]>
Commit | Line | Data |
---|---|---|
7ea1abf7 | 1 | #!/bin/bash |
f4ebf0e8 | 2 | # |
74973c95 | 3 | # ssh-user-config, Copyright 2000-2008 Red Hat Inc. |
f4ebf0e8 | 4 | # |
5 | # This file is part of the Cygwin port of OpenSSH. | |
74973c95 | 6 | # |
7 | # Permission to use, copy, modify, and distribute this software for any | |
8 | # purpose with or without fee is hereby granted, provided that the above | |
9 | # copyright notice and this permission notice appear in all copies. | |
10 | # | |
11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
12 | # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
13 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
14 | # IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, | |
15 | # DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR | |
16 | # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR | |
17 | # THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
f4ebf0e8 | 18 | |
7ea1abf7 | 19 | # ====================================================================== |
20 | # Initialization | |
21 | # ====================================================================== | |
22 | PROGNAME=$(basename -- $0) | |
23 | _tdir=$(dirname -- $0) | |
24 | PROGDIR=$(cd $_tdir && pwd) | |
25 | ||
26 | CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh | |
27 | ||
28 | # Subdirectory where the new package is being installed | |
29 | PREFIX=/usr | |
30 | ||
9e936326 | 31 | # Directory where the config files are stored |
32 | SYSCONFDIR=/etc | |
33 | ||
7ea1abf7 | 34 | source ${CSIH_SCRIPT} |
35 | ||
f4ebf0e8 | 36 | auto_passphrase="no" |
37 | passphrase="" | |
7ea1abf7 | 38 | pwdhome= |
39 | with_passphrase= | |
40 | ||
41 | # ====================================================================== | |
42 | # Routine: create_ssh1_identity | |
43 | # optionally create ~/.ssh/identity[.pub] | |
44 | # optionally add result to ~/.ssh/authorized_keys | |
45 | # ====================================================================== | |
46 | create_ssh1_identity() { | |
47 | if [ ! -f "${pwdhome}/.ssh/identity" ] | |
48 | then | |
49 | if csih_request "Shall I create an SSH1 RSA identity file for you?" | |
50 | then | |
51 | csih_inform "Generating ${pwdhome}/.ssh/identity" | |
52 | if [ "${with_passphrase}" = "yes" ] | |
53 | then | |
54 | ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null | |
55 | else | |
56 | ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null | |
57 | fi | |
58 | if csih_request "Do you want to use this identity to login to this machine?" | |
59 | then | |
60 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
61 | cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
62 | fi | |
63 | fi | |
64 | fi | |
65 | } # === End of create_ssh1_identity() === # | |
66 | readonly -f create_ssh1_identity | |
67 | ||
68 | # ====================================================================== | |
69 | # Routine: create_ssh2_rsa_identity | |
70 | # optionally create ~/.ssh/id_rsa[.pub] | |
71 | # optionally add result to ~/.ssh/authorized_keys | |
72 | # ====================================================================== | |
73 | create_ssh2_rsa_identity() { | |
74 | if [ ! -f "${pwdhome}/.ssh/id_rsa" ] | |
75 | then | |
76 | if csih_request "Shall I create an SSH2 RSA identity file for you?" | |
77 | then | |
78 | csih_inform "Generating ${pwdhome}/.ssh/id_rsa" | |
79 | if [ "${with_passphrase}" = "yes" ] | |
80 | then | |
81 | ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
82 | else | |
83 | ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null | |
84 | fi | |
85 | if csih_request "Do you want to use this identity to login to this machine?" | |
86 | then | |
87 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
88 | cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
89 | fi | |
90 | fi | |
91 | fi | |
92 | } # === End of create_ssh2_rsa_identity() === # | |
93 | readonly -f create_ssh2_rsa_identity | |
94 | ||
95 | # ====================================================================== | |
96 | # Routine: create_ssh2_dsa_identity | |
97 | # optionally create ~/.ssh/id_dsa[.pub] | |
98 | # optionally add result to ~/.ssh/authorized_keys | |
99 | # ====================================================================== | |
100 | create_ssh2_dsa_identity() { | |
101 | if [ ! -f "${pwdhome}/.ssh/id_dsa" ] | |
102 | then | |
103 | if csih_request "Shall I create an SSH2 DSA identity file for you?" | |
104 | then | |
105 | csih_inform "Generating ${pwdhome}/.ssh/id_dsa" | |
106 | if [ "${with_passphrase}" = "yes" ] | |
107 | then | |
108 | ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
109 | else | |
110 | ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null | |
111 | fi | |
112 | if csih_request "Do you want to use this identity to login to this machine?" | |
113 | then | |
114 | csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys" | |
115 | cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" | |
116 | fi | |
117 | fi | |
118 | fi | |
119 | } # === End of create_ssh2_dsa_identity() === # | |
120 | readonly -f create_ssh2_dsa_identity | |
121 | ||
122 | # ====================================================================== | |
123 | # Routine: check_user_homedir | |
124 | # Perform various checks on the user's home directory | |
125 | # SETS GLOBAL VARIABLE: | |
126 | # pwdhome | |
127 | # ====================================================================== | |
128 | check_user_homedir() { | |
129 | local uid=$(id -u) | |
130 | pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) | |
131 | if [ "X${pwdhome}" = "X" ] | |
132 | then | |
133 | csih_error_multiline \ | |
134 | "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ | |
135 | 'Setting $HOME is not sufficient!' | |
136 | fi | |
137 | ||
138 | if [ ! -d "${pwdhome}" ] | |
139 | then | |
140 | csih_error_multiline \ | |
141 | "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ | |
142 | 'but it is not a valid directory. Cannot create user identity files.' | |
143 | fi | |
144 | ||
145 | # If home is the root dir, set home to empty string to avoid error messages | |
146 | # in subsequent parts of that script. | |
147 | if [ "X${pwdhome}" = "X/" ] | |
148 | then | |
149 | # But first raise a warning! | |
150 | csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" | |
151 | if csih_request "Would you like to proceed anyway?" | |
152 | then | |
153 | pwdhome='' | |
154 | else | |
155 | csih_warning "Exiting. Configuration is not complete" | |
156 | exit 1 | |
157 | fi | |
158 | fi | |
159 | ||
160 | if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] | |
161 | then | |
162 | echo | |
163 | csih_warning 'group and other have been revoked write permission to your home' | |
164 | csih_warning "directory ${pwdhome}." | |
165 | csih_warning 'This is required by OpenSSH to allow public key authentication using' | |
166 | csih_warning 'the key files stored in your .ssh subdirectory.' | |
167 | csih_warning 'Revert this change ONLY if you know what you are doing!' | |
168 | echo | |
169 | fi | |
170 | } # === End of check_user_homedir() === # | |
171 | readonly -f check_user_homedir | |
f4ebf0e8 | 172 | |
7ea1abf7 | 173 | # ====================================================================== |
174 | # Routine: check_user_dot_ssh_dir | |
175 | # Perform various checks on the ~/.ssh directory | |
176 | # PREREQUISITE: | |
177 | # pwdhome -- check_user_homedir() | |
178 | # ====================================================================== | |
179 | check_user_dot_ssh_dir() { | |
180 | if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] | |
f4ebf0e8 | 181 | then |
7ea1abf7 | 182 | csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." |
183 | fi | |
184 | ||
185 | if [ ! -e "${pwdhome}/.ssh" ] | |
f4ebf0e8 | 186 | then |
7ea1abf7 | 187 | mkdir "${pwdhome}/.ssh" |
188 | if [ ! -e "${pwdhome}/.ssh" ] | |
189 | then | |
190 | csih_error "Creating users ${pwdhome}/.ssh directory failed" | |
191 | fi | |
f4ebf0e8 | 192 | fi |
7ea1abf7 | 193 | } # === End of check_user_dot_ssh_dir() === # |
194 | readonly -f check_user_dot_ssh_dir | |
f4ebf0e8 | 195 | |
7ea1abf7 | 196 | # ====================================================================== |
197 | # Routine: fix_authorized_keys_perms | |
198 | # Corrects the permissions of ~/.ssh/authorized_keys | |
199 | # PREREQUISITE: | |
200 | # pwdhome -- check_user_homedir() | |
201 | # ====================================================================== | |
202 | fix_authorized_keys_perms() { | |
203 | if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] | |
f4ebf0e8 | 204 | then |
7ea1abf7 | 205 | if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" |
206 | then | |
207 | csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" | |
208 | csih_warning "failed. Please care for the correct permissions. The minimum requirement" | |
209 | csih_warning "is, the owner needs read permissions." | |
210 | echo | |
211 | fi | |
f4ebf0e8 | 212 | fi |
7ea1abf7 | 213 | } # === End of fix_authorized_keys_perms() === # |
214 | readonly -f fix_authorized_keys_perms | |
215 | ||
216 | ||
217 | # ====================================================================== | |
218 | # Main Entry Point | |
219 | # ====================================================================== | |
f4ebf0e8 | 220 | |
7ea1abf7 | 221 | # Check how the script has been started. If |
222 | # (1) it has been started by giving the full path and | |
223 | # that path is /etc/postinstall, OR | |
224 | # (2) Otherwise, if the environment variable | |
225 | # SSH_USER_CONFIG_AUTO_ANSWER_NO is set | |
226 | # then set auto_answer to "no". This allows automatic | |
227 | # creation of the config files in /etc w/o overwriting | |
228 | # them if they already exist. In both cases, color | |
229 | # escape sequences are suppressed, so as to prevent | |
230 | # cluttering setup's logfiles. | |
231 | if [ "$PROGDIR" = "/etc/postinstall" ] | |
9e936326 | 232 | then |
7ea1abf7 | 233 | csih_auto_answer="no" |
234 | csih_disable_color | |
235 | fi | |
236 | if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ] | |
237 | then | |
238 | csih_auto_answer="no" | |
239 | csih_disable_color | |
9e936326 | 240 | fi |
241 | ||
7ea1abf7 | 242 | # ====================================================================== |
243 | # Parse options | |
244 | # ====================================================================== | |
f4ebf0e8 | 245 | while : |
246 | do | |
247 | case $# in | |
248 | 0) | |
249 | break | |
250 | ;; | |
251 | esac | |
252 | ||
253 | option=$1 | |
254 | shift | |
255 | ||
256 | case "$option" in | |
257 | -d | --debug ) | |
258 | set -x | |
7ea1abf7 | 259 | csih_trace_on |
f4ebf0e8 | 260 | ;; |
261 | ||
262 | -y | --yes ) | |
7ea1abf7 | 263 | csih_auto_answer=yes |
f4ebf0e8 | 264 | ;; |
265 | ||
266 | -n | --no ) | |
7ea1abf7 | 267 | csih_auto_answer=no |
f4ebf0e8 | 268 | ;; |
269 | ||
270 | -p | --passphrase ) | |
271 | with_passphrase="yes" | |
272 | passphrase=$1 | |
273 | shift | |
274 | ;; | |
275 | ||
7ea1abf7 | 276 | --privileged ) |
277 | csih_FORCE_PRIVILEGED_USER=yes | |
278 | ;; | |
279 | ||
f4ebf0e8 | 280 | *) |
7ea1abf7 | 281 | echo "usage: ${PROGNAME} [OPTION]..." |
f4ebf0e8 | 282 | echo |
283 | echo "This script creates an OpenSSH user configuration." | |
284 | echo | |
285 | echo "Options:" | |
286 | echo " --debug -d Enable shell's debug output." | |
287 | echo " --yes -y Answer all questions with \"yes\" automatically." | |
288 | echo " --no -n Answer all questions with \"no\" automatically." | |
289 | echo " --passphrase -p word Use \"word\" as passphrase automatically." | |
7ea1abf7 | 290 | echo " --privileged On Windows NT/2k/XP, assume privileged user" |
291 | echo " instead of LocalSystem for sshd service." | |
f4ebf0e8 | 292 | echo |
293 | exit 1 | |
294 | ;; | |
295 | ||
296 | esac | |
297 | done | |
298 | ||
7ea1abf7 | 299 | # ====================================================================== |
300 | # Action! | |
301 | # ====================================================================== | |
f4ebf0e8 | 302 | |
7ea1abf7 | 303 | # Check passwd file |
9e936326 | 304 | if [ ! -f ${SYSCONFDIR}/passwd ] |
f4ebf0e8 | 305 | then |
7ea1abf7 | 306 | csih_error_multiline \ |
307 | "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ | |
308 | 'first using mkpasswd. Check if it contains an entry for you and' \ | |
309 | 'please care for the home directory in your entry as well.' | |
f4ebf0e8 | 310 | fi |
311 | ||
7ea1abf7 | 312 | check_user_homedir |
313 | check_user_dot_ssh_dir | |
314 | create_ssh1_identity | |
315 | create_ssh2_rsa_identity | |
316 | create_ssh2_dsa_identity | |
317 | fix_authorized_keys_perms | |
f4ebf0e8 | 318 | |
7ea1abf7 | 319 | echo |
320 | csih_inform "Configuration finished. Have fun!" | |
f4ebf0e8 | 321 | |
9e936326 | 322 |