2 files changed, 43 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 28c0a91b2..2b0b61a26 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@
     EVP_CIPH_CUSTOM_IV for our own rijndael
 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
   dtucker@zip.com.au plus a a more KNF since I am near it.
+ - (bal) Privsep user creation support in Solaris buildpkg.sh by 
+   dtucker@zip.com.au
 20020714
 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
@@ -1372,4 +1374,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2369 2002/07/15 17:58:34 mouring Exp $
+$Id: ChangeLog,v 1.2370 2002/07/15 18:49:20 mouring Exp $
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
index 426db1f6a..def325b87 100755
--- a/contrib/solaris/buildpkg.sh
+++ b/contrib/solaris/buildpkg.sh
@@ -98,6 +98,19 @@ do
        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
 done
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+        SSH_PRIVSEP_USER=sshd
+fi
 ## Extract common info requires for the 'info' part of the package.
 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
@@ -214,6 +227,33 @@ fi
 installf -f ${PKGNAME}
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+        echo "or group."
+else
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        # create group if required
+        if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                groupadd $SSH_PRIVSEP_USER
+        fi
+        # Create user if required
+        if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+                passwd -l $SSH_PRIVSEP_USER
+        fi
+fi
 [ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
 exit 0
 _EOF

diff --git a/ChangeLog b/ChangeLog index 28c0a91b2..2b0b61a26 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -8,6 +8,8 @@
8	EVP_CIPH_CUSTOM_IV for our own rijndael	8	EVP_CIPH_CUSTOM_IV for our own rijndael
9	- (bal) Remove unused tty defined in do_setusercontext() pointed out by	9	- (bal) Remove unused tty defined in do_setusercontext() pointed out by
10	dtucker@zip.com.au plus a a more KNF since I am near it.	10	dtucker@zip.com.au plus a a more KNF since I am near it.
		11	- (bal) Privsep user creation support in Solaris buildpkg.sh by
		12	dtucker@zip.com.au
11		13
12	20020714	14	20020714
13	- (tim) [Makefile.in] replace "id sshd" with "sshd -t"	15	- (tim) [Makefile.in] replace "id sshd" with "sshd -t"
@@ -1372,4 +1374,4 @@
1372	- (stevesk) entropy.c: typo in debug message	1374	- (stevesk) entropy.c: typo in debug message
1373	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	1375	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
1374		1376
1375	$Id: ChangeLog,v 1.2369 2002/07/15 17:58:34 mouring Exp $	1377	$Id: ChangeLog,v 1.2370 2002/07/15 18:49:20 mouring Exp $


diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index 426db1f6a..def325b87 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh
@@ -98,6 +98,19 @@ do
98	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`	98	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`
99	done	99	done
100		100
		101
		102	## Collect value of privsep user
		103	for confvar in SSH_PRIVSEP_USER
		104	do
		105	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
		106	done
		107
		108	## Set privsep defaults if not defined
		109	if [ -z "$SSH_PRIVSEP_USER" ]
		110	then
		111	SSH_PRIVSEP_USER=sshd
		112	fi
		113
101	## Extract common info requires for the 'info' part of the package.	114	## Extract common info requires for the 'info' part of the package.
102	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//'`	115	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//'`
103		116
@@ -214,6 +227,33 @@ fi
214		227
215	installf -f ${PKGNAME}	228	installf -f ${PKGNAME}
216		229
		230	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
		231	then
		232	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
		233	echo "or group."
		234	else
		235	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
		236
		237	# create group if required
		238	if cut -f1 -d: /etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
		239	then
		240	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
		241	else
		242	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
		243	groupadd $SSH_PRIVSEP_USER
		244	fi
		245
		246	# Create user if required
		247	if cut -f1 -d: /etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
		248	then
		249	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
		250	else
		251	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
		252	useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
		253	passwd -l $SSH_PRIVSEP_USER
		254	fi
		255	fi
		256
217	[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start	257	[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
218	exit 0	258	exit 0
219	_EOF	259	_EOF