diff options
Diffstat (limited to 'contrib/solaris')
| -rwxr-xr-x | contrib/solaris/buildpkg.sh | 114 | ||||
| -rwxr-xr-x | contrib/solaris/opensshd.in | 12 |
2 files changed, 95 insertions, 31 deletions
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index 1be6ed8d1..c41b3f963 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh | |||
| @@ -11,13 +11,18 @@ umask 022 | |||
| 11 | # Options for building the package | 11 | # Options for building the package |
| 12 | # You can create a config.local with your customized options | 12 | # You can create a config.local with your customized options |
| 13 | # | 13 | # |
| 14 | # uncommenting TEST_DIR and using configure--prefix=/var/tmp and | 14 | # uncommenting TEST_DIR and using |
| 15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | ||
| 16 | # and | ||
| 15 | # PKGNAME=tOpenSSH should allow testing a package without interfering | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
| 16 | # with a real OpenSSH package on a system. | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
| 19 | # that support the -R option to pkgadd. | ||
| 17 | #TEST_DIR=/var/tmp # leave commented out for production build | 20 | #TEST_DIR=/var/tmp # leave commented out for production build |
| 18 | PKGNAME=OpenSSH | 21 | PKGNAME=OpenSSH |
| 19 | SYSVINIT_NAME=opensshd | 22 | SYSVINIT_NAME=opensshd |
| 20 | MAKE=${MAKE:="make"} | 23 | MAKE=${MAKE:="make"} |
| 24 | SSHDUID=67 # Default privsep uid | ||
| 25 | SSHDGID=67 # Default privsep gid | ||
| 21 | # uncomment these next two as needed | 26 | # uncomment these next two as needed |
| 22 | #PERMIT_ROOT_LOGIN=no | 27 | #PERMIT_ROOT_LOGIN=no |
| 23 | #X11_FORWARDING=yes | 28 | #X11_FORWARDING=yes |
| @@ -55,7 +60,7 @@ SYSTEM_DIR="/etc \ | |||
| 55 | /var/tmp \ | 60 | /var/tmp \ |
| 56 | /tmp" | 61 | /tmp" |
| 57 | 62 | ||
| 58 | # We may need to buiild as root so we make sure PATH is set up | 63 | # We may need to build as root so we make sure PATH is set up |
| 59 | # only set the path if it's not set already | 64 | # only set the path if it's not set already |
| 60 | [ -d /usr/local/bin ] && { | 65 | [ -d /usr/local/bin ] && { |
| 61 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | 66 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 |
| @@ -96,6 +101,19 @@ do | |||
| 96 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | 101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
| 97 | done | 102 | done |
| 98 | 103 | ||
| 104 | |||
| 105 | ## Collect value of privsep user | ||
| 106 | for confvar in SSH_PRIVSEP_USER | ||
| 107 | do | ||
| 108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | ||
| 109 | done | ||
| 110 | |||
| 111 | ## Set privsep defaults if not defined | ||
| 112 | if [ -z "$SSH_PRIVSEP_USER" ] | ||
| 113 | then | ||
| 114 | SSH_PRIVSEP_USER=sshd | ||
| 115 | fi | ||
| 116 | |||
| 99 | ## Extract common info requires for the 'info' part of the package. | 117 | ## Extract common info requires for the 'info' part of the package. |
| 100 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | 118 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` |
| 101 | 119 | ||
| @@ -106,7 +124,8 @@ case ${UNAME_S} in | |||
| 106 | RCS_D=yes | 124 | RCS_D=yes |
| 107 | DEF_MSG="(default: n)" | 125 | DEF_MSG="(default: n)" |
| 108 | ;; | 126 | ;; |
| 109 | *) ARCH=`uname -m` ;; | 127 | *) ARCH=`uname -m` |
| 128 | DEF_MSG="\n" ;; | ||
| 110 | esac | 129 | esac |
| 111 | 130 | ||
| 112 | ## Setup our run level stuff while we are at it. | 131 | ## Setup our run level stuff while we are at it. |
| @@ -171,13 +190,16 @@ echo "Building postinstall file..." | |||
| 171 | cat > postinstall << _EOF | 190 | cat > postinstall << _EOF |
| 172 | #! /sbin/sh | 191 | #! /sbin/sh |
| 173 | # | 192 | # |
| 174 | [ -f ${sysconfdir}/ssh_config ] || \\ | 193 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ |
| 175 | cp -p ${sysconfdir}/ssh_config.default ${sysconfdir}/ssh_config | 194 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ |
| 176 | [ -f ${sysconfdir}/sshd_config ] || \\ | 195 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config |
| 177 | cp -p ${sysconfdir}/sshd_config.default ${sysconfdir}/sshd_config | 196 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ |
| 178 | [ -f ${sysconfdir}/ssh_prng_cmds.default ] && { | 197 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ |
| 179 | [ -f ${sysconfdir}/ssh_prng_cmds ] || \\ | 198 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config |
| 180 | cp -p ${sysconfdir}/ssh_prng_cmds.default ${sysconfdir}/ssh_prng_cmds | 199 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { |
| 200 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | ||
| 201 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | ||
| 202 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | ||
| 181 | } | 203 | } |
| 182 | 204 | ||
| 183 | # make rc?.d dirs only if we are doing a test install | 205 | # make rc?.d dirs only if we are doing a test install |
| @@ -191,23 +213,75 @@ cat > postinstall << _EOF | |||
| 191 | if [ "\${USE_SYM_LINKS}" = yes ] | 213 | if [ "\${USE_SYM_LINKS}" = yes ] |
| 192 | then | 214 | then |
| 193 | [ "$RCS_D" = yes ] && \ | 215 | [ "$RCS_D" = yes ] && \ |
| 194 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 216 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
| 195 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 217 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
| 196 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 218 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
| 197 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 219 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
| 198 | else | 220 | else |
| 199 | [ "$RCS_D" = yes ] && \ | 221 | [ "$RCS_D" = yes ] && \ |
| 200 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 222 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
| 201 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 223 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
| 202 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 224 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
| 203 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 225 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
| 204 | fi | 226 | fi |
| 205 | 227 | ||
| 206 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | 228 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) |
| 207 | [ -d $piddir ] || installf ${PKGNAME} $TEST_DIR$piddir d 755 root sys | 229 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys |
| 208 | 230 | ||
| 209 | installf -f ${PKGNAME} | 231 | installf -f ${PKGNAME} |
| 210 | 232 | ||
| 233 | # Use chroot to handle PKG_INSTALL_ROOT | ||
| 234 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | ||
| 235 | then | ||
| 236 | chroot="chroot \${PKG_INSTALL_ROOT}" | ||
| 237 | fi | ||
| 238 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | ||
| 239 | if [ ! -z "${TEST_DIR}" ] | ||
| 240 | then | ||
| 241 | chroot=echo | ||
| 242 | fi | ||
| 243 | |||
| 244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | ||
| 245 | then | ||
| 246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" | ||
| 247 | echo "or group." | ||
| 248 | else | ||
| 249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | ||
| 250 | |||
| 251 | # create group if required | ||
| 252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
| 253 | then | ||
| 254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | ||
| 255 | else | ||
| 256 | # Use gid of 67 if possible | ||
| 257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | ||
| 258 | then | ||
| 259 | : | ||
| 260 | else | ||
| 261 | sshdgid="-g $SSHDGID" | ||
| 262 | fi | ||
| 263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | ||
| 264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | ||
| 265 | fi | ||
| 266 | |||
| 267 | # Create user if required | ||
| 268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
| 269 | then | ||
| 270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | ||
| 271 | else | ||
| 272 | # Use uid of 67 if possible | ||
| 273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | ||
| 274 | then | ||
| 275 | : | ||
| 276 | else | ||
| 277 | sshduid="-u $SSHDUID" | ||
| 278 | fi | ||
| 279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | ||
| 280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | ||
| 281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | ||
| 282 | fi | ||
| 283 | fi | ||
| 284 | |||
| 211 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
| 212 | exit 0 | 286 | exit 0 |
| 213 | _EOF | 287 | _EOF |
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in index 212254dc8..e7ca2489f 100755 --- a/contrib/solaris/opensshd.in +++ b/contrib/solaris/opensshd.in | |||
| @@ -3,11 +3,8 @@ | |||
| 3 | # | 3 | # |
| 4 | # Stripped PRNGd out of it for the time being. | 4 | # Stripped PRNGd out of it for the time being. |
| 5 | 5 | ||
| 6 | AWK=/usr/bin/awk | ||
| 7 | CAT=/usr/bin/cat | 6 | CAT=/usr/bin/cat |
| 8 | KILL=/usr/bin/kill | 7 | KILL=/usr/bin/kill |
| 9 | PS=/usr/bin/ps | ||
| 10 | XARGS=/usr/bin/xargs | ||
| 11 | 8 | ||
| 12 | prefix=%%openSSHDir%% | 9 | prefix=%%openSSHDir%% |
| 13 | etcdir=%%configDir%% | 10 | etcdir=%%configDir%% |
| @@ -20,12 +17,6 @@ HOST_KEY_RSA1=$etcdir/ssh_host_key | |||
| 20 | HOST_KEY_DSA=$etcdir/ssh_host_dsa_key | 17 | HOST_KEY_DSA=$etcdir/ssh_host_dsa_key |
| 21 | HOST_KEY_RSA=$etcdir/ssh_host_rsa_key | 18 | HOST_KEY_RSA=$etcdir/ssh_host_rsa_key |
| 22 | 19 | ||
| 23 | killproc() { | ||
| 24 | _procname=$1 | ||
| 25 | _signal=$2 | ||
| 26 | ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print $1}' | ${XARGS} ${KILL} | ||
| 27 | } | ||
| 28 | |||
| 29 | 20 | ||
| 30 | checkkeys() { | 21 | checkkeys() { |
| 31 | if [ ! -f $HOST_KEY_RSA1 ]; then | 22 | if [ ! -f $HOST_KEY_RSA1 ]; then |
| @@ -46,8 +37,7 @@ stop_service() { | |||
| 46 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then | 37 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then |
| 47 | ${KILL} ${PID} | 38 | ${KILL} ${PID} |
| 48 | else | 39 | else |
| 49 | echo "Unable to read PID file, killing using alternate method" | 40 | echo "Unable to read PID file" |
| 50 | killproc sshd TERM | ||
| 51 | fi | 41 | fi |
| 52 | } | 42 | } |
| 53 | 43 | ||