+ $fileInput = "$setupdir/sshd_config.in";
+ $fileOutput = "$sysconfdir/sshd_config";
+
+ #
+ # verify that we are prepared to work with $fileInput
+ #
+
+ if ( !isReadable($fileInput) )
+ {
+ debug1("Cannot read $fileInput... skipping.\n");
+ return;
+ }
+
+ #
+ # verify that we are prepared to work with $fileOuput
+ #
+
+ if ( !prepareFileWrite($fileOutput) )
+ {
+ return;
+ }
+
+ #
+ # check to see whether we should enable privilege separation
+ #
+
+ if ( userExists("sshd") && ( -d "/var/empty" ) && ( getOwnerID("/var/empty") eq 0 ) )
+ {
+ setPrivilegeSeparation(1);
+ }
+ else
+ {
+ setPrivilegeSeparation(0);
+ }
+
+ if ( getPrivilegeSeparation() )
+ {
+ $privsep_enabled = "yes";
+ }
+ else
+ {
+ $privsep_enabled = "no";
+ }
+
+ #
+ # Grab the current mode/uid/gid for use later
+ #
+
+ $mode = (stat($fileInput))[2];
+ $uid = (stat($fileInput))[4];
+ $gid = (stat($fileInput))[5];
+
+ #
+ # Open the files for reading and writing, and loop over the input's contents
+ #
+
+ $data = readFile($fileInput);
+
+ # #
+ # # alter the PidFile config
+ # #
+ #
+ # $text = "PidFile\t$gpath/var/sshd.pid";
+ # $data =~ s:^[\s|#]*PidFile.*$:$text:gm;
+
+ #
+ # set the sftp directive
+ #
+
+ $text = "Subsystem\tsftp\t$gpath/libexec/sftp-server";
+ $data =~ s:^[\s|#]*Subsystem\s+sftp\s+.*$:$text:gm;
+
+ #
+ # set the privilege separation directive
+ #
+
+ $text = "UsePrivilegeSeparation\t${privsep_enabled}";
+ $data =~ s:^[\s|#]*UsePrivilegeSeparation.*$:$text:gm;
+
+ #
+ # dump the modified output to the config file
+ #
+
+ writeFile($fileOutput, $data);
+
+ #
+ # An attempt to revert the new file back to the original file's
+ # mode/uid/gid
+ #
+
+ chmod($mode, $fileOutput);
+ chown($uid, $gid, $fileOutput);
+
+ return 0;
+}
+
+### setPrivilegeSeparation( $value )
+#
+# set the privilege separation variable to $value
+#
+
+sub setPrivilegeSeparation
+{
+ my($value) = @_;
+
+ $privsep = $value;
+}
+
+### getPrivilegeSeparation( )
+#
+# return the value of the privilege separation variable
+#
+
+sub getPrivilegeSeparation
+{
+ return $privsep;
+}
+
+### prepareFileWrite( $file )
+#
+# test $file to prepare for writing to it.
+#
+
+sub prepareFileWrite
+{
+ my($file) = @_;
+
+ if ( isPresent($file) )
+ {
+ debug1("$file already exists... ");
+
+ if ( isForced() )
+ {
+ if ( isWritable($file) )
+ {
+ debug1("removing.\n");
+ action("rm $file");
+ return 1;
+ }
+ else
+ {
+ debug1("not writable -- skipping.\n");
+ return 0;
+ }
+ }
+ else