From d3f6ad2cc01a08ad3f1b32a069afae9fb0aae8f7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 25 Jun 2002 10:24:47 +1000 Subject: [PATCH] - (djm) Create privsep directory and warn if privsep user is missing during make install --- ChangeLog | 4 +++- Makefile.in | 11 +++++++++-- configure.ac | 9 +++++---- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4efc11acd..6d1bb96b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20020625 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh - (stevesk) [README.privsep] minor updates + - (djm) Create privsep directory and warn if privsep user is missing + during make install 20020624 - OpenBSD CVS Sync @@ -1086,4 +1088,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2266 2002/06/24 16:49:22 stevesk Exp $ +$Id: ChangeLog,v 1.2267 2002/06/25 00:24:47 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 4b3e27865..7eb8ec268 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $ +# $Id: Makefile.in,v 1.216 2002/06/25 00:24:47 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ +SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -197,9 +198,13 @@ distprep: catman-do $(AUTORECONF) (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files +check-user: + id $(SSH_PRIVSEP_USER) || \ + echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist" + scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) @@ -212,6 +217,8 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) + chmod 0700 $(DESTDIR)$(PRIVSEP_PATH) $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add diff --git a/configure.ac b/configure.ac index 44ff46ab1..d29091e9e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.69 2002/06/24 16:26:49 stevesk Exp $ +# $Id: configure.ac,v 1.70 2002/06/25 00:24:48 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -906,16 +906,17 @@ AC_ARG_WITH(entropy-timeout, ) AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) -ssh_privsep_user=sshd +SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then - ssh_privsep_user=$withval + SSH_PRIVSEP_USER=$withval fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure # that programs that we select for use by installed programs