X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: <48A78C6F.2050403@cwilson.fastmail.fm> Date: Sat, 16 Aug 2008 22:26:55 -0400 From: Charles Wilson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080708 Thunderbird/2.0.0.16 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: [ANNOUNCEMENT] Updated: csih-0.1.7-1 References: In-Reply-To: Content-Type: multipart/mixed; boundary="------------070901050009060107020808" Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --------------070901050009060107020808 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Corinna -- Attached see (1) bugfix for ssh-user-config -- self-explanatory. (2) behavior enhancement for ssh-host-config Takes advantage of new functions and cleans up behavior under 1.7 -- esp. 'mount' doesn't have a -t option anymore, so we need another mechanism to deal with the dos-format WINDOWS/system32/drivers/etc/services file Should still work fine under 1.5 Requires csih-0.1.17 (uses new function csih_cygver_is_oneseven) -- Chuck --------------070901050009060107020808 Content-Type: text/plain; name="ssh-user-config.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ssh-user-config.patch" --- /usr/bin/ssh-user-config.old 2008-08-16 19:22:40.776630400 -0400 +++ /usr/bin/ssh-user-config 2008-08-16 19:23:39.471028800 -0400 @@ -118,14 +118,14 @@ pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) if [ "X${pwdhome}" = "X" ] then - csih_error_multiline \ + csih_error_multi \ "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ 'Setting $HOME is not sufficient!' fi if [ ! -d "${pwdhome}" ] then - csih_error_multiline \ + csih_error_multi \ "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ 'but it is not a valid directory. Cannot create user identity files.' fi @@ -291,7 +291,7 @@ # Check passwd file if [ ! -f ${SYSCONFDIR}/passwd ] then - csih_error_multiline \ + csih_error_multi \ "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ 'first using mkpasswd. Check if it contains an entry for you and' \ 'please care for the home directory in your entry as well.' --------------070901050009060107020808 Content-Type: text/plain; name="ssh-host-config.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ssh-host-config.patch" --- /usr/bin/ssh-host-config.old 2008-08-16 18:26:23.560432000 -0400 +++ /usr/bin/ssh-host-config 2008-08-16 21:39:42.719203200 -0400 @@ -21,11 +21,28 @@ LOCALSTATEDIR=/var source ${CSIH_SCRIPT} +if ! csih_version_ge $csih_VERSION 0.1.7 +then + #work around cygcheck 1.7 bug... + #sshVER=$(cygcheck -cd openssh | sed -n -e '/openssh/p' | awk '{print $2}') + sshVER=$(cat /etc/setup/installed.db |\ + sed -n -e '/^openssh/s/openssh[ ]//gp' |\ + awk -F- '{print $2}') + csih_error_multi "ssh-host-config version $sshVER requires csih-0.1.7" \ + "or above. You have csih-${csih_VERSION}. Please update the csih package." +fi + port_number=22 privsep_configured=no privsep_used=yes -cygwin_value="ntsec" +if csih_cygver_is_oneseven +then + cygwin_value="" +else + cygwin_value="ntsec" +fi + password_value= # ====================================================================== @@ -59,7 +76,8 @@ local _win_etcdir local _services local _spaces - local _serv_tmp + local _serv_tmp1 + local _serv_tmp2 local _wservices if csih_is_nt @@ -74,47 +92,80 @@ # On 9x, 18 spaces (95 is very touchy), a space after the hash _spaces=" # " fi - _serv_tmp="${_my_etcdir}/srv.out.$$" - - mount -t -f "${_win_etcdir}" "${_my_etcdir}" - - # Depends on the above mount - _wservices=`cygpath -w "${_services}"` - + _serv_tmp1="${_my_etcdir}/srv.out1.$$" + _serv_tmp2="${_my_etcdir}/srv.out2.$$" + + if csih_cygver_is_oneseven + then + mount -f "${_win_etcdir}" "${_my_etcdir}" + cp "${_services}" "${_serv_tmp1}" + + # Depends on the above mount + _wservices=`cygpath -w "${_services}"` + dos2unix "${_serv_tmp1}" 2>/dev/null + else + mount -t -f "${_win_etcdir}" "${_my_etcdir}" + cp ${_services} ${_serv_tmp1} + + # Depends on the above mount + _wservices=`cygpath -w "${_services}"` + fi + + if [ -f ${_serv_tmp1} ] + then + csih_inform "Preparations for updating ${_wservices}" + else + csih_warning "Preparations for updating ${_wservices} failed!" + fi + # Remove sshd 22/port from services - if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] + if [ `grep -q 'sshd[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -eq 0 ] then - grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" - if [ -f "${_serv_tmp}" ] + grep -v 'sshd[ \t][ \t]*22' "${_serv_tmp1}" > "${_serv_tmp2}" + if [ -f "${_serv_tmp2}" ] then - if mv "${_serv_tmp}" "${_services}" + if mv "${_serv_tmp2}" "${_serv_tmp1}" then csih_inform "Removing sshd from ${_wservices}" else csih_warning "Removing sshd from ${_wservices} failed!" fi - rm -f "${_serv_tmp}" + rm -f "${_serv_tmp2}" else csih_warning "Removing sshd from ${_wservices} failed!" fi fi # Add ssh 22/tcp and ssh 22/udp to services - if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] + if [ `grep -q 'ssh[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -ne 0 ] then - if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" + if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_serv_tmp1}" > "${_serv_tmp2}" then - if mv "${_serv_tmp}" "${_services}" + if mv "${_serv_tmp2}" "${_serv_tmp1}" then csih_inform "Added ssh to ${_wservices}" else csih_warning "Adding ssh to ${_wservices} failed!" fi - rm -f "${_serv_tmp}" + rm -f "${_serv_tmp2}" else csih_warning "Adding ssh to ${_wservices} failed!" fi fi + + if csih_cygver_is_oneseven + then + unix2dos "${_serv_tmp1}" 2>/dev/null + fi + + if mv "${_serv_tmp1}" "${_services}" + then + csih_inform "Finalizing updates for ${_wservices}" + else + csih_warning "Finalizing updates for ${_wservices} failed!" + fi + rm -f "${_serv_tmp1}" + umount "${_my_etcdir}" } # --- End of update_services_file --- # @@ -278,17 +329,37 @@ echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?" if csih_request "(Say \"no\" if it is already installed as a service)" then - csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\"" - csih_inform "for sshd to be able to change user context without password." + if ! csih_cygver_is_oneseven + then + csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\"" + csih_inform "for sshd to be able to change user context without password." + fi csih_get_cygenv "${cygwin_value}" - - if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) + if ! csih_is_nt2003 then + if [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ] + then + # we won't create a new user, but this will initialize + # csih so that IF one already exists, csih_service_should_run_as + # will return that user. + csih_select_privileged_username + else + csih_inform "You have requested that a special privileged user be used" + csih_inform "by the service, and are running on Windows NT, 2k or XP where" + csih_inform "this is not actually required (LocalSystem would also work)." + csih_inform "This script will help you create the necessary privileged" + csih_inform "user, or to select one that already exists." + echo + fi + else csih_inform "On Windows Server 2003, Windows Vista, and above, the" csih_inform "SYSTEM account cannot setuid to other users -- a capability" csih_inform "sshd requires. You need to have or to create a privileged" csih_inform "account. This script will help you do so." echo + fi + if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] ) + then if ! csih_create_privileged_user "${password_value}" then csih_error_recoverable "There was a serious problem creating a privileged user." @@ -309,10 +380,11 @@ fi fi - # at this point, we either have $run_service_as = "system" and $password is empty, - # or $run_service_as is some privileged user and (hopefully) $password contains - # the correct password. So, from here out, we use '-z "${password}"' to discriminate - # the two cases. + # at this point, we either have $run_service_as = "system" and + # $password is empty, or $run_service_as is some privileged user + # and (hopefully) $password contains the correct password. So, + # from here out, we use '-z "${password}"' to discriminate the + # two cases. csih_check_user "${run_service_as}" @@ -441,8 +513,11 @@ echo " --cygwin -c Use \"options\" as value for CYGWIN environment var." echo " --port -p sshd listens on port n." echo " --pwd -w Use \"pwd\" as password for privileged user." - echo " --privileged On Windows NT/2k/XP, require privileged user" - echo " instead of LocalSystem for sshd service." + echo " --privileged On Windows NT/2k/XP, force creation of privileged" + echo " user. (Default behavior on those platforms is to" + echo " use a privileged account if one already exists," + echo " but otherwise to use LocalSystem for the sshd" + echo " service)." echo exit 1 ;; --------------070901050009060107020808 Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --------------070901050009060107020808--