diff options
Diffstat (limited to 'debian/ssh-krb5.postinst.in')
-rw-r--r-- | debian/ssh-krb5.postinst.in | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/debian/ssh-krb5.postinst.in b/debian/ssh-krb5.postinst.in new file mode 100644 index 000000000..ce45c86df --- /dev/null +++ b/debian/ssh-krb5.postinst.in | |||
@@ -0,0 +1,85 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | action="$1" | ||
6 | oldversion="$2" | ||
7 | |||
8 | if [ "$action" = configure ] ; then | ||
9 | if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then | ||
10 | # Replaced by /etc/init.d/ssh. | ||
11 | if [ -f /etc/init.d/ssh-krb5 ]; then | ||
12 | mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old | ||
13 | update-rc.d ssh-krb5 remove || true | ||
14 | fi | ||
15 | fi | ||
16 | |||
17 | # Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI | ||
18 | # configuration, uncomment any commented-out configuration if present | ||
19 | # (this will catch the case of a fresh install of openssh-server). | ||
20 | # Otherwise, add configuration turning on GSSAPIAuthentication and | ||
21 | # GSSAPIKeyExchange. | ||
22 | # | ||
23 | # If there is some configuration, we may be upgrading from ssh-krb5. It | ||
24 | # enabled GSSAPIKeyExchange without any configuration option. Therefore, | ||
25 | # if it isn't explicitly set, always enable it for compatible behavior | ||
26 | # with ssh-krb5. | ||
27 | if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then | ||
28 | : | ||
29 | else | ||
30 | changed= | ||
31 | if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then | ||
32 | if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then | ||
33 | : | ||
34 | else | ||
35 | changed=true | ||
36 | cat >> /etc/ssh/sshd_config <<EOF | ||
37 | |||
38 | # GSSAPI key exchange (added by ssh-krb5 transitional package) | ||
39 | GSSAPIKeyExchange yes | ||
40 | EOF | ||
41 | fi | ||
42 | else | ||
43 | changed=true | ||
44 | if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then | ||
45 | perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \ | ||
46 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | ||
47 | chown --reference /etc/ssh/sshd_config \ | ||
48 | /etc/ssh/sshd_config.dpkg-new | ||
49 | chmod --reference /etc/ssh/sshd_config \ | ||
50 | /etc/ssh/sshd_config.dpkg-new | ||
51 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
52 | else | ||
53 | cat >> /etc/ssh/sshd_config <<EOF | ||
54 | |||
55 | # GSSAPI authentication (added by ssh-krb5 transitional package) | ||
56 | GSSAPIAuthentication yes | ||
57 | GSSAPIKeyExchange yes | ||
58 | EOF | ||
59 | fi | ||
60 | fi | ||
61 | case '@DISTRIBUTOR@' in | ||
62 | Ubuntu) | ||
63 | # Both init script and Upstart job are present; we want to | ||
64 | # operate on the Upstart job. | ||
65 | if [ -n "$changed" ] && [ -e /etc/init/ssh.conf ] ; then | ||
66 | stop ssh || true | ||
67 | start ssh || true | ||
68 | fi | ||
69 | ;; | ||
70 | *) | ||
71 | if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then | ||
72 | if [ -x /usr/sbin/invoke-rc.d ] ; then | ||
73 | invoke-rc.d ssh restart | ||
74 | else | ||
75 | /etc/init.d/ssh restart | ||
76 | fi | ||
77 | fi | ||
78 | ;; | ||
79 | esac | ||
80 | fi | ||
81 | fi | ||
82 | |||
83 | #DEBHELPER# | ||
84 | |||
85 | exit 0 | ||