Mail Archives: cygwin/2008/08/16/22:28:01
--------------070901050009060107020808
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Corinna --
Attached see
(1) bugfix for ssh-user-config -- self-explanatory.
(2) behavior enhancement for ssh-host-config
Takes advantage of new functions and cleans up behavior under 1.7
-- esp. 'mount' doesn't have a -t option anymore, so we need
another mechanism to deal with the dos-format
WINDOWS/system32/drivers/etc/services file
Should still work fine under 1.5
Requires csih-0.1.17 (uses new function csih_cygver_is_oneseven)
--
Chuck
--------------070901050009060107020808
Content-Type: text/plain;
name="ssh-user-config.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ssh-user-config.patch"
--- /usr/bin/ssh-user-config.old 2008-08-16 19:22:40.776630400 -0400
+++ /usr/bin/ssh-user-config 2008-08-16 19:23:39.471028800 -0400
@@ -118,14 +118,14 @@
pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
if [ "X${pwdhome}" = "X" ]
then
- csih_error_multiline \
+ csih_error_multi \
"There is no home directory set for you in ${SYSCONFDIR}/passwd." \
'Setting $HOME is not sufficient!'
fi
if [ ! -d "${pwdhome}" ]
then
- csih_error_multiline \
+ csih_error_multi \
"${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
'but it is not a valid directory. Cannot create user identity files.'
fi
@@ -291,7 +291,7 @@
# Check passwd file
if [ ! -f ${SYSCONFDIR}/passwd ]
then
- csih_error_multiline \
+ csih_error_multi \
"${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
'first using mkpasswd. Check if it contains an entry for you and' \
'please care for the home directory in your entry as well.'
--------------070901050009060107020808
Content-Type: text/plain;
name="ssh-host-config.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="ssh-host-config.patch"
--- /usr/bin/ssh-host-config.old 2008-08-16 18:26:23.560432000 -0400
+++ /usr/bin/ssh-host-config 2008-08-16 21:39:42.719203200 -0400
@@ -21,11 +21,28 @@
LOCALSTATEDIR=/var
source ${CSIH_SCRIPT}
+if ! csih_version_ge $csih_VERSION 0.1.7
+then
+ #work around cygcheck 1.7 bug...
+ #sshVER=$(cygcheck -cd openssh | sed -n -e '/openssh/p' | awk '{print $2}')
+ sshVER=$(cat /etc/setup/installed.db |\
+ sed -n -e '/^openssh/s/openssh[ ]//gp' |\
+ awk -F- '{print $2}')
+ csih_error_multi "ssh-host-config version $sshVER requires csih-0.1.7" \
+ "or above. You have csih-${csih_VERSION}. Please update the csih package."
+fi
+
port_number=22
privsep_configured=no
privsep_used=yes
-cygwin_value="ntsec"
+if csih_cygver_is_oneseven
+then
+ cygwin_value=""
+else
+ cygwin_value="ntsec"
+fi
+
password_value=
# ======================================================================
@@ -59,7 +76,8 @@
local _win_etcdir
local _services
local _spaces
- local _serv_tmp
+ local _serv_tmp1
+ local _serv_tmp2
local _wservices
if csih_is_nt
@@ -74,47 +92,80 @@
# On 9x, 18 spaces (95 is very touchy), a space after the hash
_spaces=" # "
fi
- _serv_tmp="${_my_etcdir}/srv.out.$$"
-
- mount -t -f "${_win_etcdir}" "${_my_etcdir}"
-
- # Depends on the above mount
- _wservices=`cygpath -w "${_services}"`
-
+ _serv_tmp1="${_my_etcdir}/srv.out1.$$"
+ _serv_tmp2="${_my_etcdir}/srv.out2.$$"
+
+ if csih_cygver_is_oneseven
+ then
+ mount -f "${_win_etcdir}" "${_my_etcdir}"
+ cp "${_services}" "${_serv_tmp1}"
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+ dos2unix "${_serv_tmp1}" 2>/dev/null
+ else
+ mount -t -f "${_win_etcdir}" "${_my_etcdir}"
+ cp ${_services} ${_serv_tmp1}
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+ fi
+
+ if [ -f ${_serv_tmp1} ]
+ then
+ csih_inform "Preparations for updating ${_wservices}"
+ else
+ csih_warning "Preparations for updating ${_wservices} failed!"
+ fi
+
# Remove sshd 22/port from services
- if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+ if [ `grep -q 'sshd[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -eq 0 ]
then
- grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
- if [ -f "${_serv_tmp}" ]
+ grep -v 'sshd[ \t][ \t]*22' "${_serv_tmp1}" > "${_serv_tmp2}"
+ if [ -f "${_serv_tmp2}" ]
then
- if mv "${_serv_tmp}" "${_services}"
+ if mv "${_serv_tmp2}" "${_serv_tmp1}"
then
csih_inform "Removing sshd from ${_wservices}"
else
csih_warning "Removing sshd from ${_wservices} failed!"
fi
- rm -f "${_serv_tmp}"
+ rm -f "${_serv_tmp2}"
else
csih_warning "Removing sshd from ${_wservices} failed!"
fi
fi
# Add ssh 22/tcp and ssh 22/udp to services
- if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+ if [ `grep -q 'ssh[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -ne 0 ]
then
- if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+ if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_serv_tmp1}" > "${_serv_tmp2}"
then
- if mv "${_serv_tmp}" "${_services}"
+ if mv "${_serv_tmp2}" "${_serv_tmp1}"
then
csih_inform "Added ssh to ${_wservices}"
else
csih_warning "Adding ssh to ${_wservices} failed!"
fi
- rm -f "${_serv_tmp}"
+ rm -f "${_serv_tmp2}"
else
csih_warning "Adding ssh to ${_wservices} failed!"
fi
fi
+
+ if csih_cygver_is_oneseven
+ then
+ unix2dos "${_serv_tmp1}" 2>/dev/null
+ fi
+
+ if mv "${_serv_tmp1}" "${_services}"
+ then
+ csih_inform "Finalizing updates for ${_wservices}"
+ else
+ csih_warning "Finalizing updates for ${_wservices} failed!"
+ fi
+ rm -f "${_serv_tmp1}"
+
umount "${_my_etcdir}"
} # --- End of update_services_file --- #
@@ -278,17 +329,37 @@
echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
if csih_request "(Say \"no\" if it is already installed as a service)"
then
- csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
- csih_inform "for sshd to be able to change user context without password."
+ if ! csih_cygver_is_oneseven
+ then
+ csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
+ csih_inform "for sshd to be able to change user context without password."
+ fi
csih_get_cygenv "${cygwin_value}"
-
- if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ if ! csih_is_nt2003
then
+ if [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ]
+ then
+ # we won't create a new user, but this will initialize
+ # csih so that IF one already exists, csih_service_should_run_as
+ # will return that user.
+ csih_select_privileged_username
+ else
+ csih_inform "You have requested that a special privileged user be used"
+ csih_inform "by the service, and are running on Windows NT, 2k or XP where"
+ csih_inform "this is not actually required (LocalSystem would also work)."
+ csih_inform "This script will help you create the necessary privileged"
+ csih_inform "user, or to select one that already exists."
+ echo
+ fi
+ else
csih_inform "On Windows Server 2003, Windows Vista, and above, the"
csih_inform "SYSTEM account cannot setuid to other users -- a capability"
csih_inform "sshd requires. You need to have or to create a privileged"
csih_inform "account. This script will help you do so."
echo
+ fi
+ if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ then
if ! csih_create_privileged_user "${password_value}"
then
csih_error_recoverable "There was a serious problem creating a privileged user."
@@ -309,10 +380,11 @@
fi
fi
- # at this point, we either have $run_service_as = "system" and $password is empty,
- # or $run_service_as is some privileged user and (hopefully) $password contains
- # the correct password. So, from here out, we use '-z "${password}"' to discriminate
- # the two cases.
+ # at this point, we either have $run_service_as = "system" and
+ # $password is empty, or $run_service_as is some privileged user
+ # and (hopefully) $password contains the correct password. So,
+ # from here out, we use '-z "${password}"' to discriminate the
+ # two cases.
csih_check_user "${run_service_as}"
@@ -441,8 +513,11 @@
echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
echo " --port -p <n> sshd listens on port n."
echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
- echo " --privileged On Windows NT/2k/XP, require privileged user"
- echo " instead of LocalSystem for sshd service."
+ echo " --privileged On Windows NT/2k/XP, force creation of privileged"
+ echo " user. (Default behavior on those platforms is to"
+ echo " use a privileged account if one already exists,"
+ echo " but otherwise to use LocalSystem for the sshd"
+ echo " service)."
echo
exit 1
;;
--------------070901050009060107020808
Content-Type: text/plain; charset=us-ascii
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
--------------070901050009060107020808--
- Raw text -