summaryrefslogtreecommitdiff
path: root/debian/ssh-krb5.postinst.in
blob: ce45c86dffa99cafe2aac81886d55f84de2173aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/sh

set -e

action="$1"
oldversion="$2"

if [ "$action" = configure ] ; then
    if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
        # Replaced by /etc/init.d/ssh.
        if [ -f /etc/init.d/ssh-krb5 ]; then
            mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
            update-rc.d ssh-krb5 remove || true
        fi
    fi

    # Make sure that GSSAPI is enabled.  If there is no uncommented GSSAPI
    # configuration, uncomment any commented-out configuration if present
    # (this will catch the case of a fresh install of openssh-server).
    # Otherwise, add configuration turning on GSSAPIAuthentication and
    # GSSAPIKeyExchange.
    #
    # If there is some configuration, we may be upgrading from ssh-krb5.  It
    # enabled GSSAPIKeyExchange without any configuration option.  Therefore,
    # if it isn't explicitly set, always enable it for compatible behavior
    # with ssh-krb5.
    if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
        :
    else
        changed=
        if grep -qi '^[ 	]*GSSAPI' /etc/ssh/sshd_config ; then
            if grep -qi '^[ 	]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
                :
            else
                changed=true
                cat >> /etc/ssh/sshd_config <<EOF

# GSSAPI key exchange (added by ssh-krb5 transitional package)
GSSAPIKeyExchange yes
EOF
            fi
        else
            changed=true
            if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
                perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
                    < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
                chown --reference /etc/ssh/sshd_config \
                    /etc/ssh/sshd_config.dpkg-new
                chmod --reference /etc/ssh/sshd_config \
                    /etc/ssh/sshd_config.dpkg-new
                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
            else
                cat >> /etc/ssh/sshd_config <<EOF

# GSSAPI authentication (added by ssh-krb5 transitional package)
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
EOF
            fi
        fi
        case '@DISTRIBUTOR@' in
            Ubuntu)
                # Both init script and Upstart job are present; we want to
                # operate on the Upstart job.
                if [ -n "$changed" ] && [ -e /etc/init/ssh.conf ] ; then
                    stop ssh || true
                    start ssh || true
                fi
                ;;
            *)
                if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then
                    if [ -x /usr/sbin/invoke-rc.d ] ; then
                        invoke-rc.d ssh restart
                    else
                        /etc/init.d/ssh restart
                    fi
                fi
                ;;
        esac
    fi
fi

#DEBHELPER#

exit 0