[patch/cygwin] Update ssh-user-config for the account db changes in the upcoming Cygwin

Damien Miller djm at mindrot.org
Wed Nov 5 11:03:17 EST 2014 

done - thanks again

On Mon, 3 Nov 2014, Corinna Vinschen wrote:

> Hi,
> 
> below is a patch which makes the Cygwin-specific ssh-user-config script
> independent of the existence of /etc/passwd.  The next Cygwin release
> will allow to generate passwd and group entries from the Windows account
> DBs, so the scripts have to adapt.  Please apply.
> 
> 
> Thanks,
> Corinna
> 
> 
> diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
> index a7ea3e0..301d5eb 100644
> --- a/contrib/cygwin/ssh-host-config
> +++ b/contrib/cygwin/ssh-host-config
> @@ -1,6 +1,6 @@
>  #!/bin/bash
>  #
> -# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
> +# ssh-host-config, Copyright 2000-2014 Red Hat Inc.
>  #
>  # This file is part of the Cygwin port of OpenSSH.
>  #
> @@ -353,11 +353,9 @@ check_service_files_ownership() {
>      fi
>      if [ -z "${run_service_as}" ]
>      then
> -      csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
> +      csih_warning "Couldn't determine name of user running sshd service from account database!"
>        csih_warning "As a result, this script cannot make sure that the files used"
>        csih_warning "by the sshd service belong to the user running the service."
> -      csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
> -      csih_warning "file is in a good shape."
>        return 1
>      fi
>    fi
> diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
> index 8708b7a..33dc0cb 100644
> --- a/contrib/cygwin/ssh-user-config
> +++ b/contrib/cygwin/ssh-user-config
> @@ -1,6 +1,6 @@
>  #!/bin/bash
>  #
> -# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
> +# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
>  #
>  # This file is part of the Cygwin port of OpenSSH.
>  #
> @@ -75,19 +75,18 @@ readonly -f create_identity
>  #   pwdhome
>  # ======================================================================
>  check_user_homedir() {
> -  local uid=$(id -u)
> -  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
> +  pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }')
>    if [ "X${pwdhome}" = "X" ]
>    then
>      csih_error_multi \
> -      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
> +      "There is no home directory set for you in the account database." \
>        'Setting $HOME is not sufficient!'
>    fi
>    
>    if [ ! -d "${pwdhome}" ]
>    then
>      csih_error_multi \
> -      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
> +      "${pwdhome} is set in the account database as your home directory" \
>        'but it is not a valid directory. Cannot create user identity files.'
>    fi
>    
> @@ -96,7 +95,7 @@ check_user_homedir() {
>    if [ "X${pwdhome}" = "X/" ]
>    then
>      # But first raise a warning!
> -    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
> +    csih_warning "Your home directory in the account database is set to root (/). This is not recommended!"
>      if csih_request "Would you like to proceed anyway?"
>      then
>        pwdhome=''
> @@ -106,7 +105,7 @@ check_user_homedir() {
>      fi
>    fi
>    
> -  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
> +  if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
>    then
>      echo
>      csih_warning 'group and other have been revoked write permission to your home'
> @@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir
>  #   pwdhome   -- check_user_homedir()
>  # ======================================================================
>  fix_authorized_keys_perms() {
> -  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
> +  if [ -e "${pwdhome}/.ssh/authorized_keys" ]
>    then
> -    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
> +    setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n
> +    if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
>      then
>        csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
>        csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
> @@ -243,15 +243,6 @@ done
>  # Action!
>  # ======================================================================
>  
> -# Check passwd file
> -if [ ! -f ${SYSCONFDIR}/passwd ]
> -then
> -  csih_error_multi \
> -    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
> -    'first using mkpasswd. Check if it contains an entry for you and' \
> -    'please care for the home directory in your entry as well.'
> -fi
> -
>  check_user_homedir
>  check_user_dot_ssh_dir
>  create_identity id_rsa rsa "SSH2 RSA"
> 
> 
> -- 
> Corinna Vinschen
> Cygwin Maintainer
> Red Hat
>

More information about the openssh-unix-dev mailing list