1 files changed, 237 insertions, 177 deletions

diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 9482efe9e..f210bd556 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,52 +1,235 @@
-#!/bin/sh
+#!/bin/bash
 #
 # ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
 # Directory where the config files are stored
 SYSCONFDIR=/etc
 
-progname=$0
-auto_answer=""
+source ${CSIH_SCRIPT}
+
 auto_passphrase="no"
 passphrase=""
+pwdhome=
+with_passphrase=
+
+# ======================================================================
+# Routine: create_ssh1_identity
+#   optionally create ~/.ssh/identity[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh1_identity() {
+  if [ ! -f "${pwdhome}/.ssh/identity" ]
+  then
+    if csih_request "Shall I create an SSH1 RSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/identity"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+      else
+        ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_ssh1_identity
+
+# ======================================================================
+# Routine: create_ssh2_rsa_identity
+#   optionally create ~/.ssh/id_rsa[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_rsa_identity() {
+  if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+  then
+    if csih_request "Shall I create an SSH2 RSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+      else
+        ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh2_rsa_identity() === #
+readonly -f create_ssh2_rsa_identity
+
+# ======================================================================
+# Routine: create_ssh2_dsa_identity
+#   optionally create ~/.ssh/id_dsa[.pub]
+#   optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_dsa_identity() {
+  if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+  then
+    if csih_request "Shall I create an SSH2 DSA identity file for you?"
+    then
+      csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
+      if [ "${with_passphrase}" = "yes" ]
+      then
+        ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+      else
+        ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+      fi
+      if csih_request "Do you want to use this identity to login to this machine?"
+      then
+        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+        cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+      fi
+    fi
+  fi
+} # === End of create_ssh2_dsa_identity() === #
+readonly -f create_ssh2_dsa_identity
+
+# ======================================================================
+# Routine: check_user_homedir
+#   Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+#   pwdhome
+# ======================================================================
+check_user_homedir() {
+  local uid=$(id -u)
+  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+  if [ "X${pwdhome}" = "X" ]
+  then
+    csih_error_multiline \
+      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+      'Setting $HOME is not sufficient!'
+  fi
+  
+  if [ ! -d "${pwdhome}" ]
+  then
+    csih_error_multiline \
+      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+      'but it is not a valid directory. Cannot create user identity files.'
+  fi
+  
+  # If home is the root dir, set home to empty string to avoid error messages
+  # in subsequent parts of that script.
+  if [ "X${pwdhome}" = "X/" ]
+  then
+    # But first raise a warning!
+    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+    if csih_request "Would you like to proceed anyway?"
+    then
+      pwdhome=''
+    else
+      csih_warning "Exiting. Configuration is not complete"
+      exit 1
+    fi
+  fi
+  
+  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+  then
+    echo
+    csih_warning 'group and other have been revoked write permission to your home'
+    csih_warning "directory ${pwdhome}."
+    csih_warning 'This is required by OpenSSH to allow public key authentication using'
+    csih_warning 'the key files stored in your .ssh subdirectory.'
+    csih_warning 'Revert this change ONLY if you know what you are doing!'
+    echo
+  fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
 
-request()
-{
-  if [ "${auto_answer}" = "yes" ]
+# ======================================================================
+# Routine: check_user_dot_ssh_dir
+#   Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+#   pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
   then
-    return 0
-  elif [ "${auto_answer}" = "no" ]
+    csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+  fi
+  
+  if [ ! -e "${pwdhome}/.ssh" ]
   then
-    return 1
+    mkdir "${pwdhome}/.ssh"
+    if [ ! -e "${pwdhome}/.ssh" ]
+    then
+      csih_error "Creating users ${pwdhome}/.ssh directory failed"
+    fi
   fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
 
-  answer=""
-  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
-  do
-    echo -n "$1 (yes/no) "
-    read answer
-  done
-  if [ "X${answer}" = "Xyes" ]
+# ======================================================================
+# Routine: fix_authorized_keys_perms
+#   Corrects the permissions of ~/.ssh/authorized_keys
+# PREREQUISITE:
+#   pwdhome   -- check_user_homedir()
+# ======================================================================
+fix_authorized_keys_perms() {
+  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
   then
-    return 0
-  else
-    return 1
+    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+    then
+      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
+      csih_warning "is, the owner needs read permissions."
+      echo
+    fi
   fi
-}
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
 
-# Check if running on NT
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
-# If running on NT, check if running under 2003 Server or later
-if [ $_nt -gt 0 ]
+# Check how the script has been started.  If
+#   (1) it has been started by giving the full path and
+#       that path is /etc/postinstall, OR
+#   (2) Otherwise, if the environment variable
+#       SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no".  This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist.  In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
 then
-  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+  csih_auto_answer="no"
+  csih_disable_color
+fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+  csih_auto_answer="no"
+  csih_disable_color
 fi
 
-# Check options
-
+# ======================================================================
+# Parse options
+# ======================================================================
 while :
 do
   case $# in
@@ -61,14 +244,15 @@ do
   case "$option" in
   -d | --debug )
     set -x
+    csih_trace_on
     ;;
 
   -y | --yes )
-    auto_answer=yes
+    csih_auto_answer=yes
     ;;
 
   -n | --no )
-    auto_answer=no
+    csih_auto_answer=no
     ;;
 
   -p | --passphrase )
@@ -77,8 +261,12 @@ do
     shift
     ;;
 
+  --privileged )
+    csih_FORCE_PRIVILEGED_USER=yes
+    ;;
+
   *)
-    echo "usage: ${progname} [OPTION]..."
+    echo "usage: ${PROGNAME} [OPTION]..."
     echo
     echo "This script creates an OpenSSH user configuration."
     echo
@@ -87,6 +275,8 @@ do
     echo "    --yes        -y        Answer all questions with \"yes\" automatically."
     echo "    --no         -n        Answer all questions with \"no\" automatically."
     echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
+    echo "    --privileged           On Windows NT/2k/XP, assume privileged user"
+    echo "                           instead of LocalSystem for sshd service."
     echo
     exit 1
     ;;
@@ -94,157 +284,27 @@ do
   esac
 done
 
-# Ask user if user identity should be generated
+# ======================================================================
+# Action!
+# ======================================================================
 
+# Check passwd file
 if [ ! -f ${SYSCONFDIR}/passwd ]
 then
-  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
-  echo 'first using mkpasswd. Check if it contains an entry for you and'
-  echo 'please care for the home directory in your entry as well.'
-  exit 1
-fi
-
-uid=`id -u`
-pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
-
-if [ "X${pwdhome}" = "X" ]
-then
-  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
-  echo 'Setting $HOME is not sufficient!'
-  exit 1
-fi
-
-if [ ! -d "${pwdhome}" ]
-then
-  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
-  echo 'but it is not a valid directory. Cannot create user identity files.'
-  exit 1
-fi
-
-# If home is the root dir, set home to empty string to avoid error messages
-# in subsequent parts of that script.
-if [ "X${pwdhome}" = "X/" ]
-then
-  # But first raise a warning!
-  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
-  if request "Would you like to proceed anyway?"
-  then
-    pwdhome=''
-  else
-    exit 1
-  fi
-fi
-
-if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
-then
-  echo
-  echo 'WARNING: group and other have been revoked write permission to your home'
-  echo "         directory ${pwdhome}."
-  echo '         This is required by OpenSSH to allow public key authentication using'
-  echo '         the key files stored in your .ssh subdirectory.'
-  echo '         Revert this change ONLY if you know what you are doing!'
-  echo
-fi
-
-if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
-then
-  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
-  exit 1
-fi
-
-if [ ! -e "${pwdhome}/.ssh" ]
-then
-  mkdir "${pwdhome}/.ssh"
-  if [ ! -e "${pwdhome}/.ssh" ]
-  then
-    echo "Creating users ${pwdhome}/.ssh directory failed"
-    exit 1
-  fi
-fi
-
-if [ $_nt -gt 0 ]
-then
-  _user="system"
-  if [ $_nt2003 -gt 0 ]
-  then
-    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
-  fi
-  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
-  then
-    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
-    echo "Please try to solve this problem first."
-    exit 1
-  fi
-fi
-
-if [ ! -f "${pwdhome}/.ssh/identity" ]
-then
-  if request "Shall I create an SSH1 RSA identity file for you?"
-  then
-    echo "Generating ${pwdhome}/.ssh/identity"
-    if [ "${with_passphrase}" = "yes" ]
-    then
-      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
-    else
-      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
+  csih_error_multiline \
+    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
+    'first using mkpasswd. Check if it contains an entry for you and' \
+    'please care for the home directory in your entry as well.'
 fi
 
-if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
-then
-  if request "Shall I create an SSH2 RSA identity file for you?"
-  then
-    echo "Generating ${pwdhome}/.ssh/id_rsa"
-    if [ "${with_passphrase}" = "yes" ]
-    then
-      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
-    else
-      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
-fi
+check_user_homedir
+check_user_dot_ssh_dir
+create_ssh1_identity
+create_ssh2_rsa_identity
+create_ssh2_dsa_identity
+fix_authorized_keys_perms
 
-if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
-then
-  if request "Shall I create an SSH2 DSA identity file for you?"
-  then
-    echo "Generating ${pwdhome}/.ssh/id_dsa"
-    if [ "${with_passphrase}" = "yes" ]
-    then
-      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
-    else
-      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
-    fi
-    if request "Do you want to use this identity to login to this machine?"
-    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
-    fi
-  fi
-fi
+echo
+csih_inform "Configuration finished. Have fun!"
 
-if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
-then
-  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
-  then
-    echo
-    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
-    echo "failed.  Please care for the correct permissions.  The minimum requirement"
-    echo "is, the owner and ${_user} both need read permissions."
-    echo
-  fi
-fi
 
-echo
-echo "Configuration finished. Have fun!"