This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANNOUNCEMENT] Updated: csih-0.1.7-1


Corinna --

Attached see

(1) bugfix for ssh-user-config -- self-explanatory.

(2) behavior enhancement for ssh-host-config

Takes advantage of new functions and cleans up behavior under 1.7
  -- esp. 'mount' doesn't have a -t option anymore, so we need
     another mechanism to deal with the dos-format
     WINDOWS/system32/drivers/etc/services file

Should still work fine under 1.5
Requires csih-0.1.17 (uses new function csih_cygver_is_oneseven)

--
Chuck
--- /usr/bin/ssh-user-config.old	2008-08-16 19:22:40.776630400 -0400
+++ /usr/bin/ssh-user-config	2008-08-16 19:23:39.471028800 -0400
@@ -118,14 +118,14 @@
   pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
   if [ "X${pwdhome}" = "X" ]
   then
-    csih_error_multiline \
+    csih_error_multi \
       "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
       'Setting $HOME is not sufficient!'
   fi
   
   if [ ! -d "${pwdhome}" ]
   then
-    csih_error_multiline \
+    csih_error_multi \
       "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
       'but it is not a valid directory. Cannot create user identity files.'
   fi
@@ -291,7 +291,7 @@
 # Check passwd file
 if [ ! -f ${SYSCONFDIR}/passwd ]
 then
-  csih_error_multiline \
+  csih_error_multi \
     "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
     'first using mkpasswd. Check if it contains an entry for you and' \
     'please care for the home directory in your entry as well.'
--- /usr/bin/ssh-host-config.old	2008-08-16 18:26:23.560432000 -0400
+++ /usr/bin/ssh-host-config	2008-08-16 21:39:42.719203200 -0400
@@ -21,11 +21,28 @@
 LOCALSTATEDIR=/var
 
 source ${CSIH_SCRIPT}
+if ! csih_version_ge $csih_VERSION 0.1.7
+then
+  #work around cygcheck 1.7 bug...
+  #sshVER=$(cygcheck -cd openssh | sed -n -e '/openssh/p' | awk '{print $2}')
+  sshVER=$(cat /etc/setup/installed.db |\
+     sed -n -e '/^openssh/s/openssh[ ]//gp' |\
+     awk -F- '{print $2}')
+  csih_error_multi "ssh-host-config version $sshVER requires csih-0.1.7" \
+    "or above. You have csih-${csih_VERSION}. Please update the csih package."
+fi
+
 
 port_number=22
 privsep_configured=no
 privsep_used=yes
-cygwin_value="ntsec"
+if csih_cygver_is_oneseven
+then
+  cygwin_value=""
+else
+  cygwin_value="ntsec"
+fi
+
 password_value=
 
 # ======================================================================
@@ -59,7 +76,8 @@
   local _win_etcdir
   local _services
   local _spaces
-  local _serv_tmp
+  local _serv_tmp1
+  local _serv_tmp2
   local _wservices
 
   if csih_is_nt
@@ -74,47 +92,80 @@
     # On 9x, 18 spaces (95 is very touchy), a space after the hash
     _spaces="                  # "
   fi
-  _serv_tmp="${_my_etcdir}/srv.out.$$"
-  
-  mount -t -f "${_win_etcdir}" "${_my_etcdir}"
-  
-  # Depends on the above mount
-  _wservices=`cygpath -w "${_services}"`
-  
+  _serv_tmp1="${_my_etcdir}/srv.out1.$$"
+  _serv_tmp2="${_my_etcdir}/srv.out2.$$"
+ 
+  if csih_cygver_is_oneseven
+  then
+    mount -f "${_win_etcdir}" "${_my_etcdir}"
+    cp "${_services}" "${_serv_tmp1}"
+
+    # Depends on the above mount
+    _wservices=`cygpath -w "${_services}"`
+    dos2unix "${_serv_tmp1}" 2>/dev/null
+  else 
+    mount -t -f "${_win_etcdir}" "${_my_etcdir}"
+    cp ${_services} ${_serv_tmp1}
+ 
+    # Depends on the above mount
+    _wservices=`cygpath -w "${_services}"`
+  fi
+
+  if [ -f ${_serv_tmp1} ]
+  then
+    csih_inform "Preparations for updating ${_wservices}"
+  else
+    csih_warning "Preparations for updating ${_wservices} failed!"
+  fi
+
   # Remove sshd 22/port from services
-  if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+  if [ `grep -q 'sshd[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -eq 0 ]
   then
-    grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
-    if [ -f "${_serv_tmp}" ]
+    grep -v 'sshd[ \t][ \t]*22' "${_serv_tmp1}" > "${_serv_tmp2}"
+    if [ -f "${_serv_tmp2}" ]
     then
-      if mv "${_serv_tmp}" "${_services}"
+      if mv "${_serv_tmp2}" "${_serv_tmp1}"
       then
         csih_inform "Removing sshd from ${_wservices}"
       else
         csih_warning "Removing sshd from ${_wservices} failed!"
       fi
-      rm -f "${_serv_tmp}"
+      rm -f "${_serv_tmp2}"
     else
       csih_warning "Removing sshd from ${_wservices} failed!"
     fi
   fi
   
   # Add ssh 22/tcp  and ssh 22/udp to services
-  if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+  if [ `grep -q 'ssh[ \t][ \t]*22' "${_serv_tmp1}"; echo $?` -ne 0 ]
   then
-    if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh                22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+    if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh                22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_serv_tmp1}" > "${_serv_tmp2}"
     then
-      if mv "${_serv_tmp}" "${_services}"
+      if mv "${_serv_tmp2}" "${_serv_tmp1}"
       then
         csih_inform "Added ssh to ${_wservices}"
       else
         csih_warning "Adding ssh to ${_wservices} failed!"
       fi
-      rm -f "${_serv_tmp}"
+      rm -f "${_serv_tmp2}"
     else
       csih_warning "Adding ssh to ${_wservices} failed!"
     fi
   fi
+
+  if csih_cygver_is_oneseven
+  then
+    unix2dos "${_serv_tmp1}" 2>/dev/null
+  fi
+
+  if mv "${_serv_tmp1}" "${_services}"
+  then
+    csih_inform "Finalizing updates for ${_wservices}"
+  else
+    csih_warning "Finalizing updates for ${_wservices} failed!"
+  fi
+  rm -f "${_serv_tmp1}"
+
   umount "${_my_etcdir}"
 } # --- End of update_services_file --- #
 
@@ -278,17 +329,37 @@
       echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
       if csih_request "(Say \"no\" if it is already installed as a service)"
       then
-	csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
-        csih_inform "for sshd to be able to change user context without password."
+        if ! csih_cygver_is_oneseven
+        then
+	  csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
+          csih_inform "for sshd to be able to change user context without password."
+        fi
         csih_get_cygenv "${cygwin_value}"
-
-        if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+        if ! csih_is_nt2003
         then
+          if [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ]
+          then
+            # we won't create a new user, but this will initialize
+            # csih so that IF one already exists, csih_service_should_run_as
+            # will return that user.
+            csih_select_privileged_username
+          else
+            csih_inform "You have requested that a special privileged user be used"
+            csih_inform "by the service, and are running on Windows NT, 2k or XP where"
+            csih_inform "this is not actually required (LocalSystem would also work)."
+            csih_inform "This script will help you create the necessary privileged"
+            csih_inform "user, or to select one that already exists."
+            echo
+          fi
+        else
           csih_inform "On Windows Server 2003, Windows Vista, and above, the"
           csih_inform "SYSTEM account cannot setuid to other users -- a capability"
           csih_inform "sshd requires.  You need to have or to create a privileged"
           csih_inform "account.  This script will help you do so."
           echo
+        fi
+        if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+        then
           if ! csih_create_privileged_user "${password_value}"
           then
             csih_error_recoverable "There was a serious problem creating a privileged user."
@@ -309,10 +380,11 @@
           fi
         fi
 
-        # at this point, we either have $run_service_as = "system" and $password is empty,
-        # or $run_service_as is some privileged user and (hopefully) $password contains
-        # the correct password.  So, from here out, we use '-z "${password}"' to discriminate
-        # the two cases.
+        # at this point, we either have $run_service_as = "system" and 
+        # $password is empty, or $run_service_as is some privileged user
+        # and (hopefully) $password contains the correct password.  So,
+        # from here out, we use '-z "${password}"' to discriminate the
+        # two cases.
 
         csih_check_user "${run_service_as}"
 
@@ -441,8 +513,11 @@
     echo "  --cygwin -c <options>  Use \"options\" as value for CYGWIN environment var."
     echo "  --port   -p <n>        sshd listens on port n."
     echo "  --pwd    -w <passwd>   Use \"pwd\" as password for privileged user."
-    echo "  --privileged           On Windows NT/2k/XP, require privileged user"
-    echo "                         instead of LocalSystem for sshd service."
+    echo "  --privileged           On Windows NT/2k/XP, force creation of privileged"
+    echo "                         user. (Default behavior on those platforms is to"
+    echo "                         use a privileged account if one already exists,"
+    echo "                         but otherwise to use LocalSystem for the sshd"
+    echo "                         service)."
     echo
     exit 1
     ;;

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]