diff options
Diffstat (limited to 'contrib/cygwin/ssh-host-config')
| -rw-r--r-- | contrib/cygwin/ssh-host-config | 59 |
1 files changed, 40 insertions, 19 deletions
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 261020af3..a8572e2ac 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
| @@ -61,7 +61,7 @@ LOCALSTATEDIR=/var | |||
| 61 | 61 | ||
| 62 | sshd_config_configured=no | 62 | sshd_config_configured=no |
| 63 | port_number=22 | 63 | port_number=22 |
| 64 | service_name=sshd | 64 | service_name=cygsshd |
| 65 | strictmodes=yes | 65 | strictmodes=yes |
| 66 | cygwin_value="" | 66 | cygwin_value="" |
| 67 | user_account= | 67 | user_account= |
| @@ -307,7 +307,7 @@ check_service_files_ownership() { | |||
| 307 | 307 | ||
| 308 | if [ -z "${run_service_as}" ] | 308 | if [ -z "${run_service_as}" ] |
| 309 | then | 309 | then |
| 310 | accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | | 310 | accnt_name=$(/usr/bin/cygrunsrv -VQ "${service_name}" | |
| 311 | /usr/bin/sed -ne 's/^Account *: *//gp') | 311 | /usr/bin/sed -ne 's/^Account *: *//gp') |
| 312 | if [ "${accnt_name}" = "LocalSystem" ] | 312 | if [ "${accnt_name}" = "LocalSystem" ] |
| 313 | then | 313 | then |
| @@ -329,9 +329,9 @@ check_service_files_ownership() { | |||
| 329 | fi | 329 | fi |
| 330 | if [ -z "${run_service_as}" ] | 330 | if [ -z "${run_service_as}" ] |
| 331 | then | 331 | then |
| 332 | csih_warning "Couldn't determine name of user running sshd service from account database!" | 332 | csih_warning "Couldn't determine name of user running ${service_name} service from account database!" |
| 333 | csih_warning "As a result, this script cannot make sure that the files used" | 333 | csih_warning "As a result, this script cannot make sure that the files used" |
| 334 | csih_warning "by the sshd service belong to the user running the service." | 334 | csih_warning "by the ${service_name} service belong to the user running the service." |
| 335 | return 1 | 335 | return 1 |
| 336 | fi | 336 | fi |
| 337 | fi | 337 | fi |
| @@ -367,8 +367,8 @@ check_service_files_ownership() { | |||
| 367 | if [ $ret -ne 0 ] | 367 | if [ $ret -ne 0 ] |
| 368 | then | 368 | then |
| 369 | csih_warning "Couldn't change owner of important files to ${run_service_as}!" | 369 | csih_warning "Couldn't change owner of important files to ${run_service_as}!" |
| 370 | csih_warning "This may cause the sshd service to fail! Please make sure that" | 370 | csih_warning "This may cause the ${service_name} service to fail! Please make sure that" |
| 371 | csih_warning "you have suufficient permissions to change the ownership of files" | 371 | csih_warning "you have sufficient permissions to change the ownership of files" |
| 372 | csih_warning "and try to run the ssh-host-config script again." | 372 | csih_warning "and try to run the ssh-host-config script again." |
| 373 | fi | 373 | fi |
| 374 | return $ret | 374 | return $ret |
| @@ -394,14 +394,24 @@ install_service() { | |||
| 394 | then | 394 | then |
| 395 | csih_get_cygenv "${cygwin_value}" | 395 | csih_get_cygenv "${cygwin_value}" |
| 396 | 396 | ||
| 397 | if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) | 397 | if ( [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ] ) |
| 398 | then | 398 | then |
| 399 | csih_inform "On Windows Server 2003, Windows Vista, and above, the" | 399 | # Enforce using privileged user on 64 bit Vista or W7 under WOW64 |
| 400 | csih_inform "SYSTEM account cannot setuid to other users -- a capability" | 400 | is_wow64=$(/usr/bin/uname | /usr/bin/grep -q 'WOW' && echo 1 || echo 0) |
| 401 | csih_inform "sshd requires. You need to have or to create a privileged" | ||
| 402 | csih_inform "account. This script will help you do so." | ||
| 403 | echo | ||
| 404 | 401 | ||
| 402 | if ( csih_is_nt2003 && ! csih_is_windows8 && [ "${is_wow64}" = "1" ] ) | ||
| 403 | then | ||
| 404 | csih_inform "Running 32 bit Cygwin on 64 bit Windows Vista or Windows 7" | ||
| 405 | csih_inform "the SYSTEM account is not sufficient to setuid to a local" | ||
| 406 | csih_inform "user account. You need to have or to create a privileged" | ||
| 407 | csih_inform "account. This script will help you do so." | ||
| 408 | echo | ||
| 409 | csih_FORCE_PRIVILEGED_USER=yes | ||
| 410 | fi | ||
| 411 | fi | ||
| 412 | |||
| 413 | if ( [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) | ||
| 414 | then | ||
| 405 | [ "${opt_force}" = "yes" ] && opt_f=-f | 415 | [ "${opt_force}" = "yes" ] && opt_f=-f |
| 406 | [ -n "${user_account}" ] && opt_u="-u ""${user_account}""" | 416 | [ -n "${user_account}" ] && opt_u="-u ""${user_account}""" |
| 407 | csih_select_privileged_username ${opt_f} ${opt_u} sshd | 417 | csih_select_privileged_username ${opt_f} ${opt_u} sshd |
| @@ -412,11 +422,12 @@ install_service() { | |||
| 412 | csih_request "Do you want to proceed anyway?" || exit 1 | 422 | csih_request "Do you want to proceed anyway?" || exit 1 |
| 413 | let ++ret | 423 | let ++ret |
| 414 | fi | 424 | fi |
| 425 | # Never returns empty if NT or above | ||
| 426 | run_service_as=$(csih_service_should_run_as) | ||
| 427 | else | ||
| 428 | run_service_as="SYSTEM" | ||
| 415 | fi | 429 | fi |
| 416 | 430 | ||
| 417 | # Never returns empty if NT or above | ||
| 418 | run_service_as=$(csih_service_should_run_as) | ||
| 419 | |||
| 420 | if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] | 431 | if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ] |
| 421 | then | 432 | then |
| 422 | password="${csih_PRIVILEGED_PASSWORD}" | 433 | password="${csih_PRIVILEGED_PASSWORD}" |
| @@ -446,7 +457,7 @@ install_service() { | |||
| 446 | echo | 457 | echo |
| 447 | csih_inform "The sshd service has been installed under the LocalSystem" | 458 | csih_inform "The sshd service has been installed under the LocalSystem" |
| 448 | csih_inform "account (also known as SYSTEM). To start the service now, call" | 459 | csih_inform "account (also known as SYSTEM). To start the service now, call" |
| 449 | csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it" | 460 | csih_inform "\`net start ${service_name}' or \`cygrunsrv -S ${service_name}'. Otherwise, it" |
| 450 | csih_inform "will start automatically after the next reboot." | 461 | csih_inform "will start automatically after the next reboot." |
| 451 | fi | 462 | fi |
| 452 | else | 463 | else |
| @@ -669,14 +680,24 @@ then | |||
| 669 | fi | 680 | fi |
| 670 | 681 | ||
| 671 | # handle sshd_config | 682 | # handle sshd_config |
| 683 | # make sure not to change the existing file | ||
| 684 | mod_before="" | ||
| 685 | if [ -e "${SYSCONFDIR}/sshd_config" ] | ||
| 686 | then | ||
| 687 | mod_before=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:') | ||
| 688 | fi | ||
| 672 | csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt | 689 | csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt |
| 690 | mod_now=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:') | ||
| 673 | if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 | 691 | if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 |
| 674 | then | 692 | then |
| 675 | sshd_config_configured=yes | 693 | sshd_config_configured=yes |
| 676 | fi | 694 | fi |
| 677 | sshd_strictmodes || let warning_cnt+=$? | 695 | if [ "${mod_before}" != "${mod_now}" ] |
| 678 | sshd_privsep || let warning_cnt+=$? | 696 | then |
| 679 | sshd_config_tweak || let warning_cnt+=$? | 697 | sshd_strictmodes || let warning_cnt+=$? |
| 698 | sshd_config_tweak || let warning_cnt+=$? | ||
| 699 | fi | ||
| 700 | #sshd_privsep || let warning_cnt+=$? | ||
| 680 | update_services_file || let warning_cnt+=$? | 701 | update_services_file || let warning_cnt+=$? |
| 681 | update_inetd_conf || let warning_cnt+=$? | 702 | update_inetd_conf || let warning_cnt+=$? |
| 682 | install_service || let warning_cnt+=$? | 703 | install_service || let warning_cnt+=$? |