[gssapi-openssh.git] / openssh / contrib / cygwin / ssh-user-config

#!/bin/bash
#
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

# ======================================================================
# Initialization
# ======================================================================
PROGNAME=$(basename -- $0)
_tdir=$(dirname -- $0)
PROGDIR=$(cd $_tdir && pwd)

CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh

# Subdirectory where the new package is being installed
PREFIX=/usr

# Directory where the config files are stored
SYSCONFDIR=/etc

source ${CSIH_SCRIPT}

auto_passphrase="no"
passphrase=""
pwdhome=
with_passphrase=

# ======================================================================
# Routine: create_ssh1_identity
#   optionally create ~/.ssh/identity[.pub]
#   optionally add result to ~/.ssh/authorized_keys
# ======================================================================
create_ssh1_identity() {
  if [ ! -f "${pwdhome}/.ssh/identity" ]
  then
    if csih_request "Shall I create an SSH1 RSA identity file for you?"
    then
      csih_inform "Generating ${pwdhome}/.ssh/identity"
      if [ "${with_passphrase}" = "yes" ]
      then
        ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
      else
        ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
      fi
      if csih_request "Do you want to use this identity to login to this machine?"
      then
        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
        cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
      fi
    fi
  fi
} # === End of create_ssh1_identity() === #
readonly -f create_ssh1_identity

# ======================================================================
# Routine: create_ssh2_rsa_identity
#   optionally create ~/.ssh/id_rsa[.pub]
#   optionally add result to ~/.ssh/authorized_keys
# ======================================================================
create_ssh2_rsa_identity() {
  if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
  then
    if csih_request "Shall I create an SSH2 RSA identity file for you?"
    then
      csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
      if [ "${with_passphrase}" = "yes" ]
      then
        ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
      else
        ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
      fi
      if csih_request "Do you want to use this identity to login to this machine?"
      then
        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
        cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
      fi
    fi
  fi
} # === End of create_ssh2_rsa_identity() === #
readonly -f create_ssh2_rsa_identity

# ======================================================================
# Routine: create_ssh2_dsa_identity
#   optionally create ~/.ssh/id_dsa[.pub]
#   optionally add result to ~/.ssh/authorized_keys
# ======================================================================
create_ssh2_dsa_identity() {
  if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
  then
    if csih_request "Shall I create an SSH2 DSA identity file for you?"
    then
      csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
      if [ "${with_passphrase}" = "yes" ]
      then
        ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
      else
        ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
      fi
      if csih_request "Do you want to use this identity to login to this machine?"
      then
        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
        cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
      fi
    fi
  fi
} # === End of create_ssh2_dsa_identity() === #
readonly -f create_ssh2_dsa_identity

# ======================================================================
# Routine: check_user_homedir
#   Perform various checks on the user's home directory
# SETS GLOBAL VARIABLE:
#   pwdhome
# ======================================================================
check_user_homedir() {
  local uid=$(id -u)
  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
  if [ "X${pwdhome}" = "X" ]
  then
    csih_error_multiline \
      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
      'Setting $HOME is not sufficient!'
  fi
  
  if [ ! -d "${pwdhome}" ]
  then
    csih_error_multiline \
      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
      'but it is not a valid directory. Cannot create user identity files.'
  fi
  
  # If home is the root dir, set home to empty string to avoid error messages
  # in subsequent parts of that script.
  if [ "X${pwdhome}" = "X/" ]
  then
    # But first raise a warning!
    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
    if csih_request "Would you like to proceed anyway?"
    then
      pwdhome=''
    else
      csih_warning "Exiting. Configuration is not complete"
      exit 1
    fi
  fi
  
  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
  then
    echo
    csih_warning 'group and other have been revoked write permission to your home'
    csih_warning "directory ${pwdhome}."
    csih_warning 'This is required by OpenSSH to allow public key authentication using'
    csih_warning 'the key files stored in your .ssh subdirectory.'
    csih_warning 'Revert this change ONLY if you know what you are doing!'
    echo
  fi
} # === End of check_user_homedir() === #
readonly -f check_user_homedir

# ======================================================================
# Routine: check_user_dot_ssh_dir
#   Perform various checks on the ~/.ssh directory
# PREREQUISITE:
#   pwdhome -- check_user_homedir()
# ======================================================================
check_user_dot_ssh_dir() {
  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
  then
    csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
  fi
  
  if [ ! -e "${pwdhome}/.ssh" ]
  then
    mkdir "${pwdhome}/.ssh"
    if [ ! -e "${pwdhome}/.ssh" ]
    then
      csih_error "Creating users ${pwdhome}/.ssh directory failed"
    fi
  fi
} # === End of check_user_dot_ssh_dir() === #
readonly -f check_user_dot_ssh_dir

# ======================================================================
# Routine: fix_authorized_keys_perms
#   Corrects the permissions of ~/.ssh/authorized_keys
# PREREQUISITE:
#   pwdhome   -- check_user_homedir()
# ======================================================================
fix_authorized_keys_perms() {
  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
  then
    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
    then
      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
      csih_warning "is, the owner needs read permissions."
      echo
    fi
  fi
} # === End of fix_authorized_keys_perms() === #
readonly -f fix_authorized_keys_perms


# ======================================================================
# Main Entry Point
# ======================================================================

# Check how the script has been started.  If
#   (1) it has been started by giving the full path and
#       that path is /etc/postinstall, OR
#   (2) Otherwise, if the environment variable
#       SSH_USER_CONFIG_AUTO_ANSWER_NO is set
# then set auto_answer to "no".  This allows automatic
# creation of the config files in /etc w/o overwriting
# them if they already exist.  In both cases, color
# escape sequences are suppressed, so as to prevent
# cluttering setup's logfiles.
if [ "$PROGDIR" = "/etc/postinstall" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi
if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi

# ======================================================================
# Parse options
# ======================================================================
while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    csih_trace_on
    ;;

  -y | --yes )
    csih_auto_answer=yes
    ;;

  -n | --no )
    csih_auto_answer=no
    ;;

  -p | --passphrase )
    with_passphrase="yes"
    passphrase=$1
    shift
    ;;

  --privileged )
    csih_FORCE_PRIVILEGED_USER=yes
    ;;

  *)
    echo "usage: ${PROGNAME} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
    echo "Options:"
    echo "    --debug      -d        Enable shell's debug output."
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
    echo "    --privileged           On Windows NT/2k/XP, assume privileged user"
    echo "                           instead of LocalSystem for sshd service."
    echo
    exit 1
    ;;

  esac
done

# ======================================================================
# Action!
# ======================================================================

# Check passwd file
if [ ! -f ${SYSCONFDIR}/passwd ]
then
  csih_error_multiline \
    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
    'first using mkpasswd. Check if it contains an entry for you and' \
    'please care for the home directory in your entry as well.'
fi

check_user_homedir
check_user_dot_ssh_dir
create_ssh1_identity
create_ssh2_rsa_identity
create_ssh2_dsa_identity
fix_authorized_keys_perms

echo
csih_inform "Configuration finished. Have fun!"
Commit	Line	Data
22616013	1	#!/bin/bash
3c0ef626	2	#
cdd66111	3	# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
3c0ef626	4	#
	5	# This file is part of the Cygwin port of OpenSSH.
	6
22616013	7	# ======================================================================
	8	# Initialization
	9	# ======================================================================
	10	PROGNAME=$(basename -- $0)
	11	_tdir=$(dirname -- $0)
	12	PROGDIR=$(cd $_tdir && pwd)
	13
	14	CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
	15
	16	# Subdirectory where the new package is being installed
	17	PREFIX=/usr
	18
cdd66111	19	# Directory where the config files are stored
	20	SYSCONFDIR=/etc
	21
22616013	22	source ${CSIH_SCRIPT}
22616013	23
3c0ef626	24	auto_passphrase="no"
3c0ef626	25	passphrase=""
22616013	26	pwdhome=
	27	with_passphrase=
	28
	29	# ======================================================================
	30	# Routine: create_ssh1_identity
	31	# optionally create ~/.ssh/identity[.pub]
	32	# optionally add result to ~/.ssh/authorized_keys
	33	# ======================================================================
	34	create_ssh1_identity() {
	35	if [ ! -f "${pwdhome}/.ssh/identity" ]
	36	then
	37	if csih_request "Shall I create an SSH1 RSA identity file for you?"
	38	then
	39	csih_inform "Generating ${pwdhome}/.ssh/identity"
	40	if [ "${with_passphrase}" = "yes" ]
	41	then
	42	ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
	43	else
	44	ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
	45	fi
	46	if csih_request "Do you want to use this identity to login to this machine?"
	47	then
	48	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
	49	cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
	50	fi
	51	fi
	52	fi
	53	} # === End of create_ssh1_identity() === #
	54	readonly -f create_ssh1_identity
	55
	56	# ======================================================================
	57	# Routine: create_ssh2_rsa_identity
	58	# optionally create ~/.ssh/id_rsa[.pub]
	59	# optionally add result to ~/.ssh/authorized_keys
	60	# ======================================================================
	61	create_ssh2_rsa_identity() {
	62	if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
	63	then
	64	if csih_request "Shall I create an SSH2 RSA identity file for you?"
	65	then
	66	csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
	67	if [ "${with_passphrase}" = "yes" ]
	68	then
	69	ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
	70	else
	71	ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
	72	fi
	73	if csih_request "Do you want to use this identity to login to this machine?"
	74	then
	75	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
	76	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
	77	fi
	78	fi
	79	fi
	80	} # === End of create_ssh2_rsa_identity() === #
	81	readonly -f create_ssh2_rsa_identity
	82
	83	# ======================================================================
	84	# Routine: create_ssh2_dsa_identity
	85	# optionally create ~/.ssh/id_dsa[.pub]
	86	# optionally add result to ~/.ssh/authorized_keys
	87	# ======================================================================
	88	create_ssh2_dsa_identity() {
	89	if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
90	then
91	if csih_request "Shall I create an SSH2 DSA identity file for you?"
92	then
93	csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
94	if [ "${with_passphrase}" = "yes" ]
95	then
96	ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
97	else
98	ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
99	fi
100	if csih_request "Do you want to use this identity to login to this machine?"
101	then
102	csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
103	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
104	fi
105	fi
106	fi
107	} # === End of create_ssh2_dsa_identity() === #
108	readonly -f create_ssh2_dsa_identity
109
110	# ======================================================================
111	# Routine: check_user_homedir
112	# Perform various checks on the user's home directory
113	# SETS GLOBAL VARIABLE:
114	# pwdhome
115	# ======================================================================
116	check_user_homedir() {
117	local uid=$(id -u)
118	pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
119	if [ "X${pwdhome}" = "X" ]
120	then
121	csih_error_multiline \
122	"There is no home directory set for you in ${SYSCONFDIR}/passwd." \
123	'Setting $HOME is not sufficient!'
124	fi
125
126	if [ ! -d "${pwdhome}" ]
127	then
128	csih_error_multiline \
129	"${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
130	'but it is not a valid directory. Cannot create user identity files.'
131	fi
132
133	# If home is the root dir, set home to empty string to avoid error messages
134	# in subsequent parts of that script.
135	if [ "X${pwdhome}" = "X/" ]
136	then
137	# But first raise a warning!
138	csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
139	if csih_request "Would you like to proceed anyway?"
140	then
141	pwdhome=''
142	else
143	csih_warning "Exiting. Configuration is not complete"
144	exit 1
145	fi
146	fi
147
148	if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
149	then
150	echo
151	csih_warning 'group and other have been revoked write permission to your home'
152	csih_warning "directory ${pwdhome}."
153	csih_warning 'This is required by OpenSSH to allow public key authentication using'
154	csih_warning 'the key files stored in your .ssh subdirectory.'
155	csih_warning 'Revert this change ONLY if you know what you are doing!'
156	echo
157	fi
158	} # === End of check_user_homedir() === #
159	readonly -f check_user_homedir
3c0ef626	160
22616013	161	# ======================================================================
	162	# Routine: check_user_dot_ssh_dir
	163	# Perform various checks on the ~/.ssh directory
	164	# PREREQUISITE:
	165	# pwdhome -- check_user_homedir()
	166	# ======================================================================
	167	check_user_dot_ssh_dir() {
	168	if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
3c0ef626	169	then
22616013	170	csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
	171	fi
	172
	173	if [ ! -e "${pwdhome}/.ssh" ]
3c0ef626	174	then
22616013	175	mkdir "${pwdhome}/.ssh"
	176	if [ ! -e "${pwdhome}/.ssh" ]
	177	then
	178	csih_error "Creating users ${pwdhome}/.ssh directory failed"
	179	fi
3c0ef626	180	fi
22616013	181	} # === End of check_user_dot_ssh_dir() === #
22616013	182	readonly -f check_user_dot_ssh_dir
3c0ef626	183
22616013	184	# ======================================================================
	185	# Routine: fix_authorized_keys_perms
	186	# Corrects the permissions of ~/.ssh/authorized_keys
	187	# PREREQUISITE:
	188	# pwdhome -- check_user_homedir()
	189	# ======================================================================
	190	fix_authorized_keys_perms() {
	191	if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
3c0ef626	192	then
22616013	193	if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
	194	then
	195	csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
	196	csih_warning "failed. Please care for the correct permissions. The minimum requirement"
	197	csih_warning "is, the owner needs read permissions."
	198	echo
	199	fi
3c0ef626	200	fi
22616013	201	} # === End of fix_authorized_keys_perms() === #
	202	readonly -f fix_authorized_keys_perms
	203
	204
	205	# ======================================================================
	206	# Main Entry Point
	207	# ======================================================================
3c0ef626	208
22616013	209	# Check how the script has been started. If
	210	# (1) it has been started by giving the full path and
	211	# that path is /etc/postinstall, OR
	212	# (2) Otherwise, if the environment variable
	213	# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
	214	# then set auto_answer to "no". This allows automatic
	215	# creation of the config files in /etc w/o overwriting
	216	# them if they already exist. In both cases, color
	217	# escape sequences are suppressed, so as to prevent
	218	# cluttering setup's logfiles.
	219	if [ "$PROGDIR" = "/etc/postinstall" ]
cdd66111	220	then
22616013	221	csih_auto_answer="no"
	222	csih_disable_color
	223	fi
	224	if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
	225	then
	226	csih_auto_answer="no"
	227	csih_disable_color
cdd66111	228	fi
cdd66111	229
22616013	230	# ======================================================================
	231	# Parse options
	232	# ======================================================================
3c0ef626	233	while :
	234	do
	235	case $# in
	236	0)
	237	break
	238	;;
	239	esac
	240
	241	option=$1
	242	shift
	243
	244	case "$option" in
	245	-d \| --debug )
	246	set -x
22616013	247	csih_trace_on
3c0ef626	248	;;
	249
	250	-y \| --yes )
22616013	251	csih_auto_answer=yes
3c0ef626	252	;;
	253
	254	-n \| --no )
22616013	255	csih_auto_answer=no
3c0ef626	256	;;
	257
	258	-p \| --passphrase )
	259	with_passphrase="yes"
	260	passphrase=$1
	261	shift
	262	;;
	263
22616013	264	--privileged )
	265	csih_FORCE_PRIVILEGED_USER=yes
	266	;;
	267
3c0ef626	268	*)
22616013	269	echo "usage: ${PROGNAME} [OPTION]..."
3c0ef626	270	echo
	271	echo "This script creates an OpenSSH user configuration."
	272	echo
	273	echo "Options:"
	274	echo " --debug -d Enable shell's debug output."
	275	echo " --yes -y Answer all questions with \"yes\" automatically."
	276	echo " --no -n Answer all questions with \"no\" automatically."
	277	echo " --passphrase -p word Use \"word\" as passphrase automatically."
22616013	278	echo " --privileged On Windows NT/2k/XP, assume privileged user"
22616013	279	echo " instead of LocalSystem for sshd service."
3c0ef626	280	echo
	281	exit 1
	282	;;
	283
	284	esac
	285	done
	286
22616013	287	# ======================================================================
	288	# Action!
	289	# ======================================================================
3c0ef626	290
22616013	291	# Check passwd file
cdd66111	292	if [ ! -f ${SYSCONFDIR}/passwd ]
3c0ef626	293	then
22616013	294	csih_error_multiline \
	295	"${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
	296	'first using mkpasswd. Check if it contains an entry for you and' \
	297	'please care for the home directory in your entry as well.'
3c0ef626	298	fi
3c0ef626	299
22616013	300	check_user_homedir
	301	check_user_dot_ssh_dir
	302	create_ssh1_identity
	303	create_ssh2_rsa_identity
	304	create_ssh2_dsa_identity
	305	fix_authorized_keys_perms
3c0ef626	306
22616013	307	echo
22616013	308	csih_inform "Configuration finished. Have fun!"
3c0ef626	309
cdd66111	310