; shift;;
			--setup-nomachine-key) SETUP_NOMACHINE_KEY="yes"; shift ;;
			--ssh2) SETUP_SSH2_KEY="yes"; shift;;
			--dont-build-known-hosts) BUILD_KNOWN_HOSTS="no"; shift;;
			--uid) SETUP_UID=$2; shift 2 ;;
			--gid) SETUP_GID=$2; shift 2 ;;
			--localuser) SETUP_LOCAL_USER="yes"; shift;;
			--clean) CLEAN="yes"; shift ;;
			--uninstall) UNINSTALL="yes"; shift ;;
			--purge) PURGE="yes"; shift ;;
			--auto) AUTOMATIC="yes"; shift ;;
			--override) OVERRIDE="yes"; shift ;;
			--test) TEST="yes"; shift ;;
			--) shift ; break ;;
			*) echo "Invalid flag $1" ; HELP="yes"; shift ; break ;;
		esac
	done

	[ "$TEST" = "yes" ] && return         # If we just test, we can return directly

	#Check for invalid combinations:
	[ "$SETUP_LOCAL_USER" = "yes" -a -z "$LOCAL_USER_OPTION" ] && HELP="yes"
	[ "$INSTALL" = "yes" -a "$UNINSTALL" = "yes" ] && HELP="yes"
	[ "$INSTALL" = "yes" -a "$CLEAN" = "no" -a "$PURGE" = "yes" ] && HELP="yes"
	[ "$UNINSTALL" = "yes" ] && [ "$SETUP_NOMACHINE_KEY" = "yes" -o -n "$SETUP_UID" -o "$CLEAN" = "yes" ] && HELP="yes"
	[ "$UNINSTALL" = "yes" -a "$CLEAN" = "yes" ] && HELP="yes"
	[ "$SETUP_SSH2_KEY" = "yes" -a "$SETUP_NOMACHINE_KEY" = "no" ] && HELP="yes"

	if [ "$INSTALL" = "no" -a "$UNINSTALL" = "no" -a "$AUTOMATIC" = "no" -a "$HELP" = "no" -a "$OVERRIDE" = "yes" ]
	then
		echo "------> You did select no action."
		echo "        FreeNX guesses that you want to _install_ the server."
		echo "        Type \"y\" to abort the installation at this point in time."
		echo "        \"N\" is the default and continues installation."
		echo "        Use \"${0} --help\" to get more detailed help hints."
		echo ""
		echo -n " Do you want to abort now? [y/N] "
		read -n 1 CHOICE
		echo
		[ "$CHOICE" = "y" ] || INSTALL="yes"
	fi

	[ "$INSTALL" = "no" -a "$UNINSTALL" = "no" ] && HELP="yes"

	if [ "$OVERRIDE" = "no" ]
	then
		echo "Your FreeNX server was already setup and configured by the RPM."
		echo
		echo "You should only need to copy the client.id_dsa.key from /etc/nxserver to your client,"
		echo "then properly import the key into the client setup. Only proceed with nxsetup if you"
		echo "know exactly what you are doing."
		echo
		echo "To bypass this message, add the following to the nxsetup arguments:"
		echo "  --override"
		echo
		exit 0
	fi

	if [ "$HELP" = "yes" ]
	then
		echo "nxsetup - Setup the FreeNX server."
		echo "Syntax: nxsetup --help"
		echo "        nxsetup --test [--ignore-errors]"
		echo "        nxsetup --install [--setup-nomachine-key] [--uid <nummber>] [--clean [--purge]]"
		echo "        nxsetup --uninstall [--purge]"
		echo
		echo "  --help                 Display this help message."
		echo "  --test                 Test the configuration and connection to localhost NX Server."
		echo "  --install              Install necessary files and add the special user \"nx\"."
		echo "  --ignore-errors        Check for false configuration, but don't complain."
		echo "  --setup-nomachine-key  Allow login with the key shipped with the NoMachine"
		echo "                         client. This is fairly secure, and it simplifies the "
		echo "                         configuration of clients. (Using a custom key pair."
		echo "                         increases security even more, but complicates the"
		echo "                         configuration of clients.)"
		echo "                         Use this option at your own risk."
		echo "  --ssh2                 Create additionally commercial pubkey-support; beware:"
		echo "                         own _commercial_ ssh2-key is not supported!"
		echo "  --uid <number>         Give the uid <number> to the user \"nx\"."
		echo "  --gid <number>         Give the gid <number> to the user \"nx\"."
		[ -n "$LOCAL_USER_OPTION" ] && \
		echo "  --localuser            The special user \"nx\" will be created locally using"
		echo "                         \"luseradd\", for use in NIS and NISplus environments."
		echo "  --clean                Perform an uninstallation prior to installation."
		echo "  --uninstall            Remove log and session files, as well as the special"
		echo "                         user \"nx\"."
		echo "  --purge                Remove extra configuration files and ssh keys when"
		echo "                         performing a \"--uninstall\"."
		echo "                         Note that node.conf will always be saved."
		echo "  --auto                 Perform automatic installation without testing or asking."
		exit 0
	fi
	#Undocumented
	#
	#    --dont-build-known-hosts		For system without /etc/ssh/ssh_host_key.rsa.pub and anyway
	#					expect should handle nx-users known-hosts keys so why borther
	#					in nxsetup?

	if [ "$INSTALL" = "yes" -a "$AUTOMATIC" = "no" -a "$SETUP_NOMACHINE_KEY" = "no" ]
	then
		echo "------> It is recommended that you use the NoMachine key for"
		echo "        easier setup. If you answer \"y\", FreeNX creates a custom"
		echo "        KeyPair and expects you to setup your clients manually. "
		echo "        \"N\" is default and uses the NoMachine key for installation."
		echo ""
		echo -n " Do you want to use your own custom KeyPair? [y/N] "
		read -n 1 CHOICE
		[ "$CHOICE" = "y" ] || SETUP_NOMACHINE_KEY="yes"
	fi
}

parse_cmdline "$@"

# Read the config file
. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --

run_nscd()
{
	if [ -f /var/run/nscd/nscd.pid ]
	then
		nscd "$@" 2>/dev/null || true
	fi
}

nx_user_exists()
{
	if [ "$SETUP_LOCAL_USER" = "yes" ]
	then
		egrep "^nx:" /etc/passwd >/dev/null
	else
		getent passwd nx >/dev/null
	fi
}	
nx_group_exists()
{
	# useradd/adduser need a valid group to add the user to
	if [ "$SETUP_LOCAL_USER" = "yes" ]
	then
		egrep "^nx:" /etc/group >/dev/null
	else
		getent group nx >/dev/null
	fi
}	

# Tries to add a system user
useradd_nx()
{
	# In any case create the basedir of the HOME directory before, 
	# because useradd will fail to make more than one directory
	mkdir -p $(dirname "$NX_HOME_DIR")

	# Is it a debian?
	if [ -f /etc/debian_version -a -z "$SETUP_UID" ]
	then
		USERADD_OPTIONS="--ingroup nx --system --home $NX_HOME_DIR --shell $PATH_BIN/nxserver"
		[ -n "$SETUP_GID" ] && GROUPADD_OPTIONS="--gid $SETUP_GID"

		# adduser needs a valid group to add the user to
		! nx_group_exists && addgroup --system --quiet $GROUPADD_OPTIONS nx
		[ -f /etc/nscd.conf ] && { run_nscd --invalidate group; }

		adduser $USERADD_OPTIONS nx
		[ -f /etc/nscd.conf ] && { run_nscd --invalidate passwd; }
		
	# no, its a "normal" useradd
	else
		USERADD_OPTIONS="-g nx -d $NX_HOME_DIR -s $PATH_BIN/nxserver"
		[ -n "$SETUP_GID" ] && GROUPADD_OPTIONS="-g $SETUP_GID"

		# uid specified?
		if [ -n "$SETUP_UID" ]
		then
			USERADD_OPTIONS="-u $SETUP_UID $USERADD_OPTIONS"
		
		# Is it a SuSE?
		elif [ -f /etc/SuSE-release ]
		then
			USERADD_OPTIONS="-r $USERADD_OPTIONS"
		fi
		
		if [ "$SETUP_LOCAL_USER" = "yes" ]
		then
			! nx_group_exists && lgroupadd $GROUPADD_OPTIONS nx 
			[ -f /etc/nscd.conf ] && { run_nscd --invalidate group; }

			luseradd $USERADD_OPTIONS nx
			[ -f /etc/nscd.conf ] && { run_nscd --invalidate passwd; }
		else
			! nx_group_exists && groupadd $GROUPADD_OPTIONS nx
			[ -f /etc/nscd.conf ] && { run_nscd --invalidate group; }

			useradd $USERADD_OPTIONS nx
			[ -f /etc/nscd.conf ] && { run_nscd --invalidate passwd; }
		fi

		
	fi

	# the nx user account might be locked, so unlock it.
	passwd -u -f nx
}

install_nx()
{
	set -e
	
	if [ "$(pidof sshd 2>/dev/null)" = "" ]
	then 
		echo -n "Starting ssh service ..."
		# Generate Host keys if they are not available, yet
		[ -e /etc/ssh/ssh_host_rsa_key ] || $COMMAND_SSH_KEYGEN -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
		[ -e /etc/ssh/ssh_host_dsa_key ] || $COMMAND_SSH_KEYGEN -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N ''
		[ -x /etc/init.d/sshd ] && /etc/init.d/sshd start
		[ -x /etc/init.d/ssh ] && /etc/init.d/ssh start
		echo "done"
	fi
	
	echo -n "Setting up $NX_ETC_DIR ..."
	mkdir -p $NX_ETC_DIR
	touch $NX_ETC_DIR/passwords $NX_ETC_DIR/passwords.orig
	chmod 600 $NX_ETC_DIR/passwords $NX_ETC_DIR/passwords.orig
	echo "done"
	
	if [ ! -f $NX_ETC_DIR/users.id_dsa ]
	then
		$COMMAND_SSH_KEYGEN -f $NX_ETC_DIR/users.id_dsa -t dsa -N ""
	fi
	
	echo -n "Setting up $NX_SESS_DIR ..."
	mkdir -p $NX_SESS_DIR/closed $NX_SESS_DIR/running $NX_SESS_DIR/failed
	chmod 700 $NX_SESS_DIR/*
	echo "done"
	
	echo -n "Setting up $NX_LOGFILE ..."
	mkdir -p $(dirname "$NX_LOGFILE")
	touch "$NX_LOGFILE"
	chmod 600 "$NX_LOGFILE"
	echo "done"
	
	if ! nx_user_exists
	then
		echo -n "Setting up special user \"nx\" ..."
		useradd_nx
		echo "done"
	fi
	
	if [ "$ENABLE_USESSION" = "1" ]
	then
		echo -n "Adding user \"nx\" to group \"utmp\" ..."
		usermod -G utmp nx
		echo "done"
	fi
	
	if [ "$ENABLE_NOMACHINE_FORWARD_PORT" = "1" -a -x "$NOMACHINE_SERVER" ]
	then
		echo -n "Setting up NoMachine forwarding ..."
		usermod -s "$PATH_BIN/nxserver" -d "$NOMACHINE_NX_HOME_DIR" nx
		echo "done"
	fi
	
	echo -n "Setting up known_hosts and $SSH_AUTHORIZED_KEYS ..."
	
	SETUP_NX_KEY="no"
	
	mkdir -p $NX_HOME_DIR/.ssh
	chmod 700 $NX_HOME_DIR/ $NX_HOME_DIR/.ssh
	
	if [ ! -f $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS -o "$SETUP_NOMACHINE_KEY" = "yes" ]
	then
		SETUP_NX_KEY="yes"
		if [ "$SETUP_NOMACHINE_KEY" = "yes" ]
		then
			cat << EOF >$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS
no-port-forwarding,no-agent-forwarding,command="$PATH_BIN/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno
EOF
			chmod 600 $NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS
			cat << EOF >$NX_HOME_DIR/.ssh/client.id_dsa.key
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCXv9AzQXjxvXWC1qu3CdEqskX9YomTfyG865gb4D02ZwWuRU/9
C3I9/bEWLdaWgJYXIcFJsMCIkmWjjeSZyTmeoypI1iLifTHUxn3b7WNWi8AzKcVF
aBsBGiljsop9NiD1mEpA0G+nHHrhvTXz7pUvYrsrXcdMyM6rxqn77nbbnwIVALCi
xFdHZADw5KAVZI7r6QatEkqLAoGBAI4L1TQGFkq5xQ/nIIciW8setAAIyrcWdK/z
5/ZPeELdq70KDJxoLf81NL/8uIc4PoNyTRJjtT3R4f8Az1TsZWeh2+ReCEJxDWgG
fbk2YhRqoQTtXPFsI4qvzBWct42WonWqyyb1bPBHk+JmXFscJu5yFQ+JUVNsENpY
+Gkz3HqTAoGANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfa
QU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3
mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8CFDIm1xRf
8xAPsSKs6yZ6j1FNklfu
-----END DSA PRIVATE KEY-----
EOF
			chmod 600 $NX_HOME_DIR/.ssh/client.id_dsa.key
		else
			# generate a new key, backup the old and copy it to $SSH_AUTHORIZED_KEYS
			$PATH_BIN/nxkeygen
		fi
	fi

	# commercial ssh2-server uses other authentification-files
	# as they are more or less static, I don't integrated these variable
	# in node.conf, you have to change them here, if you like
	SSH2_AUTHORIZATION="authorization"
	SSH2_PUBKEY="nx_user.id.pub"
	SSH2_HOME_DIR="$NX_HOME_DIR/.ssh2"
	if [ ! -f "${SSH2_HOME_DIR}/$SSH2_PUBKEY" -a "$SETUP_SSH2_KEY" = "yes" -a "$SETUP_NOMACHINE_KEY" = "yes" ]
	then
		mkdir -p $SSH2_HOME_DIR
		chmod 700 $SSH2_HOME_DIR
		
		cat >  ${SSH2_HOME_DIR}/$SSH2_PUBKEY <<EOF
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted from OpenSSH by root@localhost"
AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/
0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEa
KWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8O
SgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoM
nGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq
/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+
3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHT
NGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK
/SI7cjzA+SqNfD7qEo8=
---- END SSH2 PUBLIC KEY ----
EOF
		echo "Key $SSH2_PUBKEY" >> ${SSH2_HOME_DIR}/$SSH2_AUTHORIZATION
		echo "Options no-port-forwarding,no-agent-forwarding,command=\"$PATH_BIN/nxserver\"" >> ${SSH2_HOME_DIR}/$SSH2_AUTHORIZATION
		chmod 600 ${SSH2_HOME_DIR}/$SSH2_AUTHORIZATION ${SSH2_HOME_DIR}/$SSH2_PUBKEY
	fi
	
	if [ ! -f $NX_HOME_DIR/.ssh/known_hosts -a "$BUILD_KNOWN_HOSTS" = "yes" ]
	then
		echo -n "127.0.0.1 " > $NX_HOME_DIR/.ssh/known_hosts
		cat /etc/ssh/ssh_host_rsa_key.pub >> $NX_HOME_DIR/.ssh/known_hosts
	fi
	
	echo "done"
	
	echo -n "Setting up permissions ..."
	chown -R nx:root $NX_SESS_DIR
	chown -R nx:root $NX_ETC_DIR
	chown -R nx:root $NX_HOME_DIR
	chown nx:root "$NX_LOGFILE"

	echo "done"

	if [ -d "$CUPS_BACKEND" ]
	then
		echo -n "Setting up cups nxipp backend ..."
		cp -af "$CUPS_BACKEND/ipp" "$CUPS_IPP_BACKEND"
		chmod 755 "$CUPS_IPP_BACKEND"
		echo "done"
	fi
}

test_nx()
{
	echo ""
	echo "----> Testing your nxserver configuration ..."
	[ "$IGNORE_ERRORS" = "yes" ] && NO_ERRORS="--ignore-errors"
	. $(PATH=$(cd $(dirname $0) && pwd):$PATH which nxloadconfig) --check $NO_ERRORS
	echo "<---- done"
	echo ""
	echo "----> Testing your nxserver connection ..."
	
	CONNECTION=""
	while read -t 3 line
	do
		echo $line
		
		case "$line" in
			*"HELLO NXSERVER - Version $NX_VERSION"*)
				CONNECTION="yes"
			;;
			*"HELLO NXSERVER - Version"*)
				echo "Warning: Version mismatch. Expected $NX_VERSION got: $line."
				CONNECTION="yes"
			;;
			*"NX> 999 Bye"*)
				break;
			;;
		esac

	done < <(NODE_PUBLICKEY="$NX_HOME_DIR/.ssh/client.id_dsa.key" $PATH_BIN/nxnode-login test-nx nx "$SSHD_PORT" nxserver --check)

	if [ -z "$CONNECTION" ]
	then
		echo "Fatal error: Could not connect to NX Server."
		echo 
		echo "Please check your ssh setup:"
		echo ""
		echo "The following are _examples_ of what you might need to check."
		echo ""
		echo "	- Make sure \"nx\" is one of the AllowUsers in sshd_config."
		echo "    (or that the line is outcommented/not there)"
		echo "	- Make sure \"nx\" is one of the AllowGroups in sshd_config."
		echo "    (or that the line is outcommented/not there)"
		echo "	- Make sure your sshd allows public key authentication."
		echo "	- Make sure your sshd is really running on port $SSHD_PORT."
		echo "	- Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to $SSH_AUTHORIZED_KEYS."
		echo "    (this should be a filename not a pathname+filename)"
		echo "  - Make sure you allow ssh on localhost, this could come from some"
		echo "    restriction of:"
		echo "      -the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost"
		echo "      -the iptables. add to it:"
		echo "         $ iptables -A INPUT  -i lo -j ACCEPT"
		echo "         $ iptables -A OUTPUT -o lo -j ACCEPT"
		exit 1
	fi
	echo "<--- done"
	echo ""
}

uninstall_nx() 
{
	if nx_user_exists
	then
		echo -n "Removing special user \"nx\" ..."
		
		if [ "$SETUP_LOCAL_USER" = "yes" ]
		then
			luserdel nx
		else
			userdel nx
		fi
			
		echo "done"
	fi
	
	if [ -e "$NX_SESS_DIR" ]
	then
		echo -n "Removing session database ..."
		rm -f -r $NX_SESS_DIR/closed $NX_SESS_DIR/running $NX_SESS_DIR/failed 2>/dev/null
		rmdir -p $NX_SESS_DIR 2>/dev/null
		echo "done"
	fi
	
	if [ -e "$NX_LOGFILE" ] 
	then
		echo -n "Removing logfile ..."
		rm -f "$NX_LOGFILE" 2>/dev/null
		rmdir -p $(dirname "$NX_LOGFILE") 2>/dev/null
		echo "done"
	fi
	
	if [ "$PURGE" = "yes" -a -e "$NX_HOME_DIR" ]
	then
		echo -n "Removing home directory of special user \"nx\" ..."
		rm -f -r "$NX_HOME_DIR" 2>/dev/null
		rmdir -p $(dirname "$NX_HOME_DIR") 2>/dev/null
		echo "done"
	fi
	
	if [ "$PURGE" = "yes" -a -e "$NX_ETC_DIR" ]
	then
		echo -n "Removing configuration files ..."
		rm -f "$NX_ETC_DIR/passwords" "$NX_ETC_DIR/passwords.orig" "$NX_ETC_DIR/users.id_dsa" "$NX_ETC_DIR/users.id_dsa.pub" 2>/dev/null
		for i in `ls $NX_ETC_DIR/*.node.conf 2>/dev/null` ;
		do
			rm -f "$i" 2>/dev/null;
		done
		echo "done"
	fi
}

if [ "$TEST" = "yes" ]
then
	test_nx
	exit 0
fi

if [ "$INSTALL" = "yes" ]
then
	#Perform cleanup?
	[ "$CLEAN" = "yes" ] && uninstall_nx
	
	[ -f /etc/nscd.conf ] && { run_nscd --invalidate passwd; run_nscd --invalidate group; }
	install_nx

	[ "$AUTOMATIC" = "no" ] && test_nx
	
	echo "Ok, nxserver is ready."
	echo 
	if [ "$ENABLE_SSH_AUTHENTICATION" = "1" -o "$ENABLE_SU_AUTHENTICATION" = "1" ]
	then
		echo "PAM authentication enabled:"
		if [ "$ENABLE_USER_DB" = "1" ]
		then
			echo "  Users will be able to login with their normal passwords,"
			echo "  but they have to be registered in the NX database to do so."
			echo "  To add new users to the NX user database do:"
			echo "    nxserver --adduser <username>"
		else
			echo "  All users will be able to login with their normal passwords."
		fi
		echo
		if [ "$ENABLE_SSH_AUTHENTICATION" = "1" -a "$ENABLE_SU_AUTHENTICATION" = "1" ]
		then
			echo "  Both SSH and SU authentication is enabled."
			echo "  This does work, but is redundant."
			echo "  Please check if this is really what you intended."
		elif [ "$ENABLE_SSH_AUTHENTICATION" = "1" ]
		then
			echo "  PAM authentication will be done through SSH."
			echo "  Please ensure that SSHD on localhost accepts password authentication."
		else
			echo "  PAM authentication will be done through SU."
			echo "  Please ensure that the user "nx" is a member of the wheel group."
		fi
	else
		echo "PAM authentication disabled."
		echo "  Only users in the NX user database will be able to log in."
		echo
		echo "  To add new users to the NX user database do:"
		echo "    nxserver --adduser <username>"
		echo "  Afterwards change the password with:"
		echo "    nxserver --passwd <username>"
	fi
	echo
	echo "  You can change this behaviour in the $NX_ETC_DIR/node.conf file."
	
	if [ "$SETUP_NOMACHINE_KEY" = "no" -a "$SETUP_NX_KEY" = "yes" ]
	then
		echo
		echo "Warning: Clients will not be able to login to this server with the standard key."
		echo "         Please replace /usr/NX/share/client.id_dsa.key on all clients you want"
		echo "         to use with $NX_HOME_DIR/.ssh/client.id_dsa.key"
		echo "         and protect it accordingly."
		echo ""
		echo "         Since 1.5.0 you need to import the correct key via the GUI."
		echo
		echo "         If you really want to use the NoMachine key please remove"
		echo "         '$NX_HOME_DIR/.ssh/$SSH_AUTHORIZED_KEYS'"
		echo "         and then run this script with the --setup-nomachine-key parameter."
	fi
	
	echo "Have Fun!"
elif [ "$UNINSTALL" = "yes" ]
then
	uninstall_nx
	
	echo "Ok, nxserver is uninstalled"
	echo 
	if [ "$PURGE" = "yes" ]
	then
		echo "To complete the uninstallation process, remove the FreeNX scripts in $PATH_BIN"
		echo "and the $NX_ETC_DIR/node.conf configuration file."
	else
		echo "To complete the uninstallation process, remove the FreeNX scripts in $PATH_BIN"
		echo
		echo "Configuration files and ssh keys are saved in case you would like to reinstall"
		echo "freenx at a later time. To remove them, please run 'nxsetup --uninstall --purge'"
	fi
fi
