diff options
Diffstat (limited to 'debian/postinst')
-rw-r--r-- | debian/postinst | 65 |
1 files changed, 52 insertions, 13 deletions
diff --git a/debian/postinst b/debian/postinst index 1baae1677..efd04c3d0 100644 --- a/debian/postinst +++ b/debian/postinst | |||
@@ -36,6 +36,25 @@ get_config_option() { | |||
36 | } | 36 | } |
37 | 37 | ||
38 | 38 | ||
39 | set_config_option() { | ||
40 | option="$1" | ||
41 | value="$2" | ||
42 | |||
43 | perl -e ' | ||
44 | $option = $ARGV[0]; $value = $ARGV[1]; $done = 0; | ||
45 | while (<STDIN>) { | ||
46 | if (s/^\s*\Q$option\E\s+.*/$option $value/) { | ||
47 | $done = 1; | ||
48 | } | ||
49 | print; | ||
50 | } | ||
51 | print "\n$option $value\n" unless $done;' \ | ||
52 | "$option" "$value" \ | ||
53 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | ||
54 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
55 | } | ||
56 | |||
57 | |||
39 | host_keys_required() { | 58 | host_keys_required() { |
40 | hostkeys="$(get_config_option HostKey)" | 59 | hostkeys="$(get_config_option HostKey)" |
41 | if [ "$hostkeys" ]; then | 60 | if [ "$hostkeys" ]; then |
@@ -86,25 +105,45 @@ create_keys() { | |||
86 | } | 105 | } |
87 | 106 | ||
88 | 107 | ||
108 | check_password_auth() { | ||
109 | passwordauth="$(get_config_option PasswordAuthentication)" | ||
110 | crauth="$(get_config_option ChallengeResponseAuthentication)" | ||
111 | if [ "$passwordauth" = no ] && \ | ||
112 | ([ -z "$crauth" ] || [ "$crauth" = yes ]); then | ||
113 | db_get ssh/disable_cr_auth | ||
114 | if [ "$RET" = true ]; then | ||
115 | set_config_option ChallengeResponseAuthentication no | ||
116 | fi | ||
117 | fi | ||
118 | } | ||
119 | |||
89 | create_sshdconfig() { | 120 | create_sshdconfig() { |
90 | if [ -e /etc/ssh/sshd_config ] ; then | 121 | if [ -e /etc/ssh/sshd_config ] ; then |
91 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then | 122 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then |
92 | db_get ssh/new_config | 123 | db_get ssh/new_config |
93 | if [ "$RET" = "false" ] ; then return 0; fi | 124 | if [ "$RET" = "false" ] ; then return 0; fi |
94 | elif dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ | 125 | else |
95 | ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then | 126 | # Upgrade sshd configuration from a sane version. |
96 | # Upgrade from pre-3.7: UsePAM needed to maintain standard | 127 | |
97 | # Debian configuration. | 128 | if dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ |
98 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' | 129 | ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then |
99 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old | 130 | # Upgrade from pre-3.7: UsePAM needed to maintain standard |
100 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ | 131 | # Debian configuration. |
101 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | 132 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' |
102 | echo >> /etc/ssh/sshd_config.dpkg-new | 133 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old |
103 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new | 134 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ |
104 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | 135 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new |
105 | echo | 136 | echo >> /etc/ssh/sshd_config.dpkg-new |
137 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new | ||
138 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
139 | echo | ||
140 | fi | ||
141 | |||
142 | if dpkg --compare-versions "$oldversion" lt-nl 1:3.8.1p1-8.sarge.1; then | ||
143 | check_password_auth | ||
144 | fi | ||
145 | |||
106 | return 0 | 146 | return 0 |
107 | else return 0 | ||
108 | fi | 147 | fi |
109 | fi | 148 | fi |
110 | 149 | ||