summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2017-03-16 11:22:42 +1100
committerDamien Miller <djm@mindrot.org>2017-03-16 11:22:42 +1100
commit55a1117d7342a0bf8b793250cf314bab6b482b99 (patch)
tree8ea98643fec2c96cd27ed780ad53a4302044956a
parent1a321bfdb91defe3c4d9cca5651724ae167e5436 (diff)
Adapt Cygwin config script to privsep knob removal
Patch from Corinna Vinschen.
-rw-r--r--contrib/cygwin/ssh-host-config43
1 files changed, 9 insertions, 34 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index d934d09b5..db6aaa08a 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -63,7 +63,6 @@ sshd_config_configured=no
63port_number=22 63port_number=22
64service_name=sshd 64service_name=sshd
65strictmodes=yes 65strictmodes=yes
66privsep_used=yes
67cygwin_value="" 66cygwin_value=""
68user_account= 67user_account=
69password_value= 68password_value=
@@ -140,33 +139,21 @@ sshd_strictmodes() {
140 139
141# ====================================================================== 140# ======================================================================
142# Routine: sshd_privsep 141# Routine: sshd_privsep
143# MODIFIES: privsep_used 142# Try to create ssshd user account
144# ====================================================================== 143# ======================================================================
145sshd_privsep() { 144sshd_privsep() {
146 local ret=0 145 local ret=0
147 146
148 if [ "${sshd_config_configured}" != "yes" ] 147 if [ "${sshd_config_configured}" != "yes" ]
149 then 148 then
150 echo 149 if ! csih_create_unprivileged_user sshd
151 csih_inform "Privilege separation is set to 'sandbox' by default since"
152 csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
153 csih_inform "to 'yes' or 'no'."
154 csih_inform "However, using privilege separation requires a non-privileged account"
155 csih_inform "called 'sshd'."
156 csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
157 if csih_request "Should privilege separation be used?"
158 then 150 then
159 privsep_used=yes 151 csih_error_recoverable "Could not create user 'sshd'!"
160 if ! csih_create_unprivileged_user sshd 152 csih_error_recoverable "You will not be able to run an sshd service"
161 then 153 csih_error_recoverable "under a privileged account successfully."
162 csih_error_recoverable "Couldn't create user 'sshd'!" 154 csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
163 csih_error_recoverable "Privilege separation set to 'no' again!" 155 csih_error_recoverable "manually before trying to run the service!"
164 csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" 156 let ++ret
165 let ++ret
166 privsep_used=no
167 fi
168 else
169 privsep_used=no
170 fi 157 fi
171 fi 158 fi
172 return $ret 159 return $ret
@@ -202,18 +189,6 @@ sshd_config_tweak() {
202 let ++ret 189 let ++ret
203 fi 190 fi
204 fi 191 fi
205 if [ "${sshd_config_configured}" != "yes" ]
206 then
207 /usr/bin/sed -i -e "
208 s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
209 ${SYSCONFDIR}/sshd_config
210 if [ $? -ne 0 ]
211 then
212 csih_warning "Setting privilege separation failed!"
213 csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
214 let ++ret
215 fi
216 fi
217 return $ret 192 return $ret
218} # --- End of sshd_config_tweak --- # 193} # --- End of sshd_config_tweak --- #
219 194
@@ -693,7 +668,7 @@ then
693 fi 668 fi
694fi 669fi
695 670
696# handle sshd_config (and privsep) 671# handle sshd_config
697csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt 672csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
698if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 673if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
699then 674then