RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-02-28 11:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adapt Cygwin config script to privsep knob removal

Browse Source 
Patch from Corinna Vinschen.
This commit is contained in:
Damien Miller 2017-03-16 11:22:42 +11:00
parent 1a321bfdb9
commit 55a1117d73
1 changed files with 9 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
contrib/cygwin/ssh-host-config
View File

@ -63,7 +63,6 @@ sshd_config_configured=no
port_number=22 port_number=22
service_name=sshd service_name=sshd
strictmodes=yes strictmodes=yes
privsep_used=yes
cygwin_value="" cygwin_value=""
user_account= user_account=
password_value= password_value=
@ -140,33 +139,21 @@ sshd_strictmodes() {
# ====================================================================== # ======================================================================
# Routine: sshd_privsep # Routine: sshd_privsep
# MODIFIES: privsep_used # Try to create ssshd user account
# ====================================================================== # ======================================================================
sshd_privsep() { sshd_privsep() {
local ret=0 local ret=0
if [ "${sshd_config_configured}" != "yes" ] if [ "${sshd_config_configured}" != "yes" ]
then then
echo if ! csih_create_unprivileged_user sshd
csih_inform "Privilege separation is set to 'sandbox' by default since"
csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
csih_inform "to 'yes' or 'no'."
csih_inform "However, using privilege separation requires a non-privileged account"
csih_inform "called 'sshd'."
csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
if csih_request "Should privilege separation be used?"
then then
privsep_used=yes csih_error_recoverable "Could not create user 'sshd'!"
if ! csih_create_unprivileged_user sshd csih_error_recoverable "You will not be able to run an sshd service"
then csih_error_recoverable "under a privileged account successfully."
csih_error_recoverable "Couldn't create user 'sshd'!" csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
csih_error_recoverable "Privilege separation set to 'no' again!" csih_error_recoverable "manually before trying to run the service!"
csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" let ++ret
let ++ret
privsep_used=no
fi
else
privsep_used=no
fi fi
fi fi
return $ret return $ret
@ -202,18 +189,6 @@ sshd_config_tweak() {
let ++ret let ++ret
fi fi
fi fi
if [ "${sshd_config_configured}" != "yes" ]
then
/usr/bin/sed -i -e "
s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
${SYSCONFDIR}/sshd_config
if [ $? -ne 0 ]
then
csih_warning "Setting privilege separation failed!"
csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
let ++ret
fi
fi
return $ret return $ret
} # --- End of sshd_config_tweak --- # } # --- End of sshd_config_tweak --- #
@ -693,7 +668,7 @@ then
fi fi
fi fi
# handle sshd_config (and privsep) # handle sshd_config
csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
then then