diff options
| author | Colin Watson <cjwatson@debian.org> | 2007-03-05 09:15:34 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2007-03-05 09:15:34 +0000 |
| commit | c5627b7bccd3e376e766678340bd445ab6520de2 (patch) | |
| tree | c6dcbc3bf0b60a2c065ccc724cb00dc84dea3860 /debian/ssh-krb5.postinst | |
| parent | 6dbc4c8a2aed0e2cf8c7549c480d7d632fe203d8 (diff) | |
* Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
(closes: #404863).
Diffstat (limited to 'debian/ssh-krb5.postinst')
| -rw-r--r-- | debian/ssh-krb5.postinst | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst index b1bea1e29..89ef8d86e 100644 --- a/debian/ssh-krb5.postinst +++ b/debian/ssh-krb5.postinst | |||
| @@ -14,27 +14,51 @@ if [ "$action" = configure ] ; then | |||
| 14 | fi | 14 | fi |
| 15 | fi | 15 | fi |
| 16 | 16 | ||
| 17 | if dpkg --compare-versions "$oldversion" ge 1:4.3p2-7 || \ | 17 | # Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI |
| 18 | grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then | 18 | # configuration, uncomment any commented-out configuration if present |
| 19 | # (this will catch the case of a fresh install of openssh-server). | ||
| 20 | # Otherwise, add configuration turning on GSSAPIAuthentication and | ||
| 21 | # GSSAPIKeyExchange. | ||
| 22 | # | ||
| 23 | # If there is some configuration, we may be upgrading from ssh-krb5. It | ||
| 24 | # enabled GSSAPIKeyExchange without any configuration option. Therefore, | ||
| 25 | # if it isn't explicitly set, always enable it for compatible behavior | ||
| 26 | # with ssh-krb5. | ||
| 27 | if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then | ||
| 19 | : | 28 | : |
| 20 | else | 29 | else |
| 21 | if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then | 30 | changed= |
| 22 | perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b/$1/i' \ | 31 | if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then |
| 23 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | 32 | if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then |
| 24 | chown --reference /etc/ssh/sshd_config \ | 33 | : |
| 25 | /etc/ssh/sshd_config.dpkg-new | 34 | else |
| 26 | chmod --reference /etc/ssh/sshd_config \ | 35 | changed=true |
| 27 | /etc/ssh/sshd_config.dpkg-new | 36 | cat >> /etc/ssh/sshd_config <<EOF |
| 28 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | 37 | |
| 38 | # GSSAPI key exchange (added by ssh-krb5 transitional package) | ||
| 39 | GSSAPIKeyExchange yes | ||
| 40 | EOF | ||
| 41 | fi | ||
| 29 | else | 42 | else |
| 30 | cat >> /etc/ssh/sshd_config <<EOF | 43 | changed=true |
| 44 | if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then | ||
| 45 | perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b/$1/i' \ | ||
| 46 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | ||
| 47 | chown --reference /etc/ssh/sshd_config \ | ||
| 48 | /etc/ssh/sshd_config.dpkg-new | ||
| 49 | chmod --reference /etc/ssh/sshd_config \ | ||
| 50 | /etc/ssh/sshd_config.dpkg-new | ||
| 51 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
| 52 | else | ||
| 53 | cat >> /etc/ssh/sshd_config <<EOF | ||
| 31 | 54 | ||
| 32 | # GSSAPI authentication | 55 | # GSSAPI authentication (added by ssh-krb5 transitional package) |
| 33 | GSSAPIAuthentication yes | 56 | GSSAPIAuthentication yes |
| 34 | GSSAPIKeyExchange yes | 57 | GSSAPIKeyExchange yes |
| 35 | EOF | 58 | EOF |
| 59 | fi | ||
| 36 | fi | 60 | fi |
| 37 | if [ -x /etc/init.d/ssh ] ; then | 61 | if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then |
| 38 | if [ -x /usr/sbin/invoke-rc.d ] ; then | 62 | if [ -x /usr/sbin/invoke-rc.d ] ; then |
| 39 | invoke-rc.d ssh restart | 63 | invoke-rc.d ssh restart |
| 40 | else | 64 | else |