1 files changed, 73 insertions, 0 deletions
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst
new file mode 100644
index 000000000..4d943d861
--- /dev/null
+++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,73 @@
+#!/bin/sh
+set -e
+action="$1"
+oldversion="$2"
+if [ "$action" = configure ] ; then
+    if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
+        # Replaced by /etc/init.d/ssh.
+        if [ -f /etc/init.d/ssh-krb5 ]; then
+            mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
+            update-rc.d ssh-krb5 remove || true
+        fi
+    fi
+    # Make sure that GSSAPI is enabled.  If there is no uncommented GSSAPI
+    # configuration, uncomment any commented-out configuration if present
+    # (this will catch the case of a fresh install of openssh-server).
+    # Otherwise, add configuration turning on GSSAPIAuthentication and
+    # GSSAPIKeyExchange.
+    #
+    # If there is some configuration, we may be upgrading from ssh-krb5.  It
+    # enabled GSSAPIKeyExchange without any configuration option.  Therefore,
+    # if it isn't explicitly set, always enable it for compatible behavior
+    # with ssh-krb5.
+    if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
+        :
+    else
+        changed=
+        if grep -qi '^[         ]*GSSAPI' /etc/ssh/sshd_config ; then
+            if grep -qi '^[     ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
+                :
+            else
+                changed=true
+                cat >> /etc/ssh/sshd_config <<EOF
+# GSSAPI key exchange (added by ssh-krb5 transitional package)
+GSSAPIKeyExchange yes
+EOF
+            fi
+        else
+            changed=true
+            if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
+                perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
+                    < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+                chown --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                chmod --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+            else
+                cat >> /etc/ssh/sshd_config <<EOF
+# GSSAPI authentication (added by ssh-krb5 transitional package)
+GSSAPIAuthentication yes
+GSSAPIKeyExchange yes
+EOF
+            fi
+        fi
+        if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then
+            if [ -x /usr/sbin/invoke-rc.d ] ; then
+                invoke-rc.d ssh restart
+            else
+                /etc/init.d/ssh restart
+            fi
+        fi
+    fi
+fi
+#DEBHELPER#
+exit 0

diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst new file mode 100644 index 000000000..4d943d861 --- /dev/null +++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,73 @@
	1	#!/bin/sh
	2
	3	set -e
	4
	5	action="$1"
	6	oldversion="$2"
	7
	8	if [ "$action" = configure ] ; then
	9	if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
	10	# Replaced by /etc/init.d/ssh.
	11	if [ -f /etc/init.d/ssh-krb5 ]; then
	12	mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
	13	update-rc.d ssh-krb5 remove \|\| true
	14	fi
	15	fi
	16
	17	# Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI
	18	# configuration, uncomment any commented-out configuration if present
	19	# (this will catch the case of a fresh install of openssh-server).
	20	# Otherwise, add configuration turning on GSSAPIAuthentication and
	21	# GSSAPIKeyExchange.
	22	#
	23	# If there is some configuration, we may be upgrading from ssh-krb5. It
	24	# enabled GSSAPIKeyExchange without any configuration option. Therefore,
	25	# if it isn't explicitly set, always enable it for compatible behavior
	26	# with ssh-krb5.
	27	if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
	28	:
	29	else
	30	changed=
	31	if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then
	32	if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
	33	:
	34	else
	35	changed=true
	36	cat >> /etc/ssh/sshd_config <<EOF
	37
	38	# GSSAPI key exchange (added by ssh-krb5 transitional package)
	39	GSSAPIKeyExchange yes
	40	EOF
	41	fi
	42	else
	43	changed=true
	44	if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
	45	perl -pe 's/^\#(GSSAPI(Authentication\|KeyExchange))\b.*/$1 yes/i' \
	46	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
	47	chown --reference /etc/ssh/sshd_config \
	48	/etc/ssh/sshd_config.dpkg-new
	49	chmod --reference /etc/ssh/sshd_config \
	50	/etc/ssh/sshd_config.dpkg-new
	51	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
	52	else
	53	cat >> /etc/ssh/sshd_config <<EOF
	54
	55	# GSSAPI authentication (added by ssh-krb5 transitional package)
	56	GSSAPIAuthentication yes
	57	GSSAPIKeyExchange yes
	58	EOF
	59	fi
	60	fi
	61	if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then
	62	if [ -x /usr/sbin/invoke-rc.d ] ; then
	63	invoke-rc.d ssh restart
	64	else
	65	/etc/init.d/ssh restart
	66	fi
	67	fi
	68	fi
	69	fi
	70
	71	#DEBHELPER#
	72
	73	exit 0