1 files changed, 52 insertions, 13 deletions
diff --git a/debian/postinst b/debian/postinst
index 1baae1677..efd04c3d0 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -36,6 +36,25 @@ get_config_option() {
 }
+set_config_option() {
+        option="$1"
+        value="$2"
+        perl -e '
+                $option = $ARGV[0]; $value = $ARGV[1]; $done = 0;
+                while (<STDIN>) {
+                        if (s/^\s*\Q$option\E\s+.*/$option $value/) {
+                                $done = 1;
+                        }
+                        print;
+                }
+                print "\n$option $value\n" unless $done;' \
+                "$option" "$value" \
+                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+        mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+}
 host_keys_required() {
        hostkeys="$(get_config_option HostKey)"
        if [ "$hostkeys" ]; then
@@ -86,25 +105,45 @@ create_keys() {
 }
+check_password_auth() {
+        passwordauth="$(get_config_option PasswordAuthentication)"
+        crauth="$(get_config_option ChallengeResponseAuthentication)"
+        if [ "$passwordauth" = no ] && \
+           ([ -z "$crauth" ] || [ "$crauth" = yes ]); then
+                db_get ssh/disable_cr_auth
+                if [ "$RET" = true ]; then
+                        set_config_option ChallengeResponseAuthentication no
+                fi
+        fi
+}
 create_sshdconfig() {
        if [ -e /etc/ssh/sshd_config ] ; then
            if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then
                db_get ssh/new_config
                if [ "$RET" = "false" ] ; then return 0; fi
-            elif dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \
+            else
-                 ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then
+                # Upgrade sshd configuration from a sane version.
-                # Upgrade from pre-3.7: UsePAM needed to maintain standard
-                # Debian configuration.
+                if dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \
-                echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
+                     ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then
-                cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
+                    # Upgrade from pre-3.7: UsePAM needed to maintain standard
-                perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \
+                    # Debian configuration.
-                    /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+                    echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
-                echo >> /etc/ssh/sshd_config.dpkg-new
+                    cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
-                echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new
+                    perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \
-                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+                        /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
-                echo
+                    echo >> /etc/ssh/sshd_config.dpkg-new
+                    echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new
+                    mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+                    echo
+                fi
+                if dpkg --compare-versions "$oldversion" lt-nl 1:3.8.1p1-8.sarge.1; then
+                    check_password_auth
+                fi
                return 0
-            else return 0
            fi
        fi

diff --git a/debian/postinst b/debian/postinst index 1baae1677..efd04c3d0 100644 --- a/debian/postinst +++ b/debian/postinst
@@ -36,6 +36,25 @@ get_config_option() {
36	}	36	}
37		37
38		38
		39	set_config_option() {
		40	option="$1"
		41	value="$2"
		42
		43	perl -e '
		44	$option = $ARGV[0]; $value = $ARGV[1]; $done = 0;
		45	while (<STDIN>) {
		46	if (s/^\s\Q$option\E\s+./$option $value/) {
		47	$done = 1;
		48	}
		49	print;
		50	}
		51	print "\n$option $value\n" unless $done;' \
		52	"$option" "$value" \
		53	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
		54	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
		55	}
		56
		57
39	host_keys_required() {	58	host_keys_required() {
40	hostkeys="$(get_config_option HostKey)"	59	hostkeys="$(get_config_option HostKey)"
41	if [ "$hostkeys" ]; then	60	if [ "$hostkeys" ]; then
@@ -86,25 +105,45 @@ create_keys() {
86	}	105	}
87		106
88		107
		108	check_password_auth() {
		109	passwordauth="$(get_config_option PasswordAuthentication)"
		110	crauth="$(get_config_option ChallengeResponseAuthentication)"
		111	if [ "$passwordauth" = no ] && \
		112	([ -z "$crauth" ] \|\| [ "$crauth" = yes ]); then
		113	db_get ssh/disable_cr_auth
		114	if [ "$RET" = true ]; then
		115	set_config_option ChallengeResponseAuthentication no
		116	fi
		117	fi
		118	}
		119
89	create_sshdconfig() {	120	create_sshdconfig() {
90	if [ -e /etc/ssh/sshd_config ] ; then	121	if [ -e /etc/ssh/sshd_config ] ; then
91	if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then	122	if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then
92	db_get ssh/new_config	123	db_get ssh/new_config
93	if [ "$RET" = "false" ] ; then return 0; fi	124	if [ "$RET" = "false" ] ; then return 0; fi
94	elif dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \	125	else
95	! grep -iq ^UsePAM /etc/ssh/sshd_config ; then	126	# Upgrade sshd configuration from a sane version.
96	# Upgrade from pre-3.7: UsePAM needed to maintain standard	127
97	# Debian configuration.	128	if dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \
98	echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'	129	! grep -iq ^UsePAM /etc/ssh/sshd_config ; then
99	cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old	130	# Upgrade from pre-3.7: UsePAM needed to maintain standard
100	perl -pe 's/^(PAMAuthenticationViaKbdInt\|RhostsAuthentication)\b/#$1/i' \	131	# Debian configuration.
101	/etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new	132	echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
102	echo >> /etc/ssh/sshd_config.dpkg-new	133	cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
103	echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new	134	perl -pe 's/^(PAMAuthenticationViaKbdInt\|RhostsAuthentication)\b/#$1/i' \
104	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config	135	/etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
105	echo	136	echo >> /etc/ssh/sshd_config.dpkg-new
		137	echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new
		138	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
		139	echo
		140	fi
		141
		142	if dpkg --compare-versions "$oldversion" lt-nl 1:3.8.1p1-8.sarge.1; then
		143	check_password_auth
		144	fi
		145
106	return 0	146	return 0
107	else return 0
108	fi	147	fi
109	fi	148	fi
110		149