diff options
author | Damien Miller <djm@mindrot.org> | 2017-03-16 11:22:42 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-16 11:22:42 +1100 |
commit | 55a1117d7342a0bf8b793250cf314bab6b482b99 (patch) | |
tree | 8ea98643fec2c96cd27ed780ad53a4302044956a | |
parent | 1a321bfdb91defe3c4d9cca5651724ae167e5436 (diff) |
Adapt Cygwin config script to privsep knob removal
Patch from Corinna Vinschen.
-rw-r--r-- | contrib/cygwin/ssh-host-config | 43 |
1 files changed, 9 insertions, 34 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index d934d09b5..db6aaa08a 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -63,7 +63,6 @@ sshd_config_configured=no | |||
63 | port_number=22 | 63 | port_number=22 |
64 | service_name=sshd | 64 | service_name=sshd |
65 | strictmodes=yes | 65 | strictmodes=yes |
66 | privsep_used=yes | ||
67 | cygwin_value="" | 66 | cygwin_value="" |
68 | user_account= | 67 | user_account= |
69 | password_value= | 68 | password_value= |
@@ -140,33 +139,21 @@ sshd_strictmodes() { | |||
140 | 139 | ||
141 | # ====================================================================== | 140 | # ====================================================================== |
142 | # Routine: sshd_privsep | 141 | # Routine: sshd_privsep |
143 | # MODIFIES: privsep_used | 142 | # Try to create ssshd user account |
144 | # ====================================================================== | 143 | # ====================================================================== |
145 | sshd_privsep() { | 144 | sshd_privsep() { |
146 | local ret=0 | 145 | local ret=0 |
147 | 146 | ||
148 | if [ "${sshd_config_configured}" != "yes" ] | 147 | if [ "${sshd_config_configured}" != "yes" ] |
149 | then | 148 | then |
150 | echo | 149 | if ! csih_create_unprivileged_user sshd |
151 | csih_inform "Privilege separation is set to 'sandbox' by default since" | ||
152 | csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" | ||
153 | csih_inform "to 'yes' or 'no'." | ||
154 | csih_inform "However, using privilege separation requires a non-privileged account" | ||
155 | csih_inform "called 'sshd'." | ||
156 | csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." | ||
157 | if csih_request "Should privilege separation be used?" | ||
158 | then | 150 | then |
159 | privsep_used=yes | 151 | csih_error_recoverable "Could not create user 'sshd'!" |
160 | if ! csih_create_unprivileged_user sshd | 152 | csih_error_recoverable "You will not be able to run an sshd service" |
161 | then | 153 | csih_error_recoverable "under a privileged account successfully." |
162 | csih_error_recoverable "Couldn't create user 'sshd'!" | 154 | csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" |
163 | csih_error_recoverable "Privilege separation set to 'no' again!" | 155 | csih_error_recoverable "manually before trying to run the service!" |
164 | csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" | 156 | let ++ret |
165 | let ++ret | ||
166 | privsep_used=no | ||
167 | fi | ||
168 | else | ||
169 | privsep_used=no | ||
170 | fi | 157 | fi |
171 | fi | 158 | fi |
172 | return $ret | 159 | return $ret |
@@ -202,18 +189,6 @@ sshd_config_tweak() { | |||
202 | let ++ret | 189 | let ++ret |
203 | fi | 190 | fi |
204 | fi | 191 | fi |
205 | if [ "${sshd_config_configured}" != "yes" ] | ||
206 | then | ||
207 | /usr/bin/sed -i -e " | ||
208 | s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ | ||
209 | ${SYSCONFDIR}/sshd_config | ||
210 | if [ $? -ne 0 ] | ||
211 | then | ||
212 | csih_warning "Setting privilege separation failed!" | ||
213 | csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" | ||
214 | let ++ret | ||
215 | fi | ||
216 | fi | ||
217 | return $ret | 192 | return $ret |
218 | } # --- End of sshd_config_tweak --- # | 193 | } # --- End of sshd_config_tweak --- # |
219 | 194 | ||
@@ -693,7 +668,7 @@ then | |||
693 | fi | 668 | fi |
694 | fi | 669 | fi |
695 | 670 | ||
696 | # handle sshd_config (and privsep) | 671 | # handle sshd_config |
697 | csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt | 672 | csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt |
698 | if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 | 673 | if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 |
699 | then | 674 | then |