1 files changed, 237 insertions, 177 deletions
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 9482efe9e..f210bd556 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,52 +1,235 @@
-#!/bin/sh
+#!/bin/bash
 #
 # ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+# Subdirectory where the new package is being installed
+PREFIX=/usr
 # Directory where the config files are stored
 SYSCONFDIR=/etc
-progname=$0
+source ${CSIH_SCRIPT}
-auto_answer=""
 auto_passphrase="no"
 passphrase=""
+pwdhome=
+with_passphrase=
+# ======================================================================
+# Routine: create_ssh1_identity
+#   optionally create ~/.ssh/identity[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh1_identity() {
+  if [ ! -f "${pwdhome}/.ssh/identity" ]
+  then
+    if csih_request "Shall I create an SSH1 RSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/identity"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+      else
+        ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_ssh1_identity
+# ======================================================================
+# Routine: create_ssh2_rsa_identity
+#   optionally create ~/.ssh/id_rsa[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_rsa_identity() {
+  if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+  then
+    if csih_request "Shall I create an SSH2 RSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+      else
+        ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh2_rsa_identity() === #
+readonly -f create_ssh2_rsa_identity
+# ======================================================================
+# Routine: create_ssh2_dsa_identity
+#   optionally create ~/.ssh/id_dsa[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_dsa_identity() {
+  if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+  then
+    if csih_request "Shall I create an SSH2 DSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+      else
+        ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh2_dsa_identity() === #
+readonly -f create_ssh2_dsa_identity
+# ======================================================================
+# Routine: check_user_homedir
+#   Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+#   pwdhome
+# ======================================================================
+check_user_homedir() {
+  local uid=$(id -u)
+  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+  if [ "X${pwdhome}" = "X" ]
+  then
+    csih_error_multiline \
+      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+      'Setting $HOME is not sufficient!'
+  fi
+  
+  if [ ! -d "${pwdhome}" ]
+  then
+    csih_error_multiline \
+      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+      'but it is not a valid directory. Cannot create user identity files.'
+  fi
+  
+  # If home is the root dir, set home to empty string to avoid error messages
+  # in subsequent parts of that script.
+  if [ "X${pwdhome}" = "X/" ]
+  then
+    # But first raise a warning!
+    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+    if csih_request "Would you like to proceed anyway?"
+    then
+      pwdhome=''
+    else
+      csih_warning "Exiting. Configuration is not complete"
+      exit 1
+    fi
+  fi
+  
+  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+  then
+    echo
+    csih_warning 'group and other have been revoked write permission to your home'
+    csih_warning "directory ${pwdhome}."
+    csih_warning 'This is required by OpenSSH to allow public key authentication using'
+    csih_warning 'the key files stored in your .ssh subdirectory.'
+    csih_warning 'Revert this change ONLY if you know what you are doing!'
+    echo
+  fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
-request()
+# ======================================================================
-{
+# Routine: check_user_dot_ssh_dir
-  if [ "${auto_answer}" = "yes" ]
+#   Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+#   pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
  then
-    return 0
+    csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
-  elif [ "${auto_answer}" = "no" ]
+  fi
+  
+  if [ ! -e "${pwdhome}/.ssh" ]
  then
-    return 1
+    mkdir "${pwdhome}/.ssh"
+    if [ ! -e "${pwdhome}/.ssh" ]
+    then
+      csih_error "Creating users ${pwdhome}/.ssh directory failed"
+    fi
  fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
-  answer=""
+# ======================================================================
-  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+# Routine: fix_authorized_keys_perms
-  do
+#   Corrects the permissions of ~/.ssh/authorized_keys
-    echo -n "$1 (yes/no) "
+# PREREQUISITE:
-    read answer
+#   pwdhome   -- check_user_homedir()
-  done
+# ======================================================================
-  if [ "X${answer}" = "Xyes" ]
+fix_authorized_keys_perms() {
+  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
  then
-    return 0
+    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
-  else
+    then
-    return 1
+      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
+      csih_warning "is, the owner needs read permissions."
+      echo
+    fi
  fi
-}
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+# ======================================================================
+# Main Entry Point
+# ======================================================================
-# Check if running on NT
+# Check how the script has been started.  If
-_sys="`uname -a`"
+#   (1) it has been started by giving the full path and
-_nt=`expr "$_sys" : "CYGWIN_NT"`
+#       that path is /etc/postinstall, OR
-# If running on NT, check if running under 2003 Server or later
+#   (2) Otherwise, if the environment variable
-if [ $_nt -gt 0 ]
+#       SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no".  This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist.  In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
 then
-  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+  csih_auto_answer="no"
+  csih_disable_color
+fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+  csih_auto_answer="no"
+  csih_disable_color
 fi
-# Check options
+# ======================================================================
+# Parse options
+# ======================================================================
 while :
 do
  case $# in
@@ -61,14 +244,15 @@ do
  case "$option" in
  -d | --debug )
    set -x
+    csih_trace_on
    ;;
  -y | --yes )
-    auto_answer=yes
+    csih_auto_answer=yes
    ;;
  -n | --no )
-    auto_answer=no
+    csih_auto_answer=no
    ;;
  -p | --passphrase )
@@ -77,8 +261,12 @@ do
    shift
    ;;
+  --privileged )
+    csih_FORCE_PRIVILEGED_USER=yes
+    ;;
  *)
-    echo "usage: ${progname} [OPTION]..."
+    echo "usage: ${PROGNAME} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
@@ -87,6 +275,8 @@ do
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
+    echo "    --privileged           On Windows NT/2k/XP, assume privileged user"
+    echo "                           instead of LocalSystem for sshd service."
    echo
    exit 1
    ;;
@@ -94,157 +284,27 @@ do
  esac
 done
-# Ask user if user identity should be generated
+# ======================================================================
+# Action!
+# ======================================================================
+# Check passwd file
 if [ ! -f ${SYSCONFDIR}/passwd ]
 then
-  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
+  csih_error_multiline \
-  echo 'first using mkpasswd. Check if it contains an entry for you and'
+    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
-  echo 'please care for the home directory in your entry as well.'
+    'first using mkpasswd. Check if it contains an entry for you and' \
-  exit 1
+    'please care for the home directory in your entry as well.'
-fi
-uid=`id -u`
-pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
-if [ "X${pwdhome}" = "X" ]
-then
-  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
-  echo 'Setting $HOME is not sufficient!'
-  exit 1
-fi
-if [ ! -d "${pwdhome}" ]
-then
-  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
-  echo 'but it is not a valid directory. Cannot create user identity files.'
-  exit 1
-fi
-# If home is the root dir, set home to empty string to avoid error messages
-# in subsequent parts of that script.
-if [ "X${pwdhome}" = "X/" ]
-then
-  # But first raise a warning!
-  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
-  if request "Would you like to proceed anyway?"
-  then
-    pwdhome=''
-  else
-    exit 1
-  fi
-fi
-if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
-then
-  echo
-  echo 'WARNING: group and other have been revoked write permission to your home'
-  echo "         directory ${pwdhome}."
-  echo '         This is required by OpenSSH to allow public key authentication using'
-  echo '         the key files stored in your .ssh subdirectory.'
-  echo '         Revert this change ONLY if you know what you are doing!'
-  echo
-fi
-if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
-then
-  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
-  exit 1
-fi
-if [ ! -e "${pwdhome}/.ssh" ]
-then
-  mkdir "${pwdhome}/.ssh"
-  if [ ! -e "${pwdhome}/.ssh" ]
-  then
-    echo "Creating users ${pwdhome}/.ssh directory failed"
-    exit 1
-  fi
-fi
-if [ $_nt -gt 0 ]
-then
-  _user="system"
-  if [ $_nt2003 -gt 0 ]
-  then
-    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
-  fi
-  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
-  then
-    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
-    echo "Please try to solve this problem first."
-    exit 1
-  fi
-fi
-if [ ! -f "${pwdhome}/.ssh/identity" ]
-then
-  if request "Shall I create an SSH1 RSA identity file for you?"
-  then
-    echo "Generating ${pwdhome}/.ssh/identity"
-    if [ "${with_passphrase}" = "yes" ]
-    then
-      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
-    else
-      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
 fi
-if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+check_user_homedir
-then
+check_user_dot_ssh_dir
-  if request "Shall I create an SSH2 RSA identity file for you?"
+create_ssh1_identity
-  then
+create_ssh2_rsa_identity
-    echo "Generating ${pwdhome}/.ssh/id_rsa"
+create_ssh2_dsa_identity
-    if [ "${with_passphrase}" = "yes" ]
+fix_authorized_keys_perms
-    then
-      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
-    else
-      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
-fi
-if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+echo
-then
+csih_inform "Configuration finished. Have fun!"
-  if request "Shall I create an SSH2 DSA identity file for you?"
-  then
-    echo "Generating ${pwdhome}/.ssh/id_dsa"
-    if [ "${with_passphrase}" = "yes" ]
-    then
-      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
-    else
-      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
-fi
-if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
-then
-  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
-  then
-    echo
-    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
-    echo "failed.  Please care for the correct permissions.  The minimum requirement"
-    echo "is, the owner and ${_user} both need read permissions."
-    echo
-  fi
-fi
-echo
-echo "Configuration finished. Have fun!"

diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 9482efe9e..f210bd556 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config
@@ -1,52 +1,235 @@
1	#!/bin/sh	1	#!/bin/bash
2	#	2	#
3	# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.	3	# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
4	#	4	#
5	# This file is part of the Cygwin port of OpenSSH.	5	# This file is part of the Cygwin port of OpenSSH.
6		6
		7	# ======================================================================
		8	# Initialization
		9	# ======================================================================
		10	PROGNAME=$(basename -- $0)
		11	_tdir=$(dirname -- $0)
		12	PROGDIR=$(cd $_tdir && pwd)
		13
		14	CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
		15
		16	# Subdirectory where the new package is being installed
		17	PREFIX=/usr
		18
7	# Directory where the config files are stored	19	# Directory where the config files are stored
8	SYSCONFDIR=/etc	20	SYSCONFDIR=/etc
9		21
10	progname=$0	22	source ${CSIH_SCRIPT}
11	auto_answer=""	23
12	auto_passphrase="no"	24	auto_passphrase="no"
13	passphrase=""	25	passphrase=""
		26	pwdhome=
		27	with_passphrase=
		28
		29	# ======================================================================
		30	# Routine: create_ssh1_identity
		31	# optionally create ~/.ssh/identity[.pub]
		32	# optionally add result to ~/.ssh/authorized_keys
		33	# ======================================================================
		34	create_ssh1_identity() {
		35	if [ ! -f "${pwdhome}/.ssh/identity" ]
		36	then
		37	if csih_request "Shall I create an SSH1 RSA identity file for you?"
		38	then
		39	csih_inform "Generating ${pwdhome}/.ssh/identity"
		40	if [ "${with_passphrase}" = "yes" ]
		41	then
		42	ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
		43	else
		44	ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
		45	fi
		46	if csih_request "Do you want to use this identity to login to this machine?"
		47	then
		48	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
		49	cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
		50	fi
		51	fi
		52	fi
		53	} # === End of create_ssh1_identity() === #
		54	readonly -f create_ssh1_identity
		55
		56	# ======================================================================
		57	# Routine: create_ssh2_rsa_identity
		58	# optionally create ~/.ssh/id_rsa[.pub]
		59	# optionally add result to ~/.ssh/authorized_keys
		60	# ======================================================================
		61	create_ssh2_rsa_identity() {
		62	if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
		63	then
		64	if csih_request "Shall I create an SSH2 RSA identity file for you?"
		65	then
		66	csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
		67	if [ "${with_passphrase}" = "yes" ]
		68	then
		69	ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
		70	else
		71	ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
		72	fi
		73	if csih_request "Do you want to use this identity to login to this machine?"
		74	then
		75	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
		76	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
		77	fi
		78	fi
		79	fi
		80	} # === End of create_ssh2_rsa_identity() === #
		81	readonly -f create_ssh2_rsa_identity
		82
		83	# ======================================================================
		84	# Routine: create_ssh2_dsa_identity
		85	# optionally create ~/.ssh/id_dsa[.pub]
		86	# optionally add result to ~/.ssh/authorized_keys
		87	# ======================================================================
		88	create_ssh2_dsa_identity() {
		89	if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
		90	then
		91	if csih_request "Shall I create an SSH2 DSA identity file for you?"
		92	then
		93	csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
		94	if [ "${with_passphrase}" = "yes" ]
		95	then
		96	ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
		97	else
		98	ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
		99	fi
		100	if csih_request "Do you want to use this identity to login to this machine?"
		101	then
		102	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
		103	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
		104	fi
		105	fi
		106	fi
		107	} # === End of create_ssh2_dsa_identity() === #
		108	readonly -f create_ssh2_dsa_identity
		109
		110	# ======================================================================
		111	# Routine: check_user_homedir
		112	# Perform various checks on the user's home directory
		113	# SETS GLOBAL VARIABLE:
		114	# pwdhome
		115	# ======================================================================
		116	check_user_homedir() {
		117	local uid=$(id -u)
		118	pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
		119	if [ "X${pwdhome}" = "X" ]
		120	then
		121	csih_error_multiline \
		122	"There is no home directory set for you in ${SYSCONFDIR}/passwd." \
		123	'Setting $HOME is not sufficient!'
		124	fi
		125
		126	if [ ! -d "${pwdhome}" ]
		127	then
		128	csih_error_multiline \
		129	"${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
		130	'but it is not a valid directory. Cannot create user identity files.'
		131	fi
		132
		133	# If home is the root dir, set home to empty string to avoid error messages
		134	# in subsequent parts of that script.
		135	if [ "X${pwdhome}" = "X/" ]
		136	then
		137	# But first raise a warning!
		138	csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
		139	if csih_request "Would you like to proceed anyway?"
		140	then
		141	pwdhome=''
		142	else
		143	csih_warning "Exiting. Configuration is not complete"
		144	exit 1
		145	fi
		146	fi
		147
		148	if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
		149	then
		150	echo
		151	csih_warning 'group and other have been revoked write permission to your home'
		152	csih_warning "directory ${pwdhome}."
		153	csih_warning 'This is required by OpenSSH to allow public key authentication using'
		154	csih_warning 'the key files stored in your .ssh subdirectory.'
		155	csih_warning 'Revert this change ONLY if you know what you are doing!'
		156	echo
		157	fi
		158	} # === End of check_user_homedir() === #
		159	readonly -f check_user_homedir
14		160
15	request()	161	# ======================================================================
16	{	162	# Routine: check_user_dot_ssh_dir
17	if [ "${auto_answer}" = "yes" ]	163	# Perform various checks on the ~/.ssh directory
		164	# PREREQUISITE:
		165	# pwdhome -- check_user_homedir()
		166	# ======================================================================
		167	check_user_dot_ssh_dir() {
		168	if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
18	then	169	then
19	return 0	170	csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
20	elif [ "${auto_answer}" = "no" ]	171	fi
		172
		173	if [ ! -e "${pwdhome}/.ssh" ]
21	then	174	then
22	return 1	175	mkdir "${pwdhome}/.ssh"
		176	if [ ! -e "${pwdhome}/.ssh" ]
		177	then
		178	csih_error "Creating users ${pwdhome}/.ssh directory failed"
		179	fi
23	fi	180	fi
		181	} # === End of check_user_dot_ssh_dir() === #
		182	readonly -f check_user_dot_ssh_dir
24		183
25	answer=""	184	# ======================================================================
26	while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]	185	# Routine: fix_authorized_keys_perms
27	do	186	# Corrects the permissions of ~/.ssh/authorized_keys
28	echo -n "$1 (yes/no) "	187	# PREREQUISITE:
29	read answer	188	# pwdhome -- check_user_homedir()
30	done	189	# ======================================================================
31	if [ "X${answer}" = "Xyes" ]	190	fix_authorized_keys_perms() {
		191	if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
32	then	192	then
33	return 0	193	if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
34	else	194	then
35	return 1	195	csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
		196	csih_warning "failed. Please care for the correct permissions. The minimum requirement"
		197	csih_warning "is, the owner needs read permissions."
		198	echo
		199	fi
36	fi	200	fi
37	}	201	} # === End of fix_authorized_keys_perms() === #
		202	readonly -f fix_authorized_keys_perms
		203
		204
		205	# ======================================================================
		206	# Main Entry Point
		207	# ======================================================================
38		208
39	# Check if running on NT	209	# Check how the script has been started. If
40	_sys="`uname -a`"	210	# (1) it has been started by giving the full path and
41	_nt=`expr "$_sys" : "CYGWIN_NT"`	211	# that path is /etc/postinstall, OR
42	# If running on NT, check if running under 2003 Server or later	212	# (2) Otherwise, if the environment variable
43	if [ $_nt -gt 0 ]	213	# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
		214	# then set auto_answer to "no". This allows automatic
		215	# creation of the config files in /etc w/o overwriting
		216	# them if they already exist. In both cases, color
		217	# escape sequences are suppressed, so as to prevent
		218	# cluttering setup's logfiles.
		219	if [ "$PROGDIR" = "/etc/postinstall" ]
44	then	220	then
45	_nt2003=`uname \| awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`	221	csih_auto_answer="no"
		222	csih_disable_color
		223	fi
		224	if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
		225	then
		226	csih_auto_answer="no"
		227	csih_disable_color
46	fi	228	fi
47		229
48	# Check options	230	# ======================================================================
49		231	# Parse options
		232	# ======================================================================
50	while :	233	while :
51	do	234	do
52	case $# in	235	case $# in
@@ -61,14 +244,15 @@ do
61	case "$option" in	244	case "$option" in
62	-d \| --debug )	245	-d \| --debug )
63	set -x	246	set -x
		247	csih_trace_on
64	;;	248	;;
65		249
66	-y \| --yes )	250	-y \| --yes )
67	auto_answer=yes	251	csih_auto_answer=yes
68	;;	252	;;
69		253
70	-n \| --no )	254	-n \| --no )
71	auto_answer=no	255	csih_auto_answer=no
72	;;	256	;;
73		257
74	-p \| --passphrase )	258	-p \| --passphrase )
@@ -77,8 +261,12 @@ do
77	shift	261	shift
78	;;	262	;;
79		263
		264	--privileged )
		265	csih_FORCE_PRIVILEGED_USER=yes
		266	;;
		267
80	*)	268	*)
81	echo "usage: ${progname} [OPTION]..."	269	echo "usage: ${PROGNAME} [OPTION]..."
82	echo	270	echo
83	echo "This script creates an OpenSSH user configuration."	271	echo "This script creates an OpenSSH user configuration."
84	echo	272	echo
@@ -87,6 +275,8 @@ do
87	echo " --yes -y Answer all questions with \"yes\" automatically."	275	echo " --yes -y Answer all questions with \"yes\" automatically."
88	echo " --no -n Answer all questions with \"no\" automatically."	276	echo " --no -n Answer all questions with \"no\" automatically."
89	echo " --passphrase -p word Use \"word\" as passphrase automatically."	277	echo " --passphrase -p word Use \"word\" as passphrase automatically."
		278	echo " --privileged On Windows NT/2k/XP, assume privileged user"
		279	echo " instead of LocalSystem for sshd service."
90	echo	280	echo
91	exit 1	281	exit 1
92	;;	282	;;
@@ -94,157 +284,27 @@ do
94	esac	284	esac
95	done	285	done
96		286
97	# Ask user if user identity should be generated	287	# ======================================================================
		288	# Action!
		289	# ======================================================================
98		290
		291	# Check passwd file
99	if [ ! -f ${SYSCONFDIR}/passwd ]	292	if [ ! -f ${SYSCONFDIR}/passwd ]
100	then	293	then
101	echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"	294	csih_error_multiline \
102	echo 'first using mkpasswd. Check if it contains an entry for you and'	295	"${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
103	echo 'please care for the home directory in your entry as well.'	296	'first using mkpasswd. Check if it contains an entry for you and' \
104	exit 1	297	'please care for the home directory in your entry as well.'
105	fi
106
107	uid=`id -u`
108	pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
109
110	if [ "X${pwdhome}" = "X" ]
111	then
112	echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
113	echo 'Setting $HOME is not sufficient!'
114	exit 1
115	fi
116
117	if [ ! -d "${pwdhome}" ]
118	then
119	echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
120	echo 'but it is not a valid directory. Cannot create user identity files.'
121	exit 1
122	fi
123
124	# If home is the root dir, set home to empty string to avoid error messages
125	# in subsequent parts of that script.
126	if [ "X${pwdhome}" = "X/" ]
127	then
128	# But first raise a warning!
129	echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
130	if request "Would you like to proceed anyway?"
131	then
132	pwdhome=''
133	else
134	exit 1
135	fi
136	fi
137
138	if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
139	then
140	echo
141	echo 'WARNING: group and other have been revoked write permission to your home'
142	echo " directory ${pwdhome}."
143	echo ' This is required by OpenSSH to allow public key authentication using'
144	echo ' the key files stored in your .ssh subdirectory.'
145	echo ' Revert this change ONLY if you know what you are doing!'
146	echo
147	fi
148
149	if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
150	then
151	echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
152	exit 1
153	fi
154
155	if [ ! -e "${pwdhome}/.ssh" ]
156	then
157	mkdir "${pwdhome}/.ssh"
158	if [ ! -e "${pwdhome}/.ssh" ]
159	then
160	echo "Creating users ${pwdhome}/.ssh directory failed"
161	exit 1
162	fi
163	fi
164
165	if [ $_nt -gt 0 ]
166	then
167	_user="system"
168	if [ $_nt2003 -gt 0 ]
169	then
170	grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
171	fi
172	if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
173	then
174	echo "${pwdhome}/.ssh couldn't be given the correct permissions."
175	echo "Please try to solve this problem first."
176	exit 1
177	fi
178	fi
179
180	if [ ! -f "${pwdhome}/.ssh/identity" ]
181	then
182	if request "Shall I create an SSH1 RSA identity file for you?"
183	then
184	echo "Generating ${pwdhome}/.ssh/identity"
185	if [ "${with_passphrase}" = "yes" ]
186	then
187	ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
188	else
189	ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
190	fi
191	if request "Do you want to use this identity to login to this machine?"
192	then
193	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
194	cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
195	fi
196	fi
197	fi	298	fi
198		299
199	if [ ! -f "${pwdhome}/.ssh/id_rsa" ]	300	check_user_homedir
200	then	301	check_user_dot_ssh_dir
201	if request "Shall I create an SSH2 RSA identity file for you?"	302	create_ssh1_identity
202	then	303	create_ssh2_rsa_identity
203	echo "Generating ${pwdhome}/.ssh/id_rsa"	304	create_ssh2_dsa_identity
204	if [ "${with_passphrase}" = "yes" ]	305	fix_authorized_keys_perms
205	then
206	ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
207	else
208	ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
209	fi
210	if request "Do you want to use this identity to login to this machine?"
211	then
212	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
213	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
214	fi
215	fi
216	fi
217		306
218	if [ ! -f "${pwdhome}/.ssh/id_dsa" ]	307	echo
219	then	308	csih_inform "Configuration finished. Have fun!"
220	if request "Shall I create an SSH2 DSA identity file for you?"
221	then
222	echo "Generating ${pwdhome}/.ssh/id_dsa"
223	if [ "${with_passphrase}" = "yes" ]
224	then
225	ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
226	else
227	ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
228	fi
229	if request "Do you want to use this identity to login to this machine?"
230	then
231	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
232	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
233	fi
234	fi
235	fi
236		309
237	if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
238	then
239	if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
240	then
241	echo
242	echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
243	echo "failed. Please care for the correct permissions. The minimum requirement"
244	echo "is, the owner and ${_user} both need read permissions."
245	echo
246	fi
247	fi
248		310
249	echo
250	echo "Configuration finished. Have fun!"